我想实现的功能,检查是否有一个令牌,验证令牌,并赠款访问受保护的路由,但我不知道如何发送用户数据到下一个功能。
authController.js文件-
exports.protect = async (req, res, next) => {
//1) Getting token and check if it's there
let token;
if (
req.headers.authorization &&
req.headers.authorization.startsWith("Bearer")
) {
token = req.headers.authorization.split(" ")[1];
} else if (req.cookies.jwt) {
token = req.cookies.jwt;
}
if (!token) {
res.status(401).json({
status: "fail",
message: "You are not logged in. Please login to get access",
});
next();
}
//2) Verificating the token
//const decoded = await promisify(jwt.verify)(token, process.env.JWT_SECRET);
const decoded = jwt.verify(token, process.env.JWT_SECRET);
let currentUser;
//3)Check if user still exists
db.getConnection(async (err, connection) => {
const sqlSearch = "SELECT * FROM users WHERE id = ?";
const sqlQuery = mysql.format(sqlSearch, [decoded.id]);
connection.query(sqlQuery, (err, result) => {
connection.release();
currentUser = result;
});
});
if (!currentUser) {
res.status(401).json({
status: "fail",
message: "The user belonging to this token does no longer exist",
});
next();
}
//GRANT ACCESS TO PROTECTED ROUTE
req.user = currentUser;
res.locals.user = currentUser;
next();
};
courseRouter.js文件-
const express = require('express');
const coursesController = require('../controllers/coursesController');
const authController = require('../controllers/authController');
const router = express.Router();
router.get('/', coursesController.getAllCourses);
router.post('/:slug', authController.protect, coursesController.buyCourse);
module.exports = router;
连接到数据库后,我不知道如何将用户数据返回给buyCourse()函数。我这样做的方式是“currentUser”未定义。
2条答案
按热度按时间yws3nbqq1#
我建议使用
AsyncLocalStorage
将登录用户存储在基于上下文的存储中,并授予对链中任何函数的访问权限。这将确保登录用户的上下文在同一执行上下文内的不同函数调用中得到维护。您可以参考Node.js文档了解使用方法:https://nodejs.org/api/async_context.html
AsyncLocalStorage
是一个单例示例,您可以在每个传入请求上使用它的run()
方法来设置上下文并存储登录的用户信息。afdcj2ne2#
您对
response.locals.user
的使用看起来相当标准。声明buyCourse
以接受请求和响应对象,如下所示:但是您并没有等待数据库结果,所以在设置
currentUser
时,它仍然是null。试着这样写: