Javascript 创建用于身份验证的jsonwebtoken
我的应用程序中的后端部分有问题,希望您能帮助我。我是后端新手。 我在server.js中创建了Express server并连接了MongoDB。之后,我需要jwt并在userCtrl.js中添加createAccessToken和createRefreshToken,如果它成为请求,我会签入postman。对于带有POST请求的访问令牌,我没有问题,但当我开始添加刷新令牌时,在邮递员中它没有授权。我能成为你的帮手吗。我不知道哪里错了 我把我的代码: userRouter.jsJavascript 创建用于身份验证的jsonwebtoken,javascript,node.js,mongodb,mongoose,Javascript,Node.js,Mongodb,Mongoose,我的应用程序中的后端部分有问题,希望您能帮助我。我是后端新手。 我在server.js中创建了Express server并连接了MongoDB。之后,我需要jwt并在userCtrl.js中添加createAccessToken和createRefreshToken,如果它成为请求,我会签入postman。对于带有POST请求的访问令牌,我没有问题,但当我开始添加刷新令牌时,在邮递员中它没有授权。我能成为你的帮手吗。我不知道哪里错了 我把我的代码: userRouter.js const ro
const router = require('express').Router()
const userCtrl = require('../controlleers/userCtrl')
router.post('/register', userCtrl.register)
router.get('/refresh_token', userCtrl.refreshToken)
module.exports = router
const mongoose = require('mongoose')
const userSchema = new mongoose.Schema(
{
name: {
type: String,
required: true,
trim: true,
},
email: {
type: String,
required: true,
unique: true,
},
password: {
type: String,
required: true,
},
role: {
type: Number,
default: 0,
},
cart: {
type: Array,
default: [],
},
},
{
timestamps: true,
}
)
module.exports = mongoose.model('Users', userSchema)
const Users = require('../models/userModel')
const bcrypt = require('bcrypt')
const jwt = require('jsonwebtoken')
const userCtrl = {
register: async (req, res) => {
// async before a function means one simple thing: a function always returns a promise.
try {
const { name, email, password } = req.body
const user = await Users.findOne({ email }) // wait until the promise resolves
if (user) return res.status(400).json({ msg: 'The email already exists' })
if (password.length < 6) return res.status(400).json({ msg: 'Password is at least 6 characteres long.' })
//Password encryption
const passwordHash = await bcrypt.hash(password, 10)
const newUser = new Users({
name,
email,
password: passwordHash,
})
// save mongodb
await newUser.save()
//then create jsonwebtoken to authentication
const accesstoken = createAccessToken({ id: newUser._id })
const refreshtoken = createRefreshToken({ id: newUser._id })
res.cookie('refreshtoken', refreshtoken, {
httpOnly: true,
path: '/user/refresh_token',
})
res.json({ accesstoken })
//res.json({msg: "Register Success!"})
} catch (err) {
return res.status(500).json({ msg: err.message })
}
},
refreshToken: (req, res) => {
const rf_token = req.cookies.refreshtoken
res.json({ rf_token })
},
}
const createAccessToken = (user) => {
return jwt.sign(user, process.env.ACCESS_TOKEN_SECRET, { expiresIn: '1d' })
}
const createRefreshToken = (user) => {
return jwt.sign(user, process.env.REFRESH_TOKEN_SECRET, { expiresIn: '7d' })
}
module.exports = userCtrl
require('dotenv').config()
const express = require('express')
const mongoose = require('mongoose')
const cors = require('cors')
const fileUpload = require('express-fileupload')
const cookieParser = require('cookie-parser')
const app = express()
app.use(express.json())
app.use(cookieParser())
app.use(cors())
// Use temp files instead of memory for managing the upload process.
app.use(fileUpload({
useTempFiles: true
}))
// Routes
app.use('/user', require('./routes/userRouter'))
// Connect to Mongodb
const URL = process.env.MONGO_URL
mongoose.connect(URL,{
useCreateIndex: true,
useFindAndModify: false,
useNewUrlParser: true,
useUnifiedTopology: true
}, err =>{
if(err) throw err;
console.log('Connected to MongoDB')
})
const PORT = process.env.PORT || 5000
app.listen(PORT, () => {
console.log('Server is running on port', PORT)
})
.env
MONGO_URL = ************
ACCESS_TOKEN_SECRET = ***********
REFRESH_TOKEN_SECRET = **********
userModel.js
const router = require('express').Router()
const userCtrl = require('../controlleers/userCtrl')
router.post('/register', userCtrl.register)
router.get('/refresh_token', userCtrl.refreshToken)
module.exports = router
const mongoose = require('mongoose')
const userSchema = new mongoose.Schema(
{
name: {
type: String,
required: true,
trim: true,
},
email: {
type: String,
required: true,
unique: true,
},
password: {
type: String,
required: true,
},
role: {
type: Number,
default: 0,
},
cart: {
type: Array,
default: [],
},
},
{
timestamps: true,
}
)
module.exports = mongoose.model('Users', userSchema)
const Users = require('../models/userModel')
const bcrypt = require('bcrypt')
const jwt = require('jsonwebtoken')
const userCtrl = {
register: async (req, res) => {
// async before a function means one simple thing: a function always returns a promise.
try {
const { name, email, password } = req.body
const user = await Users.findOne({ email }) // wait until the promise resolves
if (user) return res.status(400).json({ msg: 'The email already exists' })
if (password.length < 6) return res.status(400).json({ msg: 'Password is at least 6 characteres long.' })
//Password encryption
const passwordHash = await bcrypt.hash(password, 10)
const newUser = new Users({
name,
email,
password: passwordHash,
})
// save mongodb
await newUser.save()
//then create jsonwebtoken to authentication
const accesstoken = createAccessToken({ id: newUser._id })
const refreshtoken = createRefreshToken({ id: newUser._id })
res.cookie('refreshtoken', refreshtoken, {
httpOnly: true,
path: '/user/refresh_token',
})
res.json({ accesstoken })
//res.json({msg: "Register Success!"})
} catch (err) {
return res.status(500).json({ msg: err.message })
}
},
refreshToken: (req, res) => {
const rf_token = req.cookies.refreshtoken
res.json({ rf_token })
},
}
const createAccessToken = (user) => {
return jwt.sign(user, process.env.ACCESS_TOKEN_SECRET, { expiresIn: '1d' })
}
const createRefreshToken = (user) => {
return jwt.sign(user, process.env.REFRESH_TOKEN_SECRET, { expiresIn: '7d' })
}
module.exports = userCtrl
require('dotenv').config()
const express = require('express')
const mongoose = require('mongoose')
const cors = require('cors')
const fileUpload = require('express-fileupload')
const cookieParser = require('cookie-parser')
const app = express()
app.use(express.json())
app.use(cookieParser())
app.use(cors())
// Use temp files instead of memory for managing the upload process.
app.use(fileUpload({
useTempFiles: true
}))
// Routes
app.use('/user', require('./routes/userRouter'))
// Connect to Mongodb
const URL = process.env.MONGO_URL
mongoose.connect(URL,{
useCreateIndex: true,
useFindAndModify: false,
useNewUrlParser: true,
useUnifiedTopology: true
}, err =>{
if(err) throw err;
console.log('Connected to MongoDB')
})
const PORT = process.env.PORT || 5000
app.listen(PORT, () => {
console.log('Server is running on port', PORT)
})
userCtrl.js
const router = require('express').Router()
const userCtrl = require('../controlleers/userCtrl')
router.post('/register', userCtrl.register)
router.get('/refresh_token', userCtrl.refreshToken)
module.exports = router
const mongoose = require('mongoose')
const userSchema = new mongoose.Schema(
{
name: {
type: String,
required: true,
trim: true,
},
email: {
type: String,
required: true,
unique: true,
},
password: {
type: String,
required: true,
},
role: {
type: Number,
default: 0,
},
cart: {
type: Array,
default: [],
},
},
{
timestamps: true,
}
)
module.exports = mongoose.model('Users', userSchema)
const Users = require('../models/userModel')
const bcrypt = require('bcrypt')
const jwt = require('jsonwebtoken')
const userCtrl = {
register: async (req, res) => {
// async before a function means one simple thing: a function always returns a promise.
try {
const { name, email, password } = req.body
const user = await Users.findOne({ email }) // wait until the promise resolves
if (user) return res.status(400).json({ msg: 'The email already exists' })
if (password.length < 6) return res.status(400).json({ msg: 'Password is at least 6 characteres long.' })
//Password encryption
const passwordHash = await bcrypt.hash(password, 10)
const newUser = new Users({
name,
email,
password: passwordHash,
})
// save mongodb
await newUser.save()
//then create jsonwebtoken to authentication
const accesstoken = createAccessToken({ id: newUser._id })
const refreshtoken = createRefreshToken({ id: newUser._id })
res.cookie('refreshtoken', refreshtoken, {
httpOnly: true,
path: '/user/refresh_token',
})
res.json({ accesstoken })
//res.json({msg: "Register Success!"})
} catch (err) {
return res.status(500).json({ msg: err.message })
}
},
refreshToken: (req, res) => {
const rf_token = req.cookies.refreshtoken
res.json({ rf_token })
},
}
const createAccessToken = (user) => {
return jwt.sign(user, process.env.ACCESS_TOKEN_SECRET, { expiresIn: '1d' })
}
const createRefreshToken = (user) => {
return jwt.sign(user, process.env.REFRESH_TOKEN_SECRET, { expiresIn: '7d' })
}
module.exports = userCtrl
require('dotenv').config()
const express = require('express')
const mongoose = require('mongoose')
const cors = require('cors')
const fileUpload = require('express-fileupload')
const cookieParser = require('cookie-parser')
const app = express()
app.use(express.json())
app.use(cookieParser())
app.use(cors())
// Use temp files instead of memory for managing the upload process.
app.use(fileUpload({
useTempFiles: true
}))
// Routes
app.use('/user', require('./routes/userRouter'))
// Connect to Mongodb
const URL = process.env.MONGO_URL
mongoose.connect(URL,{
useCreateIndex: true,
useFindAndModify: false,
useNewUrlParser: true,
useUnifiedTopology: true
}, err =>{
if(err) throw err;
console.log('Connected to MongoDB')
})
const PORT = process.env.PORT || 5000
app.listen(PORT, () => {
console.log('Server is running on port', PORT)
})
从外观上看,您没有从控制器导出
userCtrl
module.exports={
用户控制
}
编辑:
假设您的用户控制器看起来像这样
//user.js
const router=require(“express”).router();
路由器.get('/user/refresh_token',函数(req,res){
log(“收到的请求”);
res.send(200);
});
module.exports=路由器;
确保服务器/索引JS文件中的根URL正确
const express=require(“express”);
常量app=express();
const user=require(“./user”);
/*
对于您的用例,请确保使用“/”装载您的用户中间件。
如果您在此处使用/user,例如,
应用程序使用('/user',user);
然后,您的GET URL将是/user/user/refresh\u令牌
*/
应用程序使用(“/”,用户);
app.listen(5000,函数(){
console.log('服务器在端口5000上侦听')
})
编辑:
当您将cookie设置为
res.cookie('refreshToken', 'some-random-value', {
httpOnly: true,
path: '/user', // even /user/refresh_token should work
});
这是它在我的本地为这两条路径工作的屏幕截图
对不起,我有,只是忘了在这里添加代码。我编辑it@nik_kolev你也在
server.js
文件中实例化了路由器?我的URL错了。它是/user/user/refresh\u令牌,我将其更改为/user/refresh\u令牌。我添加了你的get请求,邮递员说我“好”,它可以工作,但在cookie中我有nothing@nik_kolev更新了我的答案。很有效,非常感谢:)是不是应该是router.post('/refresh\u-token',userCtrl.refreshttoken)
?因为你在做一篇HTTP文章?