【问题标题】:Node passport Authentication REST URL节点通行证身份验证 REST URL
【发布时间】:2015-07-06 23:19:49
【问题描述】:

我试图确保对 Rest URL 的护照身份验证。

var isAuthenticated = function (req, res, next) {
  var isAuthenticated = function (req, res, next)
  if (req.isAuthenticated())
    return next();
  res.redirect('/');
};

但是通过尝试得到:

router.get('/edit_grm_user/:user_id',isAuthenticated, function(req, res,next){[...]}

我收到了这个错误:

if (req.isAuthenticated())
        ^   
TypeError: Cannot read property 'isAuthenticated' of null

通过获取一个没有任何参数的 URL,没有错误,即

router.post('/create_grem_user',isAuthenticated, function(req, res, next){[...]}

有人对此有解决方案吗?

【问题讨论】:

    标签: node.js rest authentication express passport.js


    【解决方案1】:

    想知道你为什么要定义两次isAuthenticated

    var isAuthenticated = function (req, res, next) {
      var isAuthenticated = function (req, res, next)
    

    无论如何,我已经创建了一个模仿您的上下文的示例:

    // Express server
    var express = require('express');
    var app = express();
    
    // Passport
    var passport = require('passport');
    var LocalStrategy = require('passport-local').Strategy;
    
    // Middlewares
    var flash = require('connect-flash');
    var bodyParser = require('body-parser');
    var cookieParser = require('cookie-parser');
    var methodOverride = require('method-override');
    var session = require('express-session');
    
    var users = [
      {
        id: 1,
        username: 'wilson',
        password: 'secret',
        email: 'wilson.balderrama@gmail.com'
      }
    ];
    
    function findUserById(id, cb) {
      var idx = id - 1;
      var user = users[idx];
    
      if (user) {
        cb(null, user);
      } else {
        fn(new Error('User ' + id + ' does not exist.'));
      }
    }
    
    function findUserByUsername(username, cb) {
      var userFound = null;
    
      users.some(function(user) {
        if (user.username === username) {
          userFound = user;
          return true;
        }
      });
    
      return cb(null, userFound);
    }
    
    function isAuthenticated(req, res, next) {
      if (req.isAuthenticated()) {
        return next();
      }
    
      next(new Error('You are not authenticated!.\n'));
    }
    
    passport.serializeUser(function(user, done) {
      done(null, user.id);
    });
    
    passport.deserializeUser(function(id, done) {
      findUserById(id, done);
    });
    
    passport.use(new LocalStrategy(function(username, password, done) {
      process.nextTick(function() {
        findUserByUsername(username, function(err, user) {
          if (err) return done(err);
          if (!user) return done(null, false, {message: 'Unknown user ' + username});
          if (user.password !== password) return done(null, false, {message: 'Invalid Password.'});
    
          return done(null, user);
        });
      });
    }));
    
    app.use(cookieParser());
    app.use(bodyParser.json());
    app.use(bodyParser.urlencoded({extended: true}));
    app.use(methodOverride());
    app.use(session({
      secret: 'mysecret',
      resave: false,
      saveUninitialized: true
    }));
    
    app.use(flash());
    app.use(passport.initialize());
    app.use(passport.session());
    
    app.post(
      '/auth',
      passport.authenticate('local', {}),
      function(req, res, next) {
        res.send('You just authenticated!\n');
      }
    );
    
    app.get('/get-route/:something', isAuthenticated, function(req, res, next) {
      var something = req.params.something;
      res.send('hello from get-route here is your param: '+ something +'\n');
    });
    
    app.post('/post-route', isAuthenticated, function(req, res, next) {
      res.send('hello from post-route\n');
    });
    
    // handling errors
    app.use(function(err, req, res, next) {
      res.status(err.status || 500).send(err.message);
    });
    
    app.listen(4040, function() {
      console.log('server up and running');
    });
    

    /get-route/:something/post-route 只能由经过身份验证的用户使用。

    因此,如果您尝试使用 /get-route/:something 而不进行身份验证,您将看到一条消息:You are not authenticated!

    首先您需要通过用户名和密码使用/auth,对于此示例,已经存储了一个用户:用户名:wilson,密码:secret,因此在使用此凭据进行身份验证后,您将能够使用受保护的路由。

    注意:您需要安装以下库:

      "dependencies": {
        "body-parser": "^1.13.2",
        "cookie-parser": "^1.3.5",
        "express": "^4.13.1",
        "connect-flash": "^0.1.1",
        "express-session": "^1.11.3",
        "method-override": "^2.3.3",
        "passport": "^0.2.2",
        "passport-local": "^1.0.0"
      }
    

    【讨论】:

      猜你喜欢
      • 2016-12-25
      • 2023-04-01
      • 2011-07-15
      • 2022-03-02
      • 2020-09-26
      • 2018-12-02
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多