JWT如何绕过某些API路由和http方法 [英] JWT How to bypass certain API routes and http methods

问题描述

除非这样，否则我可以使get JSON-Web-Token忽略路径.

I can make get JSON-Web-Token to ignore paths using .unless like this.

app.use(expressJWT({secret: config.JWTSECRET}).unless({path: 
['/register', 
'/authentication',
]}));

我有一条使用不同HTTP方法(获取，放置，发布，删除)的路由.我希望/events的GET版本不需要令牌，但是/event的POST版本需要令牌.我可以在没有GET和POST等不同路由的情况下做到这一点吗?

I have a route with different HTTP methods (get, put, post, delete). I want the GET version of /events to not require a token, but the POST version of /event to require a token. Can I do this without having different routes for GET and POST etc.

/events //GET - no token required
/events //POST - token required

推荐答案

如果我知道的话，express-jwt模块正在使用express-unless为您提供.unless方法.这样，您可以使用自定义函数来过滤请求.

If I know right, the express-jwt module is using express-unless to give you .unless method. With that, you can use a custom function to filter the request.

var filter = function(req) {return true;}
app.use(expressJWT({ secret: config.JWTSECRET}).unless(filter));

在filter功能中，您可以检查路由(req.path)和请求类型(req.method).

In the filter function, you can check the route (req.path) and the request type (req.method).

这篇关于JWT如何绕过某些API路由和http方法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！