路由器中的Hapijs会话
有没有一种方法可以使用会话信息,在用户成功login时从数据库加载用户数据,并通过Hapijs服务器路由中的不同路由加载?
index.js
var Hapi = require('hapi'); var server = new Hapi.Server(); var routeManager = require('./routes/manager'); server.connection({ host: "localhost", port: 8000 }); server.register(require('hapi-auth-cookie'), function (err) { server.auth.strategy('base', 'cookie', { password: 'somesecret', cookie: 'app-cookie', isSecure: false }); }); server.route(routeManager.loginRoutes); server.start(function(){ console.log('application started running on: '+JSON.stringify(server.info.uri)); });` manager.js
`var users = { john: { id: 'john', password: 'pass', name: 'John Doe', scope: "admin" } }; var loginRoutes = [ { method: 'GET', path: '/', config: { auth: false, handler: function homePageHandler(request, reply) { return reply('Home Page'); } } }, { method: ['GET', 'POST'], path: '/login/{user}', config: { auth: false, handler: function(request, reply){ if(request.params.user === users[request.params.user].id) { request.auth.session.set(users[request.params.user]); console.log("login auth info: "+JSON.stringify(request.auth)) reply("Hello, "+users[request.params.user].name); } } } }, { method: ['GET', 'POST'], path: '/logout/{user}', config: { auth: { strategy: 'base' }, handler: function(request, reply){ console.log("logout auth info: "+JSON.stringify(request.auth)) request.auth.session.clear(); return reply("You are logged out"); } } } ]; exports.loginRoutes = loginRoutes;`
我build议你使用hapi-auth-cookie 。
在你的应用程序设置中,你可以像这样configuration它:
server.register(require('hapi-auth-cookie'), function (err) { if (err) { console.error(err); } server.auth.strategy('session', 'cookie', { password: 'aReallyBigSecret', cookie: 'sid-ws', redirectTo: '/login', isSecure: false }); });
然后在你的路由中,你可以configuration他们使用authentication:
method: 'GET', path: '/aRoute', handler: function (request, reply) { console.log('request.auth.credentials'); }, config: { auth: 'session' }
要最初创build一个会话,您需要将一些数据设置到会话中:
method: 'POST', path: '/sessions', handler: function (request, reply) { var account = {id: 'userId', username:"hapiUser", accountType:"admin"}; request.auth.session.set(account); return reply(account); }
这显然不安全; 你会想对某种types的数据库进行查询,以实际validation你的用户。