当我从前端提供有效凭据时,我无法连接到后端我面临这个错误:POST http://127.0.0.1:5000/api/login 400(错误请求)我能够从后端生成令牌,但无法从前端登录并获得无效凭据,尽管我像这样给出相同的:{"email":"Sandi6008@gmail.com"password": 14280}
这是我的后端代码Nodejs代码:
router.post('/login', async(req,res) =>{
try {
const {email,password} =req.body;
let exist = await Auth.findOne({email})
if(!exist){
return res.status(400).json("User Not Found");
}
if(exist.password !== password){
return res.status(400).json('Invalid Credentails');
}
let payload = {
user : {
id : exist.id
}
}
jwt.sign(payload,'jwtSecret',{expiresIn : 3600000}, (err,token)=>
if (err) throw err;
return res.json({token})
})
} catch (error) {
res.status(500).json({error : error.msg})
}
})
MongoDB Schema
const mongoose = require('mongoose');
const AuthSchema = new mongoose.Schema({
username :{
type : String,
required : true
},
email :{
type : String,
required : true,
unique : true
},
password :{
type : Number,
required : true
},
confirmpassword :{
type : Number,
required : true
},
created :{
type : Date,
default : Date.now()
}
});
let Auth = mongoose.model('auth' , AuthSchema);
module.exports = Auth;
这是预先登录页面
import React,{useState,useContext} from 'react'
import axios from "axios";
import { store } from './../../App';
import { Navigate } from 'react-router-dom';
const Login = () => {
const [data, setData] = useState({
email : '',
password : '',
})
const handleChange = (e) =>{
setData({...data,[e.target.name] : e.target.value});
}
const submitForm =(e) =>{
e.preventDefault();
//console.log(data);
axios.post('http://127.0.0.1:5000/api/login',data).then(res => console.log(res.data));
}
return (
<div>
<div className="container mt-3">
<div className="row">
<div className="col-md-4">
<div className="card">
<div className="card-header bg-info text-white">
<h4>Login</h4>
<hr className="bg-white border-3 border-top border-white"></hr>
<form onSubmit={submitForm}>
<div className="form-group mt-2">
<label htmlFor="exampleInputEmail1" className="form-label fw-bold">Email</label>
<input name="email" className="form-control" placeholder='Email' onChange={handleChange} />
</div>
<div className="form-group mt-2">
<label htmlFor="exampleInputEmail1" className="form-label fw-bold">Passowrd</label>
<input type="text" className="form-control" placeholder='Passowrd' name="Passowrd" onChange={handleChange} />
</div>
<button type="submit" className="btn btn-dark fw-bold mt-4">Submit</button>
</form>
</div>
</div>
</div>
</div>
</div>
</div>
)
}
export default Login
这是注册代码这是注册的代码
router.post('/register', async(req,res) =>{
try {
const {username,email,password,confirmpassword} = req.body;
//First we need to check wheather is the Email Id is exists or not?
let exist = await Auth.findOne({email});
if(exist){
return res.status(400).json({msg : 'User is alreday exists'});
}
if(password !== confirmpassword){
return res.status(400).json({msg : 'Passwords are not matching'});
}
let newUser = new Auth({
username,
email,
password,
confirmpassword
})
await newUser.save();
res.status(200).send({msg : 'Register Successfully'})
} catch (error) {
res.status(500).json({error : error.msg})
}
})
由于您将密码存储为Number,因此在比较时可能由于密码类型不同而导致错误。尝试用.toString():
if(exist.password.toString() !== password.toString()) {
return res.status(400).json('Invalid Credentails');
}
另外,我看到你将密码保存为纯文本,这是一个非常糟糕的安全问题。查看一些允许您对存储的密码进行散列的库,如bcrypt。
您的注册代码将变成:
// Generate encrypted password
const salt = await bcrypt.genSalt(12);
const encryptedPassword = await bcrypt.hash(password, salt);
let newUser = new Auth({
username,
email,
password: encryptedPassword,
confirmpassword: encryptedPassword
});
您将在登录时检查您的密码:
const isValidPsw = await bcrypt.compare(password, exist.password);
if (!isValidPsw) {
return res.status(400).json('Invalid Credentails');
}