如何向每个标头添加 json Web 令牌?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/35375530/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How do I add a json web token to each header?
提问by Morgan G
So I am trying to use JSON web tokens for authentication and am struggling trying to figure out how to attach them to a header and send them on a request.
因此,我尝试使用 JSON Web 令牌进行身份验证,并且正在努力弄清楚如何将它们附加到标头并根据请求发送它们。
I was trying to use https://github.com/auth0/angular2-jwtbut I could not get it working with Angular and gave up, and figured I could just figure out how to either send the JWT in every request or send it in the header(preferably the header). It's just been a little bit harder than I thought it would be.
我试图使用https://github.com/auth0/angular2-jwt但我无法让它与 Angular 一起工作并放弃了,我想我可以弄清楚如何在每个请求中发送 JWT 或发送它在标题中(最好是标题)。只是比我想象的要难一点。
Here is my Login
这是我的登录
submitLogin(username, password){
console.log(username);
console.log(password);
let body = {username, password};
this._loginService.authenticate(body).subscribe(
response => {
console.log(response);
localStorage.setItem('jwt', response);
this.router.navigate(['UserList']);
}
);
}
and my login.service
和我的 login.service
authenticate(form_body){
return this.http.post('/login', JSON.stringify(form_body), {headers: headers})
.map((response => response.json()));
}
I know these are not really needed but maybe it'd help! Once this token gets created and I store it, I would like to do 2 things, send it in the header and extract the expiration date that I put in with this.
我知道这些并不是真正需要的,但也许会有所帮助!创建此令牌并存储它后,我想做两件事,将其发送到标头中并提取我在其中输入的到期日期。
Some of the Node.js login code
一些 Node.js 登录代码
var jwt = require('jsonwebtoken');
function createToken(user) {
return jwt.sign(user, "SUPER-SECRET", { expiresIn: 60*5 });
}
Now I am just trying to pass it via an angular service back to node with this service.
现在我只是想通过一个角度服务将它传递回这个服务的节点。
getUsers(jwt){
headers.append('Authorization', jwt);
return this.http.get('/api/users/', {headers: headers})
.map((response => response.json().data));
}
JWT is my webtoken in local storage that I pass through my component to the service.
JWT 是我在本地存储中的网络令牌,我通过我的组件传递给服务。
I get no errors anywhere but when it gets to my node server I never receive it in the header.
我在任何地方都没有收到错误,但是当它到达我的节点服务器时,我从未在标题中收到它。
'content-type': 'application/json',
accept: '*/*',
referer: 'http://localhost:3000/',
'accept-encoding': 'gzip, deflate, sdch',
'accept-language': 'en-US,en;q=0.8',
cookie: 'connect.sid=s%3Alh2I8i7DIugrasdfatcPEEybzK8ZJla92IUvt.aTUQ9U17MBLLfZlEET9E1gXySRQYvjOE157DZuAC15I',
'if-none-match': 'W/"38b-jS9aafagadfasdhnN17vamSnTYDT6TvQ"' }
回答by Adones Pitogo
Create custom http class and override the requestmethod to add the token in every http request.
创建自定义 http 类并覆盖该request方法以在每个 http 请求中添加令牌。
http.service.ts
http.service.ts
import {Injectable} from '@angular/core';
import {Http, XHRBackend, RequestOptions, Request, RequestOptionsArgs, Response, Headers} from '@angular/http';
import {Observable} from 'rxjs/Observable';
import 'rxjs/add/operator/map';
import 'rxjs/add/operator/catch';
@Injectable()
export class HttpService extends Http {
constructor (backend: XHRBackend, options: RequestOptions) {
let token = localStorage.getItem('auth_token'); // your custom token getter function here
options.headers.set('Authorization', `Bearer ${token}`);
super(backend, options);
}
request(url: string|Request, options?: RequestOptionsArgs): Observable<Response> {
let token = localStorage.getItem('auth_token');
if (typeof url === 'string') { // meaning we have to add the token to the options, not in url
if (!options) {
// let's make option object
options = {headers: new Headers()};
}
options.headers.set('Authorization', `Bearer ${token}`);
} else {
// we have to add the token to the url object
url.headers.set('Authorization', `Bearer ${token}`);
}
return super.request(url, options).catch(this.catchAuthError(this));
}
private catchAuthError (self: HttpService) {
// we have to pass HttpService's own instance here as `self`
return (res: Response) => {
console.log(res);
if (res.status === 401 || res.status === 403) {
// if not authenticated
console.log(res);
}
return Observable.throw(res);
};
}
}
Now, we need to configure our main module to provide the XHRBackend to our custom http class. In your main module declaration, add the following to the providers array:
现在,我们需要配置我们的主模块来为我们的自定义 http 类提供 XHRBackend。在您的主模块声明中,将以下内容添加到 providers 数组中:
app.module.ts
app.module.ts
import { HttpModule, RequestOptions, XHRBackend } from '@angular/http';
import { HttpService } from './services/http.service';
...
@NgModule({
imports: [..],
providers: [
{
provide: HttpService,
useFactory: (backend: XHRBackend, options: RequestOptions) => {
return new HttpService(backend, options);
},
deps: [XHRBackend, RequestOptions]
}
],
bootstrap: [ AppComponent ]
})
After that, you can now use your custom http provider in your services. For example:
之后,您现在可以在您的服务中使用您的自定义 http 提供程序。例如:
user.service.ts
用户服务.ts
import { Injectable } from '@angular/core';
import {HttpService} from './http.service';
@Injectable()
class UserService {
constructor (private http: HttpService) {}
// token will added automatically to get request header
getUser (id: number) {
return this.http.get(`/users/${id}`).map((res) => {
return res.json();
} );
}
}
回答by Thierry Templier
I see several options to set an header transparently for each request:
我看到几个选项可以为每个请求透明地设置标头:
- Implement an HttpClient service to use instead of the default Http one.
- Provide your own implementation of the RequestOptions class
- Override the Http class it self
- 实现一个 HttpClient 服务来代替默认的 Http 服务。
- 提供您自己的 RequestOptions 类的实现
- 覆盖自身的 Http 类
This way you could set your header in one place and this would impact aok your HTTP calls.
这样你就可以在一个地方设置你的标头,这会影响你的 HTTP 调用。
See the following questions:
请参阅以下问题:
回答by manutdfan
Here is an example from Angular code to get plans for instance, you just write it like this,
这是一个来自 Angular 代码的示例,用于获取计划,例如,您只需像这样编写,
$scope.getPlans = function(){
$http({
url: '/api/plans',
method: 'get',
headers:{
'x-access-token': $rootScope.token
}
}).then(function(response){
$scope.plans = response.data;
});
}
and on your server, you can do this,
在你的服务器上,你可以这样做,
var jwt = require('jsonwebtoken'); // used to create, sign, and verify tokens
var config = require('./config'); // get our config file
var secret = {superSecret: config.secret}; // secret variable
// route middleware to verify a token. This code will be put in routes before the route code is executed.
PlansController.use(function(req, res, next) {
// check header or url parameters or post parameters for token
var token = req.body.token || req.query.token || req.headers['x-access-token'];
// If token is there, then decode token
if (token) {
// verifies secret and checks exp
jwt.verify(token, secret.superSecret, function(err, decoded) {
if (err) {
return res.json({ success: false, message: 'Failed to authenticate token.' });
} else {
// if everything is good, save to incoming request for use in other routes
req.decoded = decoded;
next();
}
});
} else {
// if there is no token
// return an error
return res.status(403).send({
success: false,
message: 'No token provided.'
});
}
});
// Routes
PlansController.get('/', function(req, res){
Plan.find({}, function(err, plans){
res.json(plans);
});
});
If you are still not clear, you can check out the details on my blog post here, Node API Authentication with JSON Web Tokens - the right way.
如果您仍然不清楚,您可以查看我的博客文章中的详细信息,Node API Authentication with JSON Web Tokens - the right way。
