export class JwtStrategy extends PassportStrategy(Strategy) {
constructor(private readonly accountService: AccountService,
@InjectRepository(BlacklistRepository) private blacklistRepository: BlacklistRepository,
private readonly customerService: CustomerService,
) {
super({
jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
// ignoreExpiration: true,
secretOrKey: config['jhipster.security.authentication.jwt.base64-secret'],
});
}
async validate(payload: Payload, done: VerifiedCallback): Promise<any> {
console.log(accessToken) // i need it here as 'Bearer e*****.....'
if (!user) {
return done(new UnauthorizedException({ message: 'user does not exist' }), false);
}
return done(null, user);
}
}
我需要在validate方法中获取访问令牌,以检查数据库中是否存在吊销的令牌。
如果不首先对令牌进行passport解码并验证,就无法访问validate
。但是您可以将passReqToCallback: true
添加到constructor
中的super
选项中,然后req
将成为validate
方法的第一个参数,您可以执行const authHeader = req.headers['authorization']
来获取原始承载令牌
@Injectable()
export class JwtStrategy extends PassportStrategy(Strategy) {
constructor(private readonly accountService: AccountService,
@InjectRepository(BlacklistRepository) private blacklistRepository: BlacklistRepository,
private readonly customerService: CustomerService,
) {
super({
jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
// ignoreExpiration: true,
secretOrKey: config['jhipster.security.authentication.jwt.base64-secret'],
passReqToCallback: true
});
}
async validate(req: express.Request, payload: Payload, done: VerifiedCallback): Promise<any> {
const accessToken = req.headers['authorization'];
console.log(accessToken) // i need it here as 'Bearer e*****.....'
if (!user) {
return done(new UnauthorizedException({ message: 'user does not exist' }), false);
}
return done(null, user);
}
}