错误:发送后无法设置标头。认证系统

时间:2018-01-15 21:21:11

标签: javascript mysql node.js express ejs

我想用mysql连接写一个小认证应用程序,我一直都会遇到这个错误,但我需要这样做。
如果客户端获得/ admin,如果他不是管理员,我想发送响应,如果他是,则应该呈现管理员。

app.js

var express = require('express');
var path = require('path');
var favicon = require('serve-favicon');
var logger = require('morgan');
var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');
var index = require('./routes/index');
const admin = require("./routes/admin");
const session = require("express-session");
var app = express();
app.set("trust proxy", 1);
app.use(session({
  secret: "asdf",
  resave: false,
  cookie: {
    maxAge: 120000
  },
  saveUninitialized: false
}));
function checkIfLoggedin(req,res,next){
  if(!(req.originalUrl === "/") && !req.session.loggedIn){
    res.redirect('/');
    return;
  }
  next();
};


// view engine setup
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'ejs');

// uncomment after placing your favicon in /public
//app.use(favicon(path.join(__dirname, 'public', 'favicon.ico')));
app.use(logger('dev'));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
app.use(cookieParser());
app.use(express.static(path.join(__dirname, 'public')));
app.use(checkIfLoggedin);
app.use('/', index);
app.use("/admin", admin);

// catch 404 and forward to error handler
app.use(function(req, res, next) {
  var err = new Error('Not Found');
  err.status = 404;
  next(err);
});

// error handler
app.use(function(err, req, res, next) {
  // set locals, only providing error in development
  res.locals.message = err.message;
  res.locals.error = req.app.get('env') === 'development' ? err : {};

  // render the error page
  res.status(err.status || 500);
  res.render('error');
});
module.exports = app;

index.js

var express = require('express');
var router = express.Router();
const bcrypt = require('bcrypt-nodejs');
var dbPassword;
import mysql from "mysql";
//
/* GET home page. */
router.get('/', function(req, res, next) {
  res.render('index', {});
});
router.post('/', function(req,res,next) {
  console.log("1");
  const enteredUsername = req.body.username;
  const enteredPassword = req.body.password;
  const con = mysql.createConnection({
    host: "localhost",
    user: "user",
    password: "pass",
    database: "db"
  });
  con.query('SELECT * FROM users WHERE username = ?;', [`${enteredUsername}`], (error, results, fields) => {
    if (results.length > 0) {
      console.log("2");
      console.log(error);
      let dbPassword = results[0].password;
      bcrypt.compare(enteredPassword, dbPassword, (err,response) => {
        console.log(err);
        console.log(response);
        console.log("3");
        if (response == true) {
          req.session.user = {
            userId: results[0].userId,
            username: results[0].username,
            isAdmin: results[0].isAdmin,
          };
          req.session.loggedIn = true;
          console.log("file");
          if (req.session.user.isAdmin) {
            res.redirect("/admin");
          }
          else{
            res.redirect("/file/" + req.session.user.userId);
          }

        }
        else{
          req.session.loggedIn = false;

          console.log("false");
          res.send("Wrong password");
        }
      });
    }
    else{
      res.send("Wrong Data");
    }
  });
});
module.exports = router;

admin.js

var express = require('express');
var router = express.Router();

/* GET users listing. */
router.get('/', function(req, res, next) {
  if (!req.session.user.isAdmin) {
    res.send("Du bist kein Admin!");
  }
  res.render("admin");

});

module.exports = router;

index.ejs

<!DOCTYPE html>
<html>
  <head>
    <title>Costufi</title>
      <link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet">
      <link type="text/css" rel="stylesheet" href="stylesheets/materialize.min.css"  media="screen,projection"/>
  </head>
  <body>
    <main>
      <center>
        <div class="container">
          <div class="z-depth-2" style="display: inline-block; padding: 20px 50px 10px 50px; margin-top: 15%;">
            <form class="col s12" action="/" method="post">
              <div class="row">
                <h4>Login</h4>
                <div class="input-field col s12">
                  <input type="text" name="username" id="username" class="validate">
                  <label for="username">Username</label>
                </div>
              </div>
              <div class="row">
                <div class="input-field col s12">
                  <input type="password" name="password" id="password" class="validate">
                  <label for="password">PassworD</label>
                </div>
              </div>
              <div class="row">
                <button class="left btn waves-effect waves-light indigo darken-2" type="submit" name="send">Login
                  <i class="material-icons right">send</i>
              </div>
            </form>
          </div>
        </div>
      </center>
    </main>
    <script type="text/javascript" src="https://code.jquery.com/jquery-3.2.1.min.js"></script>
    <script type="text/javascript" src="js/materialize.min.js"></script>
  </body>
</html>

1 个答案:

答案 0 :(得分:1)

当您尝试向同一请求发送多个响应时,会导致此错误。我没有研究你代码中的所有地方,但这是一个明显的例子:

/* GET users listing. */
router.get('/', function(req, res, next) {
  if (!req.session.user.isAdmin) {
    res.send("Du bist kein Admin!");
  }
  res.render("admin");
});    

如果您的if测试成立,那么您最终会同时执行res.send()res.render()res.render()会触发警告,因为您已经在此连接上发送了回复,但无法发送另一个回复。您应该将其更改为:

/* GET users listing. */
router.get('/', function(req, res, next) {
  if (!req.session.user.isAdmin) {
    res.send("Du bist kein Admin!");
  } else {
    res.render("admin");
  }
});