1. 首頁
  2. 問答
  3. 驗證在節點JS

驗證在節點JS

2016-05-16 106 views
4

特定請求(多個)我創建的API與此link 的參考它驗證在下列方式請求:驗證在節點JS

router.post('/authenticate', function(req, res) { 

     var query = "SELECT * FROM ?? WHERE ??=? and ??=? LIMIT 1"; 
     var table = ["users","user_email",req.body.user_email, "user_password",md5(req.body.user_password)]; 
     query = mysql.format(query,table); 
     connection.query(query,function(err,rows){ 
      if(err) { 
       res.json({"Error" : true, "Message" : "Error executing MySQL query"}); 
      } else { 
       if(rows.length > 0){ 
        var user = {'user_email':rows.user_email, 'user_password':rows.user_password} 
        var token = jwt.sign(user, app.get('superSecret'), { 
         expiresIn: '24h' // expires in 24 hours 
        }); 
        delete rows[0].user_password; 
        // return the information including token as JSON 
        res.status(200).json({ 
         error: false, 
         message: 'success', 
         token: token, 
         user:rows 
        }); 
       } else { 

        res.status(404).json({"Error" : true, "Message" : "No records found"}); 
       } 
      } 
     }); 
    }); 

    router.post("/users",function(req,res){ 
     req.checkBody({ 
      'user_email': { 
       notEmpty: true, 
       isEmail: { 
        errorMessage: 'Invalid Email' 
       } 
      }, 
      'user_password': { 
       notEmpty: true, 
       isLength: { 
        options: [{ min: 6, max: 10 }], 
        errorMessage: 'Password must be between 6 and 10 chars long' // Error message for the validator, takes precedent over parameter message 
       }, 
       errorMessage: 'Invalid Password' // Error message for the parameter 
      }, 
      'user_name': { // 
       notEmpty: true, // won't validate if field is empty 
       isLength: { 
        options: [{ min: 2, max: 10 }], 
        errorMessage: 'Must be between 2 and 10 chars long' // Error message for the validator, takes precedent over parameter message 
       }, 
       errorMessage: 'Invalid User Name' 
      }, 
      'phone_number': { // 
       notEmpty: true, 
       isLength: { 
        options: [{ min: 10, max: 15}], 
        errorMessage: 'Must be between 10 and 15 chars long' // Error message for the validator, takes precedent over parameter message 
       }, 
       errorMessage: 'Invalid Phone Number' 
      }, 
      'address': { // 
       notEmpty: true, 
       isLength: { 
        options: [{ min: 10, max: 100}], 
        errorMessage: 'Must be between 10 and 100 chars long' // Error message for the validator, takes precedent over parameter message 
       }, 
       errorMessage: 'Invalid Address' 
      }, 
      'device_type': { // 
       notEmpty: true, 
       errorMessage: 'Invalid device type' 
      }, 
      'login_type': { // 
       notEmpty: true, 
       errorMessage: 'Invalid login type' 
      }, 
      'gcm_user_id': { // 
       notEmpty: true, 
       errorMessage: 'Invalid gcm id' 
      } 
     }); 
     var errors = req.validationErrors(); 
     if (errors) { 
      res.status(500).json(errors); 
      return; 
     } 

     var query = "INSERT INTO ??(??,??,??,??,??,??,??,??) VALUES (?,?,?,?,?,?,?,?)"; 
     var table = ["users","user_name", "user_email", "user_password", "phone_number", "address", "device_type", "login_type", "gcm_user_id", 
      req.body.user_name, req.body.user_email, md5(req.body.user_password), req.body.phone_number, req.body.address, 
      req.body.device_type, req.body.login_type,req.body.gcm_user_id]; 
     query = mysql.format(query,table); 
     connection.query(query,function(err,record){ 
      if(err) { 
       res.status(500).json({"Error" : true, "Message" : err.message}); 
      } else { 
       var query = "select * from ?? WHERE ?? = ?"; 
       var table = ["users", "id", record.insertId]; 
       query = mysql.format(query,table); 
       connection.query(query,function(err,rows){ 
        if(err) throw err; 
        res.status(200).json({"Error" : false, "message" : "User Added !", "data":rows}); 
       }); 
      } 
     }); 
    }); 

    // route middleware to verify a token 
    router.use(function(req, res, next) { 

     // check header or url parameters or post parameters for token 
     var token = req.headers['x-access-token']; 
     console.log(token,'token'); 
     // decode token 
     if (token) { 

      // verifies secret and checks exp 
      jwt.verify(token, app.get('superSecret'), function(err, decoded) { 
       if (err) { 
        console.log(err); 
        return res.json({ success: false, message: 'Failed to authenticate token.' }); 
       } else { 
        // if everything is good, save to request for use in other routes 
        req.decoded = decoded; 
        next(); 
       } 
      }); 

     } else { 

      // if there is no token 
      // return an error 
      return res.status(401).send({ 
       success: false, 
       message: 'No token provided.' 
      }); 

     } 
    });

我想要驗證在下述方式的請求:

例如: router.get("/users", jwtValidate ,function(req,res)

目前爲了避免身份驗證,我必須應用中間件以上的路由。

來源

2016-05-16 Lalitesh Upadhyaya

+0

你可以給特定的URL到您的路線中間件,'router.use( '/ users',function(req,res,next){})' –

+0

通過這樣做,我必須創建n箇中間件。我想讓中間件的功能從路由中調用它。 –

+0

我認爲你可以通過給出url模式來解決這個問題,路由器可以接受正則表達式url模式,所以你可以決定哪個路由需要認證等,順便說一句你的例子似乎有效,http://expressjs.com/en/api.html #路由器 –

回答

2

您可以驗證以下列方式的請求:對令牌服務

router.get("/users", router.jwtValidate ,function(req,res){ 
     //logic here 
}); 

    /** 
    * Require Mobile Login Routing middleware 
    * This function check if user loggedIn from mobile then verify it's Token. 
    * Here we implement middleware of mobile Auth 
    */ 
    router.jwtValidate = function(req, res, next) { 
      var token; 
      if (req.headers && req.headers.authorization) { 
       var parts = req.headers.authorization.split(' '); 

       if (parts.length == 2) { 
        var scheme = parts[0], 
         credentials = parts[1]; 

        if (/^Bearer$/i.test(scheme)) { 
         token = credentials; 
        } 
       } else { 
        return res.json(401, {message: 'Format is Authorization: Bearer [token]'}); 
       } 
      } else if (req.param('token')) { 
       token = req.param('token'); 

       // We delete the token from query and body to not mess with blueprints 
       delete req.query.token; 
       delete req.body.token; 
      } else { 
       return res.status(401).send({ 
        message: 'No Authorization header was found' 
       }); 
      } 


      tokenService.verifyToken(token, function (error, token) { 
       if (error) { 
        return res.json(401, {message: 'User is not logged in'}); 
       } else { 
        req.token = token; 
        req.user = token; 
        return next(); 
       } 
      }); 
    }

您可以使用下面的代碼:

/** 
* jwt token service 
*/ 

var jwt = require('jsonwebtoken'); 
var config = require('config'); 

// With this method we generate a new token based on payload we want to put on it 
module.exports.issueToken = function(payload) { 
    return jwt.sign(
     payload, // This is the payload we want to put inside the token 
     'config.secret' // Secret string which will be used to sign the token 
    ); 
}; 

// Here we verify that the token we received on a request hasn't be tampered with. 
module.exports.verifyToken = function(token, verified) { 
    if(token && verified) { 
     return jwt.verify(
      token, // The token to be verified 
      'config.secret', // The secret we used to sign it. 
      {}, // Options, none in this case 
      verified // The callback to be call when the verification is done. 
     ); 
    } 
};

來源

2016-05-17 10:24:18 user1867343

相關問題

 相關問題