Node.js通过Apache-Redirect代理进行Passport身份验证

Question

我正在使用集成的护照帐户系统构建node.js应用程序。由于我是在uberspace.de上托管的，我需要在主web-root中配置我的.htaccess，如下所示：

RewriteEngine On
RewriteRule ^(.*) http://localhost:34457/$1 [P]

我的登录快递路线是:(可在/api/auth/login访问）

router.post('/login', passport.authenticate('login', { 
    successRedirect: '/account',
    failureRedirect: '/login?error=true'
}));

根据我对Passport的理解，如果成功登录，我应该被重定向到/account，如果没有，则被重定向到/login?error=true。

但是如果我使用

执行POST

url --data "email=foo@bar.com&password=test" http://[domain]/api/auth/login

结果是：

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>502 Proxy Error</title>
</head><body>
<h1>Proxy Error</h1>
<p>The proxy server received an invalid
response from an upstream server.<br />
The proxy server could not handle the request <em><a href="/api/auth/login">POST&nbsp;/api/auth/login</a></em>.<p>
Reason: <strong>Error reading from remote server</strong></p></p>
<hr>
<address>Apache/2.2.15 (CentOS) Server at [domain] Port 80</address>
</body></html>

如果我在Chrome中使用html-form（方法：POST，操作：/api/auth/login）执行相同的查询，我会被重定向到/api/auth/login%5E（显然会返回404 ）。

像这样的简单重定向工作：

router.post('/redirectToHome', function(req, res, next) {
    res.redirect(302, '/'); 
});

但即使我在调用/api/auth/login

时执行此功能

router.post('/login', function(req, res, next) {
    passport.authenticate('login', function(err, user, info) {
        if (err) return next(err);  
        if (!user) {
            console.log(info);
            return res.json(401, {success: false});
        } else {
            console.log(info);
            return res.json(200, {success: true});
        }
    })(req, res, next); 
});

我仍然会被重定向到/api/auth/login%5E。

我login的身份验证策略实现为：

var LocalStrategy   = require('passport-local').Strategy;
var User = require('../models/user');
var bCrypt = require('bcrypt-nodejs');

module.exports = function(passport){

    passport.use('login', new LocalStrategy({
            usernameField: 'email',
            passReqToCallback : true
        }, function(req, email, password, done) { 
            // check in mongo if a user with username exists or not
            User.findOne({ 'email' :  email }, 
                function(err, user) {
                    // In case of any error, return using the done method
                    if (err)
                        return done(err);
                    // Username does not exist, log the error and redirect back
                    if (!user){
                        console.log('User Not Found with email '+email);
                        return done(null, false, req.flash('message', 'User Not found.'));                 
                    }
                    // User exists but wrong password, log the error 
                    if (!isValidPassword(user, password)){
                        console.log('Invalid Password');
                        return done(null, false, req.flash('message', 'Invalid Password')); // redirect back to login page
                    }
                    // User and password both match, return user from done method 
                    // which will be treated like success
                    return done(null, user);
                });
            }));
    var isValidPassword = function(user, password){
        return bCrypt.compareSync(password, user.password);
    }
}

即使login - 路由器编写如下：

router.post('/login', function(req, res, next) {
    passport.authenticate('login', function(err, user, info) {
        if (err) return next(err);  
        if (!user) {
            console.log(info);
            return res.json(401, {success: false});
        } else {
            console.log(info);
            return res.json(200, {success: true});
        }
    })(req, res, next); 
});

我仍然被重定向到/api/auth/login%5E。

我的护照login - 策略是这样实施的：

var LocalStrategy   = require('passport-local').Strategy;
var User = require('../models/user');
var bCrypt = require('bcrypt-nodejs');

module.exports = function(passport){

    passport.use('login', new LocalStrategy({
            usernameField: 'email',
            passReqToCallback : true
        }, function(req, email, password, done) { 
            // check in mongo if a user with username exists or not
            User.findOne({ 'email' :  email }, 
                function(err, user) {
                    // In case of any error, return using the done method
                    if (err)
                        return done(err);
                    // Username does not exist, log the error and redirect back
                    if (!user){
                        console.log('User Not Found with email '+email);
                        return done(null, false, req.flash('message', 'User Not found.'));                 
                    }
                    // User exists but wrong password, log the error 
                    if (!isValidPassword(user, password)){
                        console.log('Invalid Password');
                        return done(null, false, req.flash('message', 'Invalid Password')); // redirect back to login page
                    }
                    // User and password both match, return user from done method
                    // which will be treated like success
                    return done(null, user);
                });
            }));
    var isValidPassword = function(user, password){
        return bCrypt.compareSync(password, user.password);
    }
}

有什么问题？

Answer 1

实际上，我的问题是一些看不见的角色，它将我重定向到其他页面，然后其他一些东西出错了。