发表新帖
发表新帖

Check each node.js request for authentication credentials

前端 未结
关注
3 1442
北海茫月
北海茫月 2021-01-30 23:08

I\'m using node.js with Express and connect-auth to authenticate users.

This is the verification when requesting /index:

if(req.isAuthenticated()) {
  re
相关标签:
3条回答
  • 野的像风
    2021-01-30 23:31

    You can use sessions mechanism provided by connect. Put this code in app.configure() to enable it:

      app.use(express.cookieParser());
  app.use(express.session({
    secret: 'some string used for calculating hash'
  }));

    After that, you′ll be able to use req.session object (different for each request) to store your authentication data (or anything else). So, your example code will look something like this:

    if (req.session && req.session.authorized) {
  res.redirect('/dashboard');
}
else {
  res.render('index', {layout: 'nonav'});
}

    And authentication will look like this:

    req.session.authorized = checkPassword(login, passw);

    Logout:

    req.session.destroy();

    More info can be found here.

    0 讨论(0)
  • 时光取名叫无心
    2021-01-30 23:37 
    app.all('*',function(req,res,next){
    if(req.isAuthenticated()){
        next();
    }else{
        next(new Error(401)); // 401 Not Authorized
    }
});
// NOTE: depending on your version of express,
// you may need to use app.error here, rather
// than app.use.
app.use(function(err,req,res,next){
    // Just basic, should be filled out to next()
    // or respond on all possible code paths
    if(err instanceof Error){
        if(err.message === '401'){
            res.render('error401');
        }
    }
});

    If you define the all route before routes which require authentication and after routes which do not (such as the home page, login, etc) then it should only affect the routes that need it. Alternatively you could use a RegExp instead of '*', which would include a subpath or list of paths that require authentication.

    Another option would be to create a function to include in each route that requires auth:

    function IsAuthenticated(req,res,next){
    if(req.isAuthenticated()){
        next();
    }else{
        next(new Error(401));
    }
}
app.get('/login',function(req,res,next){
    res.render('login');
});
app.get('/dashboard',IsAuthenticated,function(req,res,next){
    res.render('dashboard');
});
app.get('/settings',IsAuthenticated,function(req,res,next){
    res.render('settings');
});
    0 讨论(0)
  • 心在旅途
    2021-01-30 23:38

    Another way is to app.use a middleware function. (Example in CoffeeScript.)

    # middleware
authKick = (req, res, next) ->
  if not do req.isAuthenticated then return res.redirect '/login'
  return do next

# apply
app.use authKick

    This will work on each request without having to touch the routes.

    0 讨论(0)
 看不清?
提交回复
热议问题