问题
I can make get JSON-Web-Token to ignore paths using .unless like this.
app.use(expressJWT({secret: config.JWTSECRET}).unless({path:
['/register',
'/authentication',
]}));
I have a route with different HTTP methods (get, put, post, delete). I want the GET version of /events to not require a token, but the POST version of /event to require a token. Can I do this without having different routes for GET and POST etc.
/events //GET - no token required
/events //POST - token required
回答1:
If I know right, the express-jwt module is using express-unless to give you .unless method. With that, you can use a custom function to filter the request.
var filter = function(req) {return true;}
app.use(expressJWT({ secret: config.JWTSECRET}).unless(filter));
In the filter function, you can check the route (req.path) and the request type (req.method).
来源:https://stackoverflow.com/questions/35133693/jwt-how-to-bypass-certain-api-routes-and-http-methods