node.js - 撤销令牌时找不到响应帐户
问题描述
when revoking token getting response account not found even though account is in DB.
注册用户并刷新令牌后,我试图撤销以前的令牌,但收到错误消息“找不到帐户”,但相应的帐户存在于 mongo 集合中。
Authorize.js
function authorize(roles = []) {
// roles param can be a single role string (e.g. Role.User or 'User')
// or an array of roles (e.g. [Role.Admin, Role.User] or ['Admin', 'User'])
if (typeof roles === "string") {
roles = [roles];
}
return [
// authenticate JWT token and attach user to request object (req.user)
jwt({ secret, algorithms: ["HS256"] }),
// authorize based on user role
async (req, res, next) => {
console.log("start ");
const account = await db.Account.findById(req.user.id);
const refreshTokens = await db.RefreshToken.find({ account: account.id });
if (!account || (roles.length && !roles.includes(account.role))) {
// account no longer exists or role not authorized
console.log("role ");
return res.status(401).json({ message: "Unauthorized" });
}
// authentication and authorization successful
req.user.role = account.role;
console.log("token11");
req.user.ownsToken = (token) => {
console.log("token");
!!refreshTokens.find((x) => x.token === token);
};
next();
},];}
此处验证令牌以检查其授权。
server.js
require('rootpath')();
const express = require('express');
const app = express();
const bodyParser = require('body-parser');
const cookieParser = require('cookie-parser');
const cors = require('cors');
const errorHandler = require('_middleware/error-handler');
app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json());
app.use(cookieParser());
// allow cors requests from any origin and with credentials
app.use(cors({ origin: (origin, callback) => callback(null, true), credentials: true }));
// api routes
app.use('/accounts', require('./accounts/accounts.controller'));
// swagger docs route
app.use('/api-docs', require('_helpers/swagger'));
// global error handler
app.use(errorHandler);
// start server
const port = process.env.NODE_ENV === 'production' ? (process.env.PORT || 80) : 4000;
app.listen(port, () => {
console.log('Server listening on port ' + port);
});
这是带有路由到不同 API 的服务器文件
account.service.js
async function revokeToken({ token, ipAddress }) {
console.log("services");
const refreshToken = await getRefreshToken(token);
// revoke token and save
refreshToken.revoked = Date.now();
refreshToken.revokedByIp = ipAddress;
await refreshToken.save();
}
撤销给定令牌的函数
account.controller.js
function revokeToken(req, res, next) {
console.log("here.......");
// accept token from request body or cookie
const token = req.body.token || req.cookies.refreshToken;
const ipAddress = req.ip;
if (!token) return res.status(400).json({ message: "Token is required" });
// users can revoke their own tokens and admins can revoke any tokens
if (!req.user.ownsToken(token) && req.user.role !== Role.Admin) {
return res.status(401).json({ message: "Unauthorized" });
}
accountService
.revokeToken({ token, ipAddress })
.then(() => res.json({ message: "Token revoked" }))
.catch(next);
}
撤销对服务器的令牌请求。
解决方案
您必须在正文中提供旧令牌。尝试再次进行身份验证,然后提供新令牌。它可能会起作用。
推荐阅读
- javascript - 为什么将空值插入表中?
- json - 从 jsonpath 到 jsonpath 的条件转换
- android - 如何在Android中实现多个动态快捷方式?
- html - 如何在 Gmail 和 Yahoo-Mail 中制作内容超过 102kB 且一致且规则的电子邮件?
- python - 我在我的 django 代码中遇到了将图像代码上传到数据库中的问题?
- azure - Azure RBAC 角色和服务主体之间的关系
- python - 如何使用 anaconda 安装包 import_ipynb?
- java - 找不到媒体类型 = 文本/纯文本、类型 = 类 TestRest.Track、通用类型 = 类 TestRest.Track 的 MessageBodyWriter
- c++ - VS-2019 程序在某些服务器上的第一个浮点指令上崩溃
- mocking - Jest "jest.mock(...) 不会覆盖原始文件