对于REST调用,passport-local会话保持为空

时间:2017-09-15 12:57:24

标签: node.js express passport.js passport-local

我在让本地护照正常工作方面遇到了一些麻烦。 我有一个使用React和React-Router v4的小网站。我可以登录确定,并在重新加载时保持登录状态。我对管理部分的所有REST调用都会导致返回登录屏幕。

我希望只对某些REST调用进行身份验证(即/ admin *),但这些REST调用都会返回“/ login”页面。

好吧,代码:

import express from 'express';
import compression from 'compression';
import bodyParser from 'body-parser';
import cookieParser from 'cookie-parser';
import passport from 'passport';
import session from 'express-session';
import { Strategy as LocalStrategy } from 'passport-local';

const secret = 'foo';

const app = express();

app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json());

app.use(cookieParser(secret));
app.use(
session({
  secret,
  saveUninitialized: false,
  resave: false,
  maxAge: null,
  cookie: {
    path: '/admin',
    secure: process.env.NODE_ENV === 'production',
  },
}),
);
app.use(passport.initialize());
app.use(passport.session());

passport.use(new LocalStrategy((email, password, done) =>
  User.findOne({ where: { email } })
    .then((user) => {
      if (!user) return done(null, false, { message: `There is no record of the email ${email}.` });

      return user.comparePassword(password).then((result) => {
        if (result) done(null, user);
        else done(null, false, { message: 'Your email/password combination is incorrect.' });
      });
    })
    .catch((err) => {
      console.log(err);
      done(null, false, { message: 'Something went wrong trying to authenticate' });
    })));

passport.serializeUser((user, done) => {
done(null, user.id);
});

passport.deserializeUser((id, done) => {
  console.log('find by id', id);
  User.findById(id)
    .then((user) => {
      done(null, user.get());
    })
    .catch(done);
});

app.use(...cspSecurity);

app.use(compression());

//sequelize connect
connect();

路线

app.post('/admin/logout', userController.logout);
app.post('/admin/login', userController.login);
app.get('/admin/rest/*', (req, res, next) {
  console.log('authenticated', req.isAuthenticated());

  if (req.isAuthenticated()) {
    next();
  } else {
    res.redirect('/login');
  }
});

app.get('/admin/rest/user', userController.all);
app.post('/admin/rest/user', userController.add);
app.put('/admin/rest/user/:id', userController.update);

从登录名返回的Cookie:

set-cookie:connect.sid=s%3AUtm0CymuTprJHwJb_XVFscXb73-p-F0m.BIZ4R7gCy%2BHkSc%2FbC423FG71mWLxgdsdfsdMkjDRhIe8w; Path=/admin; HttpOnly

根据我看到的建议,我尝试将其添加到我的REST调用中,但无济于事:

const res = await fetch(`/admin/rest/user/${data.id}`, {
    method: 'PUT',
    headers: {
      'Content-Type': 'application/json',
    },
    credentials: 'same-origin',
    body: JSON.stringify(data),
});

有什么建议吗?

1 个答案:

答案 0 :(得分:0)

这与CloudFlare和我的服务器之间的非安全连接以及设置安全cookie的服务器有关

相关问题
最新问题