Node.js 我的express服务器如何读取设置为';httpOnly'?我如何在前端阅读它?
我在理解这段代码时遇到一些困难Node.js 我的express服务器如何读取设置为';httpOnly'?我如何在前端阅读它?,node.js,express,cookies,Node.js,Express,Cookies,我在理解这段代码时遇到一些困难 我有以下快速登录路径,它发送一个accesstoken作为响应,然后在我的前端我将其保存在cookie中,并发送一个刷新令牌作为。。。(?)http_only在客户端不可读。在服务器上运行读取代码段中cookie的代码。显然,服务器首先应该能够读取它发出的cookie。@WiktorZychla谢谢,这很有意义 app.post('/login', async (req, res) => { const { email, password}
我有以下快速登录路径,它发送一个accesstoken作为响应,然后在我的前端我将其保存在cookie中,并发送一个刷新令牌作为。。。(?)
http_only
在客户端不可读。在服务器上运行读取代码段中cookie的代码。显然,服务器首先应该能够读取它发出的cookie。@WiktorZychla谢谢,这很有意义
app.post('/login', async (req, res) => {
const { email, password} = req.body;
try{
//find user in database if not then error
const user = fakeDB.find(user => user.email === email);
if(!user) throw new Error("User doesnt exist");
//compare the passwords and see if they match send error if not
const valid = await compare(password, user.password);
if(!valid) throw new Error("Password not corect");
//create refresh and access token if its correct
const accesstoken = createAccessToken(user.id);
const refreshtoken = createRefreshToken(user.id);
//put the refreshtoken in the "database"
user.refreshtoken = refreshtoken;
console.log(fakeDB);
//send token refreshtoken as a cookie, and accesstoken as a regular response
sendRefreshToken(res, refreshtoken);
sendAccessToken(res, req, accesstoken);
}catch (err){
res.send({
error: `${err.message}`
})
}
})
const sendAccessToken = (res , req, accesstoken) => {
res.send({
accesstoken,
email: req.body.email
})
}
const sendRefreshToken = (res, refreshtoken) => {
res.cookie("refreshtoken", refreshtoken, {
httpOnly: true,
path: '/refresh_token'
})
}
app.post('/refresh_token', (req, res) => {
const token = req.cookies.refreshtoken
//if no token in request
if(!token) return res.send({accesstoken : ''});
//if we have a token we verify it
let payload = null;
try{
payload = verify(token, process.env.REFRESH_TOKEN_SECRET);
}catch(err){
return res.send({accesstoken: ''});
}
//if token is valid check if user exist
const user = fakeDB.find(user => user.id === payload.userId)
if(!user) return res.send({ accesstoken: ''});
//if user exists check if refreshtoken exist on user
if(user.refreshtoken !== token){
return res.send({accesstoken: ''})
}
//if token exist create a new Refresh and Accestoken
const accesstoken = createAccessToken(user.id);
const refreshtoken = createRefreshToken(user.id);
user.refreshtoken = refreshtoken;
//send new refreshtoken and accesstoken
sendRefreshToken(res, refreshtoken);
return res.send({accesstoken});
})