助手"/>
创建 bcryptjs 和 JWT 助手
如何在 javascript 中创建 bcryptjs 和 JSON 网络令牌助手以及 app.js、路由器 index.js 和身份验证中间件
bcryptjs
const bcrypt = require("bcryptjs");
const salt = bcrypt.genSaltSync(10);
const hashPassword = (plainPassword) => {
return bcrypt.hashSync(plainPassword, salt);
};
const comparePassword = (plainPassword, hashPassword) => {
return bcryptpareSync(plainPassword, hashPassword);
};
module.exports = { hashPassword, comparePassword };
智威汤逊
const jwt = require("jsonwebtoken");
require("dotenv").config();
const SECRET = process.env.SECRET_KEY; // create .env and put in SECRET_KEY=...
const signToken = (payload) => {
return jwt.sign(payload, SECRET);
};
const verifyToken = (token) => {
return jwt.verify(token, SECRET);
};
module.exports = { signToken, verifyToken };
app.js
const express = require("express");
const cors = require("cors");
const app = express();
const port = 3000;
const router = require("./router/index");
app.use(cors());
app.use(express.json());
app.use(express.urlencoded({ extended: false }));
app.use(router);
app.listen(port, () => {
console.log(`Listening on port ${port}`);
});
路由器 index.js
const Controller = require("../controller/controller");
const errorHandler = require("../handler/errorHandler");
const authN = require("../middleware/auth");
const router = require("express").Router();
router.post("/register", Controller.register);
router.post("/login", Controller.login);
router.use(errorHandler);
module.exports = router;
authN 中间件
const { verifyToken } = require("../helper/jwt");
const { User } = require("../models/index");
const authN = async (req, res, next) => {
try {
const headers = req.headers.access_token;
if (!headers) {
throw {
name: "unauthorized",
};
}
const payload = verifyToken(headers);
const user = await User.findByPk(payload.id);
if (!user) {
throw {
name: "unauthorized",
};
}
req.userData = {
id: payload.id,
email: payload.email,
};
next();
} catch (error) {
next(error);
}
};
module.exports = authN;
授权
const authZ = async (req, res, next) => {
try {
// deconstruct userData from req from authN
const { id, role } = req.userData;
// get postId from params
const postId = req.params.id;
// find the post that wants to be deleted
const currentPost = await Post.findByPk(postId);
if (role.toLowerCase() !== "admin") {
// if not admin, match post id
if (currentPost.authorId === id) {
return next();
} else {
// if id doesn't match
throw {
name: "unauthorized",
};
}
}
// if admin, authorized
next();
} catch (err) {
next(err);
}
};
module.exports = authZ;
这些代码用于在 javascript 中创建 bcryptjs 和 JSON 网络令牌助手以及 app.js、路由器 index.js 和身份验证中间件
课堂作业请忽略这个,除非你是我的教授 :)
回答如下:更多推荐
创建 bcryptjs 和 JWT 助手
发布评论