我想确保用户经过身份验证(当登录用户获取 session 时)。
function isAuthenticated(req, res, next) {
// do any checks you want to in here
// CHECK THE USER STORED IN SESSION FOR A CUSTOM VARIABLE
// you can do this however you want with whatever variables you set up
if (req.user.authenticated)
return next();
// IF A USER ISN'T LOGGED IN, THEN REDIRECT THEM SOMEWHERE
res.redirect('/');
}
app.get('/hello', isAuthenticated, function(req, res) {
res.send('look at me!');
});
是否有另一种(更安全)的方法来检查用户是否经过身份验证?
最佳答案
使用快速 session
:
https://github.com/expressjs/session
伪代码:
var expressSession = require('express-session');
app.use(expressSession({ secret: 'secret' }));
//...//
app.get('/',function(req,res){
if (req.session.auth === undefined || req.session.auth === false){
//handle by redirection to authentication page
}
//user is authenitcated
});
关于javascript - 检查身份验证的安全方法(NodeJS/Express),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/34399747/