【发布时间】:2015-02-11 00:36:08
【问题描述】:
我一直在尝试编写一个简单的服务器来接受用户名/密码凭据,对其进行验证,然后为客户端创建一个 JWT 令牌,然后他们使用该令牌来访问某些路由。我能够做所有事情,直到在服务器端接收和验证客户端的 JWT。
void main() {
//use Jwt based sessions and create the secret using a UUID
JwtSessionHandler sessionHandler =
new JwtSessionHandler('ffl_sales_server', new Uuid().v4(),
auth.lookupByUsername);
//allow http for testing with curl, do not use in production
bool allowHttp = true;
final Map<String, String> headers =
{'Access-Control-Allow-Origin': 'http://192.168.100.83:3030',
"Access-Control-Expose-Headers": "Authorization",
"Access-Control-Allow-Credentials" : "true",
"Access-Control-Allow-Headers" : "Authorization"};
//fix the cors headers
Response options(Request request) => (request.method == 'OPTIONS') ?
new Response.ok(null, headers: headers) : null;
Response cors(Response response) =>
response.change(headers: headers);
Middleware fixCors = createMiddleware(requestHandler: options,
responseHandler: cors);
// authentication middleware for a login handler (post)
Middleware loginMiddleware = authenticate(
[new UsernamePasswordAuthenticator(lookupByUsernamePassword)],
sessionHandler: sessionHandler, allowHttp: allowHttp,
allowAnonymousAccess: false);
// authentication middleware for routes other than login that
// require a logged in user
// here we are relying solely on users with a session established
// via the login route
Middleware defaultAuthMiddleware = authenticate(
[],sessionHandler: sessionHandler, allowHttp: true,
allowAnonymousAccess: false);
Router rootRouter = router(handlerAdapter: handlerAdapter());
//the route where the login credentials are posted
rootRouter.post('/login', (Request request) => new Response.ok('SUCCESS'), middleware: loginMiddleware);
//the routes which require an authenticated user
rootRouter.child('/authenticated',
middleware: defaultAuthMiddleware)
..add('/users', ALL_METHODS, new Users(_connection).handle)
..add('/stores', ALL_METHODS, new Stores(_connection).handle)
..add('/departments', ALL_METHODS, new Departments(_connection).handle)
..add('/invoices', ALL_METHODS, new Invoices(_connection).handle)
..add('/reports', ALL_METHODS, new Reports(_connection).handle)
..add('/imports', ALL_METHODS, new Imports(_connection).handle)
..add('/vendors', ALL_METHODS, new Vendors(_connection).handle)
..get('/foo', (Request request) =>
new Response.ok("Doing foo as ${loggedInUsername(request)}\n"));
printRoutes(rootRouter);
Handler handler = const Pipeline()
.addMiddleware(fixCors)
.addMiddleware(logRequests())
.addMiddleware(exceptionResponse())
.addHandler(rootRouter.handler);
shelf_io.serve(handler, '127.0.0.1', '8080').then((server){
print('Serving as http://${server.address.host}:${server.port}');
});
}
我知道我可能遗漏了一些简单的东西,但似乎我应该在创建 defaultAuthMiddleware 的 authenticate() 函数的第一个参数中有某种处理程序。我错过了什么?
【问题讨论】:
-
嘿 Matthew Feeney 你能详细说明问题所在吗?什么不工作?上面的内容似乎与 example_with_login_and_jwt_session 代码密切相关。你那里有同样的问题吗?我在该示例中添加了一些 cmets。如果你还没有尝试使用 curl 命令bitbucket.org/andersmholmgren/shelf_auth/src/…
-
@Anders,我从您的 cmets 中尝试了 curl 示例并得到了相同的结果。我已成功从服务器取回令牌,但是当我发出下一个请求时,将内容类型作为 application/json 并将授权标头作为接收到的令牌传递,我得到了 401 响应。
-
我刚刚获取了您上面的代码,并为缺少的代码进行了足够的修改,它对我有用 - gist.github.com/Andersmholmgren/17d468c244a7848b72d7 确保您使用的是最新版本的架子依赖项。我的在gist.github.com/Andersmholmgren/136427d800eb053d3a07
标签: dart dart-shelf