问题
I want to get previous url, for example in all my /admin routes I open a form where the admin needs to re-enter his password to get redirected to the route he requested, but the problem is after I validate his password and I try to redirect him to the route he initially requested, I don't have this route anymore, it's lost. For example, admin requests /admin/register, a form appears that posts to validate-password, and then if it finds that the password matches (correct password entered), it should redirect the user to the route he once requested, but I don't know how to get the initial route he requested
router.all('/admin/*', isAdmin, (req, res, next) => {
res.render('validatePassword', {message: 'Please re-enter your password to get access to ' + req.originalUrl});
// next();
});
router.get('/admin/register', (req, res) => {
res.render('register', {message: req.flash('message'), role_id: req.user.role_id})
});
// Validate password, admin re-enter password to get access to /admin routes
router.post('/validate-password', async (req, res, next) => {
const password = req.body.password;
const match = await passwordController.comparePassword(password, req.user.password);
console.log(password);
if (match) {
// return res.redirect('/' +); HOW DO I REDIRECT HERE
return next();
} else {
// return res.render('changePassword', {role_id: req.user.role_id});
return res.render('validatePassword', {message: 'Wrong password'});
}
});
回答1:
Here:
router.all('/admin/*', isAdmin, (req, res, next) => {
res.render('validatePassword', {message: 'Please re-enter your password to get access to ' + req.originalUrl});
// next();
});
When you go to render this page, can you attach the original route as a local as you do with message? You should be able to add req.originalUrl and pass it to validatePassword. Then when that page calls the POST to validate the password, you pass the redirect URL up to that as part of the body.
回答2:
This is what you use cookies for or server-side sessions for (which also use a cookie). You authenticate the user once, set a cookie and then on future requests from that browser, the cookie will be sent along with each request and you can then check that cookie to see if they are authenticated or not and decide what they are or aren't authorized to do based on that. That's how nearly every site on the web that uses a login works.
I would recommend using the express-session module which creates a server-side session for you (and manages the cookie for it automatically for you) and then when the user is authenticated, you can set an auth flag in the session that all your routes that require auth can check.
You don't have to use express-session. You can manage the cookie yourself, but then you'll have to make sure the cookie is properly encrypted (JWT is a popular library for that) so it can be easily forged by a rogue client. And, any state you want to keep for the user will either have to be kept in the cookie itself (cookies should be kept not real large because they are sent back and forth on every http request and stored in the browser) or you would have to put an encrypted id in the cookie that you can use as a key to your own server-side session object.
Edits added after OP clarifies they are already using express-session.
It's common when redirected to login that you send a query string or hidden form element which is the original URL the user wanted to go to. Then, the login form will send that query string or hidden form element along with it's login form data to the server. After successfully logging in, the server then redirects you to the original target URL that the user wanted to go to. so, users goes to /admin/add, gets redirected to /login, but that login form contains a hidden form element /admin/add. User submits password form.
Server validates pwd, then gets original /admin/add url from the login form and redirects user to that URL. Your auth check for that sees that the user just logged in so they are allowed to proceed.
来源:https://stackoverflow.com/questions/61022884/node-js-how-to-get-previous-url