lundi 9 mars 2015

Issue with Hapi-jwt: Hapi-jwt authentication not running the handler function

I am not sure why, but I am having an issue implementing JWT authentication on my API. I'm using the http://ift.tt/1HoueBi package.


Creating the token works without issue, I'm getting a reply back on my /api/v1/login (auth) route, giving me a status:200 and the token:hash.


However, using my basic validation function on any route causes the route's handler to no longer run, and instead the validation function replies with the {"credentials": ... } object.


I'm also using Good and good-console, but I don't believe they are causing any problems in this.


Here's the server code (in the order it appears in my index.js file):



// SERVER SETUP
var server = new hapi.Server();
server.connection({ port: hapiPortNo });

// JWT SERVER REGISTRATIONS
server.register(require('hapi-jwt'), function(err) {
    if(err) throw err;
    server.auth.strategy('simple', 'bearer-access-token', {
        validateFunc: auth.validateJWT,
        secret: jwtCodeString
    });
});

function defaultHandler(req, reply) {
    reply('success!');
}

server.route({
    method: 'GET',
    path: '/',
    handler: defaultHandler,
    config: { auth: 'simple' }
});

server.route({
    method: 'POST',
    path: '/api/v1/login',
    handler: auth.authHandler
});

server.register({
    register: good,
    options: {
        reporters: [{
            reporter: require('good-console'),
            args: [{ log: '*', response: '*' }]
        }]
    }
}, function (err) {
    if(err) {
        throw err;
    }

// START SERVER
server.start(function () {
    server.log('info', 'Server running at: ' + server.info.uri);
});


});


And these are my auth and validation functions (kept in a seperate file, ./lib/auth.js and imported as a requirement):



//Authentication
function authHandler( request, reply ) {
    var data = request.payload;
    var tokenData = {
        "user": data.user
    };      
    var encoded = jwt.sign( tokenData, _codeString);
    reply({ "status": 200, "token": encoded });
}

// Validation
function validateJWT( decoded, request, next ) {
    var isValid = false;    
    if(decoded.user == 'me') {
        isValid = true;
    }
    return next(null, isValid, {token: decoded} );
}


The hapi server runs without issues and replies all my routes' data normally when I drop the config: { auth: 'simple' } but for some reason adding authentication is resulting in every route replying with:



{
    "credentials": {
        "token": {
            "user": "me",
            "iat": 1425689201
        }
    }
}


Any thoughts? I'd be open to switching to another JWT auth package if someone has a recommendation.


Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)