при аутентификации с помощью passport-jwt, он использует стратегию из каталога diff - PullRequest
0 голосов
/ 08 июня 2019

Я хочу аутентифицировать 3 типа пользователей (администратор, продавец и клиент), поэтому я делюсь на каждую часть, как

main folder
index.js
____index.js //main index.js
____admin //admin dir
______index.js //index.js for admin
______admin.js //admin routes
____seller //seller dir
______index.js //index.js for seller
______seller.js //seller routes

Процесс входа / регистрации работает нормально, но когда я аутентифицирую часть администратора, он выполняет запросы из /seller/index.js вместо admin / index.js.

когда я вхожу в систему (код в /admin/admin.js), все работает нормально. Кроме того, продавец работает нормально.

index.js

//load routes  
const adminRoutes = require('./routes/admin/index'); //should go to admin
const sellerRoutes = require('./routes/seller/index'); //should go to seller

//mongoose and bodyparser config

//session config
app.use(session({
    secret: process.env.SESSION_SECRET,
    resave: false,
    saveUninitialized: false
}));

app.use('/admin', adminRoutes); 
app.use('/seller', sellerRoutes);

app.listen(process.env.PORT || 3000, process.env.IP, function () {
    console.log(`amtica server is running on port: ${process.env.PORT}`);
});

index.js продавца


//load models
const Seller = require("../../models/seller");

// load routes
const sellerRoute = require('./seller');

//passport config
router.use(passport.initialize());
router.use(passport.session());

let opts = {};
opts.jwtFromRequest = ExtractJwt.fromAuthHeaderAsBearerToken();
opts.secretOrKey = process.env.JWT_SECRET;
passport.use(new JwtStrategy(opts, function (jwt_payload, done) {
    console.log(jwt_payload, 1111) //will print this, while authenticating admin
    Seller.findOne({ username: jwt_payload.data.username }, { password: 0 }, function (err, user) {
        if (err) {
            return done(err, false);
        }
        if (user) {
            req.user = user;
            return done(null, user);
        }
        else {
            return done(null, false);
            // or you could create a new account
        }
    });
}));

router.use(sellerRoute);

module.exports = router;

seller.js продавца

router.post('/signup', (req, res) => {
    let { email, password, name, username, contact, address } = req.body
    let newSeller = new Seller({
        email,
        password,
        name, username, contact, address
    });
    Seller.addSeller(newSeller, (err, user) => {
        if (err) {
            console.log(err)
            return res.json({
                success: false,
                message: `${err.message}`
            });
        }
        else {
            return res.json({
                success: true,
                message: `successfully registered. please signin at /seller/signin`
            });
        }
    });
});


//auth 
router.post('/signin', (req, res) => {
    const { username, password } = req.body;
    Seller.getSellerByUsername(username, (err, user) => {
        if (err) throw err;
        if (!user) {
            return res.json({ success: false, message: 'User not found' });
        }
        // console.log(req.user, 323);
        Seller.comparePassword(password, user.password, (err, isMatch) => {
            if (err) throw err;
            if (isMatch) {
                user.password = null;
                const token = jwt.sign({ data: user }, process.env.JWT_SECRET, {
                    expiresIn: 604800 // 1 week
                });
                res.json({
                    success: true,
                    token: `Bearer ${token}`,
                    user: {
                        id: user._id,
                        username: user.username,
                        roles: 'seller',
                    },
                    message: `welcome back!! ${user.username}`
                });
            }
            else {
                return res.json({ success: false, message: 'Wrong password' });
            }
        });
    });
});

router.use(passport.authenticate('jwt', { session: false })) //working properly

router.get('/test', async function (req, res) {
    console.log(req.user) //prints undefined
    return res.json({
        success: false
    })
})

index.js администратора

//load models
const Admin = require("../../models/admin");

// load routes
const adminRoute = require('./admin');

//passport config
router.use(passport.initialize());
router.use(passport.session());

let opts = {};
opts.jwtFromRequest = ExtractJwt.fromAuthHeaderAsBearerToken();
opts.secretOrKey = process.env.JWT_SECRET;
passport.use(new JwtStrategy(opts, function (jwt_payload, done) {
    console.log(jwt_payload, 2222) //will not print this when authenticating
    Admin.findOne({ username: jwt_payload.data.username }, { password: 0 }, function (err, user) {
        console.log('here') // not print this one
        if (err) {
            return done(err, false);
        }
        if (user) {
            return done(null, user);
        }
        else {
            return done(null, false);
            // or you could create a new account
        }
    });
}));

router.use(adminRoute);

module.exports = router;

admin.js из admin

// the signin route works but not the another one.
router.post('/signin', (req, res) => {
    const { username, password } = req.body;
    Admin.getAdminByUsername(username, (err, user) => {
        if (err) throw err;
        if (!user) {
            return res.json({ success: false, message: 'User not found' });
        }

        Admin.comparePassword(password, user.password, (err, isMatch) => {
            if (err) throw err;
            if (isMatch) {
                const token = jwt.sign({ data: user }, process.env.JWT_SECRET, {
                    expiresIn: 604800// 1 week
                });

                res.json({
                    success: true,
                    token: `Bearer ${token}`,
                    user: {
                        id: user._id,
                        username: user.username,
                        roles: 'admin',
                    },
                    message: `welcome back!! ${user.username}`
                });
            }
            else {
                return res.json({ success: false, message: 'Wrong password' });
            }
        });
    });
});



router.use(passport.authenticate('jwt', { session: false }))

//test
router.get('/test', async function (req, res) { // not work 401 error
    try {
        return res.json({ product: 'asdsf' });
    }
    catch (err) {
        return res.json({
            msg: err.message
        })
    }
} )
...