redis 后端身份验证中的注销错误-无法匹配访问令牌

w9apscun  于 2023-11-16  发布在  Redis
关注(0)|答案(1)|浏览(121)

我正在开发一个基于LMS的软件,目前我正在使用Typescript,Redis和MongoDB进行身份验证。截至目前,我已经创建了四个路由:注册,激活用户,登录和注销。使用访问令牌和刷新令牌,我能够生成access_token,直到登录路由,但当我注销,它说请登录以访问所有资源,这是一个错误,我创建的身份验证,如果access_token不匹配与当前令牌。与身份验证,我能够成功注销,但与身份验证,我已经创建,我得到了创建的错误。有人能帮我找出原因吗?这是我访问注销路由时的图像:
x1c 0d1x的数据
这是我的auth.ts,我用它作为认证的中间件:

import { NextFunction, Request, Response } from "express";
import { catchAsyncError } from "./catchAsyncError";
import ErrorHandler from "../utils/ErrorHandler";
import jwt, { JwtPayload } from "jsonwebtoken";
import { redis } from "../utils/redis";
export const isAuthenticated  = catchAsyncError(async(req: Request, res: Response, next: NextFunction) =>{
    const access_token = req.cookies.access_token as string;
    if(!access_token){
        return next(new ErrorHandler("Please login to access all the  resources.",  400));
    }
    
    const decoded = jwt.verify(access_token, process.env.ACCESS_TOKEN as string) as JwtPayload;
    if(!decoded){
        return next(new ErrorHandler("access token is not valid", 400));
    }
    const user = await redis.get(decoded.id);
    if(!user){
        return next(new ErrorHandler("user not found", 400));
    }
    req.user = JSON.parse(user);
    next();
});

字符串
这是我创建的注销控制器。

// lOGOUT USER

export const logoutUser= catchAsyncError(
  async (req:Request, res:Response, next:NextFunction) =>{
try {
  res.cookie("access_token", "", {maxAge:1});
  res.cookie("refresh_token", "", {maxAge:1});
// delete data from redis database
  const userId = req.user?._id || "";
  // console.log(req.user);    
  redis.del(userId);
  res.status(200).json({
    suceess:true,
    message:"Logged out successfully",
  });

} catch (error:any) {
  return next(new ErrorHandler(error.message, 400));
}
  }
 );

cs7cruho

cs7cruho1#

问题不在代码中!当你在头部登录时,你会收到这样的access_token和refresh_token:Response Header
在注销时,你需要在/logout请求的头中附加这个。像这样:Request Header

相关问题