在尝试验证令牌时出现问题(在生成令牌之前,在我向令牌添加一些数据之前,令牌工作正常)..但现在它似乎不工作了!
这是当用户发送POST请求(登录)时我生成令牌的方式
require('dotenv')
const jwt = require('jsonwebtoken');
const bcrypt = require('bcryptjs')
const Role = require('../models/Role');
const Section = require('../models/Section');
const User = require('../models/User');
// Login !
router.post('/', async (req, res) => {
let sections_fetched = [];
// Validate data
// Check username
const user = await User.findOne({username: req.body.username });
if(!user) return res.status(400).send('Wrong user login credentials !');
// Check password
const is_pass_valid = await bcrypt.compare(req.body.password , user.password);
if (!is_pass_valid) return res.status(400).send('Wrong user login credentials !');
// Get role Object:
const _role = await Role.findOne({_id:user.role , is_deleted:false});
if (!_role) res.json("Failed fetching role !");
// loop through sections
for (let index = 0; index < _role.sections.length; index++) {
const tmpRole = await Section.find({_id: _role.sections[index], is_deleted:false});
sections_fetched.push({access:tmpRole[0].access , name:tmpRole[0].name});
}
// create jwt token
const token = jwt.sign({username:user.username, role:{name:_role.name, sections:sections_fetched}}, 'secret', {expiresIn : '24h'}, process.env.JWT_TOKEN_SECRET);
res.json({token:token});
});这是我JWT验证中间件:
require('dotenv')
const jwt = require('jsonwebtoken');
module.exports = function (req, res, next) {
const token = req.header('auth-token');
if (!token) return res.status(401).send('Access Denied !');
console.log(process.env.JWT_TOKEN_SECRET);
console.log(token);
try
{
const verified = jwt.verify(token, process.env.JWT_TOKEN_SECRET);
req.user = verified;
next();
}
catch (error)
{
res.status(400).send('Invalid token !');
}
}这是一个列出用户的简单示例(使用JWT验证中间件!):
const verifyToken = require('../middlewares/verifyToken'); // my jwt middleware to verify !
// Listing All users
router.get('/', verifyToken, async (req, res) =>
{
try
{
const users = await User.find({is_deleted:false});
res.json(users);
}
catch (error)
{
console.log("err ->\n"+error);
res.json({message: error});
}
});
4条答案
按热度按时间kr98yfug1#
什么是'secret在这下面的行?似乎你是添加一个秘密密钥两次,替换这硬编码的字'secret'与令牌从env
yjghlzjz2#
发送一个不记名令牌,您的中间件应该会喜欢它
niwlg2el3#
请确保在生成令牌时传递了一个有效的算法。我将算法存储在一个环境变量中,但使用的是无效的
none算法。因此,即使创建了令牌,我也无法使用相同的密钥对其进行验证。我花了几个小时来尝试修复此问题。我希望这对您有所帮助:D6mzjoqzu4#
用于验证:
签名: