使用本地护照

时间:2016-04-05 13:21:50

标签: node.js session authentication express passport.js

我正在尝试使用express,passport-local,mongoose编写一个小型用户身份验证模块。用户身份验证工作正常,但我无法在进一步的会话中使用经过身份验证的用户。

已经完成了Stackoverflow和其他地方的大部分建议,但似乎没有在这里工作。

我的代码的缩小版如下:

var express = require('express');
var cookieParser = require('cookie-parser');
var mongoose = require('mongoose');
var bodyParser = require('body-parser');
var passport = require('passport');
var LocalStrategy = require('passport-local').Strategy;
var session = require('express-session');

function genuuid(req) {
  return "UUID";
}

var app=express('');
mongoose.connect('mongodb://localhost:27017/test');

//user config
var userSchema =  new mongoose.Schema({ username: String, password: String});
var User = mongoose.model('User', userSchema);

var CreateUser = function(req, res) {
  var user = new User();
  user.username = req.body.username;
  user.password = req.body.password;
  user.save(function(err) {
    if (!err)
       res.json({message: "User created"});
    else
       res.send(err);
  });
}

//passport config
passport.use('local', new LocalStrategy(
  function(username, password, callback) {
    User.findOne({username: username}, function(err, user) {
      if (!user)
        callback(null, false);
      else
        callback(null, {id: user.id});
    });
  }
));
passport.serializeUser(function(user, done) {
  return done(null, user.id);
});

passport.deserializeUser(function(id, done) {
  User.findById(id, function(err, user) {
    return done(err, user);
  });
});

var Authenticate = passport.authenticate('local', {session: true});
var IsLoggedIn = function(req, res, next) {
  if (req.isAuthenticated())
    next();
  else
    res.json({message: "Not logged In"});
}

app.use(session({
  genid: function(req) {
    return genuuid()
  },
  name: 'server-session-cookie-id',
  secret: 'carxpertsecret',
  cookie: {maxAge: 60000 },
  saveUninitialized: false,
  resave: false,
  //store: new FileStore()
}));

app.use(bodyParser.urlencoded({
  extended: true
}));

app.use(passport.initialize());
app.use(passport.session());


var router = express.Router();

router.route('/secretdata').
  get(IsLoggedIn, function(req, res) { res.send("Secret Data")});


router.route('/createUser').
  post(CreateUser);

router.route('/login').
  post(Authenticate, function(req, res) { res.send("user authenticated")});

app.use('/api', router);

app.listen(3000, function() {
    console.log("Example app listening on port 3000!");
});

现在我创建一个用户如下:

$ curl -v http://127.0.0.1:3000/api/createUser -X POST -d "username=foo&password=foo123"


* Hostname was NOT found in DNS cache
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 3000 (#0)
> POST /api/createUser HTTP/1.1
> User-Agent: curl/7.38.0
> Host: 127.0.0.1:3000
> Accept: */*
> Content-Length: 28
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 28 out of 28 bytes
< HTTP/1.1 200 OK
< X-Powered-By: Express
< Content-Type: application/json; charset=utf-8
< Content-Length: 26
< ETag: W/"1a-BL5+lbfL5b+1LNJK6XUFRA"
< Date: Mon, 04 Apr 2016 23:31:14 GMT
< Connection: keep-alive
<
* Connection #0 to host 127.0.0.1 left intact
{"message":"User created"}

然后使用新创建的用户登录(验证):

$ curl -v http://127.0.0.1:3000/api/login -X POST -d "username=foo&password=foo123"
* Hostname was NOT found in DNS cache
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 3000 (#0)
> POST /api/login HTTP/1.1
> User-Agent: curl/7.38.0
> Host: 127.0.0.1:3000
> Accept: */*
> Content-Length: 28
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 28 out of 28 bytes
< HTTP/1.1 200 OK
< X-Powered-By: Express
< Content-Type: text/html; charset=utf-8
< Content-Length: 18
< ETag: W/"12-oAQqrjPB7C8RdFEBpTkRdQ"
< set-cookie: server-session-cookie-id=s%3AUUID.y6%2BRWOBpX%2Ffg6mVomXev1bhxB1LU0RarUvCYME9DR5I; Path=/; Expires=Mon, 04 Apr 2016 23:32:20 GMT; HttpOnly
< Date: Mon, 04 Apr 2016 23:31:20 GMT
< Connection: keep-alive
<
* Connection #0 to host 127.0.0.1 left intact
user authenticated

我以cookie的形式获取新创建的会话(请参阅上面的set-cookie标头),当我尝试在后续请求中使用此会话时(如下所示),用户未使用此会话进行身份验证:

$ curl -v http://127.0.0.1:3000/api/secretdata --cookie 'server-session-cookie-id=s%3AUUID.y6%2BRWOBpX%2Ffg6mVomXev1bhxB1LU0RarUvCYME9DR5I'
* Hostname was NOT found in DNS cache
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 3000 (#0)
> GET /api/secretdata HTTP/1.1
> User-Agent: curl/7.38.0
> Host: 127.0.0.1:3000
> Accept: */*
> Cookie: server-session-cookie-id=s%3AUUID.y6%2BRWOBpX%2Ffg6mVomXev1bhxB1LU0RarUvCYME9DR5I
>
< HTTP/1.1 200 OK
< X-Powered-By: Express
< Content-Type: application/json; charset=utf-8
< Content-Length: 27
< ETag: W/"1b-hZjo3NVGururbXsBRiO5+Q"
< Date: Tue, 05 Apr 2016 00:07:18 GMT
< Connection: keep-alive
<
* Connection #0 to host 127.0.0.1 left intact
{"message":"Not logged In"}

请帮我调试这个问题。

0 个答案:

没有答案
相关问题
最新问题