使用GraphQL和jwt-express绕过JWT [英] Bypass JWT with GraphQL and jwt-express

问题描述

对于我的后端，我使用Node.js，Express和GraphQL.我已经用jwt实现了身份验证，如果没有用户登录，它将保护我的路由.问题是我希望某些路由不受保护，即，您不必登录即可查看/home .

For my backend, I use Node.js, Express, and GraphQL. I've implemented authentication with jwt which will protect my routes if there's no user logged in. The problem is that I want some routes not protected, i.e. you shouldn't have to be logged in to see /home.

由于我在此项目中使用Express，所以我也有jwt-express，它们提供了以下内容: .unless({path:['/token']}).现在，这如果我具有REST-API，它将可以工作，但是由于我拥有GraphQL和GraphQL只有一条路径，因此这行不通.

Since I'm using Express to this project I also have jwt-express and they provide something like this: .unless({path: ['/token']}).Now, this would work if I had a REST-API, but since I have GraphQL and GraphQL only have one path this won't work.

我的 index.js 文件中仅包含此文件:

I only have this in my index.js file:

app.use(jwt({secret: constants.JWT_SECRET}))

app.use(
 graphqlEndpoint,
 bodyParser.json(),
 graphqlExpress(async req => {
   let user = null
   if (req.user) {
     user = await knex(‘users’).where(‘id’, req.user.id).first()
     console.log(user)
   }
   return {
     schema,
     context: {user}
   }
 })
)

但是我必须确保无论是否有令牌，它都能让我进入.

But I have to make sure that it lets me in regardless, without or with a token.

所以我只是想知道是否有人因为我很受困而对如何做到这一点有一些提示.

So I simply wonder if anyone has some tips on how to accomplish this since I'm pretty stuck.

推荐答案

如果您使用 app.use(jwt({secret:constants.JWT_SECRET}))，它将在每个请求中读取JWT.有2个选项:

If you use app.use(jwt({secret: constants.JWT_SECRET})), it will read JWT in every request. There are 2 options:

• 您在所需的特定路由中应用中间件已验证.
• 您应该在使用jwt之前添加登录路由.

这篇关于使用GraphQL和jwt-express绕过JWT的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！