对多个网站使用节点passport.js

Question

I am writing a node.js server to act as a REST server proxy for another server. Basically, it is going to allow multiple websites to authenticate, and provide a REST api for them to use.

I am going to use passport.js.

Below is the relevant section from the tutorial that I have a question about:

app.post('/login',
        passport.authenticate('local', { successRedirect: '/',
                                        failureRedirect: '/login'
                                        })
);

Is there a way to redirect to the website's root directory? The website doesn't have the same URL as the node server, so how do I tell it to redirect to the website's root directory? Or do I have to implement that logic in the website's UI Router (I am using angularJS for the framework in each of the websites), and to just check for a returned user object?

Do I also handle session expiry in the website's UI Router as well?

If I do that, how can I invalidate the session from the server side?

Answer 1

Let's break this down:

    how can I invalidate the session from the server side?

Use redis-sessions for this. The whole control flow is to store the session id and a time stamp inside redis. You can then flush redis at every n minutes to invalidate those sessions and then have your server check against redis to ensure the current session isn't expired. That's a high level description, here is a tutorial on saving PHP sessions in Redis , the same logic will map over for your node.js application.

   Is there a way to redirect to the website's root directory? 

The following way is usually how I handle redirects:

    response.writeHead(200, {
       'Location': 'targetwebsite.com/index.html'

    });
    response.end();

Please let me know if you have any questions!