我正在尝试保护 NextJS 应用程序中的 API 路由之一,但我不断收到 JWT 会话错误。这非常烦人,因为我正在构建一个非常简单的用例,而且我认为我根本没有使用 JWT。从我可以找到的 next-auth 文档 来看,保护 api 端点似乎非常容易。以下是我的代码片段。
使用“next-auth”:“^4.24.5”,“react”:“18.2.0”,
在这里,我尝试保护 PUT 端点
import pool from "../../../backend-utils";
import { getServerSession } from "next-auth/next";
import { authOptions } from "../auth/[...nextauth]";
export default async function handler(req, res){
const method = req.method;
if (method == "GET"){
try{
const client = await pool.connect()
const data = await client.query('SELECT * FROM reviews;');
res.status(200).json({ body: data });
catch (error) {
res.status(500).json({message: "There was an error and we could not complete your get all reviews request. Error: "+ error});
}
else if (method == "PUT"){
try{
const session = await getServerSession(req, res, authOptions);
if (!session) {
return res.status(500).json({ message: 'The request was unauthorized' });
}
const {rest_name, o_rating, price, taste, experience, description, city, state_code} = JSON.parse(req.body);
const response = await pool.query(`INSERT INTO reviews(rest_name, o_rating, price, taste, experience, description, city, state_code, user_id_submitted, soph_submitted) VALUES ('${rest_name}', ${o_rating}, ${price}, ${taste}, ${experience}, '${description}', '${city}', '${state_code}', '1', FALSE);`);
res.status(200).json({message: response, body: req.body})
} catch (error){
res.status(500).json({ message: error })
}
}
}
import NextAuth from "next-auth"
import GoogleProvider from "next-auth/providers/google";
export const authOptions = {
// Configure one or more authentication providers
providers: [
GoogleProvider({
clientId: process.env.GOOGLE_CLIENT_ID,
clientSecret: process.env.GOOGLE_CLIENT_SECRET,
authorization: {
params: {
prompt: "consent",
access_type: "offline",
response_type: "code"
}
}
})
]
}
export default NextAuth(authOptions)
https://next-auth.js.org/errors#jwt_session_error decryption operation failed {
message: 'decryption operation failed',
stack: 'JWEDecryptionFailed: decryption operation failed\n' +
' at gcmDecrypt (/Users/sammadden/Documents/GitHub/sophs-next-app/node_modules/jose/dist/node/cjs/runtime/decrypt.js:67:15)\n' +
' at decrypt (/Users/sammadden/Documents/GitHub/sophs-next-app/node_modules/jose/dist/node/cjs/runtime/decrypt.js:92:20)\n' +
' at flattenedDecrypt (/Users/sammadden/Documents/GitHub/sophs-next-app/node_modules/jose/dist/node/cjs/jwe/flattened/decrypt.js:143:52)\n' +
' at async compactDecrypt (/Users/sammadden/Documents/GitHub/sophs-next-app/node_modules/jose/dist/node/cjs/jwe/compact/decrypt.js:18:23)\n' +
' at async jwtDecrypt (/Users/sammadden/Documents/GitHub/sophs-next-app/node_modules/jose/dist/node/cjs/jwt/decrypt.js:8:23)\n' +
' at async Object.decode (/Users/sammadden/Documents/GitHub/sophs-next-app/node_modules/next-auth/jwt/index.js:66:7)\n' +
' at async Object.session (/Users/sammadden/Documents/GitHub/sophs-next-app/node_modules/next-auth/core/routes/session.js:43:28)\n' +
' at async AuthHandler (/Users/sammadden/Documents/GitHub/sophs-next-app/node_modules/next-auth/core/index.js:165:27)\n' +
' at async getServerSession (/Users/sammadden/Documents/GitHub/sophs-next-app/node_modules/next-auth/next/index.js:159:19)\n' +
' at async unstable_getServerSession (/Users/sammadden/Documents/GitHub/sophs-next-app/node_modules/next-auth/next/index.js:195:10)\n' +
' at async handler (webpack-internal:///(api)/./pages/api/reviews/index.js:35:34)',
name: 'JWEDecryptionFailed'
}
如果您需要更多信息,请告诉我。
我尝试使用
getServerSession(req, res, authOptions)
保护端点,但我不断收到 JWT 错误。
您似乎缺少下一个身份验证环境
NEXTAUTH_SECRET = testasdfsadfasdfasd