JWT如何绕过某些API路由和http方法 [英] JWT How to bypass certain API routes and http methods
问题描述
除非这样,否则我可以使get JSON-Web-Token忽略路径.
I can make get JSON-Web-Token to ignore paths using .unless like this.
app.use(expressJWT({secret: config.JWTSECRET}).unless({path:
['/register',
'/authentication',
]}));
我有一条使用不同HTTP方法(获取,放置,发布,删除)的路由.我希望/events的GET版本不需要令牌,但是/event的POST版本需要令牌.我可以在没有GET和POST等不同路由的情况下做到这一点吗?
I have a route with different HTTP methods (get, put, post, delete). I want the GET version of /events to not require a token, but the POST version of /event to require a token. Can I do this without having different routes for GET and POST etc.
/events //GET - no token required
/events //POST - token required
推荐答案
如果我知道的话,express-jwt模块正在使用express-unless
为您提供.unless
方法.这样,您可以使用自定义函数来过滤请求.
If I know right, the express-jwt module is using express-unless
to give you .unless
method. With that, you can use a custom function to filter the request.
var filter = function(req) {return true;}
app.use(expressJWT({ secret: config.JWTSECRET}).unless(filter));
在filter
功能中,您可以检查路由(req.path
)和请求类型(req.method
).
In the filter
function, you can check the route (req.path
) and the request type (req.method
).
这篇关于JWT如何绕过某些API路由和http方法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!