给所有请求都加上jwt,隐藏生成jwt的secret(放到.env中),隐藏app-secret(放在pm2运行配置文件中,后续直接读取环境配置即可)
This commit is contained in:
@@ -0,0 +1,30 @@
|
||||
// app/api/jwt-helper.server.ts
|
||||
import { getUserSession } from './login/auth.server';
|
||||
|
||||
/**
|
||||
* 从 request 中获取 JWT token
|
||||
* @param request Remix Request 对象
|
||||
* @returns JWT token 或 undefined
|
||||
*/
|
||||
export async function getJwtFromRequest(request: Request): Promise<string | undefined> {
|
||||
const { frontendJWT } = await getUserSession(request);
|
||||
return frontendJWT || undefined;
|
||||
}
|
||||
|
||||
/**
|
||||
* 包装 PostgrestParams,自动添加 JWT
|
||||
* @param request Remix Request 对象
|
||||
* @param params 原始参数
|
||||
* @returns 包含 JWT 的参数
|
||||
*/
|
||||
export async function withJwt<T extends { token?: string }>(
|
||||
request: Request,
|
||||
params?: T
|
||||
): Promise<T & { token: string | undefined }> {
|
||||
const jwt = await getJwtFromRequest(request);
|
||||
return {
|
||||
...params as T,
|
||||
token: jwt
|
||||
};
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user