环回 IO OAuth 不起作用

Question

我正在尝试启动并运行受 OAuth 保护的 https 环回服务器。我使用环回网关示例项目作为参考。但由于某种原因，我无法让 OAuth 工作。我的意思是，即使添加了 OAuth 点点滴滴，API 似乎也没有受到保护。即使我的请求中没有令牌，我也会收到回复。这就是我的 server.js 的样子

var loopback = require('loopback');
var boot = require('loopback-boot');


var https = require('https');
var path = require('path');
var httpsRedirect = require('./middleware/https-redirect');
var site = require('./site');
var sslConfig = require('./ssl-config');

var options = {
  key: sslConfig.privateKey,
  cert: sslConfig.certificate
};

var app = module.exports = loopback();

// Set up the /favicon.ico
app.middleware('initial', loopback.favicon());

// request pre-processing middleware
app.middleware('initial', loopback.compress());

app.middleware('session', loopback.session({ saveUninitialized: true,
  resave: true, secret: 'keyboard cat' }));

// -- Add your pre-processing middleware here --

// boot scripts mount components like REST API
boot(app, __dirname);

// Redirect http requests to https
var httpsPort = app.get('https-port');
app.middleware('routes', httpsRedirect({httpsPort: httpsPort}));

var oauth2 = require('loopback-component-oauth2')(
  app, {
    // Data source for oAuth2 metadata persistence
    dataSource: app.dataSources.pg,
    loginPage: '/login', // The login page url
    loginPath: '/login' // The login processing url
  });

app.set('view engine', 'ejs');
app.set('views', path.join(__dirname, 'views'));

// Set up login/logout forms
app.get('/login', site.loginForm);

app.get('/logout', site.logout);
app.get('/account', site.account);
app.get('/callback', site.callbackPage);

var auth = oauth2.authenticate({session: false, scope: 'demo'});
app.use(['/protected', '/api', '/me', '/_internal'], auth);

app.get('/me', function(req, res) {
  // req.authInfo is set using the `info` argument supplied by
  // `BearerStrategy`.  It is typically used to indicate scope of the token,
  // and used in access control checks.  For illustrative purposes, this
  // example simply returns the scope in the response.
  res.json({ 'user_id': req.user.id, name: req.user.username,
    accessToken: req.authInfo.accessToken });
});

signupTestUserAndApp();

//var rateLimiting = require('./middleware/rate-limiting');
//app.middleware('routes:after', rateLimiting({limit: 100, interval: 60000}));

//var proxy = require('./middleware/proxy');
//var proxyOptions = require('./middleware/proxy/config.json');
//app.middleware('routes:after', proxy(proxyOptions));

app.middleware('files',
  loopback.static(path.join(__dirname, '../client/public')));
app.middleware('files', '/admin',
  loopback.static(path.join(__dirname, '../client/admin')));

// Requests that get this far won't be handled
// by any middleware. Convert them into a 404 error
// that will be handled later down the chain.
app.middleware('final', loopback.urlNotFound());

// The ultimate error handler.
app.middleware('final', loopback.errorHandler());

app.start = function(httpOnly) {
	
	 if(httpOnly === undefined) {
    httpOnly = process.env.HTTP;
  }
    server = https.createServer(options, app);
    
 server.listen(app.get('port'), function() {
    var baseUrl = (httpOnly? 'http://' : 'https://') + app.get('host') + ':' + app.get('port');
    app.emit('started', baseUrl);
    console.log('LoopBack server listening @ %s%s', baseUrl, '/');
  });
  return server;};

// start the server if `$ node server.js`
if (require.main === module) {
  app.start();
}

function signupTestUserAndApp() {
// Create a dummy user and client app
  app.models.User.create({username: 'bob',
    password: 'secret',
    email: 'foo@bar.com'}, function(err, user) {

    if (!err) {
      console.log('User registered: username=%s password=%s',
        user.username, 'secret');
    }

    // Hack to set the app id to a fixed value so that we don't have to change
    // the client settings
    app.models.Application.beforeSave = function(next) {
      this.id = 123;
      this.restApiKey = 'secret';
      next();
    };
    
    app.models.Application.register(
      user.username,
      'demo-app',
      {
        publicKey: sslConfig.certificate
      },
      function(err, demo) {
        if (err) {
          console.error(err);
        } else {
          console.log('Client application registered: id=%s key=%s',
            demo.id, demo.restApiKey);
        }
      }
    );

  });
}

服务器启动时我没有收到任何错误。想法？

Answer 1

想通了。更多信息在这里https://github.com/strongloop/loopback-gateway/issues/17，但基本上我的rest-api中间件配置不正确。