我正在阅读https://github.com/FrankHassanabad/Oauth2orizeRecipes中的代码,该代码演示了OAuth2orize的用法,可用于实现OAuth2授权服务器。
我提出的问题并不是什么新鲜事。我只是遇到了Express 3.x的基础知识。
在app.js中:
oauth2 = require('./oauth2')
. . .
app.get('/dialog/authorize', oauth2.authorization);
在Oauth2.js中:
exports.authorization = [
login.ensureLoggedIn(),
server.authorization(function (clientID, redirectURI, scope, done) {
db.clients.findByClientId(clientID, function (err, client) {
if (err) {
return done(err);
}
if(client) {
client.scope = scope;
}
// WARNING: For security purposes, it is highly advisable to check that
// redirectURI provided by the client matches one registered with
// the server. For simplicity, this example does not. You have
// been warned.
return done(null, client, redirectURI);
});
}),
function (req, res, next) {
//Render the decision dialog if the client isn't a trusted client
//TODO Make a mechanism so that if this isn't a trusted client, the user can recorded that they have consented
//but also make a mechanism so that if the user revokes access to any of the clients then they will have to
//re-consent.
db.clients.findByClientId(req.query.client_id, function(err, client) {
if(!err && client && client.trustedClient && client.trustedClient === true) {
//This is how we short call the decision like the dialog below does
server.decision({loadTransaction: false}, function(req, callback) {
callback(null, { allow: true });
})(req, res, next);
} else {
res.render('dialog', { transactionID: req.oauth2.transactionID, user: req.user, client: req.oauth2.client });
}
});
}
];
那么,是因为app.get()可以使用一系列中间件吗?我试图找到app.get()的代码在哪里弄明白,但我无法找到它。
修改 我在Express 3.6上。所以根据Infer-on的回答,如果我错了,请纠正我。 你的意思是oauth2.authorization 数组而不是模块?
app.VERB转到this._router[method].apply(this._router, arguments);
其中arguments是一个类似于数组的对象,只有一个项目,即oauth2.authorization数组。
然后转到由以下函数定义的函数中的router / index.js:
methods.forEach(function(method){
Router.prototype[method] = function(path){
var args = [method].concat([].slice.call(arguments));
this.route.apply(this, args);
return this;
};
});
此处,之前的arguments现在是path。然后成为args。因此oauth2.authorization给出的原始数组仍然存在,并且是args中的项目,其长度为2,第一项是方法名称" get"第二个是阵列。
this.route在同一个文件中定义:
Router.prototype.route = function(method, path, callbacks){
var method = method.toLowerCase()
, callbacks = utils.flatten([].slice.call(arguments, 2));
// ensure path was given
if (!path) throw new Error('Router#' + method + '() requires a path');
// ensure all callbacks are functions
callbacks.forEach(function(fn){
if ('function' == typeof fn) return;
var type = {}.toString.call(fn);
var msg = '.' + method + '() requires callback functions but got a ' + type;
throw new Error(msg);
});
// create the route
debug('defined %s %s', method, path);
var route = new Route(method, path, callbacks, {
sensitive: this.caseSensitive,
strict: this.strict
});
// add it
(this.map[method] = this.map[method] || []).push(route);
return this;
};
由于utils.flatten([].slice.call(arguments, 2));来自oauth2.authorization的数组变得平坦。因此,好像发送的内容不是数组而是正常的参数。 (我不知道" 2"正在做什么)。 oauth2.authorization中的第3个是易于理解的回调。第一个是login.ensureLoggedIn()这是一个中间件?第二个是server.authorization() ..但我不完全确定它在做什么。
答案 0 :(得分:1)
对于get方法,在第一个参数之后,应用程序将添加路由,然后将其他参数传递给相关控制器
this._router[method].apply(this._router, arguments);
<强> app.js
app.get('/', routes.index);
<强> index.js
// controller
exports.index = function(req, res){
res.render('index', { title: 'Express' });
};
<强>的application.js
methods.forEach(function(method){
app[method] = function(path){
if ('get' == method && 1 == arguments.length) return this.set(path);
// deprecated
if (Array.isArray(path)) {
console.trace('passing an array to app.VERB() is deprecated and will be removed in 4.0');
}
// if no router attached yet, attach the router
if (!this._usedRouter) this.use(this.router);
// setup route
this._router[method].apply(this._router, arguments);
return this;
};
});
所以
app.get('/dialog/authorize', oauth2.authorization);
将通过/dialog/authorize模块
authorization方法传递
修改
我不确定数组导出,请尝试类似Implement Authorization Endpoint:
的内容oauth2.authorization