除非在JWT中如何使用通配符? [英] How do I use a wildcard in JWT unless?

问题描述

我正在使用express-jwt来保护我的节点应用程序，并且想知道如何在除非参数中使用通配符.我的工作代码如下，我真正想做的是打开对所有以'/login'开头的路径的访问，因此我不必列出每个资源.当我在不受保护的数组中添加'/login *'时，最终会以401/未经授权的方式阻止/login.

I'm using express-jwt to secure my node application, and am wondering how I can use a wildcard in the unless parameter. My working code is below, what I'd really like to do is open up access to anything that has a path starting with '/login' so I don't have to list every single resource. When I add '/login*' to the unprotected array it ends up blocking /login with a 401/unauthorized.

作品:

// routes open to all
var unprotected = [
  '/login',
  '/login/app/main.js',
  'favicon.ico'
];

// configure jwt
var jwtCheck = jwt({
  secret: new Buffer(config.get('auth0.secret'), 'base64'),
  audience: config.get('auth0.clientid')
});

// insert jwt middleware
app.use( jwtCheck.unless({path: unprotected}) );

不起作用:

// routes open to all
var unprotected = [
  '/login*',
  'favicon.ico'
];

// configure jwt
var jwtCheck = jwt({
  secret: new Buffer(config.get('auth0.secret'), 'base64'),
  audience: config.get('auth0.clientid')
});

// insert jwt middleware
app.use( jwtCheck.unless({path: unprotected}) );

推荐答案

正则表达式必须在引号之外:

The regexp needs to exist outside the quotes:

var unprotected = [
  /\/login*/,
  /favicon.ico/
];

请注意，此时除非使用Express，除非您不能在同一配置数组中混合使用regexp和字符串，这就是第二个参数需要使用正斜杠而不是引号的原因.

Note that at this time with express-unless you can't mix regexp and strings in the same config array, which is why the second argument needs to have forward slashes instead of quotes.

这篇关于除非在JWT中如何使用通配符?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！