我使用快递会议和护照。我根据存储在cookie中的sessionID存储令牌数据,稍后将在mysql数据库中检索该数据。
到目前为止,我可以使用此sessionID作为令牌存储购物车数据 存储在cookie中的信息,以后将在数据库中检索 每个请求。
但是当用户使用护照登录时出现了问题,这是用户数据也存储在会话中的位置,并在用户成功登录时更改了sessionID。
因此,成功登录购物车后,数据会消失,因为sessionID不同
我犯错了吗?
说实话,我对这次快速会议的使用感到非常困惑
我尝试删除以下内容:app.use(passport.session());并且仍然更改了sessionID
Server.js
const app = express();
app.use(session({
genid: function (req) {
return uuidv4() // use UUIDs for session IDs
},
name:keys.session.name,
secret: keys.session.secret,
resave: false,
saveUninitialized: true,
rolling:true,
cookie: {
secure: false,
httpOnly: true,
maxAge:keys.session.maxAge, // satu hari,
sameSite:true,
}
}));
app.use(passport.initialize());
app.use(passport.session());
app.use(cookieParser());
app.use(csrf({ cookie: true }));
app.disable('x-powered-by');
app.use((req,res,next)=>{
res.header('X-XSS-Protection', '1; mode=block');
res.header('X-Frame-Options','deny');
res.header('X-Content-Type-Options','nosniff');
res.header("Access-Control-Allow-Origin", "http://localhost:3000");
res.cookie('hammerstout_t',req.csrfToken());
console.log(req.sessionID);
next();
})
app.use(cors({ origin: keys.origin.url,credentials:true}))
app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json());
app.get('/', function (req, res, next) {
var ua = UAparser(req.headers['user-agent']);
res.end(JSON.stringify(ua, null, ' '));
})
app.use('/api/',[CategoryRoutes, ProductRoutes, CartRoutes, AuthRoutes,TrackRoutes]);
const port = process.env.PORT || 5000;
app.listen(port, (err) => {
if(err){
console.log(err);
}else{
console.log(`Server running on port ! ${port}`);
}
});
passport-setup-js
import passport from 'passport';
import GoogleStrategy from 'passport-google-oauth20';
import keys from './keys';
import db from './conn';
passport.serializeUser((user, done) => {
let tokenValue={
providerId:user.providerId,
token:user.token,
user_id:user.id
}
done(null, tokenValue)
})
passport.deserializeUser((data, done) => {
let querySelect = `SELECT us.id,us.displayName,us.email,up.providerId,up.token,up.provider from user as us
left join user_provider as up on us.id = up.user_id
where us.id = ? and up.provider = 'google' and up.providerId = ? and up.token = ?`;
db.query(querySelect,[data.user_id,data.providerId,data.token], (err, ress) => {
if(ress.length > 0){
done(null, ress[0])
}
})
})
passport.use(
new GoogleStrategy({
//options for the google strategy
callbackURL: '/api/auth/google/redirect',
clientID: keys.google.clientID,
clientSecret: keys.google.clientSecret
}, (accessToken, refreshToken, profile, done) => {
// console.log(profile);
// TODO : HARUS VALIDASI DULU
let queryInsert = `INSERT INTO user set ?; INSERT INTO user_provider set user_id = (SELECT u.id from user as u order by id desc limit 1), ?;`;
let queryFind = `SELECT us.id from user as us
left join user_provider as up on us.id = up.user_id
where up.providerId = ${profile.id}
and up.token = '${accessToken}' group by us.id`;
let querySelect = `SELECT us.id,us.displayName,us.email,up.providerId,up.token,up.provider from user as us
left join user_provider as up on us.id = up.user_id
where us.id = ? and up.provider = ? and up.providerId = ? and up.token = ?`;
let user = {
displayName: profile.displayName,
email: profile.emails[0].value,
}
if(profile.gender){
user.gender = profile.gender
}
let user_provider={
provider:profile.provider,
providerId:profile.id,
token:accessToken
}
db.query(queryFind, (error, result, fields) => {
if(error) return done(error);
if (result.length > 0) {
return done(null, result[0]);
}else{
db.query(queryInsert, [user, user_provider], (err, ress, fields) => {
if (err) return done(err);
if (ress) {
db.query(querySelect, [ress[0].insertId, profile.provider, profile.id, accessToken],(err,ress)=>{
if (err) return done(err);
if(ress.length > 0){
return done(null, ress[0]);
}
})
}
})
}
})
})
)
控制器
export const loginGoogleRedirect = (req,res)=>{
let payload ={
id:req.user.id,
displayName:req.user.displayName,
email:req.user.email,
providerId:req.user.providerId,
token:req.user.token,
provider:req.user.provider
};
jwt.sign(
payload,
keys.jwt.secretOrPrivateKey,
{
expiresIn: keys.jwt.expiresIn
}, (err, token) => {
res.redirect(keys.origin.url + "?token=" + token);
});
}