Sails.js与护照http承载身份validation不起作用
我使用护照(本地和持证人策略)多种策略。 本地策略的login工作。 我们在login后生成一个令牌,令牌存储在redis中。 在初始login后,只要在redis中find令牌,我就想使用不带会话的承载authentication。 如果我发送正确的令牌,我可以查询redis和获取用户数据,但节点仍然发送403响应,而不是我期望的200状态码。 如果在Redis中找不到标记,则导致以下错误导致崩溃:
/workspace/rs-api-sails/node_modules/redis/index.js:587 throw err; ^ Error: Can't set headers after they are sent. at ServerResponse.OutgoingMessage.setHeader (http.js:691:11) at ServerResponse.res.setHeader (/workspace/rs-api-sails/node_modules/sails/node_modules/express/node_modules/connect/lib/patch.js:59:22) at allFailed (/workspace/rs-api-sails/node_modules/passport/lib/passport/middleware/authenticate.js:153:13) at attempt (/workspace/rs-api-sails/node_modules/passport/lib/passport/middleware/authenticate.js:232:28) at Context.delegate.fail (/workspace/rs-api-sails/node_modules/passport/lib/passport/middleware/authenticate.js:227:9) at Context.actions.fail (/workspace/rs-api-sails/node_modules/passport/lib/passport/context/http/actions.js:35:22) at verified (/workspace/rs-api-sails/node_modules/passport-http-bearer/lib/strategy.js:125:19) at /workspace/rs-api-sails/config/bootstrap.js:40:18 at try_callback (/workspace/rs-api-sails/node_modules/redis/index.js:580:9) at RedisClient.return_reply (/workspace/rs-api-sails/node_modules/redis/index.js:670:13) 10 Dec 13:25:15 - [nodemon] app crashed - waiting for file changes before starting... 以下是bootstrap.js中承载authentication的代码:
passport.use(new BearerStrategy( function(token, done) { var redis = require("redis"), client = redis.createClient(null, null, {detect_buffers: true}); client.get(token, function (err, reply) { if (reply === null) { // if token is not a key in redis, node throws the headers already sent error return done(null, false); } else { User.findOne({ id: reply.toString() }).done(function(err, user) { sails.log(user); // here we get the user data from waterline but node still sends a 403 return done(null, user); }); } }); } ));
此代码位于policies / isAuthenticated.js中:
module.exports = function(req, res, next) { var passport = require('passport'); passport.authenticate('bearer', { session: false })(req, res, next); // User is allowed, proceed to the next policy, // or if this is the last policy, the controller if (req.isAuthenticated()) { return next(); } // User is not allowed // (default res.forbidden() behavior can be overridden in `config/403.js`) return res.forbidden('You are not permitted to perform this action.'); };
我是新来的节点,任何帮助,非常感谢!
更新:在对政策进行了一些更改之后,似乎正在工作/ isAuthenticated.js:
var passport = require('passport'); module.exports = function(req, res, next) { passport.authenticate('bearer', { session: false }, function(err, user, info) { if (req.isAuthenticated()) { // user is allowed through local strategy return next(); } if (err) { return res.send(403, { error: 'Error: ' + info }); } if (!user) { return res.send(403, { error: 'Invalid token' }); } if (user) { sails.log(user); return next(); } // (default res.forbidden() behavior can be overridden in `config/403.js`) return res.forbidden('You are not permitted to perform this action.'); })(req, res, next); };