NodeJS 我怎样才能让我的路线脱离中间件
NodeJS How can i make my route out of middleware
我的 API 上有一些路线。并有一个中间件。它创建不记名令牌并检查它。但是我希望我的一些路由不要进入那个中间件,这样我就可以在没有令牌的情况下访问。我怎样才能做到?我的中间件:
app.use(async (req, res, next) => {
if (
req.path === "/api/v1/collection/byhome" || // I dont want that part.
req.path === "/api/v1/user/login" // Its working but its not looks like best solution.
) {
next();
} else {
const bearerHeader = req.header("authorization");
if (typeof bearerHeader !== "undefined") {
const bearer = bearerHeader.split(" ");
const bearerToken = bearer[1];
req.token = bearerToken;
jwt.verify(req.token, process.env.SECRETKEY, async (err, authData) => {
if (err) {
res.sendStatus(401);
} else {
next();
}
});
} else {
res.statusCode = 400;
const Response = {
message: "Invalid Token",
StatusCode: res.statusCode,
};
res.json(Response);
}
}
});
我的路线:
app.get(
`/api/${version}/article/bycollection/:id`,
ArticleRoute.getbycollection
);
你的做法是正确的,你可以通过制作一个包含所有你希望超出中间件范围的中间件的数组来使你的代码更具可读性
const whiteListEndpoints = ["/api/v1/this", "/api/v1/this1", "/api/v1/this2"]
然后
// your middleware
app.use((req, res,next) => {
//if the path was in the whitelist just call next function
if(whiteListEndpoints.includes(req.url)) return next()
// let the middlware do it's job
})
或者您可以更改快递 use 订单
const firstRoute = app.use("/no_middleware", router);
app.use((req, res, next) => {}) // your middleware
const secondRoute = app.use("/with_middleware", router);
这里第一个路由器不会使用中间件,因为它还没有被调用。
您可以创建一个路由 express.Router() 并将其设置为 path,此路由器具有所有身份验证,然后创建第二个 express.Router() 并且没有身份验证。
var router = express.Router();
// your code for API auth...
router.get('/api/v1/collection/byhome',myMiddleware, (req, res, next) => {
res.send('Hey There');
})
app.use('/api', router);
var routerGuest = express.Router();
//
routerGuest.get('/', (req, res, next) => {
res.send('Hey There');
})
app.use('/guest', routerGuest)
为了鉴权,我建议做一个单独的中间件,然后传给我们的路由
function myMiddleware(req, res, next){
const bearerHeader = req.header("authorization");
if (typeof bearerHeader !== "undefined") {
const bearer = bearerHeader.split(" ");
const bearerToken = bearer[1];
req.token = bearerToken;
jwt.verify(req.token, process.env.SECRETKEY, async (err, authData) => {
if (err) {
res.sendStatus(401);
} else {
next();
}
});
} else {
res.statusCode = 400;
const Response = {
message: "Invalid Token",
StatusCode: res.statusCode,
};
res.json(Response);
}
}
}
我想有了这个你可能会有一些想法:)
您可以使用 Express.Router 来获得想要的结果。使用 Express 路由器,您可以区分路由并为每个路由器设置不同的中间件。
按照以下步骤操作:
- 创建一个授权中间件
middlewares/private.authenticate.js
function auth(req, res, next) {
// do auth stuff...
next();
}
- 创建文件
routes/private/index.js
// private route handler
import { Router } from "express";
import auth from "./middlewares/private.authenticate.js";
const router = Router();
router.use(auth); // use auth middleware
router.route("/")
.get()
.put()
export default router;
- 创建文件
routes/public/index.js
import { Router } from "express";
const router = Router();
router.route("/")
.get()
.put()
export default router;
- 您的 Express 应用文件
import express from "express";
const app = express();
import PublicRoutes from "./routes/public";
import PrivateRoutes from "./routes/private";
// public routes path
app.use("/api/public", PublicRoutes);
// private routes path
app.use("/api/private", PrivateRoutes);
我的 API 上有一些路线。并有一个中间件。它创建不记名令牌并检查它。但是我希望我的一些路由不要进入那个中间件,这样我就可以在没有令牌的情况下访问。我怎样才能做到?我的中间件:
app.use(async (req, res, next) => {
if (
req.path === "/api/v1/collection/byhome" || // I dont want that part.
req.path === "/api/v1/user/login" // Its working but its not looks like best solution.
) {
next();
} else {
const bearerHeader = req.header("authorization");
if (typeof bearerHeader !== "undefined") {
const bearer = bearerHeader.split(" ");
const bearerToken = bearer[1];
req.token = bearerToken;
jwt.verify(req.token, process.env.SECRETKEY, async (err, authData) => {
if (err) {
res.sendStatus(401);
} else {
next();
}
});
} else {
res.statusCode = 400;
const Response = {
message: "Invalid Token",
StatusCode: res.statusCode,
};
res.json(Response);
}
}
});
我的路线:
app.get(
`/api/${version}/article/bycollection/:id`,
ArticleRoute.getbycollection
);
你的做法是正确的,你可以通过制作一个包含所有你希望超出中间件范围的中间件的数组来使你的代码更具可读性
const whiteListEndpoints = ["/api/v1/this", "/api/v1/this1", "/api/v1/this2"]
然后
// your middleware
app.use((req, res,next) => {
//if the path was in the whitelist just call next function
if(whiteListEndpoints.includes(req.url)) return next()
// let the middlware do it's job
})
或者您可以更改快递 use 订单
const firstRoute = app.use("/no_middleware", router);
app.use((req, res, next) => {}) // your middleware
const secondRoute = app.use("/with_middleware", router);
这里第一个路由器不会使用中间件,因为它还没有被调用。
您可以创建一个路由 express.Router() 并将其设置为 path,此路由器具有所有身份验证,然后创建第二个 express.Router() 并且没有身份验证。
var router = express.Router();
// your code for API auth...
router.get('/api/v1/collection/byhome',myMiddleware, (req, res, next) => {
res.send('Hey There');
})
app.use('/api', router);
var routerGuest = express.Router();
//
routerGuest.get('/', (req, res, next) => {
res.send('Hey There');
})
app.use('/guest', routerGuest)
为了鉴权,我建议做一个单独的中间件,然后传给我们的路由
function myMiddleware(req, res, next){
const bearerHeader = req.header("authorization");
if (typeof bearerHeader !== "undefined") {
const bearer = bearerHeader.split(" ");
const bearerToken = bearer[1];
req.token = bearerToken;
jwt.verify(req.token, process.env.SECRETKEY, async (err, authData) => {
if (err) {
res.sendStatus(401);
} else {
next();
}
});
} else {
res.statusCode = 400;
const Response = {
message: "Invalid Token",
StatusCode: res.statusCode,
};
res.json(Response);
}
}
}
我想有了这个你可能会有一些想法:)
您可以使用 Express.Router 来获得想要的结果。使用 Express 路由器,您可以区分路由并为每个路由器设置不同的中间件。
按照以下步骤操作:
- 创建一个授权中间件
middlewares/private.authenticate.js
function auth(req, res, next) {
// do auth stuff...
next();
}
- 创建文件
routes/private/index.js
// private route handler
import { Router } from "express";
import auth from "./middlewares/private.authenticate.js";
const router = Router();
router.use(auth); // use auth middleware
router.route("/")
.get()
.put()
export default router;
- 创建文件
routes/public/index.js
import { Router } from "express";
const router = Router();
router.route("/")
.get()
.put()
export default router;
- 您的 Express 应用文件
import express from "express";
const app = express();
import PublicRoutes from "./routes/public";
import PrivateRoutes from "./routes/private";
// public routes path
app.use("/api/public", PublicRoutes);
// private routes path
app.use("/api/private", PrivateRoutes);