我无法对用户进行身份验证。原谅我还在学习中。但我无法弄清楚是什么搞砸了,在哪里。我认为我的浏览器可能没有保存 cookie?当我在 Mac 上单击开发人员工具时,我会检查应用程序并转到 cookie。什么都不显示。但是我可以在登录时使用会话和用户在节点/快速后端服务器上记录会话。但是当我进入受保护的路由时我只能记录一个会话(我称之为“/user”),用户日志未定义。当浏览器看起来不像保存它时,我什至不确定如何使用 get 请求在后端控制台记录会话/cookie。
我使用 React 前端,后端使用 Node/express/passport。
app.js
const express = require("express");
const app = express();
const mongoose = require("mongoose");
const session = require("express-session");
const passport = require("passport");
const crypto = require("crypto");
const routes = require("./routes");
const connection = require("./config/database");
const bodyParser = require("body-parser");
const cors = require("cors");
app.use(cors());
app.use(bodyParser.json());
const MongoStore = require("connect-mongo")(session);
const dotenv = require("dotenv");
dotenv.config();
app.use(express.json());
app.use(express.urlencoded({ extended: true }));
const sessionStore = new MongoStore({
mongooseConnection: mongoose.connection,
collection: "sessions",
});
app.use(
session({
secret: "zdfbdaf",
resave: false,
saveUninitialized: true,
store: sessionStore,
cookie: {
maxAge: 1000 * 60 * 60 * 24,
},
})
);
require("./config/passport");
app.use(passport.initialize());
app.use(passport.session());
app.listen(3000);
Index.js
const passport = require("passport");
const genPassword = require("../lib/passwordUtils").genPassword;
const connection = require("../config/database");
const mongoose = require("mongoose");
const User = mongoose.models.User;
const cors = require("cors");
router.use(cors());
const isAuth = require("./authMiddleware").isAuth;
// const isAdmin = require("./authMiddleware").isAdmin;
// router.use(bodyParser.urlencoded({ extended: false }));
/**
* -------------- GET ROUTES ----------------
*
*/
router.get("/user", isAuth);
/**
* -------------- POST ROUTES ----------------
*/
router.post(
"/login",
passport.authenticate("local"),
(req, res) => {
console.log(req.session);
console.log(req.user);
}
);
router.post("/register", (req, res, next) => {
const saltHash = genPassword(req.body.pass2);
const salt = saltHash.salt;
const hash = saltHash.hash;
const newUser = new User({
username: req.body.email,
firstName: req.body.first,
lastName: req.body.last,
hash: hash,
salt: salt,
admin: true,
});
newUser.save();
});
module.exports = router;
authMiddleWare.js
module.exports.isAuth = (req, res, next) => {
if (req.isAuthenticated()) {
res.json({ msg: "You are authorized to view this resource" });
next();
} else {
console.log(req.session);
console.log(req.user);
console.log("checked out");
res
.status(401)
.json({ msg: "You are not authorized to view this resource" });
}
};
const LocalStrategy = require("passport-local").Strategy;
const connection = require("./database");
const mongoose = require("mongoose");
const User = mongoose.models.User;
const validPassword = require("../lib/passwordUtils").validPassword;
const cors = require("cors");
passport.use(cors());
const customFields = {
usernameField: "email",
passwordField: "password",
};
const verifyCallback = (username, password, done) => {
User.findOne({ username: username })
.then((user) => {
if (!user) {
console.log("No User");
return done(null, false);
}
const isValid = validPassword(password, user.hash, user.salt);
if (isValid) {
console.log("Logged in");
return done(null, user);
} else {
console.log("Wrong password");
return done(null, false);
}
})
.catch((err) => {
done(err);
});
};
const strategy = new LocalStrategy(customFields, verifyCallback);
passport.use(strategy);
passport.serializeUser((user, done) => {
done(null, user.id);
});
passport.deserializeUser((userId, done) => {
User.findById(userId)
.then((user) => {
done(null, user);
})
.catch((err) => done(err));
});
当我使用 react 登录时的后端控制台。
Session {
cookie: {
path: '/',
_expires: 2021-07-09T08:06:02.192Z,
originalMaxAge: 86400000,
httpOnly: true
},
passport: { user: '60e6a63f27c0d224aa18edc6' }
}
{
_id: 60e6a63f27c0d224aa18edc6,
username: 'drakecoleman@rocketmail.com',
firstName: 'Drake',
lastName: 'Coleman',
hash: 'ad4648beb9d2bf14315b38e4a29ad5e78a7beba807acc463b6ffb3a636fbfe32229f427b92d1efac37bbd60ddc29cb98b8d6772c18e8d0ee898b7ecada5e86e8',
salt: 'df413d6744421296d2760f347e1ec1d35f213828a19101ea67a7c8edc4a06d83',
admin: true,
__v: 0
} ```