这是authentication.js。用于在护照中使用jwt和local stategy来验证用户并生成令牌。它包含令牌生成代码。local stategy和jwt策略。和verifyUser方法来验证用户。
const passport = require('passport');
const LocalStrategy = require('passport-local').Strategy;
const jwtStrategy = require('passport-jwt').Strategy;
const ExtractJwt = require('passport-jwt').ExtractJwt;
const jwt = require('jsonwebtoken');
exports.local = passport.use(new LocalStrategy(User.authenticate()));
passport.serializeUser(User.serializeUser());
passport.deserializeUser(User.deserializeUser());
exports.getToken = function (user) {
return jwt.sign(user, config.SecretKey, { expiresIn: 3600 });
}
var opts = {};
opts.jwtFromRequest = ExtractJwt.fromAuthHeaderAsBearerToken();
opts.secretOrKey = config.SecretKey;
exports.jwtStrategy = passport.use(new jwtStrategy(opts,
(jwt_payload, done) => {
console.log("jwt_payload: ", jwt_payload);
User.findOne({ _id: jwt_payload._id }, (err, user) => {
if (err) {
return done(err, false);
}
else if (user) {
return done(null, user);
}
else {
return done(null, false);
}
})
}));
exports.verifyUser = passport.authenticate('jwt', { session: false });
这是用于登录路由的users.js。在注册路线中,使用护照当地猫鼬进行注册。
router.post('/login', passport.authenticate('local',{failureRedirect:'/users/login'}),
(req, res) => {
var token = authenticate.getToken({ _id: req.user._id });
res.statusCode = 200;
res.setHeader('Content-Type', 'application/json');
res.redirect('/');
});
module.exports = router;
这是验证后的路由。我不知道在此路由的授权标头中将令牌传递到哪里。我已经尝试过通过生成令牌并将其传递到发布请求中来尝试,但是它没有任何输出
const authentication = require('../authentication');
router.post('/addProduct', authentication.verifyUser, (req, res, next) => {
Product.findOne({ name: req.body.name })
.then((room) => {
if (room == null) {
const prod = new Product({
name: req.body.name,
image: req.body.image,
price: (req.body.price) / 1,
partners: req.body.partners,
description: req.body.description
});
prod.save()
.then((result) => {
res.redirect('/');
}).catch(err => next(err));
}
else {
res.statusCode = 500;
return res.send('this Product already exists!');
}
});
});