英文:
Validate a jwt token with express
问题
I've been getting a lot of errors saying
POST http://localhost:4000/api/payment/create-checkout-session 403 (Forbidden)
AxiosError {message: 'Request failed with status code 403', name: 'AxiosError', code: 'ERR_BAD_REQUEST', config: {...}, request: XMLHttpRequest, …}
code
:
"ERR_BAD_REQUEST"
config
:
"Request failed with status code 403"
name
:
"AxiosError"
request
{data: 'A token is required', status: 403, statusText: 'Forbidden', headers: Axios
I think it has something to do with my token validation, this is the file for token validation
const verifyToken = (req, res, next) => {
const token = req.body.token || req.query.token || req.headers['Authorization'];
console.log("Token: ", token);
if (!token) {
return res.status(403).send("A token is required");
}
try {
const decoded = jwt.verify(token, process.env.JWT_SECRET);
req.user = decoded;
next();
} catch (err) {
return res.status(401).send("Invalid token, this is the error message:" + err);
}
};
module.exports = verifyToken;
This is the file that is making the axios post request
const token = Cookies.get("token");
console.log("token from catalog " + token)
const checkout = () => {
axios({
method: "post",
url: "http://localhost:4000/api/payment/create-checkout-session",
headers: {
'Content-Type': 'application/json',
'Accept': 'application/json',
"Authorization": "Bearer " + token,
}
}).then(response => {
if (response.ok) return response.json();
return response.json().then(json => Promise.reject(json))
})
.then(({ url }) => {
window.location = url;
})
.catch(error => {
console.log(error)
})
}
This is the Express file that the axios is posting to
require('./middleware')
router.post("/create-checkout-session", async (req, res) => {
const { items } = req.body;
// Create a PaymentIntent with the order amount and currency
const paymentIntent = await stripe.paymentIntents.create({
amount: calculateOrderAmount(items),
currency: "usd",
automatic_payment_methods: {
enabled: true,
},
});
res.send({
clientSecret: paymentIntent.client_secret,
});
})
module.exports = router;
Is there a better way to validate a token, or am I missing a header or something in my axios request?
英文:
Ive been getting a lot of errors saying
POST http://localhost:4000/api/payment/create-checkout-session 403 (Forbidden)
AxiosError {message: 'Request failed with status code 403', name: 'AxiosError', code: 'ERR_BAD_REQUEST', config: {…}, request: XMLHttpRequest, …}
code
:
"ERR_BAD_REQUEST"
config
:
"Request failed with status code 403"
name
:
"AxiosError"
request
{data: 'A token is required', status: 403, statusText: 'Forbidden', headers: Axios
I think it has something to do with my token validation, this is the file for token validation
const verifyToken = (req, res, next) => {
const token = req.body.token || req.query.token || req.headers['Authorization'];
console.log("Token: ", token);
if (!token) {
return res.status(403).send("A token is required");
}
try {
const decoded = jwt.verify(token, process.env.JWT_SECRET);
req.user = decoded;
next();
} catch (err) {
return res.status(401).send("Invalid token, this is the error message:" + err);
}
};
module.exports = verifyToken;
this is the file that is making the axios post request
const token = Cookies.get("token");
console.log("token from catalog " + token)
const checkout = () => {
axios({
method: "post",
url: "http://localhost:4000/api/payment/create-checkout-session",
headers: {
'Content-Type': 'application/json',
'Accept': 'application/json',
"Authorization": "Bearer " + token,
}
}).then(response => {
if (response.ok) return response.json();
return response.json().then(json => Promise.reject(json))
})
.then(({ url }) => {
window.location = url;
})
.catch(error => {
console.log(error)
})
}
this is the express file that the axios is posting too
require('./middleware')
router.post("/create-checkout-session", async (req, res) => {
const { items } = req.body;
// Create a PaymentIntent with the order amount and currency
const paymentIntent = await stripe.paymentIntents.create({
amount: calculateOrderAmount(items),
currency: "usd",
automatic_payment_methods: {
enabled: true,
},
});
res.send({
clientSecret: paymentIntent.client_secret,
});
})
module.exports = router;
is there a better way to validate a toke, or am I missing a header or something in my axios request?
答案1
得分: 1
我认为你的验证是正确的,不需要深入研究你的代码。
你之所以得到403错误是因为没有Authorization
头部信息。我假设你正在使用express。尽管你指定了头部是Authorization
,但在express中要访问请求头部,你需要查找req.headers.authorization
,其中a
是小写。
我运行了一个简单的应用程序:
import express from "express";
const app = express();
app.listen(3000, () => {
console.log("hi there 3000");
});
app.post("/auth", (req, res) => {
console.log(req.headers);
res.status(200).send(req.headers);
});
然后使用curl进行了以下操作:➜ curl --header "Authorization: Bearer something" -I -X POST http://localhost:3000/auth
req.headers
的输出如下:
{
host: 'localhost:3000',
'user-agent': 'curl/7.79.1',
accept: '*/*',
authorization: 'Bearer something'
}
如果有帮助,请告诉我。
英文:
Without digging too much into your code I think that your validation is fine.
You are getting the 403 because there is no Authorization
header. I am going to assume that you are using express. Even though you specified that the header is Authorization
with a capital A
, in express to access that request header you have to look for req.headers.authorization
with a lower-cased a
.
I ran a simple app:
import express from "express";
const app = express();
app.listen(3000, () => {
console.log("hi there 3000");
});
app.post("/auth", (req, res) => {
console.log(req.headers);
res.status(200).send(req.headers);
});
Then curled the following: ➜ curl --header "Authorization: Bearer something" -I -X POST http://localhost:3000/auth
The req.headers
is as follows:
{
host: 'localhost:3000',
'user-agent': 'curl/7.79.1',
accept: '*/*',
authorization: 'Bearer something'
}
Let me know if this helps.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论