我正在使用mongo,express,angular和node创建我的第一个完整堆栈Web应用程序。我来自前端背景,我在认证实施方面有点苦苦挣扎。
我的(不完整的)应用程序工作了好几天,但今天它突然破了,然后我神奇地修复了它。我很确定我没有改变代码中的任何重大内容。该错误导致所有经过身份验证的用户看到“访客用户”帐户。它将允许他们登录,但用户将作为guestuser从mongo返回。你看到我在这段代码中遗漏了什么吗?
var express = require('express'),
routes = require('./routes'),
api = require('./routes/api'),
http = require('http'),
path = require('path'),
mongoose = require('mongoose'),
passport = require('passport'),
LocalStrategy = require('passport-local').Strategy;
var app = module.exports = express();
var uristring =
process.env.MONGOLAB_URI ||
process.env.MONGOHQ_URL ||
'mongodb://localhost/HelloMongoose';
mongoose.connect(uristring, function (err, res) {
if (err) {
console.log ('ERROR connecting to: ' + uristring + '. ' + err);
} else {
console.log ('Succeeded connected to: ' + uristring);
}
});
var Schema = mongoose.Schema,
ObjectId = Schema.ObjectId;
var Tasks = new Schema({
"title": String,
"description": String,
"difficulty": Number,
"completed": Boolean
});
var Project = new Schema({
"title": String,
"tasks": [ Tasks ]
});
var User = new Schema({ // update data model here
"first_name": String,
"last_name": String,
"email": {type: String, unique: true},
"username": {type: String, unique: true},
"password": String,
"projects": [ Project ]
});
var User = mongoose.model('User', User);
User.prototype.validPassword = function(pass) {
return (this.password === pass);
}
/**
* Configuration
*/
// all environments
app.set('port', process.env.PORT || 3000);
app.set('views', __dirname + '/views');
app.set('view engine', 'jade');
app.use(express.logger('dev'));
app.use(express.bodyParser());
app.use(express.methodOverride());
app.use(express.static(path.join(__dirname, 'public')));
app.use(express.cookieParser());
app.use(express.session({ secret: 'keyboardcat' }));
app.use(passport.initialize());
app.use(passport.session());
app.use(app.router);
// development only
if (app.get('env') === 'development') {
app.use(express.errorHandler());
}
// production only
if (app.get('env') === 'production') {
// TODO
};
passport.use(new LocalStrategy(
function(username, password, done) {
mongoose.model('User').findOne({ username: username }, function (err, user) {
if (err) {
console.log('There was an error');
return done(err);
}
if (!user) {
console.log('Username invalid');
return done(null, false, { message: 'Incorrect username.' });
}
if (!user.validPassword(password)) {
console.log('Password incorrect');
return done(null, false, { message: 'Incorrect password.' });
}
return done(null, user);
});
}
));
passport.serializeUser(function(user, done) {
done(null, user.id);
});
passport.deserializeUser(function(id, done) {
User.findOne(id, function (err, user) {
done(err, user);
});
});
/**
* Routes
*/
// serve index and view partials
app.get('/', routes.index);
app.get('/login', function(req, res) {
console.log(req.session.user);
if (!req.session.user) {
res.render('login');
} else {
res.redirect('/');
}
});
app.post('/login', passport.authenticate('local', {
failureRedirect: '/login'
}), function(req, res) {
req.session.user = req.body.username;
res.redirect('/');
});
app.get('/signup', function(req, res) {
if (!req.session.user) {
res.render('signup');
} else {
res.redirect('/');
}
});
app.get('/logout', function(req, res) {
req.session.user = undefined;
res.redirect('/login');
});
app.post('/signup', function(req,res) {
if (req.body.username && req.body.password) {
var user = new User({
first_name: req.body.first_name,
last_name: req.body.last_name,
email: req.body.email,
username: req.body.username,
password: req.body.password
});
user.save(function(err) {
if (!err) {
console.log(user.username);
req.session.user = req.body.username;
res.redirect('/');
} else {
console.log(err);
res.redirect('/signup');
}
});
} else {
res.redirect('/signup');
}
});
app.get('/person', function(req,res) {
if (!req.session.user) {
res.redirect('/login');
} else {
mongoose.model('User').findOne({username: new RegExp('^'+req.session.user+'$', "i")}, function(err, user) {
if (!err) {
console.log(JSON.stringify(user));
res.send(user);
} else {
console.log(err);
}
});
}
});
app.put('/person', function(req,res) {
if (!req.session.user) {
res.redirect('/login');
} else {
console.log('Updating user');
console.log(req.body.projects);
mongoose.model('User').findOne({username: new RegExp('^'+req.session.user+'$', "i")}, function(err, user) {
console.log(user);
user.projects = req.body.projects;
console.log(user.first_name + ' is here');
user.save(function(err) {
if (!err) {
console.log('User updated');
} else {
console.log(err);
}
});
});
}
});
app.get('/:user', function(req, res) {
if (!req.session.user) {
res.redirect('/login');
} else if (req.params.user != req.session.user) {
res.redirect('/' + req.session.user);
} else {
res.render('index');
}
});
app.get('/partials/:name', routes.partials);
// JSON API
app.get('/api/name', api.name);
// redirect all others to the index (HTML5 history)
app.get('*', function(req, res) {
if (!req.session.user) {
res.render('login');
} else {
res.redirect('/');
}
});
/**
* Start Server
*/
http.createServer(app).listen(app.get('port'), function () {
console.log('Express server listening on port ' + app.get('port'));
});
答案 0 :(得分:1)
假设您从[{3}}获得了大部分代码,我可以看到您对其进行了更改,可能导致失败。
passport.use(new LocalStrategy(
function(username, password, done) {
mongoose.model('User').findOne({ username: username }, function (err, user) {
您已将validPassword
添加到User
,因此可能应该是
passport.use(new LocalStrategy(
function(username, password, done) {
User.findOne({ username: username }, function (err, user) {
答案 1 :(得分:0)
自:
用户将以访客用户身份从mongo返回
...你应该在这里进行一些记录和/或错误处理:
passport.deserializeUser(function(id, done) {
User.findOne(id, function (err, user) {
done(err, user);
});
});
帮助您追踪它。既然你刚刚开始,我建议你看看winston和loggly,如果你想探索在node / heroku中登录的工具。
你的应用程序看起来非常“有弹性”,用一个短语来表达 - 很多重定向似乎都在各处。您是否查看过fnakstad's technique节点/角度身份验证? (请注意,github页面引用了两篇解释内容的博客文章)。它可能会给你一些关于如何控制事物的想法。