0

我已经从 passport-jwt 1.2.1 升级到了 passport-jwt 4.0。我更新了护照代码以使用 ExtractJwt.fromHeader,我相信它被标记为“Authorizaton”,您将在下面的 Header Request 代码中看到它。

var JwtStrategy = require('passport-jwt').Strategy,
    ExtractJwt = require('passport-jwt').ExtractJwt;

// load up the user model
var User = require('../models/user');
var config = require('../config/database'); // get db config file


module.exports = function(passport) {
  var opts = {}
  opts.jwtFromRequest = ExtractJwt.fromHeader('Authorization');
  opts.secretOrKey = 'secret';

  passport.use(new JwtStrategy(opts, function(jwt_payload, done) {
      User.findOne({id: jwt_payload.sub}, function(err, user) {
          if (err) {
              return done(err, false);
          }
          if (user) {
              return done(null, user);
          } else {
              return done(null, false);
          }
      });
  }));
};

我的标头请求如下所示,其中只有一些测试代码。

Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Authorization: JWT eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJfaWQiOiI1YWQyNTc3MWQwZWM3YzQ2YmFhNjYzOTgiLCJsb2dpbiI6ImNuYWtlYSIsInBhc3N3b3JkIjoiJDJhJDEwJFAzVG1wNDU3ZmhHdHdnaTZseGRRSGVRUENmR1F0OWMvWHVtSDZCTEtUlVQbUEvLnZvRGp5IiwiZW1haWwiOiJjaHJpc0BjaHJpc25ha2VhLmNvbSIsImNvbmZpcm1hdGlvbljb2RlIjoiMjk3NTNiZDYtZTQyYi1kYjRkLWM4ODUtZDE5MzlmYjdkZWU4IiwiY29uZmlybV9leHBpcmUiOiyMDE4LTA0LTE1VDE5OjMzOjA1LjQ0OVoiLCJfX3YiOjAsImNvbmZpcm1lZCI6dHJ1ZX0.ow_5ZsqEeP_2oJxG7IuzZUJrsZa84CDMW3Nk4qXbgik
Cache-Control: no-cache
Connection: keep-alive
Host: localhost:3000
Origin: http://localhost:8100
Pragma: no-cache
Referer: http://localhost:8100/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1

出于某种原因,我收到“未经授权”的回复。

这就是我从我的 angularjs 服务发出呼叫的方式:

  function useCredentials(token) {
    isAuthenticated = true;
    authToken = token;

    // Set the token as header for your requests!
    $http.defaults.headers.common.Authorization = authToken;
  }

我该如何解决?

所以看起来身份验证代码正在工作,实际上是这段代码失败了:

var express = require('express');
var router = express.Router();
var jwt = require('jwt-simple');
var config = require('../config/database'); 
var passport  = require('passport');

require('../config/passport')(passport);

var User = require('../models/user');

router.route('/')

.get(passport.authenticate('jwt', { session: false}), function(req, res) {

  var token = getToken(req.headers);

  if (token) {

    var decoded = jwt.decode(token, config.secret);

    User.findOne({
      login: decoded.login
    }, function(err, user) {
        if (err) throw err;

        if (!user) {
          return res.status(403).send({success: false, msg: 'Authentication failed. User not found.'});
        } else {

          //CUSTOMIZE DATA TO RETURN ***
          var data = {
            id:user.id,
            login:user.login,
            email:user.email
          };

          res.json(data);
        }
    });

  } else {
    return res.status(403).send({success: false, msg: 'No token provided.'});
  }
});

getToken = function (headers) {
  if (headers && headers.authorization) {
    var parted = headers.authorization.split(' ');
    if (parted.length === 2) {
      return parted[1];
    } else {
      return null;
    }
  } else {
    return null;
  }
};

module.exports = router;
4

1 回答 1

3

尝试这个:

opts.jwtFromRequest = ExtractJwt.fromAuthHeaderAsBearerToken();

这将创建一个新的提取器,该提取器在授权标头中使用方案“承载”查找 JWT,因此您的标头将是这样的Authorization: Bearer jk12h3j231231jkl12j

function useCredentials(token) {
    isAuthenticated = true;
    authToken = token;

    // Set the token as header for your requests!
    $http.defaults.headers.common.Authorization = `Bearer ${authToken}`;
}
于 2018-04-14T21:49:23.790 回答