Fatal编程技术网
  • node.js/
  • Node.js 我的express服务器如何读取设置为';httpOnly'?我如何在前端阅读它?

Node.js 我的express服务器如何读取设置为';httpOnly'?我如何在前端阅读它?

node.js express cookies

Node.js 我的express服务器如何读取设置为';httpOnly'?我如何在前端阅读它?,node.js,express,cookies,Node.js,Express,Cookies,我在理解这段代码时遇到一些困难 我有以下快速登录路径,它发送一个accesstoken作为响应,然后在我的前端我将其保存在cookie中,并发送一个刷新令牌作为。。。(?)http_only在客户端不可读。在服务器上运行读取代码段中cookie的代码。显然,服务器首先应该能够读取它发出的cookie。@WiktorZychla谢谢,这很有意义 app.post('/login', async (req, res) => { const { email, password}

我在理解这段代码时遇到一些困难

我有以下快速登录路径,它发送一个accesstoken作为响应,然后在我的前端我将其保存在cookie中,并发送一个刷新令牌作为。。。(?)
http_only
在客户端不可读。在服务器上运行读取代码段中cookie的代码。显然,服务器首先应该能够读取它发出的cookie。@WiktorZychla谢谢,这很有意义 
    app.post('/login', async (req, res) => {
    const { email, password} = req.body;

    try{
        //find user in database if not then error
        const user = fakeDB.find(user => user.email === email);
        if(!user) throw new Error("User doesnt exist");
        //compare the passwords and see if they match send error if not
        const valid = await compare(password, user.password);
        if(!valid) throw new Error("Password not corect");
        //create refresh and access token if its correct
        const accesstoken =  createAccessToken(user.id);
        const refreshtoken = createRefreshToken(user.id);
        //put the refreshtoken in the "database"
        user.refreshtoken = refreshtoken;
        console.log(fakeDB);
        //send token refreshtoken as a cookie, and accesstoken as a regular response
        sendRefreshToken(res, refreshtoken);
        sendAccessToken(res, req, accesstoken);

    }catch (err){
        res.send({
            error: `${err.message}`
        })
    }
})

    const sendAccessToken = (res , req, accesstoken) => {
    res.send({
        accesstoken,
        email: req.body.email

    })
}

const sendRefreshToken = (res, refreshtoken) => {
     res.cookie("refreshtoken", refreshtoken, {
        httpOnly: true,
         path: '/refresh_token'
     })

}

    app.post('/refresh_token', (req, res) => {
    const token = req.cookies.refreshtoken
    //if no token in request
    if(!token) return res.send({accesstoken : ''});
    //if we have a token we verify it
    let payload = null;
    try{
        payload = verify(token, process.env.REFRESH_TOKEN_SECRET);
    }catch(err){
        return res.send({accesstoken: ''});
    }
    //if token is valid check if user exist
    const user = fakeDB.find(user => user.id === payload.userId)
    if(!user) return res.send({ accesstoken: ''});
    //if user exists check if refreshtoken exist on user

     if(user.refreshtoken !== token){
         return res.send({accesstoken: ''}) 
     }


    //if token exist create a new Refresh and Accestoken
    const accesstoken = createAccessToken(user.id);
    const refreshtoken =  createRefreshToken(user.id);
    user.refreshtoken = refreshtoken;
    //send new refreshtoken and accesstoken
    sendRefreshToken(res, refreshtoken);
    return res.send({accesstoken});
})