问题是当我登录时,护照会多次运行其反序列化功能。虽然这对事情没有任何影响,但我知道。这样做可能会在以后的路上出现问题。 这是日志:
Bloodmorphed has been Serialized
Bloodmorphed has been deserialized
Bloodmorphed has been deserialized
Bloodmorphed has been deserialized
Bloodmorphed has been deserialized
Bloodmorphed has been deserialized
Bloodmorphed has been deserialized
这是护照:
/*jshint esversion: 6 */
const LocalStrategy = require('passport-local').Strategy;
const db = require('../config/db');
const bcrypt = require('bcryptjs');
let io = require('./io');
module.exports = (passport) => {
// =========================================================================
// passport session setup ==================================================
// =========================================================================
// used to serialize the user for the session
passport.serializeUser((user, done) => {
console.log(user.username + ' has been Serialized');
done(null, user.id);
});
// used to deserialize the user
passport.deserializeUser((id, done) => {
let sql = 'SELECT * FROM users, users_meta WHERE users.id = ? AND users_meta.id =?';
db.query(sql, [id, id]).then(results => {
var userdata = results[0];
console.log(userdata.username + ' has been deserialized');
done(null, userdata);
});
});
// Local Strategy login
passport.use('local-login', new LocalStrategy({
passReqToCallback: true,
}, (req, username, password, done) => {
// Match Username
let sql = 'SELECT * FROM users WHERE username = ?';
db.query(sql, [username]).then(results => {
if (!results.length) {
return done(null, false, {
type: 'loginMessage',
message: 'Wrong Login',
});
}
// Match Password
bcrypt.compare(password, results[0].password, (err, isMatch) => {
if (isMatch) {
var userData = results[0];
sql = 'SELECT * FROM users_meta WHERE id = ?';
db.query(sql, userData.id).then(results => {
Object.assign(userData, results[0]);
return done(null, userData);
});
} else {
return done(null, false, {
type: 'loginMessage',
message: 'Wrong Login',
});
}
});
});
}));
};
虽然目前这不是一个高优先级的问题,但我想修复它,或者确实发生这种情况。
答案 0 :(得分:0)
如果内存正确,Passport将在每个请求上反序列化。因为会话密钥存储在用户浏览器的Cookie中。
在典型的Web应用程序中,用于身份验证的凭据 用户将仅在登录请求期间传输。如果 身份验证成功后,将建立并维护会话 通过在用户浏览器中设置的cookie。
每个后续请求将不包含凭据,而是 标识会话的唯一Cookie。为了支持登录 会话,Passport将序列化和反序列化用户实例以 并从会话开始。
答案 1 :(得分:0)
请参阅https://github.com/jaredhanson/passport/issues/14#issuecomment-4863459
提供静态文件应该在passport.session
之前完成。
例如,根据引用的来源:
app.configure(function() {
app.use(express.session({ secret: 'keyboard cat' }));
app.use(passport.initialize());
// passport session is triggered, causing deserializeUser to be invoked
app.use(passport.session());
// but request was for a static asset, for which authentication is not
// necessary
app.use(express.static(__dirname + '/../../public'));
});
应更改为:
app.configure(function() {
app.use(express.logger())
// requests for static assets will be handled immediately and will not continue
// down the middleware stack
app.use(express.static(__dirname + '/../../public'));
// any request that gets here is a dynamic page, and benefits from session
// support
app.use(express.session({ secret: 'keyboard cat' }));
app.use(passport.initialize());
app.use(passport.session());
});