Express-JWT更新Express-JWT后未验证令牌

发布于 2025-02-14 01:22:31 字数 2207 浏览 1 评论 0 原文

我最近更新了 jsonwebtoken 和 express-jwt 。

5B3E23E232B293E28282876312C2F1B6C756C756C756E验证了。这是我的 auth Middleware 。我在这里要做的唯一更改是添加算法：[“ HS256”] ，因为这是最新版本所需的。

var { expressjwt: jwt } = require("express-jwt");

const getTokenFromHeaders = (req) => {
  const { headers: { authorization } } = req;
  
  // console.log('auth called with req', req.headers);
  console.log('Token: ', req.headers.authorization);
  if(authorization && authorization.split(' ')[0] === 'Token') {
    return authorization.split(' ')[1];
  }
  return null;
};

const auth = {
  required: jwt({
    secret: 'secret',
    algorithms: ["HS256"],
    userProperty: 'payload',
    getToken: getTokenFromHeaders
  }),
  optional: jwt({
    secret: 'secret',
    algorithms: ["HS256"],
    userProperty: 'payload',
    getToken: getTokenFromHeaders,
    credentialsRequired: false,
  }),
};
module.exports = auth;

我正在调用这样的中间件，

router.get('/get_content', auth.required, (req, res, next) => {
 
  // getting 500 error before getting to the next function!

   res.json({});
});

我检查了标题是否正在发送有效的令牌。不知道为什么这突然成为问题。我在用户架构中生成这样的令牌：

const jwt = require('jsonwebtoken');

UsersSchema.methods.generateJWT = function() {
  const today = new Date();
  const expirationDate = new Date(today);
  expirationDate.setDate(today.getDate() + 60);

  return jwt.sign({
    email: this.email,
    id: this._id,
    isVerified: this.isVerified,
    exp: parseInt(expirationDate.getTime() / 1000)
  }, 'secret');
}

这是一个应该工作的令牌（在）

eyjhbgcioijiuzi1niisinr5cci6ikpxvcj99.eyjlbwfpbci6im1lmdaxqhrvbm5llnrviiiwiawiawqioiiiim4ogjkyjkyjkyjkyjk4ytm5ytm5ywwuznjenjenjenjenjenje2ntcisl cjpc1zlcmlmawvkijp0cnvllcjlehaioje2nji1mtu4ndesimlhdci6mty1nzmzmtg0mx0.tyeeee8lef7_rqqybpbbbpbsdf_gamoyqayqa2o2o2o2o2o2o2o2o2o2o2o2o2o2o2o2o2o2o2o2 ef_cbbw5sekt0

原文

I recently updated jsonwebtoken and express-jwt .
[email protected]
[email protected]

Now valid tokens do not validate anymore. Here is my auth middleware. The only change I had to make here was adding algorithms: ["HS256"] as this now required with the latest version.

var { expressjwt: jwt } = require("express-jwt");

const getTokenFromHeaders = (req) => {
  const { headers: { authorization } } = req;
  
  // console.log('auth called with req', req.headers);
  console.log('Token: ', req.headers.authorization);
  if(authorization && authorization.split(' ')[0] === 'Token') {
    return authorization.split(' ')[1];
  }
  return null;
};

const auth = {
  required: jwt({
    secret: 'secret',
    algorithms: ["HS256"],
    userProperty: 'payload',
    getToken: getTokenFromHeaders
  }),
  optional: jwt({
    secret: 'secret',
    algorithms: ["HS256"],
    userProperty: 'payload',
    getToken: getTokenFromHeaders,
    credentialsRequired: false,
  }),
};
module.exports = auth;

I am calling the middleware like this

router.get('/get_content', auth.required, (req, res, next) => {
 
  // getting 500 error before getting to the next function!

   res.json({});
});

I checked that the header is sending a valid token. Not sure why this is suddenly a problem.
I generate the token like this in the User schema:

const jwt = require('jsonwebtoken');

UsersSchema.methods.generateJWT = function() {
  const today = new Date();
  const expirationDate = new Date(today);
  expirationDate.setDate(today.getDate() + 60);

  return jwt.sign({
    email: this.email,
    id: this._id,
    isVerified: this.isVerified,
    exp: parseInt(expirationDate.getTime() / 1000)
  }, 'secret');
}

Here is a token that should work (validated at https://jwt.io/)

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6Im1lMDAxQHRvbm5lLnRvIiwiaWQiOiI2MmM4OGJkYjdiMjk4YTM5YWUzNjE2NTciLCJpc1ZlcmlmaWVkIjp0cnVlLCJleHAiOjE2NjI1MTU4NDEsImlhdCI6MTY1NzMzMTg0MX0.TYeE8lEF7_RqqYBPBSdf_gaMoYqa2o2Ef_CBw5ZeKT0

分享到QQ

分享到微博