当我检查Thunder客户端时,它给了我jwt身份验证问题“未授权用户访问”问题,状态代码为401
JWT令牌生成成功后,工作正常
这是代码
app.get('/p3', async (req, res) => {
let token = req.headers.authorization
console.log('Main token: ' + token)
if (!token) {
return res.status(401).json({ message: 'Un-authorization' });
}
try {
token = token.split(' ')[1];
const user = jwt.verify(token, 'secret-key');
console.log(user);
} catch (e) {
return res.status(400).json({ message: 'Invalid Token' });
}
return res.status(200).json({ message: 'I am a private route' });
})
但是当我试图用数据库检查用户身份时,它显示错误
{
"message": "Un-authorization user access"
}
路线
http://localhost:4000/p4
这是代码
app.get('/p4', async (req, res) => {
let token = req.headers.authorization
console.log('Main token: ' + token)
if (!token) {
return res.status(401).json({ message: 'Un-authorization access' });
}
try {
token = token.split(' ')[1];
const decoded = jwt.verify(token, 'secret-key');
const user = await User.findById(decoded._id);
console.log(user);
if (!user) {
return res.status(401).json({ message: 'Un-authorization user access' });
}
} catch (e) {
return res.status(400).json({ message: 'Invalid Token' });
}
return res.status(200).json({ message: 'I am a private route' });
})
此处为登录路径以供参考
app.post('/login', async (req, res, next) => {
console.log(req.body);
const { email, password } = req.body
try {
const user = await User.findOne({ email });
console.log(user)
if (!user) {
return res.status(400).json({ message: "Invalid Credentials, Please registered" });
}
const isMatchPassword = await bcrypt.compare(password, user.password)
if (!isMatchPassword) {
return res.status(400).json({ message: "Invalid Credentials, Please registered" });
}
delete user._doc.password
delete user._doc._id
delete user._doc.roles
const token = jwt.sign(user._doc, 'secret-key', { expiresIn: '1h' })
return res.status(200).json({ message: "Login Successfull", token });
} catch (e) {
next(e);
}
});
我尝试使用多个用户凭据,但结果相同
