我正在开发一个基于LMS的软件,目前我正在使用Typescript,Redis和MongoDB进行身份验证。截至目前,我已经创建了四个路由:注册,激活用户,登录和注销。使用访问令牌和刷新令牌,我能够生成access_token,直到登录路由,但当我注销,它说请登录以访问所有资源,这是一个错误,我创建的身份验证,如果access_token不匹配与当前令牌。与身份验证,我能够成功注销,但与身份验证,我已经创建,我得到了创建的错误。有人能帮我找出原因吗?这是我访问注销路由时的图像:
x1c 0d1x的数据
这是我的auth.ts,我用它作为认证的中间件:
import { NextFunction, Request, Response } from "express";
import { catchAsyncError } from "./catchAsyncError";
import ErrorHandler from "../utils/ErrorHandler";
import jwt, { JwtPayload } from "jsonwebtoken";
import { redis } from "../utils/redis";
export const isAuthenticated = catchAsyncError(async(req: Request, res: Response, next: NextFunction) =>{
const access_token = req.cookies.access_token as string;
if(!access_token){
return next(new ErrorHandler("Please login to access all the resources.", 400));
}
const decoded = jwt.verify(access_token, process.env.ACCESS_TOKEN as string) as JwtPayload;
if(!decoded){
return next(new ErrorHandler("access token is not valid", 400));
}
const user = await redis.get(decoded.id);
if(!user){
return next(new ErrorHandler("user not found", 400));
}
req.user = JSON.parse(user);
next();
});字符串
这是我创建的注销控制器。
// lOGOUT USER
export const logoutUser= catchAsyncError(
async (req:Request, res:Response, next:NextFunction) =>{
try {
res.cookie("access_token", "", {maxAge:1});
res.cookie("refresh_token", "", {maxAge:1});
// delete data from redis database
const userId = req.user?._id || "";
// console.log(req.user);
redis.del(userId);
res.status(200).json({
suceess:true,
message:"Logged out successfully",
});
} catch (error:any) {
return next(new ErrorHandler(error.message, 400));
}
}
);型
1条答案
按热度按时间cs7cruho1#
问题不在代码中!当你在头部登录时,你会收到这样的access_token和refresh_token:Response Header
在注销时,你需要在/logout请求的头中附加这个。像这样:Request Header