所以,我希望我的用户 session 在登录/注册时持续存在,但事实并非如此。
官方文档说要添加此开头:
app.use(express.session({ secret: 'keyboard cat' }));
app.use(passport.initialize());
app.use(passport.session());
我就是这么做的。然后它继续指定:
在典型的 Web 应用程序中,用于验证用户身份的凭据只会在登录请求期间传输。如果身份验证成功,将通过用户浏览器中设置的 cookie 建立并维护 session 。 每个后续请求将不包含凭据,而是包含标识 session 的唯一 cookie。为了支持登录 session ,Passport 将对 session 中的用户实例进行序列化和反序列化。
passport.serializeUser(function(user, done) {
console.log("serialize user: ", user);
done(null, user[0]._id);
});
passport.deserializeUser(function(id, done) {
User.findById(id, function(err, user) {
done(err, user);
});
});
如果我理解正确的话,登录后,用户应该看到一个新的 cookie 被设置。 我的序列化和反序列化功能似乎有效。当我登录用户后,控制台将记录用户详细信息。控制台中没有错误消息。 但是,当我登录用户时,我没有看到任何 cookie。
我应该手动添加额外的命令吗?像这样的东西:
res.cookie('userid', user.id, { maxAge: 2592000000 });
我正在使用 Redux,那么我是否应该使用经过身份验证的(真或假)变量通过化简器处理持久 session ?
我想我现在对服务器端应该做什么和客户端应该做什么有点困惑。
最佳答案
//npm modules
const express = require('express');
const uuid = require('uuid/v4')
const session = require('express-session')
const FileStore = require('session-file-store')(session);
const bodyParser = require('body-parser');
const passport = require('passport');
const LocalStrategy = require('passport-local').Strategy;
const users = [
{id: '2f24vvg', email: 'test@test.com', password: 'password'}
]
// configure passport.js to use the local strategy
passport.use(new LocalStrategy(
{ usernameField: 'email' },
(email, password, done) => {
console.log('Inside local strategy callback')
// here is where you make a call to the database
// to find the user based on their username or email address
// for now, we'll just pretend we found that it was users[0]
const user = users[0]
if(email === user.email && password === user.password) {
console.log('Local strategy returned true')
return done(null, user)
}
}
));
// tell passport how to serialize the user
passport.serializeUser((user, done) => {
console.log('Inside serializeUser callback. User id is save to the session file store here')
done(null, user.id);
});
// create the server
const app = express();
// add & configure middleware
app.use(bodyParser.urlencoded({ extended: false }))
app.use(bodyParser.json())
app.use(session({
genid: (req) => {
console.log('Inside session middleware genid function')
console.log(`Request object sessionID from client: ${req.sessionID}`)
return uuid() // use UUIDs for session IDs
},
store: new FileStore(),
secret: 'keyboard cat',
resave: false,
saveUninitialized: true
}))
app.use(passport.initialize());
app.use(passport.session());
// create the homepage route at '/'
app.get('/', (req, res) => {
console.log('Inside the homepage callback')
console.log(req.sessionID)
res.send(`You got home page!\n`)
})
// create the login get and post routes
app.get('/login', (req, res) => {
console.log('Inside GET /login callback')
console.log(req.sessionID)
res.send(`You got the login page!\n`)
})
app.post('/login', (req, res, next) => {
console.log('Inside POST /login callback')
passport.authenticate('local', (err, user, info) => {
console.log('Inside passport.authenticate() callback');
console.log(`req.session.passport: ${JSON.stringify(req.session.passport)}`)
console.log(`req.user: ${JSON.stringify(req.user)}`)
req.login(user, (err) => {
console.log('Inside req.login() callback')
console.log(`req.session.passport: ${JSON.stringify(req.session.passport)}`)
console.log(`req.user: ${JSON.stringify(req.user)}`)
return res.send('You were authenticated & logged in!\n');
})
})(req, res, next);
})
// tell the server what port to listen on
app.listen(3000, () => {
console.log('Listening on localhost:3000')
})
关于node.js - 如何持 Passport 开会?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/49360887/