我正在构建一个需要授权用户登录的应用程序,我读到localstorage不是一个安全的选择,所以我现在选择cookie来存储令牌,我相信我已成功将令牌存储在cookie中,但我不知道下一步,在客户端如何使用它们是我的代码
这是后端: 路线:
var express = require('express')
var router = express.Router()
var Controller = require('./controller')
var authController = require('./authController')
var BooksIdeaController = require('./BooksIdeaController')
router.post('/register',Controller.register);
router.post('/login',authController.login);
router.post('/booksIdea/:id',authController.verify,BooksIdeaController.addComment)
router.post('/booksIdea/addbook',BooksIdeaController.addBookIdea)
router.get('/booksIdea/show',BooksIdeaController.showBookIdea)
router.put('/booksIdea/edit/:id',BooksIdeaController.UpdateBookIdea)
router.delete('/booksIdea/delete/:id',BooksIdeaController.DeleteBookIdea)
module.exports = router;
authController.js文件
const con = require('./db');
var bcrypt = require('bcrypt');
let jwt = require('jsonwebtoken');
const express = require('express')
var cookieParser = require('cookie-parser')
const app = express()
module.exports.login=function(req,res){
var username=req.body.name;
var password=req.body.password;
con.query('SELECT * FROM users WHERE username = ?',[username],function (error,results,fields) {
if (error) {
res.json({
status:false,message:'there are some error with query'
})
}else{
if(results.length >0){
bcrypt.compare(password,results[0].password,function (err,result) {
if (result == true) {
jwt.sign({user:results},'configSecret',(err,token)=>{
// res.json({
// token:token
// })
res.cookie('token',token,{ httpOnly: true })
.sendStatus(200);
res.send('About this wiki');
});
// res.json({
// status:true,// message:'successfully authenticated'
// })
} else {
res.json({
status:false,message:"username and password does not match"
});
}
});
}
else{
res.json({
status:false,message:"username does not exits"
});
}
}
});
}
module.exports.home=function(req,res){
res.send('hello');
}
//////
// if(password==results[0].password){
// }else{
//
// }
module.exports.verify = function verifyToken(req,res,next) {
// Get auth header value
const bearerHeader = req.headers['authorization'];
// Check if bearer is undefined
if(typeof bearerHeader !== 'undefined') {
// Split at the space
const bearer = bearerHeader.split(' ');
// Get token from array
const bearerToken = bearer[1];
// Set the token
req.token = bearerToken;
// Next middleware
next();
} else {
// Forbidden
res.sendStatus(403);
}
}
这是反应部分
import axios from 'axios'
export const login = user => {
return axios
.post('http://localhost:5001/login',{
name: user.name,password: user.password
})
.then(response => {
return response.data
})
.catch(err => {
console.log(err)
})
}