Question

问题是当我登录时，护照会多次运行其反序列化功能。虽然这对事情没有任何影响，但我知道。这样做可能会在以后的路上出现问题。这是日志：

Bloodmorphed has been Serialized
Bloodmorphed has been deserialized
Bloodmorphed has been deserialized
Bloodmorphed has been deserialized
Bloodmorphed has been deserialized
Bloodmorphed has been deserialized
Bloodmorphed has been deserialized

这是护照：

/*jshint esversion: 6 */
const LocalStrategy = require('passport-local').Strategy;
const db = require('../config/db');
const bcrypt = require('bcryptjs');
let io = require('./io');

module.exports = (passport) => {

  // =========================================================================
  // passport session setup ==================================================
  // =========================================================================

  // used to serialize the user for the session
  passport.serializeUser((user, done) => {
    console.log(user.username + ' has been Serialized');
    done(null, user.id);
  });

  // used to deserialize the user
  passport.deserializeUser((id, done) => {
    let sql = 'SELECT * FROM users, users_meta WHERE users.id = ? AND users_meta.id =?';
    db.query(sql, [id, id]).then(results => {
      var userdata = results[0];
      console.log(userdata.username + ' has been deserialized');
      done(null, userdata);
    });
  });

  // Local Strategy login
  passport.use('local-login', new LocalStrategy({
    passReqToCallback: true,
  }, (req, username, password, done) => {
    // Match Username
    let sql = 'SELECT * FROM users WHERE username = ?';
    db.query(sql, [username]).then(results => {
      if (!results.length) {
        return done(null, false, {
          type: 'loginMessage',
          message: 'Wrong Login',
        });
      }

      //  Match Password
      bcrypt.compare(password, results[0].password, (err, isMatch) => {
        if (isMatch) {
          var userData = results[0];
          sql = 'SELECT * FROM users_meta WHERE id = ?';
          db.query(sql, userData.id).then(results => {
            Object.assign(userData, results[0]);
            return done(null, userData);
          });

        } else {
          return done(null, false, {
            type: 'loginMessage',
            message: 'Wrong Login',
          });
        }
      });
    });
  }));
};

虽然目前这不是一个高优先级的问题，但我想修复它，或者确实发生这种情况。

Answer 1

如果内存正确，Passport将在每个请求上反序列化。因为会话密钥存储在用户浏览器的Cookie中。

来自PassportJS documentation：

在典型的Web应用程序中，用于身份验证的凭据   用户将仅在登录请求期间传输。如果   身份验证成功后，将建立并维护会话   通过在用户浏览器中设置的cookie。

每个后续请求将不包含凭据，而是   标识会话的唯一Cookie。为了支持登录   会话，Passport将序列化和反序列化用户实例以   并从会话开始。

Answer 2

请参阅https://github.com/jaredhanson/passport/issues/14#issuecomment-4863459

提供静态文件应该在passport.session之前完成。

例如，根据引用的来源：

app.configure(function() {
  app.use(express.session({ secret: 'keyboard cat' }));
  app.use(passport.initialize());
  // passport session is triggered, causing deserializeUser to be invoked
  app.use(passport.session());
  // but request was for a static asset, for which authentication is not
  // necessary
  app.use(express.static(__dirname + '/../../public'));
});

应更改为：

app.configure(function() {
  app.use(express.logger())
  // requests for static assets will be handled immediately and will not continue
  // down the middleware stack
  app.use(express.static(__dirname + '/../../public'));
  // any request that gets here is a dynamic page, and benefits from session
  // support
  app.use(express.session({ secret: 'keyboard cat' }));
  app.use(passport.initialize());
  app.use(passport.session());
});

Passport在登录时多次反序列化

2 个答案: