【发布时间】:2016-03-20 13:35:23
【问题描述】:
我有一个 ExpressJS 应用程序,它使用 Passportjs 向 Facebook 进行身份验证,并且对于一个问题,一切都按预期运行。
我在/routes/ 下有vehicle.js,其中包含一些需要身份验证的路由(router.gets 和 router.posts),而另一些则不需要。如果用户已登录,则vehicle.js 处理的每个请求都会导致用户反序列化,即Mongoose 查找。 当向不需要身份验证的router.get 和/或router.post 发出请求时,如何避免这些不必要的Mongoose 查找?
我已经查过这个SO question 并没有解决我的问题(我已经在护照上面声明了静态资源,所以它们没有经过身份验证)。
Passportapp.js 中的配置如下所示:
// Configuring Passport
var passport = require('passport');
var expressSession = require('express-session');
app.use(expressSession({secret: 'thisIsSecret'}));
app.use(passport.initialize());
app.use(passport.session());
// Using the flash middleware provided by connect-flash to store messages in session
// and displaying in templates
var flash = require('connect-flash');
app.use(flash());
// Initialize Passport
var initPassport = require('./passport/init');
initPassport(passport);
//passing passport object could be the reason why all requested that are
//mapped in vehicle cause user de-serialization. Not sure if there is any
//alternative approach than following line that passes passport??
var vehicle = require('./routes/vehicle')(passport);
以下isAuthenticated在vehicle.js
var isAuthenticated = function (req, res, next) {
if (req.isAuthenticated())
return next();
// if the user is not authenticated then redirect him to the login page
res.redirect('/vehicle/api/login');
}
后面是一系列处理logging in、logging out的routes,以及对vehicle的一些操作。
module.exports = function(passport) {
router.get('/api/login', function(req, res) {
res.render('vehicle/login', { message: req.flash('message') });
});
router.post('/api/login', passport.authenticate('login', {
successRedirect: '/vehicle/api/list/mine',
failureRedirect: '/vehicle/api/list',
failureFlash : true
}));
...
...
...
router.post('/api/upload', isAuthenticated, function(req, res) {
//this route needs to be authenticated, so it works fine,
//deserialization done, mongoose lookup, no problem
});
router.get('/api/image/:vehicleId/:filename', function(req,res) {
//this route does not need authentication, but causes User
//de-serialization and Mongoose lookup
});
return router;
}
是不是因为下面这行,每次对vehicle.js的请求在用户登录时都会导致用户反序列化?
var vehicle = require('./routes/vehicle')(passport);
避免这种不必要的反序列化的一种方法是将不需要身份验证的路由从vehicle.js 分离到不同的文件,并且不将该护照对象传递给该文件(因为它传递给vehicle.js in app.js)。我不知道这是否是解决此问题的正确方法。
【问题讨论】:
标签: javascript node.js express passport.js passport-facebook