node.js - NodeJS 无法进行身份验证,即使我提供了不记名令牌
问题描述
下面的代码由我的 jwt 文件和 user.service 文件代码组成。即使我给了不记名令牌,我也无法进行身份验证。请帮我解决这个问题
我的 user.service 文件
module.exports = {
authenticate,
getAll,
getById,
create,
update,
getByEmail,
changePassword,
delete: _delete
};
async function authenticate({ email, password }) {
const user = await User.findOne({
email
});
if (user && bcrypt.compareSync(password, user.hash)) {
const { hash, ...userWithoutHash } = user.toObject();
const token = jwt.sign(
{
sub: user.id
},
config.secret
);
const y = user.lastLoginDate;
user.lastLoginDate = Date.now();
const x = user.lastLoginDate;
Object.assign(user, x);
await user.save();
const axyz = user.id;
const companies = await company.find({ userAccessId: user.id });
return {
...userWithoutHash,
token,
companies
};
}
}
async function getById(userParam) {
const user = await User.findOne({
id: userParam.id,
defaultAccountId: userParam.defaultAccountId
});
if (user) {
const companies = await company.find({ userAccessId: user.id });
return {
user,
companies
};
}
}
async function getByEmail(userParam) {
return await User.findOne({
email: userParam.email
}).select("-hash");
}
async function create(userParam) {
const users = await User.findOne({
email: userParam.email
});
const user = new User(userParam);
if (!users) {
if (userParam.password) {
user.hash = bcrypt.hashSync(userParam.password, 10);
}
await user.save();
const companies = await company.findOne({ businessUnitId: userParam.defaultAccountId });
if (companies) {
const Arrays = companies.userAccessId;
Arrays.addToSet(user.id);
await companies.save();
}
const { hash, ...userWithoutHash } = user.toObject();
const token = jwt.sign(
{
sub: user.id
},
config.secret
);
return {
...userWithoutHash
};
} else {
const idd = user.id;
const companies = await company.findOne({ businessUnitId: userParam.defaultAccountId });
if (companies) {
const Arrays = companies.userAccessId;
var index = Arrays.indexOf(users.id);
if (index > -1) {
} else {
Arrays.addToSet(users.id);
await companies.save();
return userParam;
}
}
}
}
async function update(userParam, call) {
const user = await User.findOne({
id: userParam.id,
defaultAccountId: userParam.defaultAccountId
});
if (user) {
const users = await User.findOne({ userName: userParam.userName });
if (!users) {
if (userParam.userName) {
user.userName = userParam.userName;
const x = userParam.userName;
Object.assign(user, x);
await user.save(x);
}
if (userParam.userRole) {
user.userRole = userParam.userRole;
const y = userParam.userRole;
Object.assign(user, y);
await user.save(y);
}
const { hash, ...userWithoutHash } = user.toObject();
const token = jwt.sign(
{
sub: user.id
},
config.secret
);
return {
...userWithoutHash
};
} else {
throw "User Aldready Exits";
}
}
}
async function changePassword(userParam) {
const user = await User.findOne({
email: userParam.email
});
if (user) {
if (userParam.password) {
userParam.hash = bcrypt.hashSync(userParam.password, 10);
}
Object.assign(user, userParam);
return await user.save();
}
}
async function _delete(userParam) {
const user = await User.findOne({
id: userParam.id
});
if (user) {
if (await company.findOne({ userAccessId: user.id })) {
const companiess = await company.find({ userAccessId: user.id });
if (companiess) {
const n = companiess.length;
for (i = 0; i < n; i++) {
console.log(i);
const Arrays = companiess[i].userAccessId;
console.log(Arrays);
var index = Arrays.indexOf(user.id);
if (index > -1) {
Arrays.splice(index, 1);
await companiess[i].save();
}
}
}
return await user.remove();
}
}
}
async function getAll(userParam) {
if (await User.findOne({ defaultAccountId: userParam.defaultAccountId })) {
const user = await User.find({ defaultAccountId: userParam.defaultAccountId });
return await user;
}
}
我的 jwt 文件:
const expressJwt = require("express-jwt");
const config = require("config.json");
const userService = require("models/v1/user.service");
module.exports = jwt;
function jwt() {
const secret = config.secret;
return expressJwt({
secret,
isRevoked
}).unless({
path: ["/users/login"]
});
}
async function isRevoked(req, payload, done) {
const user = await userService.getById(payload.sub);
if (!user) {
return done(null, true);
}
done();
}
请帮我解决这个问题。当我没有将我的代码与我的团队集成时,它以前可以工作,在集成我的代码后它不起作用,我收到未经授权的错误。
解决方案
var decoded = jwt.verify(token, "someSecretKey");
console.log(decoded) // bar
// verify a token symmetric
jwt.verify(token, "someSecretKey", function(err, decoded) {
console.log(decoded.foo) // bar
});
// invalid token - synchronous
try {
var decoded = jwt.verify(token, 'wrong-secret');
} catch(err) {
}
jwt.verify(token, 'wrong-secret', function(err, decoded) {
});
推荐阅读
- python - 更快地实现 LSH (AND-OR)
- php - AWS EC2 NGINX 上的 PHP 脚本不工作但下载
- visual-studio - 如何为所有用户永久添加引用 Visual Studio 2017 的 dll?
- node.js - 如果我知道地址和私钥,如何在 web3 中导入以太坊帐户?
- php - 问 [PHP]:这是什么意思?-> 警告:非法字符串偏移
- python - 如何在我的 8G DDR3 RAM 中托管大型列表?
- html - 如何在 {{input}} 帮助器中分配值而不是创建绑定?
- mongodb - 聚合结果在 mongo 节点驱动程序中给出全表 json 而不是计数结果
- wordpress - 如何在 wordpress admin 中捕获表单值
- angular - zone.js:2969 访问 XMLHttpRequest 已被 CORS 策略阻止