快速中间件的超时问题
我有一个中间件,我用它来进行令牌验证。以下是它的外观:
this.checkJwt = jwt({
secret: jwksRsa.expressJwtSecret({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 5,
jwksUri: process.env.AUTH0_JWKS,
}),
// Validate the audience and the issuer.
audience: process.env.AUTH0_AUDIENCE,
issuer: process.env.AUTH0_ISSUER,
algorithms: ["RS256"],
});
然后我将它应用于我的路线:
app.route(routes.getUserInfo)
.get(checkJwt, this.userController.me);
为什么当我用return
语句重写我的中间件时它停止工作?像这样:
this.checkJwt = (req, res, next) => {
return jwt({
secret: jwksRsa.expressJwtSecret({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 5,
jwksUri: process.env.AUTH0_JWKS,
}),
// Validate the audience and the issuer.
audience: process.env.AUTH0_AUDIENCE,
issuer: process.env.AUTH0_ISSUER,
algorithms: ["RS256"],
});
};
我对这个中间件的每个请求都有超时异常。似乎next
功能永远不会触及。
我不知道什么是jwt
方法 - 自定义中间件或只是使用jwt
包?
我也看到你在没有通过req, res, next
的情况下返回jwt电话:
this.checkJwt = (req, res, next) => {
return jwt({
secret: jwksRsa.expressJwtSecret({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 5,
jwksUri: process.env.AUTH0_JWKS,
}),
// Validate the audience and the issuer.
audience: process.env.AUTH0_AUDIENCE,
issuer: process.env.AUTH0_ISSUER,
algorithms: ["RS256"],
});
};
中间件调用期间执行的结果是[Function](req, res, next)
,它预计会被执行 - 不会被返回。
所以,如果它的中间件尝试使用重写它像这样:
const checkJwt = (req, res, next) => {
jwt({
secret: jwksRsa.expressJwtSecret({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 5,
jwksUri: process.env.AUTH0_JWKS,
}),
// Validate the audience and the issuer.
audience: process.env.AUTH0_AUDIENCE,
issuer: process.env.AUTH0_ISSUER,
algorithms: ["RS256"],
})(req, res, next);
};
app.get(routes.getUserInfo, checkJwt, this.userController.me)
但如果jwt
方法不是中间件,它返回true or false
结果:
const checkJwt = (req, res, next) => {
const result = jwt({
secret: jwksRsa.expressJwtSecret({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 5,
jwksUri: process.env.AUTH0_JWKS,
}),
// Validate the audience and the issuer.
audience: process.env.AUTH0_AUDIENCE,
issuer: process.env.AUTH0_ISSUER,
algorithms: ["RS256"],
});
// if jwt returns something (:
if (!result) {
return res.status(401).send('Unauthorized');
}
next();
};
app.get(routes.getUserInfo, checkJwt, this.userController.me)