我的 Express 应用程序设置使用 Passport 进行授权。当新用户注册时,我想进行电子邮件验证。因此,在用户发布凭据后,/signup 路由会获取请求,并成功重定向到/sendmail 进行验证。
app.post('/signup', passport.authenticate('local-signup', {
successRedirect : '/sendmail',
failureRedirect : '/signup'
}));
此外,为了防止未经授权的 session ,在/signup 路由中,用户将被注销并销毁 session 。
app.get('/sendmail', function(req, res) {
res.render('mailsent.ejs', {
message: 'An email with verification link has been sent to ' + req.user.email + '. Please follow the link in your mail to verify your account before logging in.'
});
/* From keeping user authenticated after signup (not verfied yet)*/
req.logOut();
req.session.destroy();
}
});
我的问题是,由于 session 已经被销毁,当最终用户刷新浏览器或直接访问/sendmail 路由时,浏览器什么也得不到。如何防止这种情况。换句话说,在 app.get('/sendmail') 路由中,我如何检查 session 是否开启(有效的请求对象),否则重定向到“/”。
最佳答案
您可以使用中间件路由,如下所示:
app.use('/sendmail', function(req, res, next) { // Middleware for only the `/sendmail` route
if (req.session.authenticated) {
next();
} else {
res.redirect("/");
}
});
或者直接将其放入您的 route :
app.get('/sendmail', function(req, res) {
if (!req.session.authenticated) {
return res.redirect("/"); // Redirect to home page if not authenticated
}
res.render('mailsent.ejs', {
message: 'An email with verification link has been sent to ' + req.user.email + '. Please follow the link in your mail to verify your account before logging in.'
});
/* From keeping user authenticated after signup (not verfied yet)*/
req.logOut();
req.session.destroy();
}
});
关于node.js - 如何处理 Express 中过期的路线/ session ?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/36739784/