路由如下所示,其中verifyToken是一个中间件.
router.get('/v1/endpoint', verifytoken, apis.getData);
为了保护这条路由,我们通常使用keycloak.protect();但我想使用verifyToken,这是一个中间件,无论该路由是否受到保护,它总是转到apis.getDatat.但是中间件函数将根据用户是否经过身份验证附加一个字符串.
router.get('/v1/endpoint', keycloak.protect(), apis.getData);
这段代码应该运行并保护路由,并且基于它是否被授权,我想添加验证的字符串,apis.getData将使用该字符串来发送正确的数据量.
const keycloak = require('../../keycloak').getKeycloak();
/**
* @param {Object} request - request object with authorization header.
* @param {Object} response - response object.
* @param {Object} next - calls the next function with user payload.
*/
module.exports = function(request, response, next) {
// authorization token.
const token = request.headers.authorization;
// if token is not sent the authorization fails.
if (!token) {
return response.status(401).send('Access Denied, missing authorization token!');
}
// check if the token is valid or not.
try {
const verified = {};
if (keycloak.protect()) {
verified.verified = 'verified';
}
console.log('Token is verified', verified);
response.locals.user = verified;
next();
} catch (err) {
console.log('Token invalid!!!');
response.locals.user = 'unknown';
next();
}
};
用于配置密钥罩的代码
const session = require('express-session');
const Keycloak = require('keycloak-connect');
const keycloakConfig = require('./keycloak.json');
let _keycloak;
function initKeycloak() {
if (_keycloak) {
console.warn('Trying to init Keycloak again!');
return _keycloak;
}
console.log('Initializing Keycloak...');
const memoryStore = new session.MemoryStore();
_keycloak = new Keycloak({ store: memoryStore }, keycloakConfig);
return _keycloak;
}
function getKeycloak() {
if (!_keycloak) {
console.error('Keycloak has not been initialized. Please called init first.');
}
return _keycloak;
}
module.exports = {
initKeycloak,
getKeycloak,
};