2022-01-04 服务端登录校验（assert）

后端 routes.js

const assert = require('http-assert')

// 资源列表
router.get('/', async (req, res, next) => {
	const token = String(req.headers.authorization || '').split(' ').pop()
	assert(token, 401, '请先登录')
	const { id } = jwt.verify(token, app.get('secret'))
	assert(id, 401, '请先登录')
	req.user = await AdminUser.findById(id)
	assert(req.user, 401, '请先登录')
	await next()
}, async (req, res) => {})

app.post('/admin/api/login', async (req, res) => {
	const { username, password } = req.body
	// 1. 根据用户名找用户
	const user = await AdminUser.findOne({ username }).select('+password')
	assert(user, 422, '用户不存在')
	// 2. 校验密码
	const isValid = require('bcryptjs').compareSync(password, user.password)
	assert(isValid, 422, '密码错误')
	// 3. 返回token
	const token = jwt.sign({ id: user._id }, app.get('secret'))
	res.send({ token })
})

// 错误处理函数
app.use(async (err, req, res, next) => {
	res.status(err.statusCode || 500).send({
		message: err.message
	})
})

前端 http.js

http.interceptors.response.use(
	res => {
		return res
	},
	err => {
		if (err.response.data.message) {
			Vue.prototype.$message({
				type: 'error',
				message: err.response.data.message
			})
			if (err.response.status === 401) {
				router.push('/login')
			}
		}
		return Promise.reject(err)
	}
)