通过HapiJS获取authentication错误
我已经创build了这个简单的插件:
import bcrypt from 'bcrypt'; import Joi from 'joi'; import DynamoDBClient from '../lib/DynamoDBClient'; exports.register = (server, options, next) => { server.auth.strategy('simple', 'basic', { validateFunc: (request, email, password, callback) => { DynamoDBClient.findUserByEmail(email) .then(user => { if (!user) { return callback(null, false); } bcrypt.compare(password, user.password, (err, isValid) => { return callback(err, isValid, { id: user.id }); }); }); } }); server.route({ method: 'POST', path: '/api/login', config: { auth: 'simple', validate: { payload: { email: Joi.string().required(), password: Joi.string().required() } } }, handler: (request, reply) => reply(request.auth.credentials.id) }); next(); }; exports.register.attributes = { name: 'login', };
并在这里加载清单:
import Glue from 'glue'; const manifest = { server: {}, connections: [ { port: process.env.PORT || 3001, labels: ['api'] } ], plugins: { 'hapi-auth-basic': {}, './api/signup': {}, './api/login': {}, './api/products': {}, } }; const options = { relativeTo: __dirname }; Glue.compose(manifest, options, (err, server) => { if (err) { throw err; } server.start(() => console.log(`Listening to ${server.info.uri}`)); });
但我得到这个错误
{ "statusCode": 401, "error": "Unauthorized", "message": "Missing authentication" }
当我尝试login传递POST请求与电子邮件和密码身体参数。
我认为你的/api/login
路由不应该由authenticationscheme保护,否则,你将不得不进行身份validation进行身份validation。 鸡和鸡蛋的问题…所有你的其他路线应该是。
换句话说,login(和注销?)路线不应该是安全的。