使用 postgresQL 设置护照本地策略

Question

我在使用我的服务器设置护照身份验证时遇到问题。我以前用过passportjs，但用的是mongodb。我目前正在尝试使用 postgressql 设置我的本地策略，但没有运气。当使用passport.authenticate() 进入登录POST 路由时，我没有收到发回给我的cookie。我不确定我是否使用 passportJS 以及通过 Heroku 托管的 postgres 数据库正确设置了我的服务器。

require('dotenv').config(); //In order to gain access to our .env file
//process.env.YELP_API_KEY
const express = require("express");
const app = express();
const bodyParser = require("body-parser");
app.use(bodyParser.json()); //This is going to allow us to access data stored in 'body' when making a post or put request
app.use(bodyParser.urlencoded({extended: true}));
const { Pool } = require('pg');
const fs = require("fs"); //This is needed to convert sql files into a string
let port = process.env.PORT || 5000;

//session-related libraries
const session = require("express-session");
const passport = require("passport"); //This is used for authentication
const LocalStrategy = require("passport-local").Strategy;
const bcrypt = require("bcrypt");


//Setting up our session
app.use(session({
    secret: process.env.SECRET,
    resave: false,
    saveUninitialized: false
}));


//Connection to database
const pool = new Pool({
    connectionString: process.env.DATABASE_URL,
    ssl: true
}); //This is used to connect to our remote postegres database hosted via Heroku


//initializing our session
app.use(passport.initialize());
app.use(passport.session()); //Telling our app to use passport for dealing with our sessions


//setting up our local strategy
passport.use('local', new LocalStrategy({passReqToCallBack: true},( username, password, cb )=> {
    console.log("this is being executed");
    pool.query("SELECT id, username, password from users where username=$1", [username], (err, result) => {
        if(err){
            return cb(err);

        }
        if(result.rows.length > 0){
            const first = result.rows[0];
            bcrypt.compare(password, first.password, (err, res) => {
                if(res){
                    cb(null, {
                        id: first.id,
                        user: first.username
                    })
                }
                else {
                    cb(null, false);
                }
            })
        }
        else {
            cb(null, false);
        }
    })
}));



passport.serializeUser(function(user, done){
    console.log("serialize user is executing")
    done(null, user.id);
})

passport.deserializeUser(function(id, done){
    pool.query('SELECT id, username FROM users WHERE id = $1', [parseInt(id, 10)], (err, results) => {
        if(err) {
          return done(err)
        }

        done(null, results.rows[0])
      });
});


app.post("/api/login", (req, res) => {
    passport.authenticate('local', function(err, user, info){
        console.log(user);
    });
})



app.listen(port, function(){
    console.log("Your app is running on port " + port);
});

预期结果：用户应该能够使用发布路径“/api/login”登录，但 passport.authenticate 不起作用？护照本地策略也应该正确设置。

Answer 1

在您的路线app.post("/api/login", .... 中，passport.authenticate 需要访问req 和res。

让它发挥作用的方法不止一种。

app.post("/api/login", (req, res) => {
    passport.authenticate('local', function(err, user, info){
        console.log(user);
        // make sure to respond to the request
        res.send(user);
    })(req, res); // <= pass req and res to the passport
})

// or
// use it as a middleware
app.post("/api/login", passport.authenticate('local'), (req, res) => {
    console.log(req.user);
    // make sure to respond to the request
    res.send(req.user);
})