>授权中间件。
const authorize = (req, res, next) => {
const token = req.header('x-auth-token');
if(!token) return res.status(401).json({message: "Access denied!! No token provided"});
try{
const decoded = jwt.verify(token, process.env.SECRET);
req.user = decoded;
next();
}catch(ex){
return res.json({message: "Invalid token"})
}
}
是管理员中间件...
const isAdmin = (req, res, next) => {
try{
const {isAdmin} = req.user;
console.log(req.user)
if(!isAdmin) return res.json({message: "forbidden"});
}
catch(ex) {
res.json(ex.message)
}
next();
}
DCR 路由到发布 DCE 报告
const express = require('express')
const {authorize, isAdmin} = require('../middleware/authentication')
const router = express.Router();
const {postDcr} = require('../controllers/reportController');
router.post('/smDcr', authorize, isAdmin, postDcr);
module.exports = router;
用于发布每日呼叫报告的 SCR 控制器
const {Dcr} = require('../util/database');
exports.postDcr = async(req, res, next) => {
try{
const dcr = await Dcr.create(req.body);
return res.status(200).json({dcr});
}catch(ex){
return res.json({message:" DCR creation failed"});
}
};
登录到控制台时,我能够获得完整的用户对象,但是当使用>>req.user.isAdmin时,它是未定义的。
在
回调函数中设置用户值
jwt.verify(token, process.env.SECRET,(err,decoded)=>{
if(!err && decoded){
req.user = decoded.user;
next();
}
else{
return err;
}
});