问题
I work on a web app hosted on heroku. As database I try to use back4app. With help of the back4app documention I have realized the log in. Since two days I try to get the session to work with it.
Therefore I have read a lot of blogs, articels and of course the parse documentation. But I'm not able to get it to work. I hope, you will find my problem. Following code is my lastest attempt:
const express = require('express');
const server = express();
const path = require('path');
const bodyParser = require('body-parser');
const port = process.env.PORT || 8080;
const back4app = require('parse/node');
back4app.initialize("xxx","yyy");
back4app.serverURL = 'https://parseapi.back4app.com/';
server.use(express.static('web'));
server.use(bodyParser.json());
server.get('/lgn', (req, resp) => {
console.log("server.get('/lgn',...");
resp.sendFile(path.join(__dirname + '/web/login.html'));
});
server.post('/lgn', (req, resp) => {
const data = req.body;
console.log("server.post('/lgn',...");
if(data.email != undefined){
console.log(data.email);
resetPassword(data);
} else{
logIn(data, function(err, user){
console.log(user.get("sessionToken"));
//How to get the user object in other routes?
console.log('session');
back4app.User.enableUnsafeCurrentUser(); //is this a secure solution?
back4app.User.currentAsync().then(function(userObj) {
console.dir(userObj.get("sessionToken"));
});
if(user){
resp.send( JSON.stringify( {url: '/'}) );
} else{
console.log(err);
}
});
}
});
function logIn(data, cb) {
// Create a new instance of the user class
var user = back4app.User
.logIn(data.username, data.password)
.then(function(user) {
console.log('User successful logged in with name: ' + user.get("username"));
cb(null, user);
})
.catch(function(error){
console.log("Error: " + error.code + " " + error.message);
cb(error);
});
}
server.listen(port, (err) => {
if (err) {
return console.log('something bad happened', err)
}
console.log(`server is listening on ${port}`)
});
The userObj is null. But why? What I have to do, that I get the currentUser and his session in other routes?
(I have also tryed to work with back4app.Session, but didn't get, what I want.)
回答1:
It is unsafe to use the currentUser methods in a Node.js app.
Instead of:
logIn(data, function(err, user){
console.log(user.get("sessionToken"));
//How to get the user object in other routes?
console.log('session');
back4app.User.enableUnsafeCurrentUser(); //is this a secure solution?
back4app.User.currentAsync().then(function(userObj) {
console.dir(userObj.get("sessionToken"));
});
if(user){
resp.send( JSON.stringify( {url: '/'}) );
} else{
console.log(err);
}
});
Use:
logIn(data, function(err, user){
// This is your session token. You will have to send it back to your client. The client should store it and send it to the server in the other routes.
const sessionToken = user.get("sessionToken");
console.log(sessionToken);
//How to get the user object in other routes?
//In order to get the user in other routes you will have to use the sessionToken like this:
back4app.User.me({ sessionToken }).then(function(userObj) {
console.dir(userObj.get("sessionToken"));
});
if(user){
resp.send( JSON.stringify( {url: '/'}) );
} else{
console.log(err);
}
});
来源:https://stackoverflow.com/questions/57409433/how-to-get-the-sessiontoken-for-currentuser