Check each node.js request for authentication credentials

前端 未结 3 1444
北海茫月
北海茫月 2021-01-30 23:08

I\'m using node.js with Express and connect-auth to authenticate users.

This is the verification when requesting /index:

if(req.isAuthenticated()) {
  re         


        
相关标签:
3条回答
  • 2021-01-30 23:31

    You can use sessions mechanism provided by connect. Put this code in app.configure() to enable it:

      app.use(express.cookieParser());
      app.use(express.session({
        secret: 'some string used for calculating hash'
      }));
    

    After that, you′ll be able to use req.session object (different for each request) to store your authentication data (or anything else). So, your example code will look something like this:

    if (req.session && req.session.authorized) {
      res.redirect('/dashboard');
    }
    else {
      res.render('index', {layout: 'nonav'});
    }
    

    And authentication will look like this:

    req.session.authorized = checkPassword(login, passw);
    

    Logout:

    req.session.destroy();
    

    More info can be found here.

    0 讨论(0)
  • 2021-01-30 23:37
    app.all('*',function(req,res,next){
        if(req.isAuthenticated()){
            next();
        }else{
            next(new Error(401)); // 401 Not Authorized
        }
    });
    // NOTE: depending on your version of express,
    // you may need to use app.error here, rather
    // than app.use.
    app.use(function(err,req,res,next){
        // Just basic, should be filled out to next()
        // or respond on all possible code paths
        if(err instanceof Error){
            if(err.message === '401'){
                res.render('error401');
            }
        }
    });
    

    If you define the all route before routes which require authentication and after routes which do not (such as the home page, login, etc) then it should only affect the routes that need it. Alternatively you could use a RegExp instead of '*', which would include a subpath or list of paths that require authentication.

    Another option would be to create a function to include in each route that requires auth:

    function IsAuthenticated(req,res,next){
        if(req.isAuthenticated()){
            next();
        }else{
            next(new Error(401));
        }
    }
    app.get('/login',function(req,res,next){
        res.render('login');
    });
    app.get('/dashboard',IsAuthenticated,function(req,res,next){
        res.render('dashboard');
    });
    app.get('/settings',IsAuthenticated,function(req,res,next){
        res.render('settings');
    });
    
    0 讨论(0)
  • 2021-01-30 23:38

    Another way is to app.use a middleware function. (Example in CoffeeScript.)

    # middleware
    authKick = (req, res, next) ->
      if not do req.isAuthenticated then return res.redirect '/login'
      return do next
    
    # apply
    app.use authKick
    

    This will work on each request without having to touch the routes.

    0 讨论(0)
提交回复
热议问题