验证成功后,req.session.user存在,但是当我尝试调用它来限制对页面的访问时,它就消失了,当然当我不想要它时限制访问。我知道它的范围问题,但我无法弄明白。
function restrict(req, res, next) {
if (req.session.user) {
next();
} else {
req.session.error = 'Access denied!';
res.redirect('/accessdenied');
}
}
// Add User Route
app.get('/addUser', restrict, function (req, res, next)
{res.render('addUser', {
title : "SC Auds - Ad New User"
, author : "Alan Swenson"
, description : "none"
});
});
app.post('/login', function (req, res, next){
var checkuser = new User({
email : req.body.user.email
, password : req.body.user.password
});
// checkuser.save(function(err) {
// Successfully Logged In
User.getAuthenticated(checkuser.email, checkuser.password, function(err, user, reason) {
if (err) {
throw err;
// Failed to work
res.redirect('/error');
}
// login was successful if we have a user
if (user) {
// handle login success
req.session.regenerate(function(){
req.session.user = user;
req.session.success = 'Authenticated as ' + user.email;
res.redirect('/admin');
console.log(req.session.user);
});
}
// otherwise we can determine why we failed
var reasons = User.failedLogin;
console.log(User.failedLogin);
switch (reason) {
case reasons.NOT_FOUND:
case reasons.PASSWORD_INCORRECT:
// note: these cases are usually treated the same - don't tell
// the user *why* the login failed, only that it did
break;
case reasons.MAX_ATTEMPTS:
// send email or otherwise notify user that account is
// temporarily locked
break;
}
});
});
这是我的app.js
/**
* Module dependencies
*/
var express = require('express'),
routes = require('./routes'),
tasks = require("./tasks"),
mongoose = require('mongoose');
crypt = require('bcrypt');
RedisStore = require('connect-redis')(express);
url = require('url');
// Get yo' models
User = require("./models/user.js");
// Set up the app
app = express();
// Set up the server
var server = require('http').createServer(app);
//set up redis
var redisURL = 'redis://nodejitsu:nodejitsudb3022889634.redis.irstack.com:f327cfe980c971946e80b8e975fbebb4@nodejitsudb3022889634.redis.irstack.com:6379';
var redis = url.parse(redisURL);
console.log(redis);
/**
* Configuration
*/
app.configure(function(){
app.set('views', __dirname + '/views');
app.set('view engine', 'jade');
// Middle Ware
app.use(express.favicon(__dirname + '/public/favicon.ico'));
app.use(express.bodyParser());
app.use(express.cookieParser());
app.use(express.session({
secret: "kaskjbabjkdfkabdfbkadbkjfasdfasdfrterterte",
store: new RedisStore({ host: redis.hostname, port: redis.port, pass: redis.auth ? redis.auth.substring(redis.auth.indexOf(':') + 1) : null }),
proxy: true,
cookie: { secure: true}
}));
app.use(express.methodOverride());
app.use(app.router);
app.use(express.static(__dirname + '/public'));
app.enable('trust proxy');
});
/**
* Set up Listening Ports
* Development & Production
*/
var port;
app.configure('development', function(){
port = 3000;
app.use(express.errorHandler({ dumpExceptions: true, showStack: true }));
// mongoose.connect('mongodb://localhost/<app_name>');
});
app.configure('production', function(){
port = 80;
app.use(express.errorHandler());
// Production database connection string
mongoose.connect('mongodb://nodejitsu:c09cdadf6f1c8ecad43a01d54b4da8e4@linus.mongohq.com:10096/nodejitsudb9995237560');
});
/**
* Open Database
*/
var db = mongoose.connection;
db.on('error', console.error.bind(console, 'connection error:'));
db.once('open', function callback () {
console.log('opened');
});
var models = {};
/**
* Set up Routes
*/
// Main Route
app.get('/', routes.home);
// Additional Routes
require('./additionalRoutes')(app)
/**
* Start Sever Listening
*/
server.listen(port, function(){
});
/*
* Run background tasks here:
*/
// Run immediately
// tasks.myTask();
// Run periodically
// setInterval(tasks.myTask, 1000 * 60 * 10);
答案 0 :(得分:0)
你在这里缺少限制功能..
app.post('/login', function (req, res, next){
将其更改为。
app.post('/login', restrict, function (req, res, next){
答案 1 :(得分:0)
我明白了。由于我的计算机和服务器之间的时区不同,我的cookie立即到期。更改为过期:false
cookie: { secure: true,
path: '/',
expires: false}