在mongo,node,passport和heroku上validation用户。 几天后停止工作
我正在用mongo,express,angular和node创build我的第一个完整的web应用程序。 我来自一个前端的背景,我正在努力与authentication实施一点点。
我的(不完整的)应用程序工作了好几天,但是今天它突然崩溃了,然后我神奇地修复了它。 我很确定我没有改变代码中的任何东西。 该错误导致所有经过身份validation的用户看到“访客用户”帐户。 这将允许他们login,但用户会以guest用户身份从mongo回来。 你看到这个代码中缺less的东西吗?
var express = require('express'), routes = require('./routes'), api = require('./routes/api'), http = require('http'), path = require('path'), mongoose = require('mongoose'), passport = require('passport'), LocalStrategy = require('passport-local').Strategy; var app = module.exports = express(); var uristring = process.env.MONGOLAB_URI || process.env.MONGOHQ_URL || 'mongodb://localhost/HelloMongoose'; mongoose.connect(uristring, function (err, res) { if (err) { console.log ('ERROR connecting to: ' + uristring + '. ' + err); } else { console.log ('Succeeded connected to: ' + uristring); } }); var Schema = mongoose.Schema, ObjectId = Schema.ObjectId; var Tasks = new Schema({ "title": String, "description": String, "difficulty": Number, "completed": Boolean }); var Project = new Schema({ "title": String, "tasks": [ Tasks ] }); var User = new Schema({ // update data model here "first_name": String, "last_name": String, "email": {type: String, unique: true}, "username": {type: String, unique: true}, "password": String, "projects": [ Project ] }); var User = mongoose.model('User', User); User.prototype.validPassword = function(pass) { return (this.password === pass); } /** * Configuration */ // all environments app.set('port', process.env.PORT || 3000); app.set('views', __dirname + '/views'); app.set('view engine', 'jade'); app.use(express.logger('dev')); app.use(express.bodyParser()); app.use(express.methodOverride()); app.use(express.static(path.join(__dirname, 'public'))); app.use(express.cookieParser()); app.use(express.session({ secret: 'keyboardcat' })); app.use(passport.initialize()); app.use(passport.session()); app.use(app.router); // development only if (app.get('env') === 'development') { app.use(express.errorHandler()); } // production only if (app.get('env') === 'production') { // TODO }; passport.use(new LocalStrategy( function(username, password, done) { mongoose.model('User').findOne({ username: username }, function (err, user) { if (err) { console.log('There was an error'); return done(err); } if (!user) { console.log('Username invalid'); return done(null, false, { message: 'Incorrect username.' }); } if (!user.validPassword(password)) { console.log('Password incorrect'); return done(null, false, { message: 'Incorrect password.' }); } return done(null, user); }); } )); passport.serializeUser(function(user, done) { done(null, user.id); }); passport.deserializeUser(function(id, done) { User.findOne(id, function (err, user) { done(err, user); }); }); /** * Routes */ // serve index and view partials app.get('/', routes.index); app.get('/login', function(req, res) { console.log(req.session.user); if (!req.session.user) { res.render('login'); } else { res.redirect('/'); } }); app.post('/login', passport.authenticate('local', { failureRedirect: '/login' }), function(req, res) { req.session.user = req.body.username; res.redirect('/'); }); app.get('/signup', function(req, res) { if (!req.session.user) { res.render('signup'); } else { res.redirect('/'); } }); app.get('/logout', function(req, res) { req.session.user = undefined; res.redirect('/login'); }); app.post('/signup', function(req,res) { if (req.body.username && req.body.password) { var user = new User({ first_name: req.body.first_name, last_name: req.body.last_name, email: req.body.email, username: req.body.username, password: req.body.password }); user.save(function(err) { if (!err) { console.log(user.username); req.session.user = req.body.username; res.redirect('/'); } else { console.log(err); res.redirect('/signup'); } }); } else { res.redirect('/signup'); } }); app.get('/person', function(req,res) { if (!req.session.user) { res.redirect('/login'); } else { mongoose.model('User').findOne({username: new RegExp('^'+req.session.user+'$', "i")}, function(err, user) { if (!err) { console.log(JSON.stringify(user)); res.send(user); } else { console.log(err); } }); } }); app.put('/person', function(req,res) { if (!req.session.user) { res.redirect('/login'); } else { console.log('Updating user'); console.log(req.body.projects); mongoose.model('User').findOne({username: new RegExp('^'+req.session.user+'$', "i")}, function(err, user) { console.log(user); user.projects = req.body.projects; console.log(user.first_name + ' is here'); user.save(function(err) { if (!err) { console.log('User updated'); } else { console.log(err); } }); }); } }); app.get('/:user', function(req, res) { if (!req.session.user) { res.redirect('/login'); } else if (req.params.user != req.session.user) { res.redirect('/' + req.session.user); } else { res.render('index'); } }); app.get('/partials/:name', routes.partials); // JSON API app.get('/api/name', api.name); // redirect all others to the index (HTML5 history) app.get('*', function(req, res) { if (!req.session.user) { res.render('login'); } else { res.redirect('/'); } }); /** * Start Server */ http.createServer(app).listen(app.get('port'), function () { console.log('Express server listening on port ' + app.get('port')); }); 假设你从这里得到了大部分的代码,我可以看到你做了一个可能导致失败的改变。
passport.use(new LocalStrategy( function(username, password, done) { mongoose.model('User').findOne({ username: username }, function (err, user) {
你已经添加了有效的validPassword给User ,所以可能应该是
passport.use(new LocalStrategy( function(username, password, done) { User.findOne({ username: username }, function (err, user) {
以来:
用户会以guest用户的身份从mongo回来
…你应该在这里放一些日志和/或error handling:
passport.deserializeUser(function(id, done) { User.findOne(id, function (err, user) { done(err, user); }); });
帮助你追踪下来 既然你刚刚开始,我build议你看看winston和loggly,如果你想探索工具在node / herokulogin。
你的应用程序看起来非常“有弹性”,用来形容一个短语 – 大量的redirect,似乎到处都是。 你看过fnakstad的节点/angular度authentication技术吗? (请注意,github页面引用了两个博客文章,解释的东西)。 这可能会给你一些关于如何控制事情的想法。