接上篇,这次是真的接上篇,针对上篇未完成的部分,增加鉴权功能,开始之前,我们先要介绍一个新的知识,路由元数据。
在vue-router中,定义元数据的方式:
const router = new VueRouter({
routes: [
{
path: '/foo',
component: Foo,
children: [
{
path: 'bar',
component: Bar,
// a meta field
meta: { requiresAuth: true }
}
]
}
]
})
那么如何访问这个 meta 字段呢?
首先,我们把routes 配置中的每个路由对象叫做路由记录。路由记录可以是嵌套的,因此,当一个路由匹配成功后,他可能匹配多个路由记录
例如,根据上面的路由配置,/foo/bar 这个 URL 将会匹配父路由记录以及子路由记录。
一个路由匹配到的所有路由记录会暴露为 $route 对象(还有在导航钩子中的 route 对象)的 $route.matched 数组。因此,我们需要遍历 $route.matched 来检查路由记录中的 meta 字段。
所以在vue-router官方文档中,我们可以看到下面的代码,其实就是前端路由授权的粗糙实现方式(代码不做过多解释,里面我加入了详细的注释):
router.beforeEach((to, from, next) => {
if (to.matched.some(record => record.meta.requiresAuth)) {
// 如果路由配置了元数据requiresAuth为true,则需要鉴权,这是需要判断是否登录
// 如果没有登录则跳转到login页面
if (!auth.loggedIn()) {
next({
path: '/login',
//这里传递fullPath,是为了登录之后作为return back
query: { redirect: to.fullPath }
})
} else {
//如果已经登录过,直接执行进入下一步
next()
}
} else {
//对没有配置requiresAuth的路由进行处理,如果不加入,则路由未配置requiresAuth,无法进入,所以确保一定要调用 next()
next()
}
})
好了,基础知识介绍完毕,现在我们把我们的路由加入meta信息,启用权限验证:
var router = new VueRouter({
routes: [{
name: 'home', path: '/home', component: HomeComponent
},
{
name: 'customers', path: '/customers', component: CustomerListComponent,
meta: {
auth: true
}
},
{
name: 'detail', path: '/detail/:id', component: CustomerComponent,
meta: {
auth: true
}
},
{
name: 'login', path: '/login', component: LoginComponent
}
]
});
//注册全局事件钩子
router.beforeEach(function (to, from, next) {
//如果路由中配置了meta auth信息,则需要判断用户是否登录;
if (to.matched.some(r => r.meta.auth)) {
//登录后会把token作为登录的标示,存在localStorage中
if (!localStorage.getItem('token')) {
console.log("需要登录");
next({
path: '/login',
query: { to: to.fullPath }
})
} else {
next();
}
} else {
next()
}
});
更新代码后,可以跟目录运行node app.js ,打开8110端口,查看,运行效果如下:
这个时候,无论从浏览器地址栏还是通过跳转方式,在点击配置了 meta:{auth:true}的路由时,如果没有登录,都会跳转到登录页面,并记录return back url。
下面我们加入登录逻辑,并修改后台接口,支持用户授权,后台我们使用jwt的一个实现https://github.com/auth0/node-jsonwebtoken ,直接使用npm 安装即可,对jwt不太了解的同学,可以搜索 json web token (jwt)(另外为了读取http body,我们这里会使用 body-parser,可以直接使用npm install --save body-parser 安装)。
首先修改我们的登录组件:
methods: {
login: function () {
var self = this;
axios.post('/login', this.user)
.then(function (res) {
console.log(res);
if (res.data.success) {
localStorage.setItem('token', res.data.token);
console.log(self.$router);
self.$router.push({
path: self.$route.query.to
});
} else {
alert(res.data.errorMessage);
}
})
.catch(function (error) {
console.log(error);
});
}
}
并添加全局拦截器,在任何ajax请求中加入token 头,如果熟悉angular拦截器的同学对axios实现的拦截器应该很熟悉的,这和jquery 对Ajax.setting的设置类似:
// request 拦截器 ,对所有请求,加入auth
axios.interceptors.request.use(
cfg => {
// 判断是否存在token,如果存在,则加上token
if (localStorage.getItem('token')) {
cfg.headers.Authorization = localStorage.getItem('token');
}
return cfg;
},
err => {
return Promise.reject(err);
}); // http response 拦截器
axios.interceptors.response.use(
res => {
return res;
},
err => {
if (err.response) {
switch (err.response.status) {
case 401: //如果未授权访问,则跳转到登录页面
router.replace({
path: '/login',
query: {redirect: router.currentRoute.fullPath}
})
}
}
return Promise.reject(err.response.data)
});
这样,我们再每次请求的时候,如果token存在,则就会带上token;
接着,修改我们的后端部分,加入处理登录,以及生成解析token的部分,修改我们的authMiddleware.js文件:
var jwt = require('jsonwebtoken');
/**
* 有效用户列表
*/
var validUsers = [{
username: 'zhangsan',
password: '123456'
}, {
username: 'lisi',
password: '123456'
}];
//FIXME:这个作为密钥,一定要安全的,这里我为了简单就直接写了一大段字符串
const secretKey = 'dhahr3uiudfu93u43i3uy43&*&$#*&437hjhfjdjhfdfjsy8&*&*JNFSJDJHH??>:LP';
/**
* 创建token
* @param {用户对象} user
*/
var createToken = function (user) {
/**
* 创建token 并设置过期时间为一个小时
*/
return jwt.sign({ data: user, exp: Math.floor(Date.now() / 1000) + (60 * 60) }, secretKey);
}
/**
* 解析token
* @param {用户需要验证的token} token
*/
var parseToken = function (token, callback) {
jwt.verify(token, secretKey, function (err, result) {
callback && callback(err, result);
});
}
module.exports = function (req, res, next) {
//如果是登录请求
console.log(req.path);
if (req.path === "/login") {
var username = req.body.username;
var password = req.body.password;
//判断用户名和密码是否正确
var user = validUsers.filter(u => u.username === username && u.password === password)[0];
//如果用户用户名密码匹配成功,直接创建token并返回
if (user) {
res.json({
success: true,
token: createToken(user)
})
} else {
res.json({
success: false,
errorMessage: 'username or password is not correct,please retry again'
})
}
} else {//如果不是登录请求,则需要检查token 的合法性
var token = req.get('Authorization');
console.log(token);
if (token) {
parseToken(token, function (err, result) {
if (err) {//如果解析失败,则返回失败信息
res.status(401).json( {
success: false,
errorMessage: JSON.stringify(err)
})
} else {
next();
}
})
}else{
res.status(401).json({
success:false,
errorMessage:'未授权的访问'
});
}
}
}
上述代码加上注释应该没什么复杂度的,各位同学应该可以看的明白,这样之后,我们启用我们的授权中间件,修改/app.js文件:
var express = require("express");
var bodyParser = require("body-parser");
var authMiddleware = require('./middleware/authMiddleware');
var customerRouter = require('./router/customers');
var app = express();
app.use(express.static('public'));
app.get('/portal', function (req, res) {
res.json({
data: [
{
visits: 12,
clicks: 100
},
{
location: 'BeiJing',
total: 17
}
]
})
})
app.use(bodyParser.json())
app.use(authMiddleware);
app.use('/api', customerRouter);
运行我们的代码可以看到如下效果:
博客园对图片大小有要求,不能很好的截取,就只截取了一部分,这是登录后的效果,登录前的效果,大家可以自己测试,完整代码如下:
/app.js
var express = require("express");
var bodyParser = require("body-parser");
var authMiddleware = require('./middleware/authMiddleware');
var customerRouter = require('./router/customers');
var app = express();
app.use(express.static('public'));
app.get('/portal', function (req, res) {
res.json({
data: [
{
visits: 12,
clicks: 100
},
{
location: 'BeiJing',
total: 17
}
]
})
})
app.use(bodyParser.json())
app.use(authMiddleware);
app.use('/api', customerRouter);
app.listen(8110, function () {
console.log("port 8110 is listenning!!!");
});
/public/app.js
var LoginComponent = {
template: `
<div class="login" >
username:<input type="text" v-model="user.username" />
password:<input type="password" v-model="user.password" />
<input type="button" @click="login()" value="login" />
</div>
`,
data: function () {
return {
user: {
username: '',
password: ''
}
}
},
methods: {
login: function () {
var self = this;
axios.post('/login', this.user)
.then(function (res) {
console.log(res);
if (res.data.success) {
localStorage.setItem('token', res.data.token);
console.log(self.$router);
self.$router.push({
path: self.$route.query.to
});
} else {
alert(res.data.errorMessage);
}
})
.catch(function (error) {
console.log(error);
});
}
}
}
var CustomerListComponent = {
template: `
<div>
<div>
<input type="text" v-model="keyword" /> <input type="button" @click="getCustomers()" value="search" />
</div>
<ul>
<router-link v-for="c in customers" tag="li" :to="{name:'detail',params:{id:c.id}}" :key="c.id">{{c.name}}</router-link>
</ul>
</div>
`,
data: function () {
return {
customers: [],
keyword: ''
}
},
created: function () {
this.getCustomers();
},
methods: {
getCustomers: function () {
axios.get('/api/getCustomers', { params: { keyword: this.keyword } })
.then(res => { this.customers = res.data; console.log(res) })
.catch(err => console.log(err));
},
}
}
var CustomerComponent = {
template: `
<div>
{{customer}}
</div>
`,
data: function () {
return {
customer: {}
}
},
created: function () {
var id = this.$route.params.id;
this.getCustomerById(id);
},
watch: {
'$route': function () {
console.log(this.$route.params.id);
}
},
methods: {
getCustomerById: function (id) {
axios.get('/api/customer/' + id)
.then(res => this.customer = res.data)
.catch(err => console.log(err));
}
}
}
var HomeComponent = {
template: `<div>
<h1>Home 页面,portal页</h1>
<h2>以下数据来自服务端</h2>
{{stat}}
</div>`,
data: function () {
return {
stat: ''//代表相关统计信息等
}
},
methods: {
getStat: function () {
return axios.get('/portal');
}
},
created: function () {
this.getStat().then(res => {
this.stat = JSON.stringify(res.data);
}).catch(err => {
console.log(err);
})
}
}
var router = new VueRouter({
routes: [{
name: 'home', path: '/home', component: HomeComponent
},
{
name: 'customers', path: '/customers', component: CustomerListComponent,
meta: {
auth: true
}
},
{
name: 'detail', path: '/detail/:id', component: CustomerComponent,
meta: {
auth: true
}
},
{
name: 'login', path: '/login', component: LoginComponent
}
]
});
//注册全局事件钩子
router.beforeEach(function (to, from, next) {
//如果路由中配置了meta auth信息,则需要判断用户是否登录;
if (to.matched.some(r => r.meta.auth)) {
//登录后会把token作为登录的标示,存在localStorage中
if (!localStorage.getItem('token')) {
console.log("需要登录");
next({
path: '/login',
query: { to: to.fullPath }
})
} else {
next();
}
} else {
next()
}
});
// request 拦截器 ,对所有请求,加入auth
axios.interceptors.request.use(
cfg => {
// 判断是否存在token,如果存在,则加上token
if (localStorage.getItem('token')) {
cfg.headers.Authorization = localStorage.getItem('token');
}
return cfg;
},
err => {
return Promise.reject(err);
});
// http response 拦截器
axios.interceptors.response.use(
res => {
return res;
},
err => {
if (err.response) {
switch (err.response.status) {
case 401: //如果未授权访问,则跳转到登录页面
router.replace({
path: '/login',
query: {redirect: router.currentRoute.fullPath}
})
}
}
return Promise.reject(err.response.data)
});
var app = new Vue({
router: router,
template: `
<div>
<router-link :to="{name:'home'}" >Home</router-link>
<router-link :to="{name:'customers'}" >Customers</router-link>
<router-view></router-view>
</div>
`,
el: '#app'
});
/public/index.html
<!DOCTYPE html>
<html lang="en"> <head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title>demo3</title>
<script src="https://cdn.bootcss.com/vue/2.4.1/vue.js"></script>
<script src="https://cdn.bootcss.com/vue-router/2.7.0/vue-router.js"></script>
<script src="https://cdn.bootcss.com/axios/0.16.2/axios.js"></script> </head> <body>
<div id="app"> </div>
<script src="./app.js"></script>
</body> </html>
/router/customers.js
var router = require("express").Router();
var db = require('./fakeData');
router.get('/getCustomers', function (req, res) {
var list = db.data;
list = list.filter(v => v.name.indexOf(req.query.keyword) !== -1);
res.json(list);
});
router.get('/customer/:id',function(req,res){
var list=db.data;
var obj=list.filter(v=>v.id==req.params.id)[0];
res.json(obj);
})
module.exports = router;
/router/fakeData.json
{
"data": [
{
"id":1,
"name": "zhangsan",
"age": 14,
"sexy": "男",
"majar": "学生"
},
{
"id":2,
"name": "lisi",
"age": 19,
"sexy": "女",
"majar": "学生"
},
{
"id":3,
"name": "wangwu",
"age": 42,
"sexy": "男",
"majar": "工人"
},
{
"id":4,
"name": "maliu",
"age": 10,
"sexy": "男",
"majar": "学生"
},
{
"id":5,
"name": "wangermazi",
"age": 82,
"sexy": "男",
"majar": "画家"
},
{
"id":6,
"name": "liudehua",
"age": 55,
"sexy": "男",
"majar": "天王"
},
{
"id":7,
"name": "zhoujielun",
"age": 14,
"sexy": "男",
"majar": "歌手"
},
{
"id":8,
"name": "wangfei",
"age": 50,
"sexy": "女",
"majar": "歌手"
},
{
"id":9,
"name": "mayun",
"age": 60,
"sexy": "男",
"majar": "老板"
}
]
}
/middleware/authMiddleware.js
var jwt = require('jsonwebtoken');
/**
* 有效用户列表
*/
var validUsers = [{
username: 'zhangsan',
password: '123456'
}, {
username: 'lisi',
password: '123456'
}];
//FIXME:这个作为密钥,一定要安全的,这里我为了简单就直接写了一大段字符串
const secretKey = 'dhahr3uiudfu93u43i3uy43&*&$#*&437hjhfjdjhfdfjsy8&*&*JNFSJDJHH??>:LP';
/**
* 创建token
* @param {用户对象} user
*/
var createToken = function (user) {
/**
* 创建token 并设置过期时间为一个小时
*/
return jwt.sign({ data: user, exp: Math.floor(Date.now() / 1000) + (60 * 60) }, secretKey);
}
/**
* 解析token
* @param {用户需要验证的token} token
*/
var parseToken = function (token, callback) {
jwt.verify(token, secretKey, function (err, result) {
callback && callback(err, result);
});
}
module.exports = function (req, res, next) {
//如果是登录请求
console.log(req.path);
if (req.path === "/login") {
var username = req.body.username;
var password = req.body.password;
//判断用户名和密码是否正确
var user = validUsers.filter(u => u.username === username && u.password === password)[0];
//如果用户用户名密码匹配成功,直接创建token并返回
if (user) {
res.json({
success: true,
token: createToken(user)
})
} else {
res.json({
success: false,
errorMessage: 'username or password is not correct,please retry again'
})
}
} else {//如果不是登录请求,则需要检查token 的合法性
var token = req.get('Authorization');
console.log(token);
if (token) {
parseToken(token, function (err, result) {
if (err) {//如果解析失败,则返回失败信息
res.status(401).json( {
success: false,
errorMessage: JSON.stringify(err)
})
} else {
next();
}
})
}else{
res.status(401).json({
success:false,
errorMessage:'未授权的访问'
});
}
}
}
/package.json
{
"name": "vue_demo3",
"version": "1.0.0",
"description": "",
"main": "app.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
"author": "",
"license": "ISC",
"dependencies": {
"body-parser": "^1.17.2",
"express": "^4.15.3",
"jsonwebtoken": "^7.4.1"
}
}