我的中间件代码是:
exports.isAuthenticated = (req, res, context) => {
return new Promise((resolve, reject) => {
return passport.authenticate('jwt',{session: false}, (err, user, info) => {
if(err) {
res.status(500).send({message: 'Internal Server Error'})
return resolve(context.stop);
}
if(user) {
return resolve(context.continue);
} else {
res.status(401).send({message: 'Unauthorized'})
return resolve(context.stop)
}
})(req, res);
});
}
我的结语代码是:
// Data plan REST API
const dataplan = epilogue.resource({
model: global.db.DataPlan,
endpoints: ['/api/dataplan', '/api/dataplan/:id']
});
dataplan.all.auth(middleware.isAuthenticated)
dataplan.use(require('./epilogue/dataplan.js'))
而我的dataplan.js是:
module.exports = {
list: {
auth: async function (req, res, context) { …我对 Node.js 中的护照身份验证做了以下工作。
1) 我正在使用 jwtFromRequest : ExtractJwt.fromAuthHeaderAsBearerToken(),
module.exports = function(passport){
var opts = {};
opts.jwtFromRequest = ExtractJwt.fromAuthHeaderAsBearerToken();
opts.secretOrKey = config.secret;
console.log('Inside passport');
//opts.issuer = 'accounts.examplesoft.com';
//opts.audience = 'yoursite.net';
passport.use(new JwtStrategy(opts, function(jwt_payload, done) {
console.log('Payload :: '+jwt_payload._doc);
User.getUserById({id: jwt_payload._doc._id}, function(err, User) {
if (err) {
return done(err, false);
}
if (User) {
return done(null, User);
} else {
return done(null, false);
// or you could create a new account
}
});
}));
2)调用方法如下:
userExpressRoutes.route('/profile')
.get(passport.authenticate('jwt', { session: false }), …我喜欢实施多个名为 Passport-JWT 的策略,每个策略都有自己的secret. 有什么办法可以实现吗?据我从文档中了解到,在模块初始化期间只能注册一个秘密:
@Module({
imports: [
UsersModule,
PassportModule,
JwtModule.register({
secret: jwtConstants.secret,
signOptions: { expiresIn: '60s' },
}),
],
providers: [AuthService, LocalStrategy],
exports: [AuthService, JwtModule],
})
有谁知道我在哪里可以看到 AuthGuard('jwt') 中 canActivate 方法的完整代码?我意识到 canActivate 方法通过使用 console.log() 调用 JwtStrategy 验证方法,如下所示:
// jwt.strategy.ts
@Injectable()
export class JwtStrategy extends PassportStrategy(Strategy) {
constructor(
private readonly configService: ConfigService,
private readonly usersService: UsersService,
) {
super({
jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
ignoreExpiration: true,
secretOrKey: configService.get<string>('JWT_SECRET'),
});
}
async validate(payload: any) {
try {
const user = await this.usersService.getUserById(payload.id);
// console.log is here
console.log(user);
return user;
} catch (e) {
console.log(e);
return null;
}
}
}
如果我使用原始的 canActivate 方法,则会调用 console.log 。我认为 JwtStrategy 是一个中间件,因此只要有请求就会调用 validate 方法。但是,当我尝试重写 canActivate 方法来添加授权时,不会调用 JwtStrategy …
我正在使用 JWT passaport 登录模块:
async validateUser(userEmail: string, userPassword: string) {
const user = await this.userService.findByEmail(userEmail);
if (user && user.password === userPassword) {
const { id, name, email } = user;
return { id: id, name, email };
}else {
throw new UnauthorizedException({
error: 'Incorrect username or password'
});
}
}
async login(user: any) {
const payload = { email: user.email, sub: user.id };
return {
access_token: this.jwtService.sign(payload),
};
}
这部分正在运行。我的问题是:如何注销?我读到有关创建黑名单并向其添加令牌的内容,但如何获取用户的访问令牌?
我使用 NestJs 成功实现了用于身份验证的 jwt 策略。
下面是jwt策略的代码
import { ServerResponse } from './../helpers/serverResponse.helper';
import { Injectable, UnauthorizedException, HttpStatus } from '@nestjs/common';
import { PassportStrategy } from '@nestjs/passport';
import { ExtractJwt, Strategy } from 'passport-jwt';
import { config as env } from 'dotenv';
import { Bugsnag } from '../helpers/bugsnag.helper';
env();
@Injectable()
export class JwtStrategy extends PassportStrategy(Strategy, 'jwt') {
constructor(
private readonly logger: Bugsnag,
) {
super({
jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
secretOrKey: process.env.JWT_SECRET_KEY,
passReqToCallback: true,
});
}
async validate(payload, done: Function) {
try {
const …如何使用JWT(后端快递)将nuxt auth模块(前端)与本地护照一起使用?
定义 jwt 策略以验证 jwt 令牌(express)
var JwtStrategy = require('passport-jwt').Strategy,
ExtractJwt = require('passport-jwt').ExtractJwt;
var opts = {}
opts.jwtFromRequest = ExtractJwt.fromAuthHeaderAsBearerToken();
opts.secretOrKey = 'secret';
opts.issuer = 'accounts.examplesoft.com';
opts.audience = 'yoursite.net';
passport.use(new JwtStrategy(opts, function(jwt_payload, done) {
User.findOne({id: jwt_payload.sub}, function(err, user) {
if (err) {
return done(err, false);
}
if (user) {
return done(null, user);
} else {
return done(null, false);
// or you could create a new account
}
});
}));
定义用于验证用户名和密码的本地策略(快速)
passport.use(new LocalStrategy(
function(username, password, done) …您好,我正在尝试构建一个 NestJS API,并想学习实现它的最佳实践。
所以我想知道为什么 Nest JS 的文档
https://docs.nestjs.com/security/authentication
passport-local是否提供了耦合和策略身份验证的示例passport-jwt?
难道不能只使用 吗passport-jwt?
如果答案是肯定的,但这不是一个好的做法,您能否提供解释。
如果答案是肯定的并且这是最佳实践,您是否知道为什么他们在身份验证等如此重要的主题上举了一个没有使用最佳实践的示例?
我Node用passport. 当我没有将令牌作为标头提供时,它返回Unauthorized. 我怎样才能将此消息更改为漂亮的Sorry invalid credentials
每次无法提供令牌时,我都会收到未授权的响应。我想把它改成漂亮的消息。
护照.js
const JwtStrategy = require('passport-jwt').Strategy;
const ExtractJwt = require('passport-jwt').ExtractJwt;
const mongoose = require('mongoose');
var User = require('../models/user'); // get the mongoose model
const keys = require('../config/keys');
const opts = {};
opts.jwtFromRequest = ExtractJwt.fromAuthHeaderAsBearerToken();
opts.secretOrKey = keys.secretOrKey;
module.exports = passport => {
passport.use(
new JwtStrategy(opts, (jwt_payload, done) => {
User.findById(jwt_payload.id)
.then(user => {
if (user) {
return done(null, user);
}
return done(null, false);
})
.catch(err => console.log(err))
}) …我正在使用lumen-passport进行身份验证和授权。当我解码 JWT 令牌时,我得到的有效负载如下:
{
"aud": "9420abb1-1470-4895-8666-a702b415cb59",
"jti": "03b55ab9d73953207a7e568657a1f83a9c5dcc0162b43fe4816c6086d30d4002b9bd74604ba99ea6",
"iat": 1635781614.447866,
"nbf": 1635781614.447872,
"exp": 1635783414.409659,
"sub": "1b910fc7-54bc-44ef-885b-869b2a095c11",
"scopes": []
}
sub是用户uuid。我想传递自定义数据以及sub如下所示。
{
"aud": "9420abb1-1470-4895-8666-a702b415cb59",
"jti": "03b55ab9d73953207a7e568657a1f83a9c5dcc0162b43fe4816c6086d30d4002b9bd74604ba99ea6",
"iat": 1635781614.447866,
"nbf": 1635781614.447872,
"exp": 1635783414.409659,
"sub": "1b910fc7-54bc-44ef-885b-869b2a095c11",
"custom_data": "this is a custom data.",
"scopes": []
}
我如何在dusterio/lumen-passport或laravel/passport中实现这一点?
我生成令牌如下:
public function authenticateWithPassword(
ServerRequestInterface $request,
string $email,
string $password,
string $scope = ''
): Response {
$newBody = [
'grant_type' => 'password',
'client_id' => $this->clientId,
'client_secret' => …passport-jwt ×10
passport.js ×6
jwt ×5
nestjs ×5
node.js ×3
nestjs-jwt ×2
epilogue ×1
nuxt.js ×1
payload ×1
postman ×1