Jac*_*r94 5 node.js express json-web-token
我有一个使用express和运行的Node应用程序jsonwebtoken.在每次请求api调用jsonwebtoken之前,我都进行了检查.我已手动排除下面的路线.有没有更好的方法从这里排除一些路线?我怎样才能做到这一点?
import * as express from 'express';
import * as jwt from 'jsonwebtoken';
import UserCtrl from './controllers/user';
export default function setRoutes(app) {
const router = express.Router();
// route middleware to verify a token
router.use(function (req, res, next) {
if ((req.method == 'POST' || req.method == 'OPTIONS') && (req.url == '/user' || req.url == '/login' || req.url == '/user/activate')) {
next();
} else {
// check header or url parameters or post parameters for token
var token = req.headers.authorization;
// decode token
if (token) {
// verifies secret and checks exp
jwt.verify(token, process.env.SECRET_TOKEN, function (err, decoded) {
if (err) {
return res.status(401).send({
success: false,
message: 'Sign in to continue.'
});
} else {
// if everything is good, save to request for use in other routes
next();
}
});
} else {
// if there is no token
// return an error
return res.status(401).send({
success: false,
message: 'Sign in to continue.'
});
}
}
});
const userCtrl = new UserCtrl();
router.route('/login').post(userCtrl.login);
router.route('/user/activate').post(userCtrl.activate);
router.route('/users').get(userCtrl.getAll);
router.route('/users/count').get(userCtrl.count);
router.route('/user').post(userCtrl.signup);
router.route('/user/:id').get(userCtrl.get);
router.route('/user/:id').put(userCtrl.update);
router.route('/user/:id').delete(userCtrl.delete);
app.use('/api/v1', router);
}
您可以使用您编写的函数来验证jwt,并确保用户作为路由器中特定路由的中间件登录.这样您就不必指定需要在函数内登录的路由.
像这样:
function isLoggedIn(req, res, next) {
// check header or url parameters or post parameters for token
var token = req.headers.authorization;
// decode token
if (token) {
// verifies secret and checks exp
jwt.verify(token, process.env.SECRET_TOKEN, function(err, decoded) {
if (err) {
return res.status(401).send({
success: false,
message: 'Sign in to continue.'
});
} else {
// if everything is good, save to request for use in other routes
next();
}
});
} else {
// if there is no token
// return an error
return res.status(401).send({
success: false,
message: 'Sign in to continue.'
});
}
}
const userCtrl = new UserCtrl();
// Routes that require no login
router.post('/login', userCtrl.login);
router.get('/users', userCtrl.getAll);
router.post('/user/activate', userCtrl.activate);
// Routes that require login
router.get('/users/count', isLoggedIn, userCtrl.count);
router.post('/user', isLoggedIn, userCtrl.signup);
router.get('/user/:id', isLoggedIn, userCtrl.get);
router.put('/user/:id', isLoggedIn, userCtrl.update);
router.delete('/user/:id', isLoggedIn, userCtrl.delete);
app.use('/api/v1', router);
您可以在此处阅读有关Express Middleware的更多信息.
你可以这样做
app.use(
jwt({ secret, algorithms: ['HS256'] }).unless({ path: ['/foo/bar'] }),
);
| 归档时间: |
|
| 查看次数: |
2611 次 |
| 最近记录: |