具有客户端路由的节点身份验证
[英]Node authentication with client-side routing
问题描述
So I'm unsure of the practicalities of authentication on a SPA, as I try to get used to my new stack of choice. 
所以我不确定SPA上的身份验证的实用性,因为我试图习惯我的新选择。
I will be serving a Node/Express app, with all API routes on /api , and the frontend served on the root / (all routes will serve index.html , then the client-side routing will take care of the rest. So I have the backend authentication set up with the Passport library, which works well. But how does one keep the server and client sessions in sync? As well as taking care of security. 我将服务一个Node / Express应用程序,所有API路由都在/api ,而前端服务于root / (所有路由都将服务于index.html ,然后客户端路由将负责其余部分。所以我使用Passport库设置后端身份验证,效果很好。但是如何使服务器和客户端会话保持同步?以及如何保护安全性。
If I make a POST request to /api/login with credentials, what do I return in the response to the client? 如果我使用凭据向/api/login发出POST请求,我在客户端的响应中返回什么? And where is the session set? 会话设置在哪里?
My frontend is Vue, so I assumed I would just pass the user data (if credentials are correct) to the instance and have a user object. 我的前端是Vue,所以我假设我只是将用户数据(如果凭据正确)传递给实例并拥有一个用户对象。 But I'm guessing I need to store a token of some sort? 但我猜我需要存储某种令牌? (jwt?) (JWT?)
If someone could clear up how this client-server architecture works, that would be great. 如果有人能够清楚这个客户端 - 服务器架构是如何工作的,那就太好了。
Cheers. 干杯。
1 个解决方案
解决方案1
0 2017-07-31 06:45:19
Whenever user logs in with credentials you can send a JWT Auth Token and then store the token as Cookie/Local Storage. 每当用户使用凭据登录时,您都可以发送JWT身份验证令牌,然后将令牌存储为Cookie /本地存储。
Then send the token as Authentication Token in each request as Request Header/Data to validate the user. 然后在每个请求中将令牌作为身份验证令牌发送为请求标头/数据以验证用户。
Link: Here is a tutorial with NodeJS 链接: 这是NodeJS的教程
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.