Javascript 无效的JWT令牌导致500内部服务器错误
在服务器启动之前,所有插件等都已注册。我创建了我的策略,并将JWT设置为服务器的默认身份验证方法Javascript 无效的JWT令牌导致500内部服务器错误,javascript,node.js,jwt,hapijs,Javascript,Node.js,Jwt,Hapijs,在服务器启动之前,所有插件等都已注册。我创建了我的策略,并将JWT设置为服务器的默认身份验证方法 await server.register(require('hapi-auth-jwt2')); await server.register(require('~/utils/jwt-key-signer')); server.auth.strategy( 'jwt', 'jwt', { key: process.env.API_KEY, validate:
await server.register(require('hapi-auth-jwt2'));
await server.register(require('~/utils/jwt-key-signer'));
server.auth.strategy(
'jwt', 'jwt',
{ key: process.env.API_KEY,
validate: true, // Temporarily using true
verifyOptions: { algorithms: [ 'HS256' ] }
});
server.auth.default('jwt');
'use strict';
const Boom = require('boom');
exports.plugin = {
name: 'user-create',
register: (server, options) => {
server.route({
method: 'POST',
path: '/user/create',
options: { auth: 'jwt' },
handler: async (request, h) => {
const { payload } = await request;
const { JWTKeySigner } = await server.plugins;
const token = await JWTKeySigner.signKeyReturnToken(payload);
const cookie_options = {
ttl: 365 * 24 * 60 * 60 * 1000, // expires a year from today
encoding: 'none', // we already used JWT to encode
isSecure: true, // warm & fuzzy feelings
isHttpOnly: true, // prevent client alteration
clearInvalid: false, // remove invalid cookies
strictHeader: true // don't allow violations of RFC 6265
}
return h.response({text: 'You have been authenticated!'}).header("Authorization", token).state("token", token, cookie_options);
},
options: {
description: 'Creates a user with an email and password',
notes: 'Returns created user',
tags: ['api']
}
});
}
};
const jwt = require('jsonwebtoken');
exports.plugin = {
name: 'JWTKeySigner',
register: (server, options) => {
server.expose('signKeyReturnToken', async (payload) => {
jwt.sign(payload, process.env.API_KEY, { algorithm: 'HS256' }, async (err, token) => {
if (err) {
console.log(err)
}
await console.log(`TOKEN${token}`);
return token;
});
})
}
};
{
"statusCode": 401,
"error": "Unauthorized",
"message": "Missing authentication"
}
{
"statusCode": 500,
"error": "Internal Server Error",
"message": "An internal server error occurred"
}
提前感谢嗯,我正在给你写另一条消息,但是我检查了hapi-auth-jwt2文档中的验证选项,它说
validate - (required) the function which is run once the Token has been decoded with signature
async function(decoded, request, h) where:
decoded - (required) is the decoded and verified JWT received in the request
request - (required) is the original request received from the client
h - (required) the response toolkit.
Returns an object { isValid, credentials, response } where:
isValid - true if the JWT was valid, otherwise false.
credentials - (optional) alternative credentials to be set instead of decoded.
response - (optional) If provided will be used immediately as a takeover response.
server.auth.strategy(
'jwt', 'jwt',
{ key: process.env.API_KEY,
validate: validate: () => ({isValid: true}), // Temporarily using true
verifyOptions: { algorithms: [ 'HS256' ] }
});
也许代码中有其他东西会抛出错误。您是否在服务器设置上启用了调试?您应该在服务器控制台中看到该500错误的详细信息。500内部错误通常与日志中的错误成对出现,是否存在错误?我打开了调试,并跟踪问题,直到验证方法不存在。我假设我可以传入“true”,然后下次编写验证方法。我错了。嗨,我发现这就是问题所在,但忘了添加我的答案。所以是的,验证方法不能被排除。