const JwtStrategy = require('passport-jwt').Strategy,
ExtractJwt = require('passport-jwt').ExtractJwt;
const User = require('../models/User');
const key = require('./keys').secret;
const mongoose = require('mongoose');
var opts = {}
opts.jwtFromRequest = ExtractJwt.fromAuthHeaderAsBearerToken();
opts.secretOrKey = key;
module.exports = (passport) => {
passport.use(new JwtStrategy(opts, function(jwt_payload, done) {
console.log(jwt_payload);
User.findById(jwt_payload.id, function(err, user) {
if (err) {
return done(err, false);
}
if (user) {
return done(null, user);
} else {
return done(null, false);
}
});
}))
}
我使用passport-jwt策略验证令牌,但这是文件运行不正常我甚至试图在这里控制有效负载,但这甚至没有记录它
passport.use(new JwtStrategy(opts, function(jwt_payload, done)
console.log(jwt_payload);
令牌策略
const payload = {
id: user.id,
username: user.username,
name: user.name
}
const token = jwt.sign(payload, config.secret, { expiresIn: 36000 });
return res.json({
success: true,
token: 'JWT ' + token,
user: {
id: user.id,
name: user.name,
username: user.username
}
})
当我在受保护的路由上使用它时,它不会授权受保护的路由
结果=未经授权
router.get('/profile', passport.authenticate('jwt', { session: false }), (req, res) => {
res.send("Profile");
});
您的身份验证无效的原因是您已使用旧版令牌前缀“JWT”和现代JWT(fromAuthHeaderAsBearerToken
)提取程序作为策略的选项。
您可以执行以下步骤之一来解决问题:
'Bearer ' + token
opts.jwtFromRequest = ExtractJwt.fromAuthHeaderWithScheme("JWT");