获取错误未登录或找不到令牌
我正在尝试在 MERN 中创建一个 otp 验证用户身份验证系统。所以我使用 JWT 生成令牌并使用 cookie-parser 包将令牌安全地保存在 cookie 中 所以,我的问题是,当我使用邮递员测试这条路线时,我能够使用 otp 验证用户,但是当我在验证页面中重定向时,在注册用户后前端做出反应,如果提供 otp,它表示你已登录(我正在使用 redux 工具包) .我想我的问题是我无法获取 jwt cookie,这就是为什么它显示你已登录。谁能告诉我如何解决这个问题
如果需要更多信息或任何建议,请随时发表评论“
这是代码
export const generateToken = (res, id, expiryTime) => {
const token = jwt.sign({ id }, process.env.JWT_SECRET, {
expiresIn: expiryTime || "1d",
});
res.cookie("jwt", token, {
httpOnly: true,
secure: process.env.NODE_ENV !== "development", // Use secure cookies in production
sameSite: "strict", // Prevent CSRF attacks
maxAge: 1 * 24 * 60 * 60 * 1000, // 30 days
});
};
还创建了一个中间件来检查令牌
const protect = expressAsyncHandler(async (req, res, next) => {
let token;
token = req.cookies.jwt;
if (token) {
try {
const decode = jwt.verify(token, process.env.JWT_SECRET);
req.user = await User.findById(decode.id).select("-password");
next();
} catch (error) {
res.status(401);
throw new Error("Not authorized token failed");
}
}
if (!token) {
res.status(401);
throw new Error("You are not logged in!");
}
});
注册控制器
const registerUser = expressAsyncHandler(async (req, res) => {
const { name, email, password, mobile_number } = req.body;
//generate otp
let otp = Math.floor(100000 + Math.random() * 900000);
//check the fields are empty or not
if (!name || !email || !password || !mobile_number) {
res.status(400);
throw new Error("Please fill all the fields");
}
//check the email is already registered
const userExists = await User.findOne({
email,
});
if (userExists) {
res.status(400);
throw new Error("Email is already used. Either login or choose different email.");
}
const user = await User.create({
name,
email,
password,
mobile_number,
otp,
});
if (user) {
generateToken(res, user._id);
otpSentToMail(user.name, user.email, otp);
res.status(201).json({
_id: user._id,
name: user.name,
email: user.email,
mobile_number: user.mobile_number,
verified: user.isVerified,
});
} else {
res.status(400);
throw new Error("Failed to create a user");
}
});
验证路由控制器
const verifyUser = expressAsyncHandler(async (req, res) => {
let minutes = process.env.OTP_TIME || 10;
let now = new Date().getTime();
let otpTime;
let otpFromDatabase;
const { otp } = req.body;
const user = await User.findById(req.user._id);
if (!user) {
res.status(404);
throw new Error("User not found");
}
otpTime = new Date(user.otpTime).getTime();
otpFromDatabase = user.otp;
if (now - otpTime > minutes * 60 * 1000) {
const update = {
$set: {
isOtpExpired: true,
},
};
const options = {
new: true, // return the updated document
};
const otpExpiredUpdateUser = await user.updateOne(update, options);
res.json({
message: "OTP expired",
});
} else {
if (otpFromDatabase !== otp) {
res.status(400);
throw new Error("Please enter a valid OTP");
} else {
// only update the isVerified field
const update = {
$set: {
isVerified: true,
},
};
const options = {
new: true, // return the updated document
};
const verifiedUser = await user.updateOne(update, options);
res.json({
message: "User Verified",
});
}
}
});
回答如下: