Fatal编程技术网
  • node.js/
  • Node.js 如何将use()实例应用于除app.use(express.static(“dist”)传递的路由之外的所有路由?

Node.js 如何将use()实例应用于除app.use(express.static(“dist”)传递的路由之外的所有路由?

node.js express jwt

Node.js 如何将use()实例应用于除app.use(express.static(“dist”)传递的路由之外的所有路由?,node.js,express,jwt,Node.js,Express,Jwt,我认为我在撰写过程中已经解决了这个问题,基本上解决方案似乎是: 将静态文件处理程序移到use()的其他实例上方 确认这是一种可接受的方法将不胜感激,但也可能有助于类似场景中的其他人 期望的行为 将use()实例应用于除由以下人员处理的路由之外的所有路由: app.use(express.static("dist")); app.use(express.static("dist")); 实际行为 use()正在应用于所有路由,包括由以下人员处理的路由: app.use(express.st

我认为我在撰写过程中已经解决了这个问题,基本上解决方案似乎是:

将静态文件处理程序移到use()的其他实例上方

确认这是一种可接受的方法将不胜感激,但也可能有助于类似场景中的其他人

期望的行为

use()
实例应用于除由以下人员处理的路由之外的所有路由:

app.use(express.static("dist")); 

app.use(express.static("dist"));
实际行为

use()
正在应用于所有路由,包括由以下人员处理的路由:

app.use(express.static("dist")); 

app.use(express.static("dist"));
场景

为了确保对API的访问,我使用了Lynda.com教程中描述的模型:

在伪代码中,模型基本上由以下部分组成:

  • 检查jwt令牌是否已发送的全局
    use()
    实例
  • 如果已发送令牌,则if将验证该令牌
  • 如果验证失败或未发送令牌,它会将
    req.user
    属性设置为
    undefined
  • 否则,如果验证成功,它将
    req.user
    属性设置为解码的jwt值
  • 后续中间件根据
    req.user
该模型在所有意图和目的下都运行良好

但是,我最近添加了一些控制台日志记录,可以看到正在对以下两种情况执行验证:

  • api请求(期望的行为)
  • 通过
    app.use(express.static(“dist”))提供的静态文件
问题

如何将验证
use()
实例应用于所有路由,除了那些由
app.use(express.static(“dist”))处理的路由之外


// 01.  verification use() called on all requests

app.use((req, res, next) => {

    // if jwt authorisation has been sent in headers, verify it
    if (req.headers && req.headers.authorization && req.headers.authorization.split(' ')[0] === 'JWT') {

        console.log("jwt verification sent, verifying...");

        try {
            // this is synchronous as it has no callback
            req.user = jsonwebtoken.verify(req.headers.authorization.split(' ')[1], 'RESTFULAPIs');
            console.log("jwt verified, will return decoded value");
        } catch (err) {
            req.user = undefined;
            console.log("jwt verification failed, user will remain undefined: " + err);
        }

        // move to the next piece of middleware
        next();

    }
    // if jwt authorisation has not been sent in headers
    else {
        console.log("jwt verification not sent, leaving user as undefined");
        console.log(req.originalUrl);
        req.user = undefined;
        // move to the next piece of middleware
        next();
    }
});


// 02.  use() for serving static files
app.use(express.static("dist"));


// 03.  middleware to check if login has been verified
const api_login_required = (req, res, next) => {

    // if token verification was successful and the user property exists
    if (req.user) {
        // move to the next piece of middleware
        next();
    }
    // otherwise, return unauthorised user message
    else {
        res.json({ verification: 0 });
    }

}


// 04.  middleware called in route handlers
app.route("/api/:api_version/users/private_data")
    .get(api_login_required, api_users_private_data_get)
    .post(api_login_required, api_users_private_data_post);


我尝试过的

我想通过将下面代码的
2
部分移到
1
部分上方,我已经解决了这个问题


// 01.  verification use() called on all requests

app.use((req, res, next) => {

    // if jwt authorisation has been sent in headers, verify it
    if (req.headers && req.headers.authorization && req.headers.authorization.split(' ')[0] === 'JWT') {

        console.log("jwt verification sent, verifying...");

        try {
            // this is synchronous as it has no callback
            req.user = jsonwebtoken.verify(req.headers.authorization.split(' ')[1], 'RESTFULAPIs');
            console.log("jwt verified, will return decoded value");
        } catch (err) {
            req.user = undefined;
            console.log("jwt verification failed, user will remain undefined: " + err);
        }

        // move to the next piece of middleware
        next();

    }
    // if jwt authorisation has not been sent in headers
    else {
        console.log("jwt verification not sent, leaving user as undefined");
        console.log(req.originalUrl);
        req.user = undefined;
        // move to the next piece of middleware
        next();
    }
});


// 02.  use() for serving static files
app.use(express.static("dist"));


// 03.  middleware to check if login has been verified
const api_login_required = (req, res, next) => {

    // if token verification was successful and the user property exists
    if (req.user) {
        // move to the next piece of middleware
        next();
    }
    // otherwise, return unauthorised user message
    else {
        res.json({ verification: 0 });
    }

}


// 04.  middleware called in route handlers
app.route("/api/:api_version/users/private_data")
    .get(api_login_required, api_users_private_data_get)
    .post(api_login_required, api_users_private_data_post);



中间件总是控制从按钮到按钮的流程,它们是按顺序写入的。像


if (example 1)code like 
app.use((req,res, next)=>{// middleware 1; next()} )
app.get('/rot1', (req, res)=> res.status(200).send('route 1'));
app.get('/rot2', (req, res)=> res.status(200).send('route 2'));

In this case, middleware appears in both route1, route because of middleware set at the top of the route.

If (example 2)code like
app.use((req,res, next)=>{// middleware 1; next()} )
app.get('/rot1', (req, res)=> res.status(200).send('route 1'));
app.use((req,res, next)=>{// middleware 2; next()} )
app.get('/rot2', (req, res)=> res.status(200).send('route 2')); 

Here middleware1 applied in both route1 and route 2
But middleware2 applied only on route2.

But you can also define specific middleware for each route
function middleware1(req, res, next){
    next();
}
function middleware2(req, res, next){
    next();
}
app.get('/rot1', middleware1, (req, res)=> res.status(200).send('route 1'));
app.get('/rot2', middleware2, (req, res)=> res.status(200).send('route 2')); 

Here middleware1 only applied on route1 and middleware2 only applied on route2.


也许上面的解释对你有帮助