我正在尝试在客户端使用AngularJS设置内容管理系统,在服务器端使用ExpressJS设置PassportJS进行身份验证。
目前我在客户端有两种服务方法:一种用于登录,另一种需要身份验证才能访问(忽略不相关的部分):
app.controller('MainCtrl', function($rootScope, $scope, authenticator, gameService){
authenticator.signIn({username: 'admin', password: 'lynda'})
.success(function(data){
$rootScope.session = data; //not sure if this is needed
console.log(data);
});
$scope.post = function(){
gameService.createNewGame({"name": "Brand new game",
"description": "new",
"image": "image.png"})
.success(function(data){
console.log(data);
});
};
});
app.factory('authenticator', function($http, $cookies){
var signIn = function(userData){
if(userData){
return $http.post("/authenticate", userData);
}
};
return {
signIn: signIn,
};
});
app.factory('gameService', function($http){
return {
createNewGame: function(newGame){
return $http.post('/games', {data: newGame});
}
});
在服务器端,我尝试在passportJS站点上的guides之后设置护照身份验证。 (目前,身份验证凭据是硬编码的):
var express = require('express');
var app = express();
var path = require('path');
var ObjectId = require('mongodb').ObjectID;
var bodyParser = require('body-parser');
var cookieParser = require('cookie-parser');
var session = require('express-session');
var passport = require('passport');
var LocalStrategy = require('passport-local').Strategy;
var db = require('mongoskin').db('mongodb://administrator:thePassword@localhost:27017/website');
//allow parsing of body messages
app.use(bodyParser.json()); // application/json
app.use(cookieParser());
app.use(bodyParser.urlencoded({extended: true})); // application/x-www-form-urlencoded
app.use(session({secret: 'Super top secret',
resave: true,
saveUninitialized: true}
));
app.use(passport.initialize());
app.use(passport.session());
passport.serializeUser(function(user, done){
done(null, user.username);
});
passport.deserializeUser(function(name, done){
done(null, {username: name});
});
passport.use(new LocalStrategy(
function(username, password, done){
if(username === 'admin' && password === 'lynda'){
return done(null, {username: 'admin'});
}
return done(null, false);
}
));
function isLoggedIn(req, res, next) {
console.log(req.isAuthenticated());
next();
}
app.post('/authenticate', passport.authenticate('local'),
function(req,res){
res.send("Authenticated successfully");
});
app.post('/games', isLoggedIn,
function(req,res){
console.log("You made it into the post");
db.collection('games').insert({
"name": req.body.name,
"description": req.body.description,
"image": req.body.image
},function(err,result){
if(err) throw err;
res.send(result);
});
});
app.use(express.static("public"));
app.use(function(req,res,next){
res.status(404).send("Sorry, can't find that!");
});
var server = app.listen(80, function(){
var host = server.address().address;
var port = server.address().port;
console.log("App listening at http://%s:%s", host, port);
});
当我启动服务器并运行客户端代码时。我从验证端点获得响应,说我已经成功验证了#34;。但是,当我点击页面上的一个按钮向@/游戏/'发送帖子请求时,服务器代码会运行" isLoggedIn"函数并报告req.isAuthenticated()为false。
我错过了什么?我觉得我从阅读文档中不太了解会话应该如何使用角度,并且我可能错过了一些关键的设置步骤。