使用express后端在ember UI中实现rest认证

时间:2016-07-27 06:48:31

标签: node.js rest authentication express ember.js

我是nodejs的新手。我需要知道的是在ember UI中实现身份验证和表达rest api的正确方法是什么。 Express api在应用程序的子域上运行。这是我用于身份验证的代码

router
    .post('/', function(req, res) {
        response = {}
        if (req.body.username == "") {
            response.status = "error";
            response.message = "Username field cannot be empty";
            res.statusCode = 400;
            return res.json(response);
        };
        if (req.body.password == "") {
            response.status = "error";
            response.message = "Password field cannot be empty";
            res.statusCode = 400;
            return res.json(response);
        };
        const db = req.db;
        const users = db.get('users');
        users.find({
            username: req.body.username
        }, {}, function(e, docs) {
            if (docs.length != 0) {
                response.status = "error";
                response.message = "Same username already exists";
                res.statusCode = 409;
                res.json(response);
            } else {
                bcrypt.hash(req.body.password, 5, function(err, bcryptedPassword) {
                    users.insert({
                        username: req.body.username,
                        password: bcryptedPassword,
                        admin: false
                    });
                    res.statusCode = 200;
                    res.send();
                });
            }

        });
    })
    .post('/authenticate', function(req, res) {
        response = {}
        if (req.body.username == "") {
            response.status = "error";
            response.message = "Username field cannot be empty";
            res.statusCode = 400;
            return res.json(response);
        };
        if (req.body.password == "") {
            response.status = "error";
            response.message = "Password field cannot be empty";
            res.statusCode = 400;
            return res.json(response);
        };
        const db = req.db;
        const users = db.get('users');
        users.find({
            username: req.body.username
        }, {}, function(e, docs) {
            if (docs.length == 1) {
                bcrypt.compare(req.body.password, docs[0].password, function(err, doesMatch) {
                    if (doesMatch) {
                        response.status = "success";
                        res.statusCode = 200;
                        var token = jwt.sign(docs[0], "test key", {
                            // expiresInMinutes: 1440 // expires in 24 hours
                        });
                        response.token = token;
                        res.json(response);
                    } else {
                        response.status = "error";
                        response.message = "Please check your username and password";
                        res.statusCode = 401;
                        res.json(response);
                    }
                });
            } else {
                response.status = "error";
                response.message = "Username not found";
                res.statusCode = 404;
                res.json(response);
            }

        });
    });

现在问题分为两部分。首先,我如何实现一种中间件类型的东西,它将在用户需要注册的任何地方打开身份验证模式。

其次我很确定我在服务器的快速方面出错了,如果有人能指出我提供restfull身份验证的节点模块,那将非常感激。

0 个答案:

没有答案
相关问题
最新问题