小贝子编程

用于文件上传的 JWT 令牌和 multer(节点)



我需要一点帮助来弄清楚如何让它工作 - 我已经在我的"/user"路由上测试并具有有效的 JWT 身份验证和 SSL。 我正在尝试安全地允许用户上传音频文件,也使用 JWT 和 SSL 路由。

身份验证中间件有效,而 multer 的工作原理是让我在注释掉身份验证中间件时上传文件。 但是,当我保留中间件时,上传的文件在我的系统上创建,但文件无法正确上传,我收到 404 错误。

感谢您的任何帮助!

服务器.js(主文件)

var express     = require('express')
, app           = express()
, passport      = require('passport')
, uploads       = require('./config/uploads').uploads
, user_routes   = require('./routes/user')
, basic_routes  = require('./routes/basic')
, jwt           = require('jwt-simple');
// get our request parameters
app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json());

// Use the passport package in our application
app.use(passport.initialize());
require('./config/passport')(passport);
//double check we have an ssl connection
function ensureSec(req, res, next) {
    if (req.headers['x-forwarded-proto'] == 'https') {
        return next();
    } else {
         console.log('NOT SSL PROTECTED! rejected connection.');
         res.redirect('https://' + req.headers.host + req.path);
    }
}
app.use(ensureSec);

//authenticate all user routes with passport middleware, decode JWT to see
//which user it is and pass it to following routes as req.user
app.use('/user', passport.authenticate('jwt', {session:false}), user_routes.middleware);
//store info on site usage- log with ID if userRoute
app.use('/', basic_routes.engagementMiddleware);
// bundle our user routes
var userRoutes = express.Router();
app.use('/user', userRoutes);

userRoutes.post('/upload', uploads:q, function(req,res){
    res.status(204).end("File uploaded.");
});
// Start the server
app.listen(port);

路线/basic_routes.js(跟踪参与中间件)

var db   = require('../config/database')
, jwt    = require('jwt-simple')
, getIP  = require('ipware')().get_ip
, secret = require('../config/secret').secret;

exports.engagementMiddleware = function(req, res, next){
    if (typeof(req.user) == 'undefined') req.user = {};
    var postData = {};
    var ip = getIP(req).clientIp;
    var fullUrl = req.protocol + '://' + req.get('host') + req.originalUrl;
    if (req.method=="POST") postData = req.body;
    var newEngagement = new db.engagementModel({
    user_id: req.user._id,
    ipAddress: ip,
    url: fullUrl,
    action: req.method,
    postData: postData
    });
    //log the engagement
    newEngagement.save(function(err) {
    if (err) {
        console.log('ERROR: engagement middleware db write failed');
        next();
    }
    console.log('LOG: user ' + req.user._id +' from ipAddress: ' + ip + ': ' + req.method + ' ' + fullUrl);
    next();
    });
    next();
}

配置/护照.js(护照身份验证中间件)

var JwtStrategy = require('passport-jwt').Strategy;
// load up the user model
var db = require('../config/database'); // get db config file
var secret = require('../config/secret').secret;
module.exports = function(passport) {
var opts = {};
opts.secretOrKey = secret;
passport.use(new JwtStrategy(opts, function(jwt_payload, done) {
    db.userModel.findOne({id: jwt_payload.id}, function(err, user) {
        if (err) {
            return done(err, false);
        }
        if (user) {
            done(null, user);
        } else {
            done(null, false);
        }
    });
}));
};

路由/user_routes.js(用户路由中间件,用户添加到标头)

var jwt = require('jwt-simple');
var db    = require('../config/database');
var secret = require('../config/secret').secret;
//expose decoded userModel entry to further routes at req.user
exports.middleware = function(req, res, next){
var token = getToken(req.headers);
if (token) req.user = jwt.decode(token, secret);
else res.json({success: false, msg: 'unable to decode token'});
//should be unnecessary, double checking- after token verification against db
db.userModel.findOne({email: req.user.email}, function (err, user) {
    if( err || !user ) {
        console.log('something has gone horribly wrong. Token good, no user in db or access to db.');
        return res.status(403).send({success: false, msg: 'unable to find user in db'});
    }
});
//end unnecessary bit
next();
}

//helper function
getToken = function (headers) {
if (headers && headers.authorization) {
    var parted = headers.authorization.split(' ');
    if (parted.length === 2) return parted[1];
    else return null;
} else { return null; }
};

配置/上传.js(最后我们尝试上传的地方)

var moment = require('moment');
var multer = require('multer');
var jwt = require('jwt-simple');
var uploadFile = multer({dest: "audioUploads/"}).any();
var storage = multer.diskStorage({
    destination: function (req, file, cb) {
        cb(null, 'audioUploads/')
    },
    filename: function (req, file, cb) {
        cb(null, req.user._id + '_' + moment().format('MMDDYY[_]HHmm') + '.wav')
    }
});
exports.uploads = multer({storage:storage}).any();

在您的服务器中.js执行以下操作:

const authWare = passport.authenticate('jwt', {session:false});
userRoutes.post('/upload', authWare, uploads:q, function(req,res){
    res.status(204).end("File uploaded.");
});

为我工作!

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium