本文介绍了Node.js的/ Angular.js联系授权路线的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述 29岁程序员，3月因学历无情被辞！ 我使用JSON网络令牌工作的平均应用与验证。基本上每个请求，我检查，看看用户有一个有效的标记。如果是这样，他们可以通过向路径，否则它们返回到登录页面。I'm working on a MEAN application with authentication using JSON web tokens. basically on every request, I am checking to see if user has a valid token. if so they can go through to the route, otherwise they are returned to login page.我想使某些航线/管理/等..只访问登录谁也管理员用户。我在蒙戈成立一个isAdmin标志。我是新来的NodeJS和想知道什么是检查是最好的方法。难道我做它在路线角的一面呢？或者，可不知何故，我创建的认证基于权限的令牌？作为参考，我下面从平均机书code，尤其是在这里 -I want to make certain routes /admin/etc... only accessible to logged in users who are also admin. I have set up an isAdmin flag in mongo. I am new to nodejs and wondering what is the best way to check this. Do I do it on the angular side in routes? Or can I somehow create permission-based tokens on authentication? For reference, I am following the code from the MEAN Machine book, in particular here - https：//开头的github .COM /苏格兰-IO /均值机器code /树/主/ 17用户的CRM推荐答案首先，授权决定的必须的将在服务器端完成。这样做在Angular.js客户端如你所说也是一个不错的主意，但是这仅仅是为了提高用户体验的目的，例如不显示用户的东西的链接，他们没有获得。First, authorization decisions must be done on the server side. Doing it on the client side in Angular.js as you suggested is also a good idea, but this is only for the purpose of improving the user's experience, for example not showing the user a link to something they don't have access to.通过JWTs，你可以嵌入有关令牌里面的用户称，像这样的：With JWTs, you can embed claims about the user inside the token, like this:var jwt = require('jsonwebtoken');var token = jwt.sign({ role: 'admin' }, 'your_secret');要地图的权限前preSS的路线，你可以使用以连接，角色建立清洁和可读性授权中间件功能。假设例如您的智威汤逊在HTTP头发送，您有以下（天真）授权中间件：To map permissions to express routes, you can use connect-roles to build clean and readable authorization middleware functions. Suppose for example your JWT is sent in the HTTP header and you have the following (naive) authorization middleware:// Naive authentication middleware, just for demonstration// Assumes you're issuing JWTs somehow and the client is including them in headers// Like this: Authorization: JWT {token}app.use(function(req, res, next) { var token = req.headers.authorization.replace(/^JWT /, ''); jwt.verify(token, 'your_secret', function(err, decoded) { if(err) { next(err); } else { req.user = decoded; next(); } });})使用，你可以强制执行路线的授权策略，如：With that, you can enforce your authorization policy on routes, like this:var ConnectRoles = require('connect-roles');var user = new ConnectRoles();user.use('admin', function(req) { return req.user && req.user.role === 'admin';})app.get('/admin', user.is('admin'), function(req, res, next) { res.end();})请注意，有发放和放大器更好的选择;验证JWTs，如前preSS-智威汤逊，或者使用与 =htt​​ps://www.npmjs.com/package/passport-jwt相对= nofollow的> passort，智威汤逊Note that there are much better options for issuing & validating JWTs, like express-jwt, or using passport in conjunction with passort-jwt 这篇关于Node.js的/ Angular.js联系授权路线的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！ 上岸，阿里云！