撤销令牌时未找到响应帐户
when revoking token getting response account not found
when revoking token getting response account not found even though account is in DB.
注册用户并刷新令牌后,我试图撤销之前的令牌,但收到一条错误消息“未找到帐户”,但相应的帐户存在于 mongo 集合中。
Authorize.js
function authorize(roles = []) {
// roles param can be a single role string (e.g. Role.User or 'User')
// or an array of roles (e.g. [Role.Admin, Role.User] or ['Admin', 'User'])
if (typeof roles === "string") {
roles = [roles];
}
return [
// authenticate JWT token and attach user to request object (req.user)
jwt({ secret, algorithms: ["HS256"] }),
// authorize based on user role
async (req, res, next) => {
console.log("start ");
const account = await db.Account.findById(req.user.id);
const refreshTokens = await db.RefreshToken.find({ account: account.id });
if (!account || (roles.length && !roles.includes(account.role))) {
// account no longer exists or role not authorized
console.log("role ");
return res.status(401).json({ message: "Unauthorized" });
}
// authentication and authorization successful
req.user.role = account.role;
console.log("token11");
req.user.ownsToken = (token) => {
console.log("token");
!!refreshTokens.find((x) => x.token === token);
};
next();
},];}
此处验证令牌以检查其授权。
server.js
require('rootpath')();
const express = require('express');
const app = express();
const bodyParser = require('body-parser');
const cookieParser = require('cookie-parser');
const cors = require('cors');
const errorHandler = require('_middleware/error-handler');
app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json());
app.use(cookieParser());
// allow cors requests from any origin and with credentials
app.use(cors({ origin: (origin, callback) => callback(null, true), credentials: true }));
// api routes
app.use('/accounts', require('./accounts/accounts.controller'));
// swagger docs route
app.use('/api-docs', require('_helpers/swagger'));
// global error handler
app.use(errorHandler);
// start server
const port = process.env.NODE_ENV === 'production' ? (process.env.PORT || 80) : 4000;
app.listen(port, () => {
console.log('Server listening on port ' + port);
});
这是路由到不同 API 的服务器文件
account.service.js
async function revokeToken({ token, ipAddress }) {
console.log("services");
const refreshToken = await getRefreshToken(token);
// revoke token and save
refreshToken.revoked = Date.now();
refreshToken.revokedByIp = ipAddress;
await refreshToken.save();
}
撤销给定令牌的函数
account.controller.js
function revokeToken(req, res, next) {
console.log("here.......");
// accept token from request body or cookie
const token = req.body.token || req.cookies.refreshToken;
const ipAddress = req.ip;
if (!token) return res.status(400).json({ message: "Token is required" });
// users can revoke their own tokens and admins can revoke any tokens
if (!req.user.ownsToken(token) && req.user.role !== Role.Admin) {
return res.status(401).json({ message: "Unauthorized" });
}
accountService
.revokeToken({ token, ipAddress })
.then(() => res.json({ message: "Token revoked" }))
.catch(next);
}
撤销对服务器的令牌请求。
您必须在正文中提供旧令牌。尝试再次进行身份验证,然后提供新令牌。可能有用。
when revoking token getting response account not found even though account is in DB.
注册用户并刷新令牌后,我试图撤销之前的令牌,但收到一条错误消息“未找到帐户”,但相应的帐户存在于 mongo 集合中。
Authorize.js
function authorize(roles = []) {
// roles param can be a single role string (e.g. Role.User or 'User')
// or an array of roles (e.g. [Role.Admin, Role.User] or ['Admin', 'User'])
if (typeof roles === "string") {
roles = [roles];
}
return [
// authenticate JWT token and attach user to request object (req.user)
jwt({ secret, algorithms: ["HS256"] }),
// authorize based on user role
async (req, res, next) => {
console.log("start ");
const account = await db.Account.findById(req.user.id);
const refreshTokens = await db.RefreshToken.find({ account: account.id });
if (!account || (roles.length && !roles.includes(account.role))) {
// account no longer exists or role not authorized
console.log("role ");
return res.status(401).json({ message: "Unauthorized" });
}
// authentication and authorization successful
req.user.role = account.role;
console.log("token11");
req.user.ownsToken = (token) => {
console.log("token");
!!refreshTokens.find((x) => x.token === token);
};
next();
},];}
此处验证令牌以检查其授权。
server.js
require('rootpath')();
const express = require('express');
const app = express();
const bodyParser = require('body-parser');
const cookieParser = require('cookie-parser');
const cors = require('cors');
const errorHandler = require('_middleware/error-handler');
app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json());
app.use(cookieParser());
// allow cors requests from any origin and with credentials
app.use(cors({ origin: (origin, callback) => callback(null, true), credentials: true }));
// api routes
app.use('/accounts', require('./accounts/accounts.controller'));
// swagger docs route
app.use('/api-docs', require('_helpers/swagger'));
// global error handler
app.use(errorHandler);
// start server
const port = process.env.NODE_ENV === 'production' ? (process.env.PORT || 80) : 4000;
app.listen(port, () => {
console.log('Server listening on port ' + port);
});
这是路由到不同 API 的服务器文件
account.service.js
async function revokeToken({ token, ipAddress }) {
console.log("services");
const refreshToken = await getRefreshToken(token);
// revoke token and save
refreshToken.revoked = Date.now();
refreshToken.revokedByIp = ipAddress;
await refreshToken.save();
}
撤销给定令牌的函数
account.controller.js
function revokeToken(req, res, next) {
console.log("here.......");
// accept token from request body or cookie
const token = req.body.token || req.cookies.refreshToken;
const ipAddress = req.ip;
if (!token) return res.status(400).json({ message: "Token is required" });
// users can revoke their own tokens and admins can revoke any tokens
if (!req.user.ownsToken(token) && req.user.role !== Role.Admin) {
return res.status(401).json({ message: "Unauthorized" });
}
accountService
.revokeToken({ token, ipAddress })
.then(() => res.json({ message: "Token revoked" }))
.catch(next);
}
撤销对服务器的令牌请求。
您必须在正文中提供旧令牌。尝试再次进行身份验证,然后提供新令牌。可能有用。