如何解决无法通过Apollo-Server-Express传递带有令牌的安全和sameSite Cookie选项
我在登录突变时将安全和sameSite选项附加到身份验证令牌时遇到问题。如果我删除这两个选项,并且仅发送httpOnly和maxAge,它会很好地工作。我正在使用Apollo-Server-Express,据我了解,其中包括Express.js。
对不起,我很抱歉,但我在这里很茫然。我的设置-
Index.js
const express = require("express");
const cookieParser = require("cookie-parser");
const jwt = require("jsonwebtoken");
require("dotenv").config({ path: "variables.env" });
const createServer = require("./createServer");
const db = require("./db");
const server = createServer();
const app = express();
// Use express middleware to handle cookies (JWT)
app.use(cookieParser());
// decode JQT so we can get userId on each request
app.use((req,res,next) => {
const { token } = req.cookies;
if (token) {
const { userId } = jwt.verify(token,process.env.APP_SECRET);
// put user Id onto the request for future requetss to access
req.userId = userId;
}
next();
});
app.use(async (req,next) => {
// if they aren't logged in,skip this
if (!req.userId) return next();
const member = await db.query.member(
{ where: { id: req.userId } },"{ id,permissions,email,name }"
);
req.member = member;
next();
});
// start it!
server.applyMiddleware({
app,// Commenting this out breaks CORS
cors: {
credentials: true,origin: process.env.FRONTEND_URL,},});
app.listen({ port: process.env.PORT },() =>
console.log(`? Server ready at http://localhost:${process.env.PORT}`)
);
createServer.js
const { ApolloServer,gql } = require("apollo-server-express");
const Mutation = require("./resolvers/Mutation");
const Query = require("./resolvers/Query");
const db = require("./db");
const { importSchema } = require("graphql-import");
const typeDefsFile = importSchema(__dirname.concat("/schema.graphql"));
const typeDefs = gql(typeDefsFile);
function createServer() {
return new ApolloServer({
typeDefs: gql`
${typeDefs}
`,context: (req) => ({ ...req,db }),resolverValidationOptions: {
requireResolversForResolveType: false,resolvers: {
Mutation,Query,});
}
module.exports = createServer;
登录突变
async signin(parent,{ email,password },ctx,info) {
// 1. check if member with that email exists
const member = await ctx.db.query.member({ where: { email } });
if (!member) {
throw new Error(`No member found for email ${email}`);
}
// 2. check password is correct
const valid = await bcrypt.compare(password,member.password);
if (!valid) {
throw new Error(`Invalid Password`);
}
// 3. create JWT token
const token = jwt.sign({ userId: member.id },process.env.APP_SECRET);
// 4. set the cookie
ctx.res.cookie("token",token,{
httpOnly: true,maxAge: 1000 * 60 * 60 * 24 * 365,// 1 year cookie
secure: true,sameSite: "none",});
// 5. return the member
return member;
},
Package.JSON(之前运行GraphQL Yoga)
"dependencies": {
"apollo-server": "^2.16.1","apollo-server-express": "^2.16.1","babel-preset-env": "^1.7.0","bcryptjs": "2.4.3","cookie-parser": "^1.4.5","cors": "^2.8.5","dotenv": "6.0.0","express": "^4.17.1","express-samesite-default": "^1.0.6","graphql": "^14.0.0","graphql-cli": "^2.17.0","graphql-import": "^1.0.2","graphql-yoga": "1.16.2","jsonwebtoken": "8.3.0","nodemailer": "^4.6.8","nodemon": "^1.18.7","npm-run-all": "^4.1.5","prisma": "1.17.1","prisma-binding": "2.1.6","stripe": "^6.12.1"
},
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。