logo标签列表

Nodejs Express3使用会话检查用户是否已登录

javascriptnode.jssessioncookiesexpress
4
我有以下的app.js代码。
app.configure(function(){
  app.set('port', process.env.PORT || 3000);
  app.set('views', __dirname + '/views');
  app.enable('jsonp callback');
  app.set('view engine', 'jade');
  app.set('view options', {layout : false});
  app.use(express.bodyParser());
  app.use(express.methodOverride());
  app.use(express.cookieParser());
  app.use(express.session({
    secret : 'abcdefg'      
  }));
  app.use(app.router);
  app.use(express.static(__dirname + '/public'));
  app.use(function(req, res, next){
    res.locals.user = req.session.user;
    next();
  })

});

我正在尝试让我在.jade视图上的以下代码能够工作:
- if(session.user)
          div#logoutsection.pull-right
            a#logout-btn.btn.btn-info.pull-right.top-bar-form-button(href='logout/') Logout
            p#loginprompt.pull-right.login-prompt #{session.user.username} logged In
        - else
          ul.pull-right
            li
          a#signup-btn.btn.pull-right.top-bar-form-button(href='#signup-modal', data-toggle="modal") Sign Up

如果用户未登录,请提供注册选项;如果用户已登录,请告知他们已经“登录”。我将函数添加到了app.configure代码的末尾,因为之前它使用了dynamicHelpers()。有人告诉我应该使用cookieParser(),但是我该如何编写代码以便检查我的用户是否已登录,并像上面那样提供他们的用户名呢?
感谢任何帮助。
谢谢!
编辑:index.js
'use strict'

var util = require('util');
var Logger = require('devnull');
var logger = new Logger({namespacing : 0});
var User  = require('../schemas/User');
var Post = require('../schemas/Post');

/**
  * Get Meta information about all the Post's
  */
var getAllMeta = function(req, res, next){
  Post.getAllMeta(function(err, postsList){
    if(!err && postsList){
      req.postsList = postsList;
    }
    next(err);
  });
};

/**
  * validate the signup credentials entered by the user
  * @param {String} username 
  * @param {String} pass1 : first password
  * @param {String} pass2 : verification password
  */
var validateUserData = function(username, pass1, pass2){
  if(pass1.trim() !== pass2.trim()){
    util.log('Passwords not Matching ' + pass1 + ' ' + pass2);
    return 'Passwords not Matching';
  }
  return '';
  //put any other validations here
};

/*
 * GET home page.
 */
module.exports = function(app){
  /**
    * Map the URL '/' to the callback
    */
  app.get('/', function(req, res){
    logger.log('Serving request for url [GET]' + req.route.path)
    Post.getAll(function(err, allPosts){
      if(!err && allPosts){
        res.render('index', {'allPosts' : allPosts});
      }else{
        util.log('Error fetching posts from database : ' + err);
        res.render('error');
      }
    });
  });

  /**
    * Map the URL '/login' to the callback
    */
  app.post('/login', function(req, res){
    logger.log('Serving request for url [POST] ' + req.route.path);
    var username = req.body.User;
    var password = req.body.Password;

    User.validateUser(username, password, function(err, user){
      if(err && !user){
        res.json({
          retStatus : 'failure'  
        });
      }else{
        console.log(user);
        req.session.user = user;
        res.json({
          retStatus : 'success',
          user : user ,
        });
      }
    });
  });

  /**
    * Logout the current user and clear the session
    */
  app.get('/logout', function(req, res){
    logger.log('Serving request for url [GET] ' + req.route.path);
    req.session.user = undefined;
    res.redirect('/');
  });

  /**
    * Add a new User to database
    */
  app.post('/signup', function(req, res){
    util.log('Serving request for url [POST] ' + req.route.path);
    var signupForm = req.body.signupForm;
    var username = signupForm.username;
    var pass1 = signupForm.pass1;
    var pass2 = signupForm.pass2;

    var validateMsg = validateUserData(username, pass1, pass2);
    if(validateMsg !== ''){
      res.json({
        'retStatus' : 'failure',
        'message' : validateMsg
      });
    }else{
      var newUser = new User();
      newUser.username = username;
      newUser.password = pass1;

      newUser.save(function(err, savedUser){
        var message = '';
        var retStatus = '';
        if(!err){
          util.log('Successfully created new user with Username : ' + username);
          message = 'Successfully created new user : ' + username;
          retStatus = 'success';
          req.session.user = savedUser;
        }else{
          util.log('Error while creating user : ' + username + ' error : ' + util.inspect(err));
          if(err.code === 11000){
            message = "User already exists";
          }
          retStatus = 'failure';
        }
        res.json({
          'retStatus' : retStatus,
          'message' : message
        });
      });
    }
  });

  app.get('/admin', getAllMeta, function(req, res){
    util.log('Serving request for url [GET] ' + req.route.path);    
    if(req.session.user){
      res.render('post', {'postsList' : req.postsList});
    }else{
      res.redirect('/');
    }
  });

  /**
    * Save the post to database
    */
  app.post('/admin/save/post', function(req, res){
    var postContent = req.body.postContent;

    if(postContent.postKey === '' || postContent.postKey === undefined){
      var post = new Post();
      post.subject  = postContent.postSubject;
      post.content  = postContent.postContent;
      post.author   = req.session.user.username;
      post.tags     = postContent.postTags;

      post.save(function(err, response){
        if(!err && response){
          util.log('Successfully saved Post with id : ' + response.id);
          res.json({
            'retStatus' : 'success',
            'data' : response
          })
        }else{
          util.log('Error saving the Post : ' + err);
          res.json({
          'retStatus' : 'failure',
            'error' : err
          });
        }
      });
    }else{
      var conditions = {'key' : postContent.postKey};
      var update = {
        'subject' : postContent.postSubject,
        'content' : postContent.postContent,
        'tags' : postContent.postTags
      };

      Post.update(conditions, update, null, function(err, numAffected){
        if(!err && numAffected){
          util.log('Successfully updated the Post with id : ' + postContent.postKey);
          res.json({
            'retStatus' : 'success',
            'numAffected' : numAffected
          });
        }else{
          util.log('Error updating the Post with id : ' + postContent.postKey + ' ' + err);
          res.json({
            'retStatus' : 'failure'
          });
        }
      });
    }
  });

  app.get('/post/show/:key', function(req, res){
    Post.findByKey(req.params.key, function(err, postData){
      if(!err && postData){
      postData = postData[0];
        res.json({
          'retStatus' : 'success',
          'postData' : postData
        });
      }else{
        util.log('Error in fetching Post by key : ' + req.params.key);
        res.json({
          'retStatuts' : 'failure',
          'msg' : 'Error in fetching Post by key ' + req.params.key
        });
      }
    }); 
  });

  app.post('/admin/save/', function(req, res){
    //container for saving a post
  });

  app.get('/admin/remove/:key', function(req, res){
    //container for deleting a post
  });

  app.get('/contact', function(req, res){
    util.log('Serving request for url[GET] ' + req.route.path);
    res.render('contact');
  });
};

User.js

'use strict'

var util    = require('util');
var bcrypt  = require('bcrypt');
var mongoose = require('mongoose');
var Schema   = mongoose.Schema;

var validatePresenceOf = function(value){
  return value && value.length; 
};

var toLower = function(string){
  return string.toLowerCase();
};

var User = new Schema({
  'username' : { type : String, 
              validate : [validatePresenceOf, 'a Username is required'],
              set : toLower,
              index : { unique : true }
              },
  'password' : String,
});

User.statics.findUser = function(username, password, cb){
  return  this.find({'username' : username}, cb);
};

User.statics.validateUser = function(username, password, cb){
  this.find({'username' : username}, function(err, response){
    var user = response[0];
    if(!user || response.length === 0){
      cb(new Error('AuthFailed : Username does not exist'));
    }else{
      if(password == user.password){
        util.log('Authenticated User ' + username);
        cb(null, user);
      }else{
        cb(new Error('AuthFailed : Invalid Password'));
      }
    }
  });
};

module.exports = mongoose.model('User' , User);
你将user设置为模板变量,但尝试使用session.user访问它。也许只需尝试if(user) - loganfsmyth
@loganfsmyth 这给了我与使用 session.user 相同的响应,即 user 未定义 - germainelol
2个回答
1
也许我理解你的问题有误,但你唯一缺少的是一个路由,在该路由中对用户进行身份验证,例如:
app.post('/login', function(req, res){
  if(req.body.user == 'Ryan' && req.body.password == 'Dahl'){
    req.session.user = aUserIdOrUserObject;
    res.send(200) // or redirect
  }
};

这只是伪代码。显然,您需要检查用户和密码是否与您的数据库匹配。
第二点您缺少的是一个永久的会话存储,例如https://github.com/masylum/connect-mongodbhttps://github.com/CarnegieLearning/connect-mysql-session。内存存储仅适用于开发,生产环境中使用可能会导致服务器崩溃。
我认为你的视图代码很好。你缺少的是登录逻辑。如果你只是尝试开始,可以使用http://passportjs.org/或另一个身份验证包http://nodetoolbox.com/categories/Authentication 。这应该可以使你轻松地开始。还有一个可能有用的链接: https://dev59.com/s3A75IYBdhLWcg3wDUi2 - topek
请在您的中间件中完成以下程序相关内容的翻译。将翻译后的文本返回:这应该在您的中间件中完成。在您的中间件中放置一个控制台日志并确保其运行。 - topek
http.createServer(app).listen(app.get('port'), function(){ console.log("Express server listening on port " + app.get('port')); app.get('/', function(req, res){ res.render('index', {user: req.local.user}) }); });我应该在这里添加吗?通过中间件,我理解这是在此处与服务器建立某种连接,因此我假设您的意思是在此处添加,其中用户仍未定义。我将尝试其他地方,但我不明白。 - germainelol
app.use(function(req, res, next){ res.locals.user = req.session.user; next(); }) app.get('/', function(req, res){ res.render('index', {user: req.local.user}) });我现在已经有这个了,但是我仍然得到相同的错误,即我没有定义“user”:/ 感谢您的所有帮助,另外我想补充一点... - germainelol
你可以尝试将那个中间件放在app.use(express.router)之前。我不太确定,但我想我曾经遇到过类似的问题。 - topek
显示剩余13条评论
1

我在我工作的应用程序中所做的,为了避免在每个控制器操作中进行此验证,是:

//userValidation.js
module.exports = function(req, res, next){
    if(req.body.user == 'Ryan' && req.body.password == 'Dahl'){
        next();
    }else res.send("Not auth");
}

//controller.js
var validate = require("./userValidation");

app.post("/route", validate, function(req, res){
    //if execution get to this point you are sure that user is authenticated.
});

这段代码也来自我工作的应用程序,这是我们设置会话工作的方式。为了开发目的,您可以将MongoStore替换为MemoryStore

app.configure(function(){
        app.set('views', __dirname + '/views');
        app.set('view engine', 'jade');

        app.use(connect.compress());
        app.use(express.static(__dirname + "/public", { maxAge: 6000000 }));
        app.use(express.favicon(__dirname + "/public/img/favicon.ico", { maxAge: 6000000 }));    
        app.use(express.bodyParser());
        app.use(express.methodOverride());
        app.use(express.cookieParser());
        app.use(express.session({
            secret: config.sessionSecret,
            maxAge: new Date(Date.now() + (1000 * 60 * 15)),
            store: new MongoStore({ url: config.database.connectionString })
        }));
        app.use(function(req, res, next){
            console.log("\n~~~~~~~~~~~~~~~~~~~~~~~{   REQUEST   }~~~~~~~~~~~~~~~~~~~~~~~".cyan);
            res.locals.config = config;
            res.locals.session = req.session;
            res.locals.utils = viewUtils;
            next();
        });
        app.use(app.router);
        app.use(function(req, res, next){
            res.status(404).send("Resource not found");
        });
});

为了将用户设置在会话中,我们有以下代码:
var User = require("../utils/modelRegistrar").user; //any way to get the User model
var userRepository = require("../domain/repositories/usuarioRepository");
var hash = require("../utils/hash");

module.exports.init = function(app, io){
    app.publicPost("/login", login);
    app.put("/exit", exit);
};

function login(req, res){
    var dadosDeLogin = req.body.dadosDeLogin; 
    userRepository.autenticar(dadosDeLogin.login, /*hash.md5(*/dadosDeLogin.senha/*)*/, function(err, user){
        if(err) req.next(err);
        if(user){
            user.lastAcess = new Date();
            user.access++;

            userRepository.update(user, ["lastAcess", "acess"], function(err){
                if(err) req.next(err);
                else{
                    req.session.logedUser = user;
                    res.redirect("/home");
                }
            });
        }
        else res.redirect("/#user-not-found");
    });
};

function exit(req, res){
    if(req.session.logedUser) delete req.session.logedUser;
    res.redirect("/");
}

可能代码的某些部分仍然是葡萄牙语

谢谢回复,我已经在模式下添加了我拥有的User.js代码。这本身应该可以工作吗?如果您查看以前问题的答案中的注释,我还尝试通过他的方法使会话工作,但尚未成功。 - germainelol
你是在哪里/如何定义 config.sessionSecretconfigmemoryStoreviewUtils 的? - germainelol
这些值并不重要,您可以忽略它们。它们在会话配置中没有用处(除了MemoryStore和MongoStore)。Config是一个具有项目特定配置的对象,memoryStore是将会话对象保存到内存的默认方式(在生产中无用)。 - Renato Gama
抱歉,我不太了解MemoryStore。我只是想让我的代码在用户登录时将用户名传递给视图。目前,由于我不知道如何修复的错误,我甚至无法运行应用程序。 - germainelol
当我运行程序时,出现了“user未定义”的错误,但是我也有一个console.log函数,正如您在其他问题的注释中所看到的那样,它没有在控制台中打印。app.get('/', function(req, res){ res.render('index', {user: req.local.user}) }); - germainelol
显示剩余2条评论
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接