isAuthenticated()函数不工作node.js护照
我正在创build在线课程应用程序,我只想要authentication的用户查看课程的详细信息和课程讲座。 我正在使用本地的护照authentication策略进行用户authentication。 我在我的路由中添加了isAuthenticated,但是,未经validation的用户仍然可以查看video讲座。 这是我的路线文件。 文件名: – courses.server.routes.js
'use strict'; /** * Module dependencies */ var coursesPolicy = require('../policies/courses.server.policy'), courses = require('../controllers/courses.server.controller'); var passport = require('passport'); var isAuthenticated = function(req, res, next) { // if user is authenticated in the session, call the next() to call the next request handler // Passport adds this method to request object. A middleware is allowed to add properties to // request and response objects if (req.isAuthenticated()) return next(); // if the user is not authenticated then redirect the user to the login page res.redirect('/'); }; module.exports = function (app) { // Courses collection routes app.route('/api/courses').all(coursesPolicy.isAllowed) .get(courses.list) .post(courses.create); // Single course routes app.route('/api/courses/:courseId', isAuthenticated).all(coursesPolicy.isAllowed) .get(courses.read) .put(courses.update) .delete(courses.delete); // Finish by binding the course middleware app.param('courseId', courses.courseByID); }; 这是我的路由控制器文件。 文件名: – courses.server.controller.js
'use strict'; /** * Module dependencies */ var path = require('path'), mongoose = require('mongoose'), Course = mongoose.model('Course'), errorHandler = require(path.resolve('./modules/core/server/controllers/errors.server.controller')); var passport = require('passport'); /** * Create an course */ exports.create = function (req, res) { var course = new Course(req.body); course.user = req.user; course.save(function (err) { if (err) { return res.status(422).send({ message: errorHandler.getErrorMessage(err) }); } else { res.json(course); } }); }; /** * Show the current course */ exports.read = function (req, res) { // convert mongoose document to JSON var course = req.course ? req.course.toJSON() : {}; // Add a custom field to the Course, for determining if the current User is the "owner". // NOTE: This field is NOT persisted to the database, since it doesn't exist in the Course model. course.isCurrentUserOwner = !!(req.user && course.user && course.user._id.toString() === req.user._id.toString()); console.log('course value is: ' + course); console.log('video lecture embed value is: ' + course.courseLecture.lecture_video); res.json(course); }; /** * Update an course */ exports.update = function (req, res) { var course = req.course; course.title = req.body.title; course.content = req.body.content; course.courseLecture.lecture_video = req.body.courseLecture.lecture_video; console.log('course lecture video url is: ' + req.body.courseLecture.lecture_video); course.save(function (err) { if (err) { return res.status(422).send({ message: errorHandler.getErrorMessage(err) }); } else { res.json(course); } }); }; /** * Delete an course */ exports.delete = function (req, res) { var course = req.course; course.remove(function (err) { if (err) { return res.status(422).send({ message: errorHandler.getErrorMessage(err) }); } else { res.json(course); } }); }; /** * List of Courses */ exports.list = function (req, res) { Course.find().sort('-created').populate('user', 'displayName').exec(function (err, courses) { if (err) { return res.status(422).send({ message: errorHandler.getErrorMessage(err) }); } else { res.json(courses); } }); }; /** * Course middleware */ exports.courseByID = function (req, res, next, id) { if (!mongoose.Types.ObjectId.isValid(id)) { return res.status(400).send({ message: 'Course is invalid' }); } Course.findById(id).populate('user', 'displayName').exec(function (err, course) { if (err) { return next(err); } else if (!course) { return res.status(404).send({ message: 'No course with that identifier has been found' }); } req.course = course; next(); }); };
我无法弄清楚,这里出了什么问题。
来自http动词isAuthenticated函数表示来自get, post, patch, delete
喜欢:
app.route('/api/courses/:courseId') .get(isAuthenticated, courses.read)
也是isAuthenticated可以写在另一个文件,并使用它从你的路线
可以看到这个例子