Node.js JWT身份验证授权不工作
我正在尝试实现一个jwt令牌来保护我的API。我在前端使用Angular,在后端使用node和express,使用mongodb作为数据库。我已经测试了我的API,它似乎正在生成一个令牌,但在我注销后或甚至在登录之前,它并没有被删除。我仍然可以访问一些没有登录就无法访问的路由。如果您想更好地了解项目,可以查看我的git存储库。当我登录时,我将返回此对象:Node.js JWT身份验证授权不工作,node.js,angular,express,Node.js,Angular,Express,我正在尝试实现一个jwt令牌来保护我的API。我在前端使用Angular,在后端使用node和express,使用mongodb作为数据库。我已经测试了我的API,它似乎正在生成一个令牌,但在我注销后或甚至在登录之前,它并没有被删除。我仍然可以访问一些没有登录就无法访问的路由。如果您想更好地了解项目,可以查看我的git存储库。当我登录时,我将返回此对象: { "error": false, "message": "Login Successful", "status":
{
"error": false,
"message": "Login Successful",
"status": 200,
"data": {
"authToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqd3RpZCI6IkJNQllta011IiwiaWF0IjoxNTc4NDk3ODkwODA2LCJleHAiOjE1Nzg1ODQyOTAsInN1YiI6ImF1dGhUb2tlbiIsImlzcyI6ImVkQ2hhdCIsImRhdGEiOnsidXNlcklkIjoiN3FiYVhacVoiLCJmaXJzdE5hbWUiOiJYdHJlbWF0b3IiLCJsYXN0TmFtZSI6ImRlIFNpbHZhIiwiZW1haWwiOiJ4dHJlbWF0b3JAcHViZy5jb20iLCJtb2JpbGVOdW1iZXIiOjk5MDkwOTkwOTl9fQ.KFyJAqaAygxL9IZNitAt5nt2naz8P7I6-JFCHwO4vdc",
"userDetails": {
"userId": "7qbaXZqZ",
"firstName": "Xtremator",
"lastName": "de Silva",
"email": "xtremator@pubg.com",
"mobileNumber": 9909099099
}
}
}
以下是我的角度服务功能
public getUserInfoFromLocalStorage: any = () =>{
return JSON.parse(localStorage.getItem('userInfo'));
}
public setUserInfoInLocalStorage: any = (data) =>{
localStorage.setItem('userInfo', JSON.stringify(data))
}
public signinFunction(data): Observable<any>{
const params = new HttpParams()
.set('email', data.email)
.set('password', data.password)
return this._http.post(`${this.baseUrl}/login`, params);
}
let loginFunction = (req, res) => {
let findUser = () => {
console.log("findUser");
return new Promise((resolve, reject) => {
if (req.body.email) {
console.log("req body email is there");
console.log(req.body);
UserModel.findOne({ email: req.body.email}, (err, userDetails) => {
if (err) {
console.log(err)
logger.error('Failed To Retrieve User Data', 'userController: findUser()', 10)
let apiResponse = response.generate(true, 'Failed To Find User Details', 500, null)
reject(apiResponse)
} else if (check.isEmpty(userDetails)) {
logger.error('No User Found', 'userController: findUser()', 7)
let apiResponse = response.generate(true, 'No User Details Found', 404, null)
reject(apiResponse)
} else {
logger.info('User Found', 'userController: findUser()', 10)
resolve(userDetails)
}
});
} else {
let apiResponse = response.generate(true, '"email" parameter is missing', 400, null)
reject(apiResponse)
}
})
}
let validatePassword = (retrievedUserDetails) => {
console.log("validatePassword");
return new Promise((resolve, reject) => {
passwordLib.comparePassword(req.body.password, retrievedUserDetails.password, (err, isMatch) => {
if (err) {
console.log(err)
logger.error(err.message, 'userController: validatePassword()', 10)
let apiResponse = response.generate(true, 'Login Failed', 500, null)
reject(apiResponse)
} else if (isMatch) {
let retrievedUserDetailsObj = retrievedUserDetails.toObject()
delete retrievedUserDetailsObj.password
delete retrievedUserDetailsObj._id
delete retrievedUserDetailsObj.__v
delete retrievedUserDetailsObj.createdOn
delete retrievedUserDetailsObj.modifiedOn
resolve(retrievedUserDetailsObj)
} else {
logger.info('Login Failed Due To Invalid Password', 'userController: validatePassword()', 10)
let apiResponse = response.generate(true, 'Wrong Password.Login Failed', 400, null)
reject(apiResponse)
}
})
})
}
let generateToken = (userDetails) => {
console.log("generate token");
return new Promise((resolve, reject) => {
token.generateToken(userDetails, (err, tokenDetails) => {
if (err) {
console.log(err)
let apiResponse = response.generate(true, 'Failed To Generate Token', 500, null)
reject(apiResponse)
} else {
tokenDetails.userId = userDetails.userId
tokenDetails.userDetails = userDetails
resolve(tokenDetails)
}
})
})
}
let saveToken = (tokenDetails) => {
console.log("save token");
return new Promise((resolve, reject) => {
AuthModel.findOne({ userId: tokenDetails.userId }, (err, retrievedTokenDetails) => {
if (err) {
console.log(err.message, 'userController: saveToken', 10)
let apiResponse = response.generate(true, 'Failed To Generate Token', 500, null)
reject(apiResponse)
} else if (check.isEmpty(retrievedTokenDetails)) {
let newAuthToken = new AuthModel({
userId: tokenDetails.userId,
authToken: tokenDetails.token,
tokenSecret: tokenDetails.tokenSecret,
tokenGenerationTime: time.now()
})
newAuthToken.save((err, newTokenDetails) => {
if (err) {
console.log(err)
logger.error(err.message, 'userController: saveToken', 10)
let apiResponse = response.generate(true, 'Failed To Generate Token', 500, null)
reject(apiResponse)
} else {
let responseBody = {
authToken: newTokenDetails.authToken,
userDetails: tokenDetails.userDetails
}
resolve(responseBody)
}
})
} else {
retrievedTokenDetails.authToken = tokenDetails.token
retrievedTokenDetails.tokenSecret = tokenDetails.tokenSecret
retrievedTokenDetails.tokenGenerationTime = time.now()
retrievedTokenDetails.save((err, newTokenDetails) => {
if (err) {
console.log(err)
logger.error(err.message, 'userController: saveToken', 10)
let apiResponse = response.generate(true, 'Failed To Generate Token', 500, null)
reject(apiResponse)
} else {
let responseBody = {
authToken: newTokenDetails.authToken,
userDetails: tokenDetails.userDetails
}
resolve(responseBody)
}
})
}
})
})
}
findUser(req,res)
.then(validatePassword)
.then(generateToken)
.then(saveToken)
.then((resolve) => {
let apiResponse = response.generate(false, 'Login Successful', 200, resolve)
res.status(200)
res.send(apiResponse)
})
.catch((err) => {
console.log("errorhandler");
console.log(err);
res.status(err.status)
res.send(err)
})
}
/**
* function to logout user.
* auth params: userId.
*/
let logout = (req, res) => {
AuthModel.findOneAndRemove({userId: req.user.userId}, (err, result) => {
if (err) {
console.log(err)
logger.error(err.message, 'user Controller: logout', 10)
let apiResponse = response.generate(true, `error occurred: ${err.message}`, 500, null)
res.send(apiResponse)
} else if (check.isEmpty(result)) {
let apiResponse = response.generate(true, 'Already Logged Out or Invalid UserId', 404, null)
res.send(apiResponse)
} else {
let apiResponse = response.generate(false, 'Logged Out Successfully', 200, null)
res.send(apiResponse)
}
})
} // end of the logout function.
下面是我的节点控制器功能
public getUserInfoFromLocalStorage: any = () =>{
return JSON.parse(localStorage.getItem('userInfo'));
}
public setUserInfoInLocalStorage: any = (data) =>{
localStorage.setItem('userInfo', JSON.stringify(data))
}
public signinFunction(data): Observable<any>{
const params = new HttpParams()
.set('email', data.email)
.set('password', data.password)
return this._http.post(`${this.baseUrl}/login`, params);
}
let loginFunction = (req, res) => {
let findUser = () => {
console.log("findUser");
return new Promise((resolve, reject) => {
if (req.body.email) {
console.log("req body email is there");
console.log(req.body);
UserModel.findOne({ email: req.body.email}, (err, userDetails) => {
if (err) {
console.log(err)
logger.error('Failed To Retrieve User Data', 'userController: findUser()', 10)
let apiResponse = response.generate(true, 'Failed To Find User Details', 500, null)
reject(apiResponse)
} else if (check.isEmpty(userDetails)) {
logger.error('No User Found', 'userController: findUser()', 7)
let apiResponse = response.generate(true, 'No User Details Found', 404, null)
reject(apiResponse)
} else {
logger.info('User Found', 'userController: findUser()', 10)
resolve(userDetails)
}
});
} else {
let apiResponse = response.generate(true, '"email" parameter is missing', 400, null)
reject(apiResponse)
}
})
}
let validatePassword = (retrievedUserDetails) => {
console.log("validatePassword");
return new Promise((resolve, reject) => {
passwordLib.comparePassword(req.body.password, retrievedUserDetails.password, (err, isMatch) => {
if (err) {
console.log(err)
logger.error(err.message, 'userController: validatePassword()', 10)
let apiResponse = response.generate(true, 'Login Failed', 500, null)
reject(apiResponse)
} else if (isMatch) {
let retrievedUserDetailsObj = retrievedUserDetails.toObject()
delete retrievedUserDetailsObj.password
delete retrievedUserDetailsObj._id
delete retrievedUserDetailsObj.__v
delete retrievedUserDetailsObj.createdOn
delete retrievedUserDetailsObj.modifiedOn
resolve(retrievedUserDetailsObj)
} else {
logger.info('Login Failed Due To Invalid Password', 'userController: validatePassword()', 10)
let apiResponse = response.generate(true, 'Wrong Password.Login Failed', 400, null)
reject(apiResponse)
}
})
})
}
let generateToken = (userDetails) => {
console.log("generate token");
return new Promise((resolve, reject) => {
token.generateToken(userDetails, (err, tokenDetails) => {
if (err) {
console.log(err)
let apiResponse = response.generate(true, 'Failed To Generate Token', 500, null)
reject(apiResponse)
} else {
tokenDetails.userId = userDetails.userId
tokenDetails.userDetails = userDetails
resolve(tokenDetails)
}
})
})
}
let saveToken = (tokenDetails) => {
console.log("save token");
return new Promise((resolve, reject) => {
AuthModel.findOne({ userId: tokenDetails.userId }, (err, retrievedTokenDetails) => {
if (err) {
console.log(err.message, 'userController: saveToken', 10)
let apiResponse = response.generate(true, 'Failed To Generate Token', 500, null)
reject(apiResponse)
} else if (check.isEmpty(retrievedTokenDetails)) {
let newAuthToken = new AuthModel({
userId: tokenDetails.userId,
authToken: tokenDetails.token,
tokenSecret: tokenDetails.tokenSecret,
tokenGenerationTime: time.now()
})
newAuthToken.save((err, newTokenDetails) => {
if (err) {
console.log(err)
logger.error(err.message, 'userController: saveToken', 10)
let apiResponse = response.generate(true, 'Failed To Generate Token', 500, null)
reject(apiResponse)
} else {
let responseBody = {
authToken: newTokenDetails.authToken,
userDetails: tokenDetails.userDetails
}
resolve(responseBody)
}
})
} else {
retrievedTokenDetails.authToken = tokenDetails.token
retrievedTokenDetails.tokenSecret = tokenDetails.tokenSecret
retrievedTokenDetails.tokenGenerationTime = time.now()
retrievedTokenDetails.save((err, newTokenDetails) => {
if (err) {
console.log(err)
logger.error(err.message, 'userController: saveToken', 10)
let apiResponse = response.generate(true, 'Failed To Generate Token', 500, null)
reject(apiResponse)
} else {
let responseBody = {
authToken: newTokenDetails.authToken,
userDetails: tokenDetails.userDetails
}
resolve(responseBody)
}
})
}
})
})
}
findUser(req,res)
.then(validatePassword)
.then(generateToken)
.then(saveToken)
.then((resolve) => {
let apiResponse = response.generate(false, 'Login Successful', 200, resolve)
res.status(200)
res.send(apiResponse)
})
.catch((err) => {
console.log("errorhandler");
console.log(err);
res.status(err.status)
res.send(err)
})
}
/**
* function to logout user.
* auth params: userId.
*/
let logout = (req, res) => {
AuthModel.findOneAndRemove({userId: req.user.userId}, (err, result) => {
if (err) {
console.log(err)
logger.error(err.message, 'user Controller: logout', 10)
let apiResponse = response.generate(true, `error occurred: ${err.message}`, 500, null)
res.send(apiResponse)
} else if (check.isEmpty(result)) {
let apiResponse = response.generate(true, 'Already Logged Out or Invalid UserId', 404, null)
res.send(apiResponse)
} else {
let apiResponse = response.generate(false, 'Logged Out Successfully', 200, null)
res.send(apiResponse)
}
})
} // end of the logout function.
路线
const routes: Routes = [
{ path: 'login', component: LoginComponent },
{ path: 'admin', component: AdminComponent },
{ path: 'admin/blog', component: ManageBlogsComponent },
{ path: 'admin/blog/create', component: CreateBlogComponent },
{ path: 'admin/blog/edit/:blogId', component: EditBlogComponent }
];
以下是一些可以帮助您实现目标的技巧: