logo标签列表

在登录时,护照反序列化多次

node.jspassport.js
6

问题在于当我登录时,passport会运行其反序列化函数多次。虽然这对事情没有任何影响,但是以后可能会有问题。以下是日志:

Bloodmorphed has been Serialized
Bloodmorphed has been deserialized
Bloodmorphed has been deserialized
Bloodmorphed has been deserialized
Bloodmorphed has been deserialized
Bloodmorphed has been deserialized
Bloodmorphed has been deserialized

这是护照:
/*jshint esversion: 6 */
const LocalStrategy = require('passport-local').Strategy;
const db = require('../config/db');
const bcrypt = require('bcryptjs');
let io = require('./io');

module.exports = (passport) => {

  // =========================================================================
  // passport session setup ==================================================
  // =========================================================================

  // used to serialize the user for the session
  passport.serializeUser((user, done) => {
    console.log(user.username + ' has been Serialized');
    done(null, user.id);
  });

  // used to deserialize the user
  passport.deserializeUser((id, done) => {
    let sql = 'SELECT * FROM users, users_meta WHERE users.id = ? AND users_meta.id =?';
    db.query(sql, [id, id]).then(results => {
      var userdata = results[0];
      console.log(userdata.username + ' has been deserialized');
      done(null, userdata);
    });
  });

  // Local Strategy login
  passport.use('local-login', new LocalStrategy({
    passReqToCallback: true,
  }, (req, username, password, done) => {
    // Match Username
    let sql = 'SELECT * FROM users WHERE username = ?';
    db.query(sql, [username]).then(results => {
      if (!results.length) {
        return done(null, false, {
          type: 'loginMessage',
          message: 'Wrong Login',
        });
      }

      //  Match Password
      bcrypt.compare(password, results[0].password, (err, isMatch) => {
        if (isMatch) {
          var userData = results[0];
          sql = 'SELECT * FROM users_meta WHERE id = ?';
          db.query(sql, userData.id).then(results => {
            Object.assign(userData, results[0]);
            return done(null, userData);
          });

        } else {
          return done(null, false, {
            type: 'loginMessage',
            message: 'Wrong Login',
          });
        }
      });
    });
  }));
};

虽然目前这不是一个高优先级的问题,但我希望能够解决它,或者确认这是否是正常现象。

2个回答
3
请参考https://github.com/jaredhanson/passport/issues/14#issuecomment-4863459 静态文件的服务应该在passport.session之前完成。
例如,根据引用的来源:
app.configure(function() {
  app.use(express.session({ secret: 'keyboard cat' }));
  app.use(passport.initialize());
  // passport session is triggered, causing deserializeUser to be invoked
  app.use(passport.session());
  // but request was for a static asset, for which authentication is not
  // necessary
  app.use(express.static(__dirname + '/../../public'));
});

应该更改为:
app.configure(function() {
  app.use(express.logger())
  // requests for static assets will be handled immediately and will not continue
  // down the middleware stack
  app.use(express.static(__dirname + '/../../public'));
  // any request that gets here is a dynamic page, and benefits from session
  // support
  app.use(express.session({ secret: 'keyboard cat' }));
  app.use(passport.initialize());
  app.use(passport.session());
});
我确实这样做,但在我的静态文件设置之前,只有少数几件事情我会做。 - William
-1
如果我的记忆没有出错的话,Passport 在每个请求中都会进行反序列化。因为会话密钥存储在用户浏览器上的 cookie 中。
PassportJS 文档 中可以看到:

在典型的 Web 应用程序中,用于验证用户身份的凭据仅在登录请求期间传输。如果验证成功,则将通过在用户浏览器中设置的 cookie 建立并维护会话。

每个后续请求都不会包含凭据,而是唯一标识会话的 cookie。为了支持登录会话,Passport 将用户实例序列化和反序列化到会话中。

啊,好的,但是它在登录时这么多次执行确实很奇怪。除非我通过一个io通道传递它也算一次。 - William
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接