护照会话未保存"/>
Nodejs护照会话未保存
我似乎无法弄清楚为什么未将身份验证用户保存在会话中后,即使成功进行身份验证后,req.user始终始终是未定义的。我可以看到serializeUser被调用,但是req.user始终似乎为空
我正在使用http,我也尝试了{secure:false}选项,但不幸的是没有成功
App js代码
const express = require('express');
const cors = require('cors');
const http = require('http');
const app = express();
//Database imports
const mongoose = require('mongoose');
const passport = require('passport');
const session = require('express-session');
//Parsers
const cookies = require("cookie-parser");
const bodyParser = require('body-parser');
require('dotenv/config')
// parse application/x-www-form-urlencoded
app.use(bodyParser.json({limit: '10mb', extended: true}))
app.use(bodyParser.urlencoded({limit: '10mb', extended: true}))
app.use(cookies('asdf33g4w4hghjkuil8saef345'));
app.use(cors({ credentials: true }));
//React app
//app.use(express.static(__dirname+'/build'))
require('./passport/passport')(passport);
app.use(session({ secret: 'asdf33g4w4hghjkuil8saef345',cookie : {
expires: false,
},resave: true,
saveUninitialized: true,
cookie: {
httpOnly: true,
expires: 360*400 // use expires instead of maxAge
}
}));
app.use(passport.initialize());
app.use(passport.session());
mongoose.connect(process.env.MONGO_URI, () => {
console.log('Connected to database');
});
function isBlocked(req, res, next) {
if (req.user && req.user.status) {
// user is authenticated
next();
} else {
// return unauthorized
res.send(401, "Unauthorized");
}
};
app.use('/' , require('./routes/auth'));
var server = http.createServer(app);
const PORT = process.env.PORT || 5000;
server.listen(PORT, console.log(`Server started on port ${PORT}`));
护照配置
const LocalStrategy = require('passport-local').Strategy;
const bcrypt = require('bcryptjs');
// Load User model
const User = require('../models/User');
module.exports = function(passport) {
passport.use(
new LocalStrategy({ usernameField: 'username' }, (username, password, done) => {
// Match user
User.findOne({
username: username
}).then(user => {
if (!user) {
return done(null, false, { message: 'User not found' });
}
// Match password
bcryptpare(password, user.password, (err, isMatch) => {
if (err) throw err;
if (isMatch) {
return done(null, user);
} else {
return done(null, false, { message: 'Password incorrect' });
}
});
});
})
);
passport.serializeUser(function(user, done) {
done(null, user.username);
});
passport.deserializeUser(function(id, done) {
User.findOne({username:id}, function(err, user){
if(!err){
console.log('no err')
done(null, user)
}
else{
console.log('error')
done(err, null)
}
console.log(user)
})
})}
我如何处理登录
router.post('/login',
passport.authenticate('local', { failureRedirect: '/login' },),
function(req, res) {
req.session.save(function(){
res.redirect('/true');
});
});
此外,您可以尝试使用:
passport.protected = function protected(req, res, next) {
try {
if (req.isAuthenticated()) {
console.log(
"----AUTHENTICATED ",
req.session.passport,
"!!--------"
);
} else {
console.log("----NOT AUTHENTICATED!!--------");
res.sendStatus(401)
}
} catch(e) {
console.log("ERROR CAUGHT")
console.log(e)
}
};
您实际上可以保护您的路线,例如->
app.get("/validatesession", auth.protected, function(req, res) {
});
更多推荐
Nodejs护照会话未保存
发布评论