node.js - 如何将 req 参数绑定(bind)或传递给 Passport.js JWT 策略？

Question

我想在用户通过身份验证时将信息存储在数据库中。信息来自请求中的客户端。以下代码抛出错误，说 req 未定义。

Controller :

exports.verifySession = async function(req, res, next) {
  let responses = [];
  passport.authenticate('jwt', async (error, result) => {
    if (error) {
      email.sendError(res, error);
    } else if (result === false) {
      responses.push(new CustomResponse(1).get());
      return res.status(422).json({ data: { errors: responses } });
    }
    if (result.SessionToken) {
      return res.status(200).json('valid');
    } else {
      return res.status(401).json();
    }
  })(req, res, next);
};

还有passport.js:

passport.use(
  new JWTstrategy(
    {
      // We expect the user to send the token as a query paramater with the name 'token'
      jwtFromRequest: ExtractJWT.fromAuthHeaderAsBearerToken(),
      // Secret we used to sign our JWT
      secretOrKey: config.jwtkey
    },
    async (token, done) => {
      console.log(req.body);
      try {
        const user = new User();
        user.UserID = token.user.UserID;
        user.SessionToken = token.user.SessionToken;
        user.SessionDate = token.user.SessionDate;
        user.ProviderID = token.user.ProviderID;
        // Verify session token
        await user.verifySessionToken(user, async (error, result) => {
          if (error) {
            return done(error);
          } else if (result.returnValue === 0) {
            return done(null, token.user);
          } else if (result.returnValue !== 0) {
            return done(null, result);
          }
        });
      } catch (error) {
        done(error);
      }
    }
  )
);

Answer 1

您可以使用 passport 的 passReqToCallback 功能将您的请求正文传递给 passport。

来自 passport.js 官方文档:

The JWT authentication strategy is constructed as follows:

new JwtStrategy(options, verify)

options is an object literal containing options to control how the token is extracted from the request or verified.

... ...

passReqToCallback: If true the request will be passed to the verify callback. i.e. verify(request, jwt_payload, done_callback).

你可以试试这个:

passport.use(new JWTstrategy({
    // We expect the user to send the token as a query paramater with the name 'token'
    jwtFromRequest: ExtractJWT.fromAuthHeaderAsBearerToken(),

    // Secret we used to sign our JWT
    secretOrKey: config.jwtkey,

    //this will help you to pass request body to passport
    passReqToCallback: true
}, async (req, token,done) => {

    //req becomes the first parameter
    // now you can access req.body here
})

注意:当你使用passReqToCallback时，req成为回调函数的第一个参数，而不是token。