我正在尝试创建一个路由守卫来保护一些延迟加载的模块的安全,我有一个带有BehaviorSubject的身份验证服务,它保存当前用户和JWT令牌
当我调用卫兵时,它首先获取当前用户的默认值,然后在第二次尝试时才允许用户到达路由。
auth.service.ts:
import { Injectable } from '@angular/core';
import { HttpClient, HttpErrorResponse, HttpResponse, HttpHeaders } from '@angular/common/http';
import { Observable, BehaviorSubject } from 'rxjs';
import { map, skip, takeLast, last } from 'rxjs/operators';
import { User } from '../shared/user';
import { environment } from '../../environments/environment';
@Injectable()
export class AuthService {
private loginUserToken: BehaviorSubject<string>;
private currentUser: BehaviorSubject<User>;
constructor(private http: HttpClient) {
// service init
this.loginUserToken = new BehaviorSubject(undefined);
this.currentUser = new BehaviorSubject(undefined);
this.loginUserToken.next(this.getTokenFromLocalStorege());
if (this.loginUserToken.value != null) {
this.getUserFromToken();
}
}
/**
* getLoginUser
*/
public getLoginUserAsObservable() {
return this.currentUser.asObservable();
}
public getLoginUserTokenAsObservable() {
return this.loginUserToken.asObservable();
}
public async login(user: User): Promise<any> {
// tslint:disable-next-line:no-shadowed-variable
return new Promise<any>(async (resolve: any, reject: any) => {
try {
const result: any = await this.http.post(`${environment.server}/api/auth/login`, user).toPromise();
if (result.massageCode === 1) {
reject('bedUsername');
} else if (result.massageCode === 2) {
reject('bed password');
} else {
this.loginUserToken.next(result.token);
this.getUserFromToken();
this.saveTokenToLocalStorege(result.token);
resolve();
}
} catch (error) {
reject('error');
}
});
}
public getUserFromToken(): void {
const headers = new HttpHeaders({
'x-access-token': this.loginUserToken.value
});
this.http.get(`${environment.server}/api/auth/userFromToken`, { headers }).toPromise()
.then((data: User) => {
this.currentUser.next(data);
})
.catch((error) => {
console.log(error);
});
}
public isLogin(): Promise<boolean> {
return new Promise((resolve, reject) => {
this.currentUser.asObservable()
.subscribe((data) => {
if (data) {
resolve(true);
} else {
resolve(false);
}
}).unsubscribe();
});
}
public saveTokenToLocalStorege(token: string): void {
localStorage.setItem('chanToken', token);
}
public getTokenFromLocalStorege(): string {
return localStorage.getItem('chanToken');
}
public removeTokenFromLocalStrege(): void {
localStorage.removeItem('chanToken');
}
}
auth.guaed.ts:
import { Injectable } from '@angular/core';
import { CanActivate, CanLoad, ActivatedRouteSnapshot, RouterStateSnapshot, Router } from '@angular/router';
import { Observable } from 'rxjs';
import { AuthService } from '../auth.service';
import { Route } from '@angular/compiler/src/core';
import { last, map } from 'rxjs/operators';
@Injectable()
export class AuthGuard implements CanLoad {
constructor(private authSerivce: AuthService, private router: Router) { }
canLoad(route: Route): boolean | Observable<boolean> | Promise<boolean> {
console.log('use gruad');
return this.authSerivce.isLogin();
}
}
发布于 2018-06-10 08:46:05
这是因为BehaviourSubject
是如何工作的。当您对BehaviourSubject
执行Subscribe
操作时,它会立即返回最后一个值。这就是BehaviourSubject
需要缺省值的原因。
在本例中,一旦AuthGuard
被激活,它将调用订阅currentUser
的方法isLogin
,并返回undefined
(取决于javascript执行的顺序)。基本上,您的AuthGuard
不会等待您的函数getUserFromToken()
完成。
当您使用ReplaySubject
而不是BehaviourSubject
时,您可以很容易地解决此问题。
private currentUser: ReplaySubject<User> = new ReplaySubject(1)
将ReplaySubject
初始化为1,它将缓存当前用户,但不会在不存在用户时触发。
目前,Authguard
将等待有效的currentUser
值,并且不会在currentUser
未定义时触发
https://stackoverflow.com/questions/50779020
复制相似问题