英文:
Validate a jwt token with express
问题
I've been getting a lot of errors saying
POST http://localhost:4000/api/payment/create-checkout-session 403 (Forbidden)AxiosError {message: 'Request failed with status code 403', name: 'AxiosError', code: 'ERR_BAD_REQUEST', config: {...}, request: XMLHttpRequest, …}code:"ERR_BAD_REQUEST"config:"Request failed with status code 403"name:"AxiosError"request{data: 'A token is required', status: 403, statusText: 'Forbidden', headers: Axios
I think it has something to do with my token validation, this is the file for token validation
const verifyToken = (req, res, next) => {const token = req.body.token || req.query.token || req.headers['Authorization'];console.log("Token: ", token);if (!token) {return res.status(403).send("A token is required");}try {const decoded = jwt.verify(token, process.env.JWT_SECRET);req.user = decoded;next();} catch (err) {return res.status(401).send("Invalid token, this is the error message:" + err);}};module.exports = verifyToken;
This is the file that is making the axios post request
const token = Cookies.get("token");console.log("token from catalog " + token)const checkout = () => {axios({method: "post",url: "http://localhost:4000/api/payment/create-checkout-session",headers: {'Content-Type': 'application/json','Accept': 'application/json',"Authorization": "Bearer " + token,}}).then(response => {if (response.ok) return response.json();return response.json().then(json => Promise.reject(json))}).then(({ url }) => {window.location = url;}).catch(error => {console.log(error)})}
This is the Express file that the axios is posting to
require('./middleware')router.post("/create-checkout-session", async (req, res) => {const { items } = req.body;// Create a PaymentIntent with the order amount and currencyconst paymentIntent = await stripe.paymentIntents.create({amount: calculateOrderAmount(items),currency: "usd",automatic_payment_methods: {enabled: true,},});res.send({clientSecret: paymentIntent.client_secret,});})module.exports = router;
Is there a better way to validate a token, or am I missing a header or something in my axios request?
英文:
Ive been getting a lot of errors saying
POST http://localhost:4000/api/payment/create-checkout-session 403 (Forbidden)AxiosError {message: 'Request failed with status code 403', name: 'AxiosError', code: 'ERR_BAD_REQUEST', config: {…}, request: XMLHttpRequest, …}code:"ERR_BAD_REQUEST"config:"Request failed with status code 403"name:"AxiosError"request{data: 'A token is required', status: 403, statusText: 'Forbidden', headers: Axios
I think it has something to do with my token validation, this is the file for token validation
const verifyToken = (req, res, next) => {const token = req.body.token || req.query.token || req.headers['Authorization'];console.log("Token: ", token);if (!token) {return res.status(403).send("A token is required");}try {const decoded = jwt.verify(token, process.env.JWT_SECRET);req.user = decoded;next();} catch (err) {return res.status(401).send("Invalid token, this is the error message:" + err);}};module.exports = verifyToken;
this is the file that is making the axios post request
const token = Cookies.get("token");console.log("token from catalog " + token)const checkout = () => {axios({method: "post",url: "http://localhost:4000/api/payment/create-checkout-session",headers: {'Content-Type': 'application/json','Accept': 'application/json',"Authorization": "Bearer " + token,}}).then(response => {if (response.ok) return response.json();return response.json().then(json => Promise.reject(json))}).then(({ url }) => {window.location = url;}).catch(error => {console.log(error)})}
this is the express file that the axios is posting too
require('./middleware')router.post("/create-checkout-session", async (req, res) => {const { items } = req.body;// Create a PaymentIntent with the order amount and currencyconst paymentIntent = await stripe.paymentIntents.create({amount: calculateOrderAmount(items),currency: "usd",automatic_payment_methods: {enabled: true,},});res.send({clientSecret: paymentIntent.client_secret,});})module.exports = router;
is there a better way to validate a toke, or am I missing a header or something in my axios request?
答案1
得分: 1
我认为你的验证是正确的,不需要深入研究你的代码。
你之所以得到403错误是因为没有Authorization头部信息。我假设你正在使用express。尽管你指定了头部是Authorization,但在express中要访问请求头部,你需要查找req.headers.authorization,其中a是小写。
我运行了一个简单的应用程序:
import express from "express";const app = express();app.listen(3000, () => {console.log("hi there 3000");});app.post("/auth", (req, res) => {console.log(req.headers);res.status(200).send(req.headers);});
然后使用curl进行了以下操作:➜ curl --header "Authorization: Bearer something" -I -X POST http://localhost:3000/auth
req.headers的输出如下:
{host: 'localhost:3000','user-agent': 'curl/7.79.1',accept: '*/*',authorization: 'Bearer something'}
如果有帮助,请告诉我。
英文:
Without digging too much into your code I think that your validation is fine.
You are getting the 403 because there is no Authorization header. I am going to assume that you are using express. Even though you specified that the header is Authorization with a capital A, in express to access that request header you have to look for req.headers.authorization with a lower-cased a.
I ran a simple app:
import express from "express";const app = express();app.listen(3000, () => {console.log("hi there 3000");});app.post("/auth", (req, res) => {console.log(req.headers);res.status(200).send(req.headers);});
Then curled the following: ➜ curl --header "Authorization: Bearer something" -I -X POST http://localhost:3000/auth
The req.headers is as follows:
{host: 'localhost:3000','user-agent': 'curl/7.79.1',accept: '*/*',authorization: 'Bearer something'}
Let me know if this helps.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论