在发送请求时,确保将JWT作为请求头部分发送,并在NodeJS服务器端进行正确的验证。
以下是一个实现JWT鉴权的示例代码:
Angular代码:
import { Injectable } from '@angular/core';
import { HttpClient, HttpHeaders } from '@angular/common/http';
@Injectable({
providedIn: 'root'
})
export class AuthService {
private apiUrl = 'http://localhost:3000/auth'; // your auth API endpoint
constructor(private http: HttpClient) {}
loginUser(user: any) {
return this.http.post(`${this.apiUrl}/login`, user);
}
registerUser(user: any) {
return this.http.post(`${this.apiUrl}/register`, user);
}
getUserProfile() {
const token = localStorage.getItem('access_token');
const headers = new HttpHeaders().set('Authorization', `Bearer ${token}`);
return this.http.get(`${this.apiUrl}/profile`, { headers });
}
}
NodeJS代码:
const jwt = require('jsonwebtoken');
const express = require('express');
const app = express();
const secretKey = 'your secret key'; // you secret key for JWT
app.use(express.json()); // body parser middleware
// login endpoint
app.post('/auth/login', (req, res) => {
const { username, password } = req.body;
// verify user credentials from DB
const user = { id: 123, username: 'example' };
const token = jwt.sign({ sub: user.id }, secretKey, { expiresIn: '7d' });
res.json({ access_token: token });
});
// register endpoint
app.post('/auth/register', (req, res) => {
// create new user in DB and return success response
});
// protected endpoint
app.get('/auth/profile', (req, res) => {
const authHeader = req.headers.authorization;
if (!authHeader) {
return res.status(401).json({ message: 'Unauthorized' });
}
const token = authHeader.split(' ')[1];
try {
const decoded = jwt.verify(token, secretKey);
req.user = decoded;
res.json({ user: req.user });
} catch(err) {
console.error(err);
res.status(401).json({ message: 'Unauthorized' });
}
});
app.listen(3000, () => console.log('Server started on port 3000'));
在这个示例中,JWT被用于对受保护的控制器进行鉴权,如果未提供有效的JWT,则会返回401错误状态码。为了避免JWT未发送的错误状态码问题,需要确保在