我正在尝试使用passport来实现基于基于会话的身份验证,对于给定签名的用户,我能够在后续请求中从会话中检索用户信息。
我遇到的问题是登录多个用户时,会话始终返回上次登录的用户详细信息,而与发出请求的用户无关。
如何区分创建的不同会话中的不同用户?
护照配置
/**
* @author Wokoro Douye Samuel
*/
import passport from 'passport';
import { Strategy as LocalStrategy } from 'passport-local';
import userRepository from '../components/user/repository';
import { userInfo, verifyPassword } from '../utils';
/**
* @description Passport serialization configuration.
*/
passport.serializeUser((uuid, done) => done(null, uuid));
/**
* @description Passport user deserialization configuration.
*/
passport.deserializeUser(async (user_id, done) => {
const user = await userRepository.getOne({ uuid: user_id });
const userDetails = userInfo(user);
done(null, userDetails);
});
/**
* @description Passport strategy configuration.
*/
passport.use(new LocalStrategy(
{
usernameField: 'email',
passwordField: 'password',
},
(async (email, password, done) => {
let passwordVerified = false;
try {
const result = await userRepository.getOne({ email });
if (result) {
const { dataValues: { password: hashedPassword } } = result;
passwordVerified = verifyPassword(password, hashedPassword);
}
if (!passwordVerified) {
return done(null, false, { message: 'Email or password incorrect' });
}
const { uuid } = userInfo(result.dataValues);
return done(null, uuid);
} catch (err) {
return done(err);
}
}),
));
export default passport;
用户控制器
/**
* @author Wokoro Douye Samuel
*/
import userRepository from './repository';
import { userInfo, hashPassword } from '../../utils';
export default {
/**
* @description Controller method to create new user.
*
* @param {object} req - HTTP request object.
*
* @param {object} res - HTTP response object.
*
* @param {function} next - Function to call next function.
*
* @returns {object} Returns created user and status code
*/
async create({ body }, res, next) {
body.password = hashPassword(body.password);
try {
const result = await userRepository.create(body);
res.status(200).send({
status: 'success',
data: userInfo(result),
});
} catch (err) {
next(err);
}
},
/**
* @description Controller method to login user.
*
* @param {object} req - HTTP request object.
*
* @param {object} res - HTTP response object.
*
* @param {function} next - Function to call next function.
*
* @returns {object} Returns login success message and status code.
*
*/
async login(req, res, next) {
try {
return res.status(200).send({
status: 'success',
data: 'login succeful',
});
} catch (error) {
next(error);
}
},
};
用户路线
/**
* @auther Wokoro Douye Samuel
*/
import { inputValidation, authenticateUser } from './validation';
import userControllers from './controller';
/**
* @description Variable to hold user routes.
*/
export default [
{
path: '/signup',
handlers: [...inputValidation, userControllers.create],
method: 'post',
},
{
path: '/login',
handlers: [authenticateUser, userControllers.login],
method: 'post',
},
];
可以找到我的仓库的链接here