一、session
1、认识session
2、使用session
使用npm i express-session
安装插件
const express = require('express');
const app = express(); //创建一个express应用
const cors = require("cors");
const session = require("express-session");
app.use(
session({
secret: "jimo",//密匙
name: "sessionid"//重命名
})
);
3、验证登录
//index.js
login.onclick = function () {
fetch("/api/admin/login", {
method: "POST",
headers: {
"content-type": "application/json",
},
body: JSON.stringify({
loginId: "1111",
loginPwd: "2222222",
}),
})
.then((resp) => resp.json())
.then((resp) => {
console.log(resp);
});
};
updateStu.onclick = function () {
fetch("/api/student/606", {
method: "PUT",
headers: {
"content-type": "application/json",
},
body: JSON.stringify({
name: "小蕾蕾",
}),
})
.then((resp) => resp.json())
.then((resp) => {
console.log(resp);
});
};
//admin
const express = require("express");
const router = express.Router();
const adminServ = require("../../services/adminService");
const { asyncHandler } = require("../getSendResult");
const cryptor = require("../../util/crypt");
router.post(
"/login",
asyncHandler(async (req, res) => {
const result = await adminServ.login(req.body.loginId, req.body.loginPwd);
if (result) {
let value = result.id;
value = cryptor.encrypt(value.toString());
//登录成功
console.log(req.session);
req.session.loginUser = result;//登陆成功就传入session
}
return result;
})
);
module.exports = router;
//tokenMiddleware
const { getErr } = require("./getSendResult");
const { pathToRegexp } = require("path-to-regexp");
const cryptor = require("../util/crypt");
const needTokenApi = [
{ method: "POST", path: "/api/student" },
{ method: "PUT", path: "/api/student/:id" },
];
// 用于解析token
module.exports = (req, res, next) => {
// /api/student/:id 和 /api/student/1771
const apis = needTokenApi.filter((api) => {
const reg = pathToRegexp(api.path);
return api.method === req.method && reg.test(req.path);
});
if (apis.length === 0) {
next();
return;
}
if (req.session.loginUser) {
//说明已经登录过了
next();//登陆过就下一步
} else {
handleNonToken(req, res, next);
}
};
//处理没有认证的情况
function handleNonToken(req, res, next) {
res
.status(403)
.send(getErr("you dont have any token to access the api", 403));
}
此时直接修改606号学生数据无法实现
点击登录成功后
成功修改数据
博主开始运营自己的公众号啦,感兴趣的可以关注“飞羽逐星”微信公众号哦,拿起手机就能阅读感兴趣的文章啦!