使用 connect-roles 和 Passport.JS 设置管理员角色

Question

我目前正在尝试设置管理员角色，以便使用通过以下方式提供的以下文档访问简单的管理页面：connect-roles

我一直在努力解决它一段时间，但仍然不知道如何设置角色 E.G 目前我正在从数据库中提取一个管理值并将其暂时存储在一个全局变量中但是我不知道如何将它与连接角色一起使用，比如只允许特定用户访问我的管理页面。

任何人都可以澄清或展示如何执行此操作的示例/一些指导，因为我的文档没有帮助我确保只有当用户是管理员时才能访问网页？

Ave 发布了一些代码，显示了它目前的样子。

代码

var admin = 'Admin';
var mysql = require('mysql');
var connection = mysql.createConnection({
    host : 'localhost',
    user : 'root',
    password : '',
    database : 'test'
  });
var passport = require('passport');
var ConnectRoles = require('connect-roles');
var roles = new ConnectRoles();
var passportLocal = require('passport-local');


  app.use(passport.initialize());
  app.use(passport.session());
  app.use(roles.middleware());

  passport.use(new passportLocal.Strategy(function (username, password, done) {
      connection.query({
        sql : 'SELECT * from `userman_users` WHERE `username`= ?AND`password` = sha1(?)',
        timeout : 40000, // 40s
        values : [username, password]
      }, function (error, results, rows) {
        if (results.length > 0) {
          response = "Success";
        } else {
          console.log('Error while performing Query.');
          response = "Failed";
        }
        if (response === "Success") {
          done(null, {
            id : username
          });
        } else if (response === "Failed") {
          done(null, null);
        }
      });

    })
  );

  passport.serializeUser(function (user, done) {
    done(null, user.id);
  });

  passport.deserializeUser(function (id, done) {
    done(null, {
      id : id
    });
  });

roles.use(function (req, action) {
  if (!req.isAuthenticated()) return action === 'access home page';
})

roles.use(function (req) {
  if (req.user.role === 'admin') {
    return true;
  }
});

  app.get('/', redirectToIndexIfLoggedIn, function (req, res) {
    res.render('login');
  });

  app.get('/index', checkLoggedIn, function (req, res) {
    res.render('index', {
      isAuthenticated : req.isAuthenticated(),
      user : req.user
    });
  });

app.get('/admin', user.can('access admin page'), function (req, res) {
  res.render('admin');
});

  function checkLoggedIn(req, res, next) {
    if (req.isAuthenticated())
      return next();
    res.redirect('/');
  }

Answer 1

这是一个例子：

var express = require('express');
...
var passport = require('passport');
var LocalStrategy = require('passport-local');
var ConnectRoles = require('connect-roles');

...
var app = express();

//===============PASSPORT=================

// Passport session setup.
passport.serializeUser(function(user, done) {
  console.log("serializing " + user.username);
  done(null, user);
});

passport.deserializeUser(function(obj, done) {
  console.log("deserializing " + obj);
  // simulate an admin user
  obj.role = obj.username == 'admin' ? 'admin' : 'user';
  done(null, obj);
});

...

//===============CONNECTION RULES=================

var user = new ConnectRoles({
  failureHandler: function (req, res, action) {
    // optional function to customise code that runs when
    // user fails authorisation
    var accept = req.headers.accept || '';
    res.status(403);
    if (~accept.indexOf('html')) {
      res.render('access-denied', {action: action});
    } else {
      res.send('Access Denied - You don\'t have permission to: ' + action);
    }
  }
});


...
app.use(passport.initialize());
app.use(passport.session());
app.use(user.middleware());


//anonymous users can only access the home page
//returning false stops any more rules from being
//considered
user.use(function (req, action) {
  if (!req.isAuthenticated()) return action === 'access home page';
});

//users logged can access to public pages
user.use(function(req, action){
    if(req.isAuthenticated() && action != 'access private page' && action != 'access admin page')
      return true;
});

//moderator users can access private page, but
//they might not be the only ones so we don't return
//false if the user isn't a moderator
user.use('access private page', function (req) {
  console.log('access private page');
  if (req.user.role === 'moderator') {
    return true;
  }
});

//admin users can access all pages
user.use(function (req) {
  if (req.user.role === 'admin') {
    return true;
  }
});


...


/* GET home page. */
app.get('/', user.can('access home page'), function(req, res, next) {
  res.render('index', { title: 'Express' });
});

//displays our signup page
app.get('/signin', function(req, res){
  res.render('signin');
});

//sends the request through our local signup strategy, and if successful takes     user to homepage, otherwise returns then to signin page
app.post('/local-reg', passport.authenticate('local-signup', {
  successRedirect: '/',
  failureRedirect: '/signin'
  })
);

//sends the request through our local login/signin strategy, and if successful    takes user to homepage, otherwise returns then to signin page
app.post('/login', passport.authenticate('local-signin', {
    successRedirect: '/',
    failureRedirect: '/signin'
  })
);

// Simple route middleware to ensure user is authenticated.
app.use(function(req, res, next) {
    if (req.isAuthenticated()) { return next(); }
      req.session.error = 'Please sign in!';
      res.redirect('/signin');
});

//logs user out of site, deleting them from the session, and returns to homepage
app.get('/logout', function(req, res){
  var name = req.user.username;
  console.log("LOGGIN OUT " + req.user.username)
  req.logout();
  res.redirect('/');
  req.session.notice = "You have successfully been logged out " + name + "!";
});

app.get('/private', user.can('access private page'), function (req, res) {
  res.render('private');
});

app.get('/admin', user.can('access admin page'), function (req, res) {
  res.render('admin');
});


app.use('/users', users);

....


module.exports = app;

使用connect-rules，您可以定义要使用的规则（在这种情况下为user.use）。如果您将动作作为第一个参数传递，则仅当函数中传递的动作与其相同时才使用该策略。然后通过user.can 触发路由中的规则@ 传递action。在此示例中，我定义了一个额外的过滤策略，以授予已记录的用户访问权限并请求未标记admin 或moderator 权限的路由，例如

/* GET home page. */
app.get('/', user.can('access home page'), function(req, res, next) {
  res.render('index', { title: 'Express' });
});

用户登录后，我们需要另一种策略，以防用户不是admin或moderator。

Answer 2

你可以使用像sailsJS和npm模块这样的框架sails-generate-auth

设置完成后，使用你自己的中间件来阻塞路由

//allow admin only  localhost:PORT/admin at policies.js
'admin': ['passport', 'sessionAuth', 'isAdmin'],
'*': ['passport', 'sessionAuth'],


//isAdmin policy
module.exports = function(req, res, next) {
// User is allowed, proceed to the next policy, 
// or if this is the last policy, the controller
if (req.user.role == 'admin') {
    return next();
}

// User is not allowed
return res.forbidden('You are not permitted to perform this action.');
};

Answer 3

使用以下逻辑，我能够根据数据库中的值拥有管理功能：

app.get('/admin', function (req, res) {
        connection.query({
            sql : 'SELECT role from `auth_users` WHERE `username`= ?',
            timeout : 40000, // 40s
            values : [req.user['id']]
        }, function (error, results, rows) {
            if (results[0]['role'] === "admin") {
                admin = (results[0]['role']);
                res.render('admin', {
                    isAuthenticated : req.isAuthenticated(),
                    user : req.user
                });
            } else {
                admin = "";
                res.redirect('/index');
            }
        })
    });