我有一个登录和注册的项目。一切都适用于当地环境。注册账号后,发送到数据库。如果我尝试使用相同的信息再次注册一个帐户,那是不可能的,因为我收到一条消息说它已经存在。如果该帐户是在本地环境中创建的,则可以登录。但是,注册账号后,我无法登录,报错401(未授权)
server.js
const express = require('express');
const app = express();
const path = require('path');
const cors = require('cors');
const corsOptions = require('./config/corsOptions');
const { logger } = require('./middleware/logEvents');
const errorHandler = require('./middleware/errorHandler');
const verifyJWT = require('./middleware/verifyJWT');
const cookieParser = require('cookie-parser');
const credentials = require('./middleware/credentials');
const PORT = process.env.PORT || 3500;
// custom middleware logger
app.use(logger);
// Handle options credentials check - before CORS!
// and fetch cookies credentials requirement
app.use(credentials);
// Cross Origin Resource Sharing
app.use(cors(corsOptions));
// built-in middleware to handle urlencoded form data
app.use(express.urlencoded({ extended: false }));
// built-in middleware for json
app.use(express.json());
//middleware for cookies
app.use(cookieParser());
//serve static files
app.use('/', express.static(path.join(__dirname, '/public')));
// routes
app.use('/', require('./routes/root'));
app.use('/register', require('./routes/register'));
app.use('/auth', require('./routes/auth'));
app.use('/refresh', require('./routes/refresh'));
app.use('/logout', require('./routes/logout'));
app.use(verifyJWT);
app.use('/employees', require('./routes/api/employees'));
app.all('*', (req, res) => {
res.status(404);
if (req.accepts('html')) {
res.sendFile(path.join(__dirname, 'views', '404.html'));
} else if (req.accepts('json')) {
res.json({ "error": "404 Not Found" });
} else {
res.type('txt').send("404 Not Found");
}
});
app.use(errorHandler);
app.listen(PORT, () => console.log(`Server running on port ${PORT}`));
auth.js
const express = require('express');
const router = express.Router();
const authController = require('../controllers/authController');
router.post('/', authController.handleLogin);
module.exports = router;
authController.js
const usersDB = {
users: require('../model/users.json'),
setUsers: function (data) {
this.users = data;
},
};
const bcrypt = require('bcrypt');
const jwt = require('jsonwebtoken');
require('dotenv').config();
const fsPromises = require('fs').promises;
const path = require('path');
const handleLogin = async (req, res) => {
const { user, pwd } = req.body;
if (!user || !pwd)
return res
.status(400)
.json({ message: 'Username and password are required.' });
const foundUser = usersDB.users.find((person) => person.username === user);
if (!foundUser) return res.sendStatus(401); //Unauthorized
// evaluate password
const match = await bcrypt.compare(pwd, foundUser.password);
if (match) {
const roles = Object.values(foundUser.roles).filter(Boolean);
// create JWTs
const accessToken = jwt.sign(
{
UserInfo: {
"username": foundUser.username,
roles: roles,
},
},
process.env.ACCESS_TOKEN_SECRET,
{ expiresIn: '30s' }
);
const refreshToken = jwt.sign(
{ "username": foundUser.username },
process.env.REFRESH_TOKEN_SECRET,
{ expiresIn: '1d' }
);
// Saving refreshToken with current user
const otherUsers = usersDB.users.filter(
(person) => person.username !== foundUser.username
);
const currentUser = { ...foundUser, refreshToken };
usersDB.setUsers([...otherUsers, currentUser]);
await fsPromises.writeFile(
path.join(__dirname, '..', 'model', 'users.json'),
JSON.stringify(usersDB.users)
);
res.cookie('jwt', refreshToken, {
httpOnly: true,
sameSite: 'None',
secure: true,
maxAge: 24 * 60 * 60 * 1000,
});
res.json({ accessToken });
} else {
res.sendStatus(401);
}
};
module.exports = { handleLogin };
我添加了一个带有令牌的 env 文件。我在 Render 中添加了带有标记的变量。
我认为这是错误的说法,你错过了
awaitconst foundUser = usersDB.users.find((person) => person.username === user)
应该是:
const foundUser = await usersDB.users.find({username: user})