我已成功关注this Tutorial并制作了基于Node.js的应用。
现在我想为某些特定路线添加护照本地支持登录。我发现的有关使用Passport的每个教程都适用于只有一个路径文件的应用程序。但是我的路线有多个文件(在 app.js 中):
var index = require('./routes/index');
var config = require('./routes/config');
var about = require('./routes/about');
var run = require('./routes/run');
var device = require('./routes/device');
var user = require('./routes/user');
例如在 routes / config.js :
中router.get('/', server_controller.index);
router.get('/server/create', server_controller.server_create_get);
router.post('/server/create', server_controller.server_create_post);
router.get('/server/:id/delete', server_controller.server_delete_get);
router.post('/server/:id/delete', server_controller.server_delete_post);
并且在 routes / device.js 中我们有需要登录的路由:
router.get('/', device_controller.index);
router.get('/change-ip', device_controller.device_edit_ip_get);
router.post('/change-ip', device_controller.device_edit_ip_post);
那么我应该如何在这些不同的路径文件中使用护照本地中间件?
更新: 在 routes / user.js 我已经定义了护照本地策略。
var express = require('express');
var router = express.Router();
var User = require('../models/user');
var passport = require('passport');
var LocalStrategy = require('passport-local').Strategy;
router.get('/login', function(req, res, next) {
res.render('login.pug' ,{
title : "Login Page"
});
});
passport.serializeUser(function(user, done) {
done(null, user.id);
});
passport.deserializeUser(function(id, done) {
User.findById(id, function (err, user) {
done(err, user);
});
});
passport.use('local-login' ,new LocalStrategy({
usernameField : 'uname',
passwordField : 'password'
},
function (uname , password , done) {
User.findOne({ uname : uname } , function (err , user) {
if(err) { return done(err); }
if(!user) {
return done(null,false,{});
}
if(! User.validPassword(password , user.password)) {
return done(null , false , {});
}
return done(null , user);
});
}
));
router.post('/login' , function (req ,res , next) {
var uname = req.body.uname;
var password = req.body.password;
req.checkBody('uname' , 'The user-name field is required').notEmpty();
req.checkBody('password' , 'The password field is required').notEmpty();
var errors = req.validationErrors();
if (errors) {
res.render('login.pug' , {
title : 'Login Page',
errors : errors
});
return;
}
next();
} , passport.authenticate('local-login' ,
{ failureRedirect: '/user/login' ,
successRetrunToOrRedirect: '/device'
}), function (req, res) {
console.log('login success');
res.redirect('/device');
});
module.exports = router;
然后在其他路径文件中我定义了isLoggedIn()函数并使用它,例如在 routes / devics.js 中:
router.get('/', isLoggedIn, device_controller.index);
router.get('/change-ip', isLoggedIn, device_controller.device_edit_ip_get);
router.post('/change-ip', isLoggedIn, device_controller.device_edit_ip_post);
router.get('/change-password', isLoggedIn, device_controller.device_change_pw_get);
router.post('/change-password', isLoggedIn, device_controller.device_change_pw_post);
function isLoggedIn(req , res , next) {
if(req.isAuthenticated()) {
next();
return;
}
res.redirect('/user/login');
}
或在 routes / config.js 中再次定义了isLoggedIn()并添加到需要身份验证的位置:
router.get('/', isLoggedIn, server_controller.index);
router.get('/server/create', isLoggedIn, server_controller.server_create_get);
router.post('/server/create', isLoggedIn, server_controller.server_create_post);
function isLoggedIn(req , res , next) {
if(req.isAuthenticated()) {
next();
return;
}
res.redirect('/user/login');
}
它工作正常,但我确信它不是正确/最好的方法!