Jwt Can';我没有从听众那里得到令牌
我确实可以登录,创建令牌,并在发送请求帖子时从标题中查看它Jwt Can';我没有从听众那里得到令牌,jwt,Jwt,我确实可以登录,创建令牌,并在发送请求帖子时从标题中查看它 router.post('/login', (req, res, next) => { const email = req.body.email const password = req.body.password connection.query( `SELECT * FROM ETB.users WHERE email = ?;`, email, (err, resul
router.post('/login', (req, res, next) => {
const email = req.body.email
const password = req.body.password
connection.query(
`SELECT * FROM ETB.users WHERE email = ?;`, email,
(err, result) => {
console.log(result[0]);
if (err) {
return res.status(500).send(err)
} else if (!result[0]){
return res.status(409).send('Unknown user')
}
// check password
const passwordIsValid = bcrypt.compareSync(password, result[0].password);
console.log(passwordIsValid);
if(!passwordIsValid){
console.log('wrong password');
return res.status(401).send({ auth: false, token: null })
}
// Token creation
console.log('1', result[0].id);
const token = jwt.sign(
{id : result[0].id, email: result[0].email, type : result[0].type},
secret,
{
expiresIn: '24h'
},
{ algorithm: 'RS256' }
);
console.log(token);
res.header("Access-Control-Expose-Headers", "x-access-token")
console.log(res.header());
res.set("x-access-token", token);
res.status(200).send({ auth: true })
connection.query(`UPDATE ETB.users SET last_login = now() WHERE id = '${result[0].id}'` )
});
})
然而,当我试图得到一个“记录”的路线;我一直得到“拒绝访问”的消息,但令牌没有出现在标题中
router.get('/secret-route', userMiddleware.isLoggedIn, (req, res, next) => {
res.json({
posts: {
title: "my first post",
description: 'blabla'
}
});
});
中间件
isLoggedIn: (req, res, next) => {
const token = req.header('x-access-token')
if (!token) return res.status(401).send('Acess Denied');
try {
const verified = jwt.verify(token, process.env.JWT_SECRET);
req.user = verified;
} catch (err) {
res.status(400).send('Invalid Token')
}
next();
}
感谢您的帮助这是因为邮递员本身不维护邮件标题。您必须将收到的令牌复制并粘贴到环境变量的头中,以便它可用于您发出的每个请求 请参阅此部分,了解如何在Postman中添加标题作为环境变量 另一种解决方法是将它复制并粘贴到您发出的每个请求中的“x-access-token”头中,但第一种方法要好得多