参考资料:
1.https://frenchco.de/sails-js-jwt-api-authentification/
这个教程可用,不过是法语的
2.https://ericswann.wordpress.com/2015/04/24/nozus-js-1-intro-to-sails-with-passport-and-jwt-json-web-token-auth/
这个讲的很详细,但版本不是1.0,所以我用有特别多的坑,放弃了
步骤:
1.安装需要用到的东西
npm install jsonwebtoken --save
npm install bcryptjs -s
2.创建User的API
如果没有User和UserController,可用以下命令生成
sails generate api user
User.js
/**
* User.js
*
* @description :: A model definition represents a database table/collection.
* @docs :: https://sailsjs.com/docs/concepts/models-and-orm/models
*/
var bcrypt = require("bcryptjs");
module.exports = {
attributes: {
password: 'string',
email: 'string',
},
customToJSON: function() {
// No password return result copy
return _.omit(this, ['password'])
},
beforeCreate: function(values, cb) {
// Password before each creation
bcrypt.hash(values.password, 10, function(err, hash) {
if (err) return cb(err);
values.password = hash;
cb();
});
}};
UserController.js
/**
* UserController
*
* @description :: Server-side actions for handling incoming requests.
* @help :: See https://sailsjs.com/docs/concepts/actions
*/
var jwt = require("jsonwebtoken");
//var bcrypt = require("bcryptjs");为什么这个名字没有用呢
var bcr = require("bcryptjs");
module.exports = {
login: function(req, res) {
console.log(req.body.email);
console.log(req.body.password);
if (!(req.body.email)||!(req.body.password)) {
//return res.serverError("No field should be empty.");
return res.status(500).json({"code":500,"message":"No field should be empty.","data":null});
}
User.findOne({
email: req.body.email
}).exec(function callback(err, user) {
if (err) return res.status(500).json({"code":500,"message":"error","data":null});
if (!user) return res.status(500).json({"code":500,"message":"User not found, please sign up.","data":null});//return res.serverError("User not found, please sign up.");
// check password
//my check password
console.log(user.password);
if(req.body.password!==user.password)
return res.status(500).json({"code":500,"message":"Invalid password.","data":null});
require("bcryptjs").compare(req.body.password, user.password, function(error, matched) {
if (error) return res.status(500).json({"code":500,"message":"error","data":null});//return res.serverError(error);
//if (!matched) return res.status(500).json({"code":500,"message":"Invalid password.","data":null});//return res.serverError("Invalid password.");
user.token = jwt.sign(user.toJSON(), "Your secret key is here", {
expiresIn: '7d'
});
res.status(200).json({"code":200,"message":"login successfully","data":user});
});
});
},
token: function(req, res) {
User.findOne(req.user.id).exec(function callback(error, user) {
if (error) return res.status(500).json({"code":500,"message":"error","data":null});
if (!user) return res.status(500).json({"code":500,"message":"User not found, please sign up.","data":null});
user.token = jwt.sign(user.toJSON(), "Your secret key is here", {
expiresIn: '7d'
});
res.status(200).json({"code":200,"message":"login successfully","data":user});
});
},
register:function (req,res) {
}
};
3.Policies设置
3.1 在/api/policies下添加 isAuth.js
isAuth.js
var jwt = require("jsonwebtoken");
module.exports = function(req, res, next) {
var bearerToken;
var bearerHeader = req.headers['authorization'];
//console.log(bearerHeader);
if (typeof bearerHeader !== 'undefined') {
var bearer = bearerHeader.split(" ");
bearerToken = bearer[1];
/*console.log(bearer[0]);
console.log(bearer[1]);
console.log(bearer[2]);*/
if (bearer[0] !== "Bearer") {
//return res.forbidden("bearer not understood");
return res.status(403).json({ "code":403,"message": "bearer not understood","data":null});
}
// We need to check token's ability
jwt.verify(bearerToken, "Your secret key is here", function(err, decoded) {
if (err) {
//sails.log("verification error", err);
if (err.name === "TokenExpiredError")
//return res.forbidden("Session timed out, please login again");
return res.status(403).json({ "code":403,"message": "Session timed out, please login again","data":null});
else
//return res.forbidden("Error authenticating, please login again");
return res.status(403).json({ "code":403,"message": "Error authenticating, please login again","data":null});
}
User.findOne(decoded.id).exec(function callback(error, user) {
if (error) res.status(500).json({ "code":500,"message": "error","data":null});//return res.serverError(err);
if (!user) res.status(500).json({ "code":500,"message": "User not found","data":null});//return res.serverError("User not found");
req.user = user;
next();
});
});
} else {
return res.status(403).json({ "code":403,"message": "No token provided","data":null});
//return res.forbidden("No token provided");
}
};
3.2 修改/api/config/policies.js
在/api/config/policies.js中,设置需要验证用户登录的方法。
例
policies.js
/**
* Policy Mappings
* (sails.config.policies)
*
* Policies are simple functions which run **before** your actions.
*
* For more information on configuring policies, check out:
* https://sailsjs.com/docs/concepts/policies
*/
module.exports.policies = {
UserController: {
//token: 'isAuth'
},
BookController:{
add1:'isAuth',
delete1:'isAuth',
update1:'isAuth'
}
};
4.测试
测试login
发送账号和密码,成功返回token。
请求需要权限的页面时,在header中加上“Bearer ”+token。
如: