如何从Node API的GET请求中解码JWT令牌。

huangapple go评论82阅读模式
英文:

How to get JWT token decoded from get request in node api

问题

I'm sending JWT tokens accross requests for authorization, however I can't seem to get the token decode each time. It works with one method but not the other. The first snippet gives a "decoded" token result from the server side, however the second one doesn't.

public async getAllUsers(req: Request, res: Response) {
    try {
      const payload = req["decoded"]; // gives the token decoded
      if (payload) {
        let users: ILoginResult = await UserData.getAllUsers(payload);
        res.status(users.status).send(users.result);
      }
    } catch (e) {
      res.status(500).send({ error: e.toString() });
    }
  }
public async getAccountDetails(req: Request, res: Response) {
    try {
      const user = req["decoded"]; // always undefined
      let details: IDetails = await AccountData.getAccountDetails(name);
      res.status(200).send(details);
    } catch (e) {
      let err = e.toString();
      res.status(500).send({ error: err });
    }
  }

The request from postman are included a bearer token which is provided at login and used throughout other parts of the app. Not sure why it works in the one but not the other. Would really appreciate if someone could better explain what's going on here and/or provide tips, advice, suggestions.

edit - adding request details

get request to: http://localhost:5000/api/v1/account
with a token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiYWRtaW4iLCJpYXQiOjE1Nzc5OTUwMjUsImV4cCI6MTU3ODE2NzgyNSwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdCJ9.--msLba1VPs4Nv_B9YL6fk2DFHkQCgiVvDJFPt_UnDk

The decoded property was used in a tutorial I was following that seemed to be added from the server side but was poorly explained and I haven't found a good alternative/explanation. I don't think it has any middleware either. Very much open to alt methods.

英文:

I'm sending JWT tokens accross requests for authorization, however I can't seem to get the token decode each time. It works with one method but not the other. The first snippet gives a "decoded" token result from the server side, however the second one doesn't.

public async getAllUsers(req: Request, res: Response) {
    try {
      const payload = req["decoded"]; // gives the token decoded
      if (payload) {
        let users: ILoginResult = await UserData.getAllUsers(payload);
        res.status(users.status).send(users.result);
      }
    } catch (e) {
      res.status(500).send({ error: e.toString() });
    }
  }
  public async getAccountDetails(req: Request, res: Response) {
    try {
      const user = req["decoded"]; // always undefined
      let details: IDetails = await AccountData.getAccountDetails(name);
      res.status(200).send(details);
    } catch (e) {
      let err = e.toString();
      res.status(500).send({ error: err });
    }
  }

The request from postman are included a bearer token which is provided at login and used throughout other parts of the app. Not sure why it works in the one but not the other. Would really appreciate if someone could better explain what's going on here and/or provide tips, advice, suggestions.

edit - adding request details

get request to: http://localhost:5000/api/v1/account
with a token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiYWRtaW4iLCJpYXQiOjE1Nzc5OTUwMjUsImV4cCI6MTU3ODE2NzgyNSwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdCJ9.--msLba1VPs4Nv_B9YL6fk2DFHkQCgiVvDJFPt_UnDk

The decoded property was used in a tutorial I was following that seemed to be added from the server side but was poorly explained and I haven't found a good alternative/explanation. I don't think it has any middleware either. Very much open to alt methods.

答案1

得分: 2

感谢评论中的建议,我能够找到在创建decoded属性的路由中缺少的部分,该属性在此处被使用。通过将中间件添加到路由器中,请求将按预期工作:

import express from "express";
import UserController from "../controllers/UserController";
import valid from "../utils/ValidateToken";

export default (router: express.Router) => {
  router
    .route("/users")
    .post(UserController.addUser)
    .get(valid.validateToken, UserController.getAllUsers);

  router.route("/login").post(UserController.loginUser);
  router.route("/account").get(valid.validateToken, UserController.getAccountDetails);
};

缺少了valid.validateToken,这是从传递的JWT生成解码对象的部分。故事的教训是,始终仔细检查一切。感谢所有评论/回答的人!

英文:

Thanks to the suggestions from the comments I was able to find a missing piece in the route that creates the decoded property which is being used here. By adding the middleware to the router the request works as expected:

import express from "express";
import UserController from "../controllers/UserController";
import valid from "../utils/ValidateToken";

export default (router: express.Router) => {
  router
    .route("/users")
    .post(UserController.addUser)
    .get(valid.validateToken, UserController.getAllUsers);

  router.route("/login").post(UserController.loginUser);
  router.route("/account").get(valid.validateToken, UserController.getAccountDetails);
};

The valid.validateToken was missing which is the bit that generates the decoded object from the JWT being passed. Moral of the story, always double check everything. Thanks to all who commented/answered!

huangapple
  • 本文由 发表于 2020年1月3日 22:34:27
  • 转载请务必保留本文链接:https://go.coder-hub.com/59580379.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定