【问题标题】:Authenticating users if they have a cookie如果用户有 cookie,则对用户进行身份验证
【发布时间】:2021-01-17 19:26:14
【问题描述】:

如果用户有 cookie,我需要帮助来让他们访问页面 (.hbs)。我已经列出了我的文件层次结构的图像以及我的文件和一些代码。如果您能提供任何非常有用的见解或帮助。

我正在尝试创建一个帐户注册和登录系统,其中数据进入 MySQL 数据库。我已经在我的数据库中正确保存了数据,我只需要在注册/登录后重定向到仪表板页面的帮助。

Image of my hierarchy / files(请查看)

page.js(在路由文件夹下)

// Express Setup
const express = require('express');
const router = express.Router()

// Login (Main) Page
router.get('/', (req, res) => {
    res.render('index');
});

// Login Page
router.get('/login', (req, res) => {
    res.render('login');
})

// Register Page
router.get('/register', (req, res) => {
    res.render('register');
});

// Dashboard
router.get('/dashboard', (req, res) => {
    res.render('dashboard');
})

module.exports = router;

auth.js(在路由文件夹下)

// Express Setup
const express = require('express');
const router = express.Router()

// Misc
const authController = require('../controllers/auth')

// Auth / Register
router.post('/register', authController.register);

// Auth / Login
router.post('/login', authController.login);

// Auth / Dashboard
router.post('/dashboard', authController.dashboard);

module.exports = router;

auth.js(在控制器文件夹下)

// Database 
const mysql = require('mysql');

const jwt = require('jsonwebtoken')
const bcrypt = require('bcryptjs')

// Misc

// Get Database
const db = mysql.createConnection({
    host: process.env.DATABASE_HOST,
    user: process.env.DATABASE_USER,
    password: process.env.DATABASE_PASSWORD,
    databse: process.env.DATABASE

});

// Get Login
exports.login = async (req, res) => {
    try {
        const { email, password } = req.body;

        if ( !email || !password ) {
            return res.status(400).render('login', {
                message: 'Please enter all fields.'
            });
        } 

        // Find User
        db.query('SELECT * FROM users WHERE email = ?', [email], async (err, results) => {
            if ( !results || !(await bcrypt.compare(password, results[0].password))) {
                res.status(401).render('login', {
                    message: 'Information is invalid'
                });
            } else {
                const id = results[0].id;

                const token = jwt.sign({ id: id }, process.env.JWT_SECRET, {
                    expiresIn: process.env.JWT_EXPIRES_IN
                });

                const cookieOptions = {
                    expires: new Date(
                        Date.now() + process.env.JWT_COOKIE_EXPIRES * 24 * 60 * 60 * 1000
                    ),

                    httpOnly: true
                }

                res.cookie('loginC', token, cookieOptions);
                res.status(200).redirect('dashboard'); (Apart of my issue)

            }
        });

    } catch (err) {
        console.log(err);
    }
}

// Users Page (Where I'm somewhat confused at. I want them to access this dashboard page if they have the cookie.)
exports.dashboard = (req, res) => {
    if ( res.cookie.user == 'loginC' || id ) {
        res.render('dashboard')
    } else {
        res.status(401).redirect('register')
    }
}


// Run Register Module
exports.register = (req, res) => {
    console.log(req.body);

    // Body Variable(s)
    const { name, email, password } = req.body;

    // Database Query
    db.query('SELECT email FROM users WHERE email = ?', [email], async (err, results) => {
        if (err) {
            console.log(err);
        }

        if ( results.length > 0 ) {
            return res.render('register', {
                message: 'That email has already been registed.'
            });
        }

        // Hashing Passwords
        let hashedPass = await bcrypt.hash(password, 8);
        console.log(hashedPass);

        db.query('INSERT INTO users SET ? ', {name: name, email: email, password: hashedPass}, (err, results) => {
            if (err) {
                console.log(err);
            } else {
                return res.render('login', {
                    message: 'User Registered'
                });
            }
        })

        

    });

}

请注意,我不希望用户能够在没有 cookie 的情况下访问 www.DOMAINNAME.com/dashboard

如果您有任何问题,请告诉我。

【问题讨论】:

    标签: node.js express cookies handlebars.js


    【解决方案1】:

    您需要实现中间件,在访问路由之前检查您的 cookie。首先安装https://www.npmjs.com/package/cookie-parser并将其添加到您的服务器初始化进程中

    var cookieParser = require('cookie-parser'); //add it in your app init
    app.use(cookieParser() // this will let you to parse the cookie and use it.
    
    router.get('/dashboard',middlewareFunction, (req, res) => {
    res.render('dashboard');
    })
    

    基本中间件示例:

    const middlewareFunction = (req , res ,next) => {
      const { loginC } = req.cookies;
      const isValidAuth = true/false - verify your cookie if it valid or not..
      if(isValidAuth) {
         next();
      }
      next('Error.....')// to return error
      res.redirect('/login') // if you want instead to redirect to login page
    }
    

    你可以在这里阅读更多内容:https://expressjs.com/en/guide/using-middleware.html

    【讨论】:

      猜你喜欢
      • 2021-11-02
      • 2015-02-21
      • 2020-12-04
      • 1970-01-01
      • 2020-09-29
      • 2013-02-23
      • 2021-10-26
      • 1970-01-01
      • 2020-08-04
      相关资源
      最近更新 更多