我正在使用护照(本地和不记名策略)的多种策略。使用本地策略登录有效。我们在登录后生成令牌,令牌存储在redis中。在初始登录后,我想在没有会话的情况下使用bearer auth,只要在redis中找到令牌即可。如果我发送正确的令牌,我可以查询redis并获取用户数据,但节点仍然发送403响应而不是我期望的200状态码。如果在redis中找不到令牌,则sails会因以下错误而崩溃:
/workspace/rs-api-sails/node_modules/redis/index.js:587
throw err;
^
Error: Can't set headers after they are sent.
at ServerResponse.OutgoingMessage.setHeader (http.js:691:11)
at ServerResponse.res.setHeader (/workspace/rs-api-sails/node_modules/sails/node_modules/express/node_modules/connect/lib/patch.js:59:22)
at allFailed (/workspace/rs-api-sails/node_modules/passport/lib/passport/middleware/authenticate.js:153:13)
at attempt (/workspace/rs-api-sails/node_modules/passport/lib/passport/middleware/authenticate.js:232:28)
at Context.delegate.fail (/workspace/rs-api-sails/node_modules/passport/lib/passport/middleware/authenticate.js:227:9)
at Context.actions.fail (/workspace/rs-api-sails/node_modules/passport/lib/passport/context/http/actions.js:35:22)
at verified (/workspace/rs-api-sails/node_modules/passport-http-bearer/lib/strategy.js:125:19)
at /workspace/rs-api-sails/config/bootstrap.js:40:18
at try_callback (/workspace/rs-api-sails/node_modules/redis/index.js:580:9)
at RedisClient.return_reply (/workspace/rs-api-sails/node_modules/redis/index.js:670:13)
10 Dec 13:25:15 - [nodemon] app crashed - waiting for file changes before starting...
以下是bootstrap.js中承载身份验证的代码:
passport.use(new BearerStrategy(
function(token, done) {
var redis = require("redis"),
client = redis.createClient(null, null, {detect_buffers: true});
client.get(token, function (err, reply) {
if (reply === null) {
// if token is not a key in redis, node throws the headers already sent error
return done(null, false);
} else {
User.findOne({ id: reply.toString() }).done(function(err, user) {
sails.log(user);
// here we get the user data from waterline but node still sends a 403
return done(null, user);
});
}
});
}
));
此代码位于policies / isAuthenticated.js:
中module.exports = function(req, res, next) {
var passport = require('passport');
passport.authenticate('bearer', { session: false })(req, res, next);
// User is allowed, proceed to the next policy,
// or if this is the last policy, the controller
if (req.isAuthenticated()) {
return next();
}
// User is not allowed
// (default res.forbidden() behavior can be overridden in `config/403.js`)
return res.forbidden('You are not permitted to perform this action.');
};
我是节点的新手,非常感谢任何帮助!
答案 0 :(得分:1)
更新:对policy / isAuthenticated.js进行一些更改后似乎现在正在运行:
var passport = require('passport');
module.exports = function(req, res, next) {
passport.authenticate('bearer', { session: false }, function(err, user, info) {
if (req.isAuthenticated()) {
// user is allowed through local strategy
return next();
}
if (err) {
return res.send(403, { error: 'Error: ' + info });
}
if (!user) {
return res.send(403, { error: 'Invalid token' });
}
if (user) {
sails.log(user);
return next();
}
// (default res.forbidden() behavior can be overridden in `config/403.js`)
return res.forbidden('You are not permitted to perform this action.');
})(req, res, next);
};