在标头中传递 JWT

2022-01-10 00:00:00 node.js express javascript json-web-token express-jwt

我正在使用 NodeJs 学习 JWT.我被困在通过标头中的 JWT 实际上我不知道该怎么做.

I am learning JWT with NodeJs. I am stuck at passing the JWT in header actually i do not know how to do this.

index.js 文件

var express = require('express'),
 app = express(),
 routes = require('./routes'),
 bodyParser = require('body-parser'),
 path = require('path'),
 ejs = require('ejs'),
 jwt = require('jsonwebtoken');

app.use(bodyParser.urlencoded({ extended: false })); 
app.use(bodyParser.json());

app.set('views', __dirname + '/views');
app.set('view engine', 'ejs');

app.post('/home',routes.loginUser);

app.get('/', function(req, res) {
  res.render('index');
});

app.get('/home',function(req, res) {
  jwt.verify(req.token, 'qwertyu6456asdfghj', function(err, data) {
    if (err) {
      res.sendStatus(403);
    } 
  });
});

 app.listen(3000,function(){
  console.log("Server running at Port 3000");
});

routes/index.js 文件

var  jwt = require('jsonwebtoken');

exports.home = function(req, res){
  res.render('home',{error: false});
};

exports.loginUser = function(req, res) {
    var uname = req.body.Username;
    var pwd = req.body.Password;

    if(uname && pwd === 'admin'){
        res.render('home');

    var token = jwt.sign({ user: uname }, 'qwertyuiopasdfghj');
    console.log('Authentication is done successfully.....');
    console.log(token);
    }

    response.json({
        authsuccess: true,
        description: 'Sending the Access Token',
        token: token
    });
};

当我运行应用程序时,我在 console.log 中获取了令牌,但是如何在 header 中传递令牌并将其存储在浏览器的 localStorage 中?

when i run the application i am getting the token in console.log but How can I pass token in header and store it in localStorage of browser?

推荐答案

所以你想将令牌发送到前端而不是正文中.

So you want to send the token to frontend but not in the body.

推荐的方法是使用 cookie.可以在cookie中设置token,可以在前端和后端自动访问.

The Recommended way to do so is to use cookies. You can set the token in the cookie and it can be automatically accessed in front-end and in the backend.

res.cookie('tokenKey', 'ajsbjabcjcTOKENajbdcjabdcjdc');

使用授权标头也是一个好方法,但同样,在前端,您必须从标头中获取令牌,然后保存在 localStorage 或 cookie 中,如果是 cookie,您不必这样做.

Using authorization headers is also a good approach, but again, in front-end, you have to fetch the token from headers and then save in localStorage or cookie, which you don't have to do in case of cookie.

res.header(field [, value]);

相关文章