【发布时间】:2017-08-18 19:36:13
【问题描述】:
我正在使用 Express、MongoDB 和 MongoJS 和 Passport。我的前端只是另一个域上的普通 JS。目前,Express 正在将用户从前端表单保存到 Mongo 中,并返回浏览器正确保存的 cookie。但是,当我通过前端的 GET 请求启动另一条路由时,我得到req.user === 'undefined' 和req.isAuthenticated() === false。 Passport 似乎可以正确运行passport.serializeUser 和passport.deserializeUser,但用户并没有收到请求。我肯定错过了什么?
这是我的代码:
app.use(cookieParser('supernova'));
app.use(bodyParser.urlencoded({ extended: true }));
app.use(bodyParser.json(options));
app.use(session({
secret: 'supernova',
resave: false,
saveUninitialized: false,
cookie: {
maxAge: 60*60*1000,
secure: false,
httpOnly: false,
domain: 'localhost'
}
}));
app.use(passport.initialize());
app.use(passport.session());
护照:
passport.use('local', new LocalStrategy(
{passReqToCallback : true},
(req, username, password, done) => {
db.users.findOne({'username': username}, (error, user) => {
if (error) {return done(error);}
if (user) {
log('User already exists');
return done(user);
} else {
crypt.hashPassword(password, ((encryptedPassword) => {
var newUser = new User({username: username, password: encryptedPassword});
db.users.save(newUser, (err, data) => {
if (err) {
log(err);
return done(err)
}
log(data);
return done(null, data);
})
}));
}
})
}
));
passport.serializeUser(function(user, done) {
log('serialize: ' + user._id)
done(null, user._id);
});
passport.deserializeUser(function(id, done) {
log('deserialize: ' + id)
db.users.findOne({_id: mongojs.ObjectId(id)}, (err, user) => {
log(user)
if(err) {
log(err);
return done(err);
}
return done(err, user);
});
});
function loggedIn(req, res, next) {
log('logged in: ' + req.user);
// log(req.session)
if (req.isAuthenticated()) { return next(); }
req.session.error = 'Please sign in!';
}
标题:
app.use((req, res, next) => {
res.setHeader('Access-Control-Allow-Origin', 'http://localhost:4200');
res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
res.setHeader('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept');
res.setHeader('Access-Control-Allow-Credentials', true);
next();
});
路线:
app.post('/register', passport.authenticate('local', {session: true}), (req, res) => {
req.session.save(() => {
return res.redirect('/')
})
});
app.use('/api', loggedIn, maps);
从前端发出的初始注册调用:
document.getElementById('signup').addEventListener('submit', function (e) {
e.preventDefault();
window.fetch(process.env.DB_API_URI + '/register', {
method: 'POST',
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json',
},
credentials: 'include',
body: JSON.stringify({
username: document.getElementById('signUpUsername').value,
password: document.getElementById('signUpPassword').value
})
})
第二次前端调用,其中req.user 在 Express 中为空:
return window.fetch(process.env.DB_API_URI + '/maps/' + mapId, {
method: 'GET',
headers: {
'Content-Type': 'application/json'
},
credentials: 'include'
})
【问题讨论】:
标签: javascript node.js express passport.js