如何使用shelf_auth库验证已建立的会话? [英] How do I validate an established session using the shelf_auth library?
问题描述
我一直在尝试编写一个简单的服务器,它接受用户名/密码凭据,验证它们,然后为客户端创建一个JWT令牌,然后用于访问某些路由。我能够做的一切到接收和验证客户端的JWT在服务器端的点。
I've been trying to write a simple server that accepts username/password credentials, validates them, then creates a JWT token for the client that they then use to gain access to certain routes. I am able to do everything up to the point of receiving and validating the client's JWT on the server side.
void main() {
//use Jwt based sessions and create the secret using a UUID
JwtSessionHandler sessionHandler =
new JwtSessionHandler('ffl_sales_server', new Uuid().v4(),
auth.lookupByUsername);
//allow http for testing with curl, do not use in production
bool allowHttp = true;
final Map<String, String> headers =
{'Access-Control-Allow-Origin': 'http://192.168.100.83:3030',
"Access-Control-Expose-Headers": "Authorization",
"Access-Control-Allow-Credentials" : "true",
"Access-Control-Allow-Headers" : "Authorization"};
//fix the cors headers
Response options(Request request) => (request.method == 'OPTIONS') ?
new Response.ok(null, headers: headers) : null;
Response cors(Response response) =>
response.change(headers: headers);
Middleware fixCors = createMiddleware(requestHandler: options,
responseHandler: cors);
// authentication middleware for a login handler (post)
Middleware loginMiddleware = authenticate(
[new UsernamePasswordAuthenticator(lookupByUsernamePassword)],
sessionHandler: sessionHandler, allowHttp: allowHttp,
allowAnonymousAccess: false);
// authentication middleware for routes other than login that
// require a logged in user
// here we are relying solely on users with a session established
// via the login route
Middleware defaultAuthMiddleware = authenticate(
[],sessionHandler: sessionHandler, allowHttp: true,
allowAnonymousAccess: false);
Router rootRouter = router(handlerAdapter: handlerAdapter());
//the route where the login credentials are posted
rootRouter.post('/login', (Request request) => new Response.ok('SUCCESS'), middleware: loginMiddleware);
//the routes which require an authenticated user
rootRouter.child('/authenticated',
middleware: defaultAuthMiddleware)
..add('/users', ALL_METHODS, new Users(_connection).handle)
..add('/stores', ALL_METHODS, new Stores(_connection).handle)
..add('/departments', ALL_METHODS, new Departments(_connection).handle)
..add('/invoices', ALL_METHODS, new Invoices(_connection).handle)
..add('/reports', ALL_METHODS, new Reports(_connection).handle)
..add('/imports', ALL_METHODS, new Imports(_connection).handle)
..add('/vendors', ALL_METHODS, new Vendors(_connection).handle)
..get('/foo', (Request request) =>
new Response.ok("Doing foo as ${loggedInUsername(request)}\n"));
printRoutes(rootRouter);
Handler handler = const Pipeline()
.addMiddleware(fixCors)
.addMiddleware(logRequests())
.addMiddleware(exceptionResponse())
.addHandler(rootRouter.handler);
shelf_io.serve(handler, '127.0.0.1', '8080').then((server){
print('Serving as http://${server.address.host}:${server.port}');
});
}
我知道我可能缺少一些简单的东西,在authenticate()函数的第一个参数中有一些处理程序来创建defaultAuthMiddleware。我缺少什么?
I know I'm probably missing something simple, but it seems like I should have some sort of handler in the first parameter of the authenticate() function that creates the defaultAuthMiddleware. What am I missing?
推荐答案
看起来问题在我的Auth类。 lookupByUsername函数只是没有找到验证的用户,因为lookupByUsernamePassword函数存储它在函数范围而不是类范围,因为我的一部分监督。
It looks like the issue was in my Auth class. The lookupByUsername function was simply not finding the authenticated user because the lookupByUsernamePassword function was storing it in function scope instead of class scope due to an oversight on my part.
感谢您的帮助!
这篇关于如何使用shelf_auth库验证已建立的会话?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
