我是一名自学成才的编码员,因此我对身份验证还比较陌生。我试图将JWT令牌存储到httpOnly cookie中,并让中间件访问该cookie以验证当前是否是试图访问个人资料页面的用户。
登录后,我检查了“网络”选项卡,并且确实在标题中看到了cookie,但是当我尝试将自己重定向到个人资料页面后,它说该cookie是未定义的。有人可以告诉我我在做什么错,为什么cookie不会继续传递到下一条路线?
登录
app.post('/users/login', async (req, res) => {
const { email, password } = req.body;
try {
const foundUser = await User.findOne({ email });
if (!foundUser) return res.status(404).send('User has not been found');
const validPassword = await bcrypt.compare(password, foundUser.password);
if (!validPassword) return res.status(400).send('Invalid email or password');
const token = await foundUser.generateToken();
// res.header('x-auth-token', token); //stores in local storage
res.cookie("jwt", token, { secure: true, httpOnly: true });
res.status(200).redirect('/users/profile')
} catch (err) {
res.send(err);
}
})
中间件认证
const authToken = async (req, res, next) => {
// const token = req.header('x-auth-token');
const token = req.cookies.jwt;
console.log(token);
if (!token) return res.status(401).send('Please sign in to conintue.');
try {
const decodeUser = jwt.verify(token, "secrettunnel");
const user = await User.findById({ _id: decodeUser._id });
req.user = user;
next();
} catch (err) {
res.status(400).send('Invalid Token');
}
}
受保护的路线
app.get('/users/profile', auth, (req, res) => {
res.render('profile');
})
答案 0 :(得分:1)
请验证您的expressjs应用程序中是否具有“ cookie解析器”。
var cookieParser = require('cookie-parser')
var app = express()
app.use(cookieParser())