javascript - Session Node.js + Passport.js + Redis,通过user.id存储 session

标签 javascript node.js redis passport.js middleware

当用户登录时,会为他创建一个 session ,但如果他转到另一台计算机并登录,则会为他的帐户创建第二个 session 。我想做到这一点,以便用户不能超过一个有效 session 。有没有办法通过user.steamId把session存在redis中,这样他的第一个session就失效了?

任何帮助都将非常感谢!

应用程序.js

    var express = require('express'),
    http = require('http');
var app = express();
var cookie = require('cookie');
var server = http.createServer(app);
var io = require('socket.io').listen(server);
var redis = require('redis');
var client = redis.createClient();
var session = require('express-session');
var redisStore = require('connect-redis')(session);
io.set('transports', ['websocket']);

var path = require('path');
var logger = require('morgan');
var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');
var passport = require('passport');
const fs = require('fs');
require('./config/passport')(passport);


var sessionMiddleware = session({
    store:new redisStore({host:'localhost',port:6379,client:client}),
    secret:'secretTextchange',
    saveUninitialized:false,
    resave:false
});
// view engine setup
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'ejs');

// uncomment after placing your favicon in /public
//app.use(favicon(path.join(__dirname, 'public', 'favicon.ico')));
app.use(logger('dev'));

app.use(sessionMiddleware);
app.use(passport.initialize());
app.use(passport.session());
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
app.use(cookieParser());
app.use(express.static(path.join(__dirname, 'public')));

require('./routes/routes')(app,passport,client);

// catch 404 and forward to error handler
app.use(function(req, res, next) {
  var err = new Error('Not Found');
  err.status = 404;
  next(err);
});
io.use(function(socket, next) {
    sessionMiddleware(socket.request, {}, next);
});
io.sockets.on('connection', function (socket) {
        console.log("verified");
        socket.on('message',function(msg){
            io.sockets.emit('rmessage', {
                name:socket.request.session.passport.user.name,
                avatarUrl:socket.request.session.passport.user.avatarUrl,
                message:msg
            });
        });

});

// error handlers

// development error handler
// will print stacktrace
if (app.get('env') === 'development') {
  app.use(function(err, req, res, next) {
    res.status(err.status || 500);
    res.render('error', {
      message: err.message,
      error: err
    });
  });
}

// production error handler
// no stacktraces leaked to user
app.use(function(err, req, res, next) {
  res.status(err.status || 500);
  res.render('error', {
    message: err.message,
    error: {}
  });
});
server.listen(3000);

module.exports = app;

Passport .js

var OpenIDStrategy = require('passport-openid').Strategy;
var auth = require('./auth');
var steam = require('./steam');
var s = new steam({
    apiKey: auth.Steam.apiKey,
    format:'json'
})
module.exports = function(passport){

    passport.serializeUser(function(user, done) {

        done(null, user);
    });

    passport.deserializeUser(function(user, done) {


        done(null,user);
    });

    var SteamStrategy = new OpenIDStrategy({
            // OpenID provider configuration
            providerURL: auth.Steam.providerUrl,
            stateless: auth.Steam.stateless,
            // How the OpenID provider should return the client to us
            returnURL: auth.Steam.returnUrl,
            realm: auth.Steam.realm,
        },

        function(identifier, done) {

            process.nextTick(function () {
                console.log("passport-"+identifier);

                s.getPlayerSummaries({
                    steamids:identifier.match(/\d+$/)[0],
                    callback:function(err,data){
                        var user = {
                            steamid:identifier.match(/\d+$/)[0],
                            avatarUrl: data.response.players[0].avatar,
                            name:data.response.players[0].personaname
                        };
                        return done(null, user);
                    }
                });
                // In case of an error, we invoke done(err).
                // If we cannot find or don't like the login attempt, we invoke
                // done(null, false).
                // If everything went fine, we invoke done(null, user).
            });
        });

    passport.use(SteamStrategy);

}

路由.js

module.exports = function(app,passport,client){

    app.get('/', function (req,res) {
        res.render('index.ejs',{
                                user: req.user,
                               title:"yo"});
    });

    app.get('/auth',passport.authenticate('openid'));

    app.get('/auth/return',passport.authenticate('openid'),function(req,res){

        if (req.user) {
            res.redirect('/');
        } else {
            res.redirect('/');
        }
    });
}

最佳答案

你能用这个吗:https://www.npmjs.com/package/redis-sessions

有一个名为 soid 的方法,它可以获取单个 ID 的所有 session 。您可以在用户登录时查询他们的 ID。然后从该 ID 获取所有 session 。如果 soid 返回空,您可以安全地假设用户没有 session 。如果它返回时里面有东西,那么用户就有了 session 。

这是我目前最好的尝试。

祝你好运。

关于javascript - Session Node.js + Passport.js + Redis,通过user.id存储 session ,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/35076481/

上一篇:security - 如何通过命令行安全地连接到 Heroku Redis?

下一篇:javascript - socket.io-redis 在 redis 3.0.6 中出现尾随字节错误

相关文章:

javascript - select2 v.4 多重选择 - 如何设置 "default"(最小)高度

sql-server - 如何在 Angular 中将同步调用变成异步调用?

node.js - expressjs可以和nodejs net一起使用来监听TCP协议(protocol)吗

android - 我在用户注册时发送推送通知,它只向注册用户发送通知,我可以将其更改为每个使用该应用程序的人吗?

redis - 对 redis 的可能的安全攻击

ruby-on-rails - 如果 Sidekiq 未处于运行状态,则自动启动它 - Rails

javascript - OData 返回数组而不是 JSON - 如何转换?

javascript - 为什么我的 javascript 程序没有将其转换为整数而不是字符串?

javascript - 如何将纯黑白图像转换为多边形集合?

ruby - resque 被 worker job 阻塞

©2024 IT工具网  联系我们