未在typescript decorator中执行express jwt中间件
我为express编写了我的定制装饰程序。这是控制器装饰器:未在typescript decorator中执行express jwt中间件,typescript,express,jwt,decorator,express-jwt,Typescript,Express,Jwt,Decorator,Express Jwt,我为express编写了我的定制装饰程序。这是控制器装饰器: export function controller(routePrefix: string) { return function (target: Function) { const router = AppRouter.getInstance(); for (let key in target.prototype) { const routeHandler = target.prototype[ke
export function controller(routePrefix: string) {
return function (target: Function) {
const router = AppRouter.getInstance();
for (let key in target.prototype) {
const routeHandler = target.prototype[key]; //getLogin
const path = Reflect.getMetadata(
MetadataKeys.Path,
target.prototype,
key
);
const method: Methods = Reflect.getMetadata(
MetadataKeys.Method,
target.prototype,
key
);
const middlewares =
Reflect.getMetadata(MetadataKeys.Middleware, target.prototype, key) ||
[];
if (path) {
router[method](
`${routePrefix}${path}`,
...middlewares,
routeHandler
);
}
}
};
}
export function use(middleware: RequestHandler | jwtRequestHandler) {
return function (target: any, key: string, desc: PropertyDescriptor) {
const middlewares =
Reflect.getMetadata(MetadataKeys.Middleware, target, key) || [];
Reflect.defineMetadata(
MetadataKeys.Middleware,
[...middlewares, middleware],
target,
key
);
};
}
使用装饰器:
export function controller(routePrefix: string) {
return function (target: Function) {
const router = AppRouter.getInstance();
for (let key in target.prototype) {
const routeHandler = target.prototype[key]; //getLogin
const path = Reflect.getMetadata(
MetadataKeys.Path,
target.prototype,
key
);
const method: Methods = Reflect.getMetadata(
MetadataKeys.Method,
target.prototype,
key
);
const middlewares =
Reflect.getMetadata(MetadataKeys.Middleware, target.prototype, key) ||
[];
if (path) {
router[method](
`${routePrefix}${path}`,
...middlewares,
routeHandler
);
}
}
};
}
export function use(middleware: RequestHandler | jwtRequestHandler) {
return function (target: any, key: string, desc: PropertyDescriptor) {
const middlewares =
Reflect.getMetadata(MetadataKeys.Middleware, target, key) || [];
Reflect.defineMetadata(
MetadataKeys.Middleware,
[...middlewares, middleware],
target,
key
);
};
}
路线如下:
@控制器(“/api/v1/Portfolions”)
express jwt接受请求并将user
分配和添加到req obj
`user=req.user`
下面是checkJwt
中间件:
export const checkJwt = jwt({
secret: jwksRsa.expressJwtSecret({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 10,
// this link is always provided by auth0 providers
jwksUri: process.env.JWKS_URI as string,
}),
// this is in the API/identifier in auth0.com
audience: process.env.AUTH0_AUDIENCE,
// issuer should end with "/"
issuer: process.env.ISSUER,
algorithms: ["RS256"],
});
但是,checkJwt没有得到执行<代码>检查角色
被执行,这意味着我的设置是正确的。由于没有执行checkJwt,req.user
没有被定义,因此checkRole
捕获错误。这是checkRole
:
export const checkRole = (role: string) => (
req: Request,
res: Response,
next: NextFunction
) => {
let user: { [key: string]: string } = {};
user = req.user;
if (user && user[process.env.AUTH0_NAMESPACE + "/roles"].includes(role)) {
next();
} else {
return res
.status(401)
.send("You are not authorized to access this resource!");
}
};
当我从客户端发布公文包时,checkRole发送此错误“您无权访问此资源!”
我想不出如何使express execute checkJwt生效。您需要注意装饰师的命令。声明装饰器称为自顶向下,但结果返回自下而上
因此,您的代码应该如下所示:
@post(“/”)
@使用(检查角色(“管理员”))
@使用(检查JWT)
异步createPortfolio(请求,响应){
//你的代码
}
我知道我遗漏了一个简单的要点。非常感谢。