如何使用node.js创build会话?
我想为我的页面创build会话,当给一个像http:// localhost:3000 / pages / profile这样的url时,它会在没有login的情况下进入该页面。我现在应该怎么做来解决这个问题。
的node.js
module.exports = function(app, express, passport){ var router = express.Router(); passport.use(new LocalStrategy({ usernameField: 'username', passwordField: 'password'}, function(username, password, done) { User.findOne({ name : username}, function(err, user) { if (!user){ return done(null, false,{message: 'Incorrect username' }); } if(user){ var validPassword = user.comparePassword(password); if(!validPassword){ return done(null, false,{message: 'Incorrect password' }); } } return done(null, user); }); } )); router.post('/pages/auth/login', function(req, res, next) { passport.authenticate('local', function(err, user, info) { if (user === false) { console.log("login error "); return res.json({ success:false, message: info.message, }); } else { console.log("login success"); return res.json({ success:true, //message: 'Login Success', }); } })(req, res, next); }); } 调节器
function LoginController($http, $location, Auth, $rootScope) { var vm = this; vm.submitPost = function(userData){ $http({ url: 'http://localhost:7200/api/pages/auth/login', method: 'POST', data: userData }).then(function(res) { if(res.data.success){ $location.path('/pages/profile'); } else { vm.message=res.data.message; $location.path('/pages/auth/login'); } }, function(error) { console.log(error); alert(error.data); }); }; }
的login.html
<form name="loginForm"> <div class="alertmessage" >{{vm.message}}</div> <md-input-container flex md-no-float> <input ng-model="vm.form.username" placeholder="Username" translate translate-attr-placeholder="LOGIN.USERNAME" name="username" required="true"> <div ng-messages="loginForm.username.$error" ng-show="loginForm.username.$touched"> <div ng-message="required">This field is required</div> </div> </md-input-container> <md-input-container flex md-no-float> <input ng-model="vm.form.password" type="password" placeholder="Password" translate translate-attr-placeholder="LOGIN.PASSWORD" name="password" required="true"> <div ng-messages="loginForm.password.$error" ng-show="loginForm.password.$touched"> <div ng-message="required">This field is required</div> </div> </md-input-container> <div class="remember-forgot-password" layout="row" layout-sm="column" layout-align="space-between center"> <md-checkbox class="remember-me" ng-model="data.cb1" aria-label="Remember Me"> <span translate="LOGIN.REMEMBER_ME">Remember Me</span> </md-checkbox> <a ui-sref="app.pages_auth_forgot-password" class="forgot-password md-accent-color" translate="LOGIN.FORGOT_PASSWORD">Forgot Password?</a> </div> <md-button class="md-raised md-accent" aria-label="LOG IN" translate="LOGIN.LOG_IN" translate-attr-aria-label="LOGIN.LOG_IN" ng-click="vm.submitPost(vm.form);"> LOG IN </md-button> </form>
我有一个Node.js项目与会议,并在我的index.js我有以下几点:
var session = require('express-session'); var MongoStore = require('connect-mongo')(session); app.use(session({ secret: config('session_secret'), store: new MongoStore({ mongooseConnection: mongoose.connection }), resave: true, saveUninitialized: true })); app.use(passport.initialize()); app.use(passport.session());
如果你不使用MongoDB,你可以删除“store”元素。 然后它使用默认的存储是MemoryStore。
要防止未经身份validation的用户访问页面,可以这样做:
router.get('/secure-page', isLoggedIn, function(req, res) { res.json({secure: "page"}); }); function isLoggedIn(req, res, next) { // if user is authenticated in the session, carry on if (req.isAuthenticated()) { return next(); } else { // redirect to login page. res.redirect('/login'); } }
一种方法是存储值会话与快速会话 ,然后interceptade每个路由与中间件作为validation,如果用户login或不,有点像这样…
中间件autentic:
module.exports = function(req, res, next) { if(!req.session.user) { return res.redirect('/'); } return next(); }; req.session.user is a variable create in session in login controller for storage username.
并截取路线,与用户validationlogging:
... app.get('pages/profile', autentic, controller.function); ...
如果用户没有login将redirect到主页。
但是,我build议你使用passport.js :
Passport是Node.js的身份validation中间件。 极其灵活和模块化,Passport可以不显眼地投入到任何基于Express的Web应用程序中。 一套完整的策略支持使用用户名和密码,Facebook,Twitter等进行身份validation。
了解如何在堆栈溢出中使用和search这些文档。