我是蒸气新手,我已经实现了注册和登录路由。Register工作得很好。每次我调用登录路由时,它似乎都有问题。每次我尝试使用Basic Auth与注册用户登录时,它只返回401。在下面附上我的代码
App用户模型:
extension AppUser: ModelAuthenticatable {
static let usernameKey = AppUser.$email
static let passwordHashKey = AppUser.$passwordHash
func verify(password: String) throws -> Bool {
try Bcrypt.verify(password, created: self.passwordHash)
}
}
extension AppUser: JWTPayload {
func verify(using signer: JWTSigner) throws {
}
}
航线配置:
//MARK: Unprotected API
let unprotectedApi = app.routes
try unprotectedApi.register(collection: AppUserController.Unprotected())
//MARK: Password Protected API
let passwordProtectedApi = unprotectedApi.grouped(AppUser.authenticator())
try passwordProtectedApi.register(collection: AppUserController.PasswordProtected())
extension AppUserController.PasswordProtected: RouteCollection {
func login(req: Request) throws -> EventLoopFuture<Response> {
let user = try req.auth.require(AppUser.self)
let token = try req.jwt.sign(user)
let loginResponse = AppUserLoginResponse(user: user.response, accessToken: token)
return DataWrapper.encodeResponse(data: loginResponse, for: req)
}
func boot(routes: RoutesBuilder) throws {
routes.post(Endpoint.API.Users.login, use: login)
}
}
您的login路由现在返回401,因为您已将其包含在保护组中,这要求用户已经登录。它通常是不受保护的。您需要一些代码来进行登录。此函数假设用户由电子邮件地址标识,并以某种方式提供了密码:
private func loginExample( email: String, password: String, on: req Request) -> EventLoopFuture<Bool> {
return AppUser.query(on: req).filter(.$email == email).first().flatMap { user in
// user will be nil if not found, following line test for this
if let user = user {
// user was identified by email
if try! user.verify(password: password) {
// password matches what is stored
request.auth.login(user)
// login has succeeded
return true
}
}
// login has failed - because either email did not match a user or the password was incorrect
return false
}
}
我通过强制调用中的try进行验证(避免do-catch等)来保持简单。您需要在登录路由中使用类似于以下代码的东西,可能需要从HTML表单中解码电子邮件和密码。