Node.js / express – 使用redis的护照,获得未授权的会话
我试图使用快递与快递创build一个用户login和会话。 我使用这个curl脚本testing路线:
curl -d 'email=testEmail&password=testPass' http://localhost:3000/users/session 当我这样做,护照工作正常,通过序列化,然后它返回http 302.我还没有弄清楚它在序列化后做了什么,但是当我在浏览器中使用我的loginHTMLforms而不是curl,它显示我“未经授权”401,我没有看到我的任何控制台日志。 这是我的app.js:
var express = require('express') , fs = require('fs') , cons = require('consolidate') , http = require('http') , flash = require('connect-flash') , passport = require('passport') , RedisStore = require( "connect-redis" )(express) //for sessions (instead of MemoryStore) , redis = require('redis') , env = process.env.NODE_ENV || 'development' , config = require('./config/config')[env] , db = redis.createClient(config.db.port, config.db.host); db.select(config.db.users) db.auth(config.db.auth); var app = express(); //require passport strategies (see code block below) require('./config/passport')(passport, config, app) app.use('/assets', express.static(__dirname + '/public')); app.use('/', express.static(__dirname + '/')); app.set('views', __dirname + '/views'); app.set('view engine', 'html'); app.configure(function(){ app.set('config', config); app.set('db', db); app.set('port', process.env.PORT || 3000); app.engine('.html', cons.swig); app.use(express.logger('dev')) app.use(express.favicon(__dirname + '/public/img/favicon.ico')); app.use(express.cookieParser()) app.use(express.bodyParser()) //enables req.body app.use(express.methodOverride()) //enables app.put and app.delete (can also just use app.post) app.use(express.session({ secret: 'topsecret', cookie: {secure: true, maxAge:86400000}, store: new RedisStore({ client:db, secret:config.db.auth }) })); app.use(flash()) app.use(passport.initialize()) app.use(passport.session()) app.use(app.router) }); // Bootstrap routes require('./config/routes')(app, passport); http.createServer(app).listen(app.get('port'), function(){ console.log("Express server listening on port " + app.get('port')+', mode='+env); });
和会话POST路由:
app.post('/users/session', passport.authenticate('local', {successRedirect: '/', failureFlash: 'Invalid email or password.', successFlash: 'Welcome!'}), users.session);
我只能真正find与mongodb护照的例子,所以我不知道以下。 我试图find一个用户,但我不确定callback或什么护照正在做的用户信息,当我返回完成:
passport.use(new LocalStrategy({ usernameField: 'email', passwordField: 'password' }, function(email, password, done) { var db = app.get('db') var multi = db.multi(); db.get('email:'+email, function(err, uid){ if (err) { console.log(err); return err } if (!uid) { console.log('no uid found'); return null } console.log('found '+uid) db.hgetall('uid:'+uid, function(err, user){ if (err) { console.log(err); return err } if (!user) { console.log('unkwn usr') return done(null, false, { message: 'Unknown user' }) } if (password != user.password) { console.log('invalid pwd') return done(null, false, { message: 'Invalid password' }) } console.log('found user '+user) //I see this fine with curl, but no logs with browser return done(null, user) }); }); } ))
护照序列化:
passport.serializeUser(function(user, done) { console.log('passport serializing...'+user.name) done(null, user.name) //no idea what happens to it after this. returns a 302 with curl, and 401 with browser })
为什么这与浏览器的行为不同,而不是curl? 任何帮助或意见非常感谢!
弄清楚了! 要使用任何数据库(不只是mongo)的护照,我build议先用虚拟用户来尝试。 这是我做的。
login表单(login.html):
<form method="post" action="http://localhost:3000/users/session" name="loginform"> <input id="login_input_username" type="text" name="email" /> <input id="login_input_password" type="password" name="password" autocomplete="off" /> <input type="submit" name="login" value="Submit" /> </form>
路由(route.js):
app.post('/users/session', passport.authenticate('local'), function(req, res){ res.end('success!'); });
护照本地策略设置(passport.js):
passport.use(new LocalStrategy({ usernameField: 'email', passwordField: 'password' }, function(email, password, done) { //find user in database here var user = {id: 1, email:'test', password:'pass'}; return done(null, user); } )); passport.serializeUser(function(user, done) { //serialize by user id done(null, user.id) }); passport.deserializeUser(function(id, done) { //find user in database again var user = {id: 1, email:'test', password:'pass'}; done(null, user); })
虽然我想知道是否有必要在我的数据库中find用户两次,或者如果我正在使用反序列化不正确。