我以前的 server.js 是这样的: 运行服务器后,我可以看到我的 index.html
var connect = require('connect');
var serveStatic = require('serve-static');
connect().use(serveStatic(__dirname)).listen(5000, '192.168.xx.xx', function(){
console.log('Server running on 5000');
});
我想创建http登录名和密码来保护网站,所以我在网上找到了http模块的信息:如果我输入正确的登录名和密码,我可以看到祝贺信息:
var http = require('http');
var server = http.createServer(function(req, res) {
// console.log(req); // debug dump the request
// If they pass in a basic auth credential it'll be in a header called "Authorization" (note NodeJS lowercases the names of headers in its request object)
var auth = req.headers['authorization']; // auth is in base64(username:password) so we need to decode the base64
console.log("Authorization Header is: ", auth);
if(!auth) { // No Authorization header was passed in so it's the first time the browser hit us
// Sending a 401 will require authentication, we need to send the 'WWW-Authenticate' to tell them the sort of authentication to use
// Basic auth is quite literally the easiest and least secure, it simply gives back base64( username + ":" + password ) from the browser
res.statusCode = 401;
res.setHeader('WWW-Authenticate', 'Basic realm="Secure Area"');
res.end('<html><body>Need authorization</body></html>');
}
else if(auth) { // The Authorization was passed in so now we validate it
var tmp = auth.split(' '); // Split on a space, the original auth looks like "Basic Y2hhcmxlczoxMjM0NQ==" and we need the 2nd part
var buf = new Buffer(tmp[1], 'base64'); // create a buffer and tell it the data coming in is base64
var plain_auth = buf.toString(); // read it back out as a string
console.log("Decoded Authorization ", plain_auth);
// At this point plain_auth = "username:password"
var creds = plain_auth.split(':'); // split on a ':'
var username = creds[0];
var password = creds[1];
if((username == 'admin') && (password == 'admin')) { // Is the username/password correct?
res.statusCode = 200; // OK
res.end('<html><body>Congratulations, feel free to explre!</body></html>');
}
else {
res.statusCode = 401; // Force them to retry authentication
res.setHeader('WWW-Authenticate', 'Basic realm="Secure Area"');
// res.statusCode = 403; // or alternatively just reject them altogether with a 403 Forbidden
res.end('<html><body>You shall not pass</body></html>');
}
}
});
server.listen(5000, function() { console.log("Server Listening on http://localhost:5000/"); });
我是nodejs新手,想知道这2个js怎么结合?为了实现我给自己的web添加授权的功能。 我可以做些什么来显示我的索引而不是在输入登录名和密码后显示祝贺消息吗?
非常感谢。
最佳答案
为了显示 HTML 页面而不是祝贺信息,您可以按照以下步骤操作:
- 通过
req.url获取请求路径,如/或/introduction.html。 - 根据上述路径,使用
fs.readFile()读取服务器磁盘中对应的HTML文件。 - 如果读取成功,则将 HTML 文件内容返回给浏览器。否则返回
404错误页面。
下面是上述步骤的一些示例代码:
if((username == 'admin') && (password == 'admin')) { // Is the username/password correct?
res.statusCode = 200; // OK
// res.end('<html><body>Congratulations, feel free to explre!</body></html>');
var requestURL = req.url; // e.g. / or /a or /a.html
var requestFilePath = getFilePathFromRequestURL(requestURL); // you need to implement this logic yourself, such as "/" mapping to "./index.html"
fs.readFile(requestFilePath, function(error, data) {
if (error) {
res.statusCode = 404;
res.write('File not found.');
} else {
res.statusCode = 200;
res.write(data);
}
res.end();
});
}
但是,除非您想编写一些低级的 node.js 代码以更好地理解这门语言,否则我强烈建议您使用 Express 等 node.js Web 框架。使用低级 node.js 服务 HTTP 请求会很乏味,尤其是在生产代码中。
另外,请注意,使用 WWW-Authenticate Basic 进行身份验证既不安全也不便于用户使用。您需要一些其他方式来实现身份验证,例如 JSON Web Tokens
关于javascript - 使用 node.js 的 HTTP 授权,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/43341816/