Node.js REST API没有根据标头中的Passport JWT令牌更改用户?
所以我有一个用Node.JS、MongoDB和Express编写的RESTAPI。我使用passport和passport jwt使用JSON web令牌进行身份验证,但当我为不同的用户帐户使用不同的令牌时,每次请求都保存相同的用户 以下是routes.js中的身份验证端点:Node.js REST API没有根据标头中的Passport JWT令牌更改用户?,node.js,mongodb,express,passport.js,express-jwt,Node.js,Mongodb,Express,Passport.js,Express Jwt,所以我有一个用Node.JS、MongoDB和Express编写的RESTAPI。我使用passport和passport jwt使用JSON web令牌进行身份验证,但当我为不同的用户帐户使用不同的令牌时,每次请求都保存相同的用户 以下是routes.js中的身份验证端点: // Authenticate the user and get a JSON Web Token to include in the header of future requests. apiRoutes.post
// Authenticate the user and get a JSON Web Token to include in the header of future requests.
apiRoutes.post('/authenticate', function(req, res) {
User.findOne({
email: req.body.email
}, function(err, user) {
if (err) throw err;
if (!user) {
res.send({ success: false, message: 'Authentication failed. User not found.' });
} else {
// Check if password matches
user.comparePassword(req.body.password, function(err, isMatch) {
if (isMatch && !err) {
// Create token if the password matched and no error was thrown
var token = jwt.sign(user, config.secret, {
//expiresIn: 10080 // in seconds
});
res.json({ success: true, token: 'JWT ' + token, _id: user._id });
} else {
res.send({ success: false, message: 'Authentication failed. Passwords did not match.' });
}
});
}
});
});
// GET user
apiRoutes.get('/users', passport.authenticate('jwt', { session: false }), function(req, res) {
res.json(req.user);
});
var JwtStrategy = require('passport-jwt').Strategy;
var ExtractJwt = require('passport-jwt').ExtractJwt;
var User = require('../models/user');
var config = require('./main');
// Setup work and export for the JWT passport strategy
module.exports = function(passport) {
var opts = {};
opts.jwtFromRequest = ExtractJwt.fromAuthHeader();
opts.secretOrKey = config.secret;
passport.use(new JwtStrategy(opts, function(jwt_payload, done) {
User.findOne({id: jwt_payload.id}, function(err, user) {
if (err) {
return done(err, false);
}
if (user) {
done(null, user);
} else {
done(null, false);
}
});
}));
};
有什么想法吗?所以我发现它显示的是用户文档中的第一个条目,因为JWT太大了。因此,我更改了身份验证路由,使JWT仅由用户的id和用户名组成,如下所示:
apiRoutes.post('/authenticate', function(req, res) {
User.findOne({
email: req.body.email
}, function(err, user) {
if (err) throw err;
if (!user) {
res.send({ success: false, response: 'Authentication failed. User not found.' });
} else {
// Check if password matches
user.comparePassword(req.body.password, function(err, isMatch) {
if (isMatch && !err) {
// Create token if the password matched and no error was thrown
var token = jwt.sign({id: user._id, username: user.username }, config.secret, {
expiresIn: 10080 // in seconds
});
res.json({ success: true, response: 'Authentication succeeded! User found.', token: 'JWT ' + token});
} else {
res.send({ success: false, response: 'Authentication failed. Passwords did not match.' });
}
});
}
});
});
var JwtStrategy=require('passport-jwt')。策略;
var-ExtractJwt=require('passport-jwt')。ExtractJwt;
var User=require('../models/User');
var config=require('./main');
//JWT passport策略的设置工作和导出
module.exports=函数(passport){
var opts={};
opts.jwtFromRequest=ExtractJwt.fromAuthHeader();
opts.secretrokey=config.secret;
passport.use(新JwtStrategy(选项,功能)(jwt_有效载荷,完成){
findOne({u id:jwt\u payload.\u id},函数(err,User){
如果(错误){
返回完成(错误、错误);
}
如果(用户){
完成(空,用户);
}否则{
完成(空,假);
}
});
}));
}var JwtStrategy = require('passport-jwt').Strategy;
var ExtractJwt = require('passport-jwt').ExtractJwt;
var User = require('../models/user');
var config = require('./main');
// Setup work and export for the JWT passport strategy
module.exports = function(passport) {
var opts = {};
opts.jwtFromRequest = ExtractJwt.fromAuthHeader();
opts.secretOrKey = config.secret;
passport.use(new JwtStrategy(opts, function(jwt_payload, done) {
User.findOne({_id: jwt_payload._doc._id}, function(err, user) {
if (err) {
return done(err, false);
}
if (user) {
done(null, user);
} else {
done(null, false);
}
});
}));
};