如何在Jsonwebtoken中忽略一些请求types
我想忽略一些使用令牌authentication进行检查的API URL
我想保护post,并把方法,但没有得到这个url
本地主机:3000 / API /事件/
router.use(function(request, response) { var token = request.body.token || request.query.token || request.headers['x-access-token']; if (token) { jwt.verify(token, app.get(superSecret), function(err, decoded) { if (err) return response.json({ sucess: false, message: "Failed token Authentication" }); else { request.decoded = decoded; next(); } }); } else { return response.status(403).send({ success: false, message: 'No token provided.' }); } }); 我怎么能做到这一点,使用jsonwebtoken节点,expression
我希望这适用于只发布,放,删除请求,但不是在获取请求。
您可以将您的匿名中间件移动到正常的声明函数,然后将其传递给所有受保护的路由(您可以决定要保护哪条path!)
您的代码可能如下所示:
function tokenProtection(request, response, next) { var token = request.body.token || request.query.token || request.headers['x-access-token']; if (token) { jwt.verify(token, app.get(superSecret), function(err, decoded) { if (err) return response.json({ sucess: false, message: "Failed token Authentication" }); else { request.decoded = decoded; next(); } }); } else { return response.status(403).send({ success: false, message: 'No token provided.' }); } }
现在你的路线可能看起来像(你想要保护的决定):
router.get('/item', function(req, res) { ... }); // not protected router.get('/item/:id', function(req, res) { ... }); // not protected router.post(tokenProtection,'/item', function(req, res) { ... });//protected router.put(tokenProtection,'/item', function(req, res) { ... });//protected router.get('/book', function(req, res) { ... });// not protected router.get('/book/:id', function(req, res) { ... });// not protected router.post(tokenProtection,'/book', function(req, res) { ... });//protected router.put(tokenProtection,'/book', function(req, res) { ... });//protected
把你想要保护的路线放在你的authentication路线下面,那些你不想保护的路线可以在authentication路线上面。 像这样的东西,
// Require what will be needed var express = require('express'), User = require('../models/user'), usersRouter = express.Router(); var jwt = require('jsonwebtoken'); // used to create, sign, and verify tokens var config = require('./config'); // get our config file var secret = {superSecret: config.secret}; // secret variable, // Create a new user and return as json for POST to '/api/users' usersRouter.post('/', function (req, res) { var user = new User(req.body); user.save(function(){ //pre-save hook will be run before user gets saved. See user model. res.json({user : user, message: "Thank You for Signing Up"}); }); }); usersRouter.post('/authentication_token', function(req, res){ var password = req.body.password; // find the user User.findOne({ email: req.body.email }, function(err, user) { //If error in finding the user throw the error if (err) throw err; //If there is no error and the user is not found. if (!user) { res.json({ success: false, message: 'Authentication failed. User not found.' }); //if the user is found } else if (user) { // check if password matches user.authenticate(password, function(isMatch){ if(isMatch){ // if user is found and password is right // create a token with full user object. This is fine because password is hashed. JWT are not encrypted only encoded. var token = jwt.sign({email: user.email}, secret.superSecret, { expiresIn: 144000 }); // set the user token in the database user.token = token; user.save(function(){ // return the information including token as JSON res.json({ success: true, id: user._id, message: 'Enjoy your token!', token: token }); }); } else { res.json({ success: false, message: 'Authentication failed. Wrong password.' }); } }); } }); }); //***********************AUTHENTICATED ROUTES FOR USERS****************************** // Return ALL the users as json to GET to '/api/users' usersRouter.get('/', function (req, res) { User.find({}, function (err, users) { res.json(users); }); }); // Export the controller module.exports = usersRouter;
我实际上是在我的博客上解释这个,因为我正在努力解决这个问题。 如果您仍然不清楚,可以在这里查看, 使用JSON Web Tokens进行节点API身份validation – 正确的方法 。
如果在我的情况下有其他资源,这是计划。 以下是我想要validation的计划的所有路线的代码。
// route middleware to verify a token. This code will be put in routes before the route code is executed. PlansController.use(function(req, res, next) { // check header or url parameters or post parameters for token var token = req.body.token || req.query.token || req.headers['x-access-token']; // If token is there, then decode token if (token) { // verifies secret and checks exp jwt.verify(token, secret.superSecret, function(err, decoded) { if (err) { return res.json({ success: false, message: 'Failed to authenticate token.' }); } else { // if everything is good, save to incoming request for use in other routes req.decoded = decoded; next(); } }); } else { // if there is no token // return an error return res.status(403).send({ success: false, message: 'No token provided.' }); } }); //***********************AUTHENTICATED ROUTES FOR PLAN BELOW****************************** PlansController.get('/', function(req, res){ Plan.find({}, function(err, plans){ res.json(plans); }); });