如何将JWT令牌发送到Node.js服务器

时间:2020-08-25 18:20:07

标签: javascript node.js express mongoose jwt

我写了一个带有登录系统的小型node.js服务器,并且试图保护自己的路由。我已经创建了中间件,该中间件应在每个受保护的路由上检查身份验证,但是似乎我没有正确发送JWT令牌,因为每次登录时都会收到Authentication failed消息。如果密码和用户名正确,如何正确发送JWT令牌并登录?这是我的Node.js服务器:

const express = require('express');
const app = express();
const bodyParser = require('body-parser');
const cors = require('cors');
const mongoose = require('mongoose');
require('dotenv').config();
const PORT = process.env.PORT || 1337;
const jwt = require('jsonwebtoken');
const checkAuth = require('./middleware/check-auth.js')
let Post = require('./models/post.model.js');

app.use(cors());
app.use("/assets", express.static(__dirname + "/assets"));
app.use(bodyParser.urlencoded({ extended: true }));

app.set('view-engine', 'ejs');

app.get('/', (req, res) => {
    res.render('index.ejs');
});

app.post('/', (req, res) => {
    let username = req.body.username;
    let password = req.body.password;


    if (username !== process.env.USER_NAME && password !== process.env.USER_PASSWORD) {
        res.json('Invalid credentials');

    } else {
        const token = jwt.sign({
            username: username,
        }, process.env.SECRET_KEY, {
            expiresIn: '1h'
        });

        res.redirect(`/dashboard?token=${token}`);
    }
});

app.get('/dashboard', checkAuth, (req, res) => {
    res.render('dashboard.ejs');
});

app.get('/dashboard/createPost', checkAuth, (req, res) => {
    res.render('post.ejs');
});

app.post('/dashboard/createPost', async (req, res) => {
    let collection = connection.collection(process.env.POSTS_WITH_TAGS);
    res.setHeader('Content-Type', 'application/json');
    let post = new Post(req.body);
    collection.insertOne(post)
        .then(post => {
            res.redirect('/dashboard')
        })
        .catch(err => {
            res.status(400).send(err);
        });
});

app.listen(PORT);

这是我的检查身份验证中间件:

const jwt = require('jsonwebtoken');

module.exports = (req, res, next) => {
    try {
        const token = req.headers.authorization.split(' ')[1];
        console.log(token);
        const decoded = jwt.verify(token, process.env.SECRET_KEY, null);
        req.body.decoded = decoded;
        console.log(req.body.decoded);
    } catch (error) {
        return res.status(401).json({
            message: 'Authentication failed'
        });
    }
    next();
};

2 个答案:

答案 0 :(得分:0)

使用Javascript fetch API发送JWT令牌作为header授权

fetch('backend_domain/dashboard', {
     method: 'get',
     headers: {
       Authorization: JWT_Token
     }
}).then(data => {..your operation here..})

参考:fetch_mdn是对fetch API的更好理解

答案 1 :(得分:0)

我认为这里的问题是,当您尝试将其作为邮递员中的json字符串传递时,您在req.body中得到一个空对象。我会推荐

  1. 在邮递员的x-www-form-urlencoded标签中传递您的凭据,或
  2. 使用express.Router()并为路线创建不同的文件

在index.js文件中写入:

app.use('/', require('./routes.js'))

并创建一个名为routes.js的文件,并将您的路由如下:

const express = require('express');
const router = express.Router();
router.post('/', (req, res) => {
 let username = req.body.username;
 let password = req.body.password;

console.log(req.body);
 if (username !== process.env.USER_NAME && password !== process.env.USER_PASSWORD) {
     res.json('Invalid credentials');

 } else {
     const token = jwt.sign({
         username: username
     }, process.env.SECRET_KEY, {
         expiresIn: 3600
     });

     return res.send({token});
 }
});

module.exports = router;
相关问题
最新问题