用于 NodeJS 和 Auth0 的 JWT Auth
JWT Auth for NodeJS and Auth0
我在我正在开发的 MEAN 应用程序上使用 Auth0 进行用户身份验证。我遇到的问题是我已将模型、路由和控制器分离到单独的文件中。我正在按照 Auth0 教程了解有关在何处使用 JWT 令牌身份验证的指导,但我不确定它在我的设置中的位置。
checkJwt属于哪里?
https://auth0.com/docs/quickstart/backend/nodejs/01-authorization
锻炼路由器
module.exports = function(app) {
var workouts = require('../controllers/workoutController');
// workout Routes
app.route('/api/workouts')
.get(workouts.getAllWorkouts)
.post(workouts.createWorkout);
app.route('/api/workouts/benchmarks')
.get(workouts.getBenchmarks);
app.route('/api/workouts/:workoutId')
.get(workouts.getWorkout)
.put(workouts.updateWorkout)
.delete(workouts.deleteWorkout);
};
对应控制器
var mongoose = require('mongoose'),
Workout = mongoose.model('Workout');
exports.getAllWorkouts = function(req, res) {
Workout.find({}, function(err, workouts) {
if (err)
res.send(err);
res.json(workouts);
});
};
exports.getBenchmarks = function(req, res) {
Workout.find({
"type":"Benchmark"
}, function(err, workouts) {
if (err)
res.send(err);
res.json(workouts);
});
};
exports.createWorkout = function(req, res) {
var newWorkout = new Workout(req.body);
newWorkout.save(function(err, workout) {
if (err)
res.send(err);
res.json(workout);
});
};
exports.getWorkout = function(req, res) {
Workout.findById(req.params.workoutId, function(err, workout) {
if (err)
res.send(err);
res.json(workout);
});
};
exports.updateWorkout = function(req, res) {
Workout.findOneAndUpdate({_id: req.params.workoutId}, req.body, {new: true}, function(err, workout) {
if (err)
res.send(err);
res.json(workout);
});
};
exports.deleteWorkout = function(req, res) {
Workout.remove({
_id: req.params.workoutId
}, function(err, workout) {
if (err)
res.send(err);
res.json({ message: 'Workout successfully deleted' });
});
};
锻炼 Post()
exports.createWorkout = function(req, res) {
var newWorkout = new Workout(req.body);
newWorkout.save(function(err, workout) {
if (err)
res.send(err);
res.json(workout);
});
};
首先,您应该在单独的文件中配置 checkJwt(如在 docs 中),并在您的路由器文件中要求它。
让我们看看如何在 Workout Router 中protect the routes:
module.exports = function(app) {
var workouts = require('../controllers/workoutController');
var checkJwt = require('./path/to/checkJwt');
// workout Routes
app.route('/api/workouts')
.get(workouts.getAllWorkouts) // unprotected route
.post(checkJwt, workouts.createWorkout); // protected route
app.route('/api/workouts/benchmarks')
.get(workouts.getBenchmarks);
app.route('/api/workouts/:workoutId')
.get(workouts.getWorkout)
.put(workouts.updateWorkout)
.delete(workouts.deleteWorkout);
};
函数 checkJwt 是一个中间件,用于检查请求在到达控制器逻辑之前是否经过身份验证。
checkJwt文件:
var checkJwt = jwt({
...
})
module.exports = checkJwt
我在我正在开发的 MEAN 应用程序上使用 Auth0 进行用户身份验证。我遇到的问题是我已将模型、路由和控制器分离到单独的文件中。我正在按照 Auth0 教程了解有关在何处使用 JWT 令牌身份验证的指导,但我不确定它在我的设置中的位置。
checkJwt属于哪里?
https://auth0.com/docs/quickstart/backend/nodejs/01-authorization
锻炼路由器
module.exports = function(app) {
var workouts = require('../controllers/workoutController');
// workout Routes
app.route('/api/workouts')
.get(workouts.getAllWorkouts)
.post(workouts.createWorkout);
app.route('/api/workouts/benchmarks')
.get(workouts.getBenchmarks);
app.route('/api/workouts/:workoutId')
.get(workouts.getWorkout)
.put(workouts.updateWorkout)
.delete(workouts.deleteWorkout);
};
对应控制器
var mongoose = require('mongoose'),
Workout = mongoose.model('Workout');
exports.getAllWorkouts = function(req, res) {
Workout.find({}, function(err, workouts) {
if (err)
res.send(err);
res.json(workouts);
});
};
exports.getBenchmarks = function(req, res) {
Workout.find({
"type":"Benchmark"
}, function(err, workouts) {
if (err)
res.send(err);
res.json(workouts);
});
};
exports.createWorkout = function(req, res) {
var newWorkout = new Workout(req.body);
newWorkout.save(function(err, workout) {
if (err)
res.send(err);
res.json(workout);
});
};
exports.getWorkout = function(req, res) {
Workout.findById(req.params.workoutId, function(err, workout) {
if (err)
res.send(err);
res.json(workout);
});
};
exports.updateWorkout = function(req, res) {
Workout.findOneAndUpdate({_id: req.params.workoutId}, req.body, {new: true}, function(err, workout) {
if (err)
res.send(err);
res.json(workout);
});
};
exports.deleteWorkout = function(req, res) {
Workout.remove({
_id: req.params.workoutId
}, function(err, workout) {
if (err)
res.send(err);
res.json({ message: 'Workout successfully deleted' });
});
};
锻炼 Post()
exports.createWorkout = function(req, res) {
var newWorkout = new Workout(req.body);
newWorkout.save(function(err, workout) {
if (err)
res.send(err);
res.json(workout);
});
};
首先,您应该在单独的文件中配置 checkJwt(如在 docs 中),并在您的路由器文件中要求它。
让我们看看如何在 Workout Router 中protect the routes:
module.exports = function(app) {
var workouts = require('../controllers/workoutController');
var checkJwt = require('./path/to/checkJwt');
// workout Routes
app.route('/api/workouts')
.get(workouts.getAllWorkouts) // unprotected route
.post(checkJwt, workouts.createWorkout); // protected route
app.route('/api/workouts/benchmarks')
.get(workouts.getBenchmarks);
app.route('/api/workouts/:workoutId')
.get(workouts.getWorkout)
.put(workouts.updateWorkout)
.delete(workouts.deleteWorkout);
};
函数 checkJwt 是一个中间件,用于检查请求在到达控制器逻辑之前是否经过身份验证。
checkJwt文件:
var checkJwt = jwt({
...
})
module.exports = checkJwt