javascript - isAuthenticated() 函数无法正常工作 Node.js Passport

标签 javascript node.js express passport.js passport-local

我正在创建在线类(class)应用程序,我希望只有经过身份验证的用户才能查看类(class)详细信息和类(class)讲座。我正在使用 Passport 身份验证的本地策略进行用户身份验证。我在我的 route 添加了 isAuthenticated,但是,未经身份验证的用户仍然可以观看视频讲座。 这是我的路线文件。文件名:- course.server.routes.js

'use strict';

/**
* Module dependencies
*/
var coursesPolicy = require('../policies/courses.server.policy'),
courses = require('../controllers/courses.server.controller');
var passport = require('passport');

 var isAuthenticated = function(req, res, next) {
 // if user is authenticated in the session, call the next() to call the next request handler
 // Passport adds this method to request object. A middleware is allowed to add properties to
 // request and response objects
 if (req.isAuthenticated())
     return next();
 // if the user is not authenticated then redirect the user to the login page
 res.redirect('/');
};

module.exports = function (app) {
// Courses collection routes
app.route('/api/courses').all(coursesPolicy.isAllowed)
.get(courses.list)
.post(courses.create);

// Single course routes
app.route('/api/courses/:courseId', isAuthenticated).all(coursesPolicy.isAllowed)
.get(courses.read)
.put(courses.update)
.delete(courses.delete);

// Finish by binding the course middleware
app.param('courseId', courses.courseByID);
};

这是我的路由 Controller 文件。文件名:- course.server.controller.js

'use strict';

/**
* Module dependencies
*/
var path = require('path'),
mongoose = require('mongoose'),
Course = mongoose.model('Course'),
errorHandler = require(path.resolve('./modules/core/server/controllers/errors.server.controller'));
var passport = require('passport');

/**
* Create an course
*/
exports.create = function (req, res) {
var course = new Course(req.body);
course.user = req.user;

course.save(function (err) {
if (err) {
  return res.status(422).send({
    message: errorHandler.getErrorMessage(err)
  });
} else {
  res.json(course);
}
});
};

/**
* Show the current course
*/
exports.read = function (req, res) {
// convert mongoose document to JSON
var course = req.course ? req.course.toJSON() : {};

// Add a custom field to the Course, for determining if the current User is the "owner".
// NOTE: This field is NOT persisted to the database, since it doesn't exist in the Course model.
course.isCurrentUserOwner = !!(req.user && course.user && course.user._id.toString() === req.user._id.toString());

console.log('course value is: ' + course);
console.log('video lecture embed value is: ' + course.courseLecture.lecture_video);

res.json(course);
};

/**
* Update an course
*/
exports.update = function (req, res) {
var course = req.course;

course.title = req.body.title;
course.content = req.body.content;
course.courseLecture.lecture_video =  req.body.courseLecture.lecture_video;
console.log('course lecture video url is: ' + req.body.courseLecture.lecture_video);
course.save(function (err) {
if (err) {
  return res.status(422).send({
    message: errorHandler.getErrorMessage(err)
  });
} else {
  res.json(course);
}
});
};

/**
* Delete an course
*/
exports.delete = function (req, res) {
var course = req.course;

course.remove(function (err) {
if (err) {
  return res.status(422).send({
    message: errorHandler.getErrorMessage(err)
  });
} else {
  res.json(course);
}
});
};

/**
* List of Courses
*/
exports.list = function (req, res) {
Course.find().sort('-created').populate('user',  'displayName').exec(function (err, courses) {
if (err) {
  return res.status(422).send({
    message: errorHandler.getErrorMessage(err)
  });
} else {
  res.json(courses);
}
});
};

/**
* Course middleware
*/
exports.courseByID = function (req, res, next, id) {

if (!mongoose.Types.ObjectId.isValid(id)) {
return res.status(400).send({
  message: 'Course is invalid'
});
}

Course.findById(id).populate('user', 'displayName').exec(function (err, course) {
if (err) {
  return next(err);
} else if (!course) {
  return res.status(404).send({
    message: 'No course with that identifier has been found'
  });
}
req.course = course;
next();
});
};

我无法弄清楚这里出了什么问题。

最佳答案

http动词调用isAuthenticated函数意味着从get、post、patch、delete

喜欢:

app.route('/api/courses/:courseId')
 .get(isAuthenticated, courses.read)

还可以将 isAuthenticated 写入另一个文件并从您的路由中使用它

Can see this example

关于javascript - isAuthenticated() 函数无法正常工作 Node.js Passport ,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/41818146/

上一篇:r - 从 node.js 调用 Rscript

下一篇:node.js - 检测 Node 响应的内容类型的最佳方法是什么?

相关文章:

javascript - 循环收集异步和同步数据

javascript - 使用 javascript 添加文本 innerHTML 时出现错误 TypeError : document. getElementById(...) 为空?

node.js - Mongoose 和 NodeJS 中的多个数据库使用相同的引用文件架构

mysql - Node MySQL 连接不工作

来自 GCS 的 ExpressJS 管道视频

javascript - 按键延迟,如何限制只执行一次函数调用?

javascript - 我的 Electron 离线应用程序使用什么数据库

node.js - 当我在 Laravel 项目中运行 npm install 时,它显示错误 - npm WARN deprecated gulp-util@3.0.8 : gulp-util is deprecated - replace it

javascript - UnhandledPromiseRejectionWarning : Error: Script failed to execute- Electron execute script

node.js - 语法错误 : Unexpected token import - Express

©2024 IT工具网  联系我们