我一直在試圖編寫一個接受用戶名/密碼憑證的簡單服務器,驗證它們,然後爲客戶端創建一個JWT令牌,然後用它們訪問某些路由。我能夠完成所有工作,直到在服務器端接收並驗證客戶端的JWT。如何使用shelf_auth庫驗證已建立的會話?
void main() {
//use Jwt based sessions and create the secret using a UUID
JwtSessionHandler sessionHandler =
new JwtSessionHandler('ffl_sales_server', new Uuid().v4(),
auth.lookupByUsername);
//allow http for testing with curl, do not use in production
bool allowHttp = true;
final Map<String, String> headers =
{'Access-Control-Allow-Origin': 'http://192.168.100.83:3030',
"Access-Control-Expose-Headers": "Authorization",
"Access-Control-Allow-Credentials" : "true",
"Access-Control-Allow-Headers" : "Authorization"};
//fix the cors headers
Response options(Request request) => (request.method == 'OPTIONS') ?
new Response.ok(null, headers: headers) : null;
Response cors(Response response) =>
response.change(headers: headers);
Middleware fixCors = createMiddleware(requestHandler: options,
responseHandler: cors);
// authentication middleware for a login handler (post)
Middleware loginMiddleware = authenticate(
[new UsernamePasswordAuthenticator(lookupByUsernamePassword)],
sessionHandler: sessionHandler, allowHttp: allowHttp,
allowAnonymousAccess: false);
// authentication middleware for routes other than login that
// require a logged in user
// here we are relying solely on users with a session established
// via the login route
Middleware defaultAuthMiddleware = authenticate(
[],sessionHandler: sessionHandler, allowHttp: true,
allowAnonymousAccess: false);
Router rootRouter = router(handlerAdapter: handlerAdapter());
//the route where the login credentials are posted
rootRouter.post('/login', (Request request) => new Response.ok('SUCCESS'), middleware: loginMiddleware);
//the routes which require an authenticated user
rootRouter.child('/authenticated',
middleware: defaultAuthMiddleware)
..add('/users', ALL_METHODS, new Users(_connection).handle)
..add('/stores', ALL_METHODS, new Stores(_connection).handle)
..add('/departments', ALL_METHODS, new Departments(_connection).handle)
..add('/invoices', ALL_METHODS, new Invoices(_connection).handle)
..add('/reports', ALL_METHODS, new Reports(_connection).handle)
..add('/imports', ALL_METHODS, new Imports(_connection).handle)
..add('/vendors', ALL_METHODS, new Vendors(_connection).handle)
..get('/foo', (Request request) =>
new Response.ok("Doing foo as ${loggedInUsername(request)}\n"));
printRoutes(rootRouter);
Handler handler = const Pipeline()
.addMiddleware(fixCors)
.addMiddleware(logRequests())
.addMiddleware(exceptionResponse())
.addHandler(rootRouter.handler);
shelf_io.serve(handler, '127.0.0.1', '8080').then((server){
print('Serving as http://${server.address.host}:${server.port}');
});
}
我知道我可能失去了一些東西簡單,但好像我應該有某種形式的處理程序在創建該defaultAuthMiddleware的身份驗證()函數的第一個參數。我錯過了什麼?
嘿[Matthew Feeney](http://stackoverflow.com/users/4142285/matthew-feeney)你可以給出一些更詳細的問題。什麼是不工作?上述內容似乎與example_with_login_and_jwt_session代碼非常相似。你有沒有同樣的問題?我已經爲該示例添加了一些評論。嘗試curl命令https://bitbucket.org/andersmholmgren/shelf_auth/src/b54659668249526cfbd2af0532250c915bd53cb7/example/example_with_login_and_jwt_session.dart?at=master#cl-23如果您還沒有 – Anders 2015-02-07 00:32:18
@Anders,我試着從你的捲髮例子評論並得到相同的結果。我成功從服務器獲取令牌,但是當我讓下一個請求將application/json的內容類型和授權頭部作爲收到的令牌傳遞時,我得到了一個401響應。 – 2015-02-09 16:27:45
我只是把你的代碼放在上面,並修改了足夠的代碼,它適用於我 - https://gist.github.com/Andersmholmgren/17d468c244a7848b72d7 請確保你在最新版本的貨架依賴關係。我在https://gist.github.com/Andersmholmgren/136427d800eb053d3a07 – Anders 2015-02-10 00:51:51