如何使用护照对用户和管理员进行身份验证

时间:2020-07-21 19:37:51

标签: javascript node.js mongodb mongoose passport.js

我正在使用护照执行本地策略,但遇到了一个问题,即似乎可以很好地验证用户身份,并且可以让该用户在会话中跨站点持久化,但不能让管理员持久化。我在MongoDB中的用户和管理员帐户分别位于不同的集合下。我尝试了许多不同的途径,例如为管理员和用户使用不同的通行证以及为管理员和用户使用不同的数据库无济于事。我已经停下来了。我将不胜感激!

//Passport.js
const LocalStrategy = require('passport-local').Strategy;
const mongoose = require('mongoose')
const bcrypt = require('bcrypt')


// Loads in user model
const User = require('../models/userModel')
//Loads in the admin model
const Admin = require('../models/adminModel')


module.exports = function (authUser){
  authUser.use(
    'authUser',new LocalStrategy({usernameField: 'username'}, (username, password, done)=>{
      //Match user
      const user = User.findOne({username: username})
      .then(user=>{
        if(!user){
          return done(null, false, {message: 'Incorrect Username'})
        }
        //Match password
        bcrypt.compare(password, user.password, (err, isMatch)=>{
          if(err) throw err;
          if (isMatch) {
            return done(null, user)
          }else {
            return done(null, false, {message: 'Incorrect password'})
          }
        })
      })
      .catch(err=>console.log(err));
    })
  )

  authUser.serializeUser((user, done) =>{
    done(null, user.id);
  });

  authUser.deserializeUser((id, done) =>{
    User.findById(id, (err, user) => {
      done(err, user);
    });
  });

  authUser.use(
    'admin',new LocalStrategy({usernameField: 'username'}, (username, password, done)=>{
      //Match user
      const admin = Admin.findOne({username: username})
      .then(admin=>{
        if(!admin){
          return done(null, false, {message: 'Incorrect Username'})
        }
        //Match password
        bcrypt.compare(password, admin.password, (err, isMatch)=>{
          if(err) throw err;
          if (isMatch) {
            return done(null, admin)
          }else {
            return done(null, false, {message: 'Incorrect password'})
          }
        })
      })
      .catch(err=>console.log(err));
    })
  )

  authUser.serializeUser((admin, done) =>{
    done(null, admin.id);
  });

  authUser.deserializeUser((id, done) =>{
    Admin.findById(id, (err, admin) => {
      done(err, admin);
    });
  });
}

//Authenticate.js
module.exports = {
  checkAuthenticated: function(req, res, next) {
    if (req.isAuthenticated()) {
      return next()
    }
    // req.flash('error_msg', 'please login to view this resource')
    res.redirect('/Users/Login')
  },
  checkNotAuthenticated: function(req, res, next) {
    if (req.isAuthenticated()) {
      return res.redirect('/')
    }
    // req.flash('error_msg', 'please login to view this resource')
    return next()
  },
  checkAdminAuthenticated: function(req, res, next) {
    if (req.isAuthenticated()) {
      return next()
    }
    // req.flash('error_msg', 'please login to view this resource')
    res.redirect('http://localhost:3000/Admin/SignIn')
  }
}

//Snippet from adminRoute.js
const passport = require('passport')
require('../config/passport.js')(passport)

app.get("/SignIn", checkNotAuthenticated,(req,res) =>{
  res.render("adminLogin.ejs")
})
app.get('/Orders', checkAdminAuthenticated, (req, res) => {
  Request.find({}).then(results => {
    res.render('orders.ejs', {
      Orders: results
    });
  })
})
// Login Handle
app.post('/SignIn', checkNotAuthenticated, (req,res, next)=>{
  passport.authenticate('admin',{
    successRedirect: '/AdminPage', //On success redirect to home
    failureRedirect: '/Admin/SignIn', //On failure redirect back to login page
    session: true,
    failureFlash: true
  })(req,res,next);
})
module.exports = app

//Snippet from userRoute.js
const passport = require('passport')
const authUser = new passport.Passport();
require('../config/passport.js')(authUser)
// DB config
const userDB = require('../config/keys').MongoURI
const User = require('../models/userModel')
app.get("/Login", checkNotAuthenticated,(req,res) =>{
  res.render("login.ejs")
})

app.delete('/logout', (req, res) => {
  req.logOut()
  res.redirect('/Users/Login')
})

app.get('/Register', checkNotAuthenticated,  (req,res)=>{
  res.render("register.ejs")
})

// Login Handle
app.post('/Login', checkNotAuthenticated,(req,res, next)=>{
  authUser.authenticate('authUser',{
    successRedirect: '/', //On success redirect to home
    failureRedirect: '/Users/Login', //On failure redirect back to login page
    session: true,
    failureFlash:true
  })(req,res,next);
})
module.exports = app

// snippet from app.js
const passport = require('passport')
const authUser = new passport.Passport();
require('./config/passport.js')(authUser)
    app.use(authUser.initialize())
    app.use(authUser.session())
    app.use('/Users', require('./routes/userRoute'))
    app.use('/Admin', require('./routes/adminRoute'))

0 个答案:

没有答案
相关问题
最新问题