rest - 无法在 Golang 中读取 cookie(路由器:chi)
问题描述
我正在为 todolist 应用程序开发 REST API(不是来自教程),并且我已经成功实现了身份验证,但是我的一个辅助函数似乎无法读取明显存在的 cookie,这里是函数:
// jwt is imported from the https://github.com/dgrijalva/jwt-go package
func validateAccessToken(w http.ResponseWriter, r *http.Request) uuid.UUID {
jwtSecret, exists := os.LookupEnv("JWT_SECRET")
if !exists {
w.WriteHeader(500)
w.Write([]byte(`{"message":{"error":"Fatal internal error occurred"}}`))
panic(errors.New("JWT_SECRET environment variable not set"))
}
// Get access token and then validate it
at, err := r.Cookie("access_token")
if err == http.ErrNoCookie {
w.WriteHeader(401)
w.Write([]byte(`{"message":{"error":"access_token cookie not found"}}`)) // this error is always returned when i attempt to use the handler that uses this function
return uuid.Nil
}
t := at.Value
token, err := jwt.ParseWithClaims(t, &models.UserClaims{}, func(token *jwt.Token) (interface{}, error) {
return []byte(jwtSecret), nil
})
if claims, ok := token.Claims.(*models.UserClaims); ok && token.Valid {
return claims.ID
}
w.WriteHeader(401)
w.Write([]byte(`{"message":{"error":"access_token invalid"}}`))
return uuid.Nil
}
这是设置cookie的代码的相关部分:
// Login handles the login route
func Login(w http.ResponseWriter, r *http.Request) {
//...
// Construct cookies and then set them
rtCookie := http.Cookie{
Name: "refresh_token",
Value: *rt,
Expires: time.Now().Add(time.Nanosecond * time.Duration(sessionLifeNanos)),
}
atCookie := http.Cookie{
Name: "access_token",
Value: *at,
Expires: time.Now().Add(time.Minute * 15),
}
http.SetCookie(w, &rtCookie)
http.SetCookie(w, &atCookie)
w.Write([]byte(`{"message":"Logged in successfully :)"}`))
}
这validateAccessToken()
是使用的地方和失败的地方(uuid 是“github.com/google/uuid”包):
func CreateList(w http.ResponseWriter, r *http.Request) {
// li will be used to store the decoded request body
var li models.ListInput
// listID will be used to store the returned id after inserting
var listID uuid.UUID
userID := validateAccessToken(w, r)
fmt.Println(userID.String())
if userID == uuid.Nil {
return
}
//...
}
此外,每当我在邮递员中使用登录路由后进行检查时,所有 cookie 都会发送到 cookie jar 中(并且没有“access_token”cookie 未过期),并且具有正确的外观值。我很困惑为什么该validateAccessToken()
函数找不到那里的cookie,这里也是serve()
调用的函数main()
:
func serve() {
// Initialise new router
r := chi.NewRouter()
// Some recommended middlewares
r.Use(middleware.RequestID)
r.Use(middleware.RealIP)
r.Use(middleware.Logger)
r.Use(middleware.Recoverer)
// Cors options
r.Use(cors.Handler(cors.Options{
AllowedOrigins: []string{"*"},
AllowedHeaders: []string{"*"},
AllowedMethods: []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"},
ExposedHeaders: []string{"Content-Type", "Set-Cookie", "Cookie"},
AllowCredentials: true,
MaxAge: 300,
}))
// API routes
r.Route("/api", func(r chi.Router) {
r.Route("/users", func(r chi.Router) {
r.Post("/", handlers.CreateUser)
r.Post("/login", handlers.Login)
})
r.Route("/lists", func(r chi.Router) {
r.Post("/", handlers.CreateList)
})
})
// Listen on port 5000 and log any errors
log.Fatal(http.ListenAndServe("0.0.0.0:5000", r))
}
我非常感谢任何帮助的尝试,我也为这个糟糕的问题道歉,我有点急于完成这个。
解决方案
应用程序将 cookie 路径隐式设置为登录处理程序路径。通过将 cookie 路径显式设置为“/”来修复。
rtCookie := http.Cookie{
Name: "refresh_token",
Path: "/", // <--- add this line
Value: *rt,
Expires: time.Now().Add(time.Nanosecond * time.Duration(sessionLifeNanos)),
}
atCookie := http.Cookie{
Name: "access_token",
Path: "/", // <--- add this line.
Value: *at,
Expires: time.Now().Add(time.Minute * 15),
}
推荐阅读
- r - 将字符串模式从值添加到 colnames
- mysql - 将用户选项添加到 MySQL 配置文件时出现问题
- pdf - 无法从 RMarkdown (tinytex) 生成 pdf 报告
- python - 在 DataFrame 中使用 regex 和 pandas 替换值
- azure - 将 Azure 应用服务连接到 SQL 托管实例故障转移组
- c - 未定义结构 workqueue_struct 的使用无效
- python - 向 GUI 提出异常,但在用户输入后继续
- swift - SwiftUI NavigationView 不显示标签关闭
- java - 条纹 - android java
- json - Flutte - 提取到 FutureBuilder 的 JSON 反序列化数据返回空值