Node.js的 如何限制对未登录用户的页面访问?
[英]Node.js. How restrict page access to unlogged users?
问题描述
Im trying to make a filter with tokens to restrict page access to unlogged users on node.js 0.10, I using a middleware like this: 
我试图用令牌创建过滤器以限制对node.js 0.10上未登录用户的页面访问,我使用了这样的中间件:
app.all( "/product/*" , handler);
// won't match /product <-- Important
// will match /product/cool
// will match /product/foov
From this page: Express.js Middleware Tutorial , whitout result, all my pages except login page, are private, and I want that, if an unlogged user try to go to some private page, he is redirected to login page. 从此页面: Express.js Middleware Tutorial ,结果是,除登录页面之外,我所有的页面都是私有的,我希望,如果未登录的用户尝试转到某个私有页面,他将被重定向到登录页面。 The token work perfect on login. 令牌在登录时工作完美。 That is my code: 那是我的代码:
My tree of components 我的组件树
server - routes - usuario.js server.js pages - privadas -inicio.html -mapa.html -menu.html - login.html
server.js server.js
var app = express();
...
var requiereLogin = require('./server/routes/usuario');
app.all('/privadas/*', requiereLogin);
...
usuario.js usuario.js
var express = require('express');
var router = express.Router();
...
router.use(function(req,res,next){
console.log("filter...");
var token = req.headers['auth-token'];
jwt.verify(token, process.env.SECRET, function(err, decoded){
if (err){
res.redirect('/login');
} else {
req.user_id = decoded.IDU;
next();
}
})
});
app.config app.config
app.config(function($routeProvider){
$routeProvider
.when("/", {
templateUrl: "pages/login.html",
css: ["css/login.css"],
controller: "loginCtrl",
controllerAs: "vm"
})
.when("/privadas/mapa", {
templateUrl: "pages/privadas/mapa.html",
controller: "mapCtrl",
controllerAs: "vm"
})
.when("/privadas/inicio", {
templateUrl: "pages/privadas/inicio.html",
controller: "inicioCtrl",
controllerAs: "vm"
})
.otherwise({redirectTo:'/'});
});
Any idea? 任何想法? Thanks! 谢谢!
3 个解决方案
解决方案1
2 2017-08-19 01:46:05
I would advice passport.js. 我会建议passport.js。 Its a bit to explain and walk through so I added a link to the doc and some basic examples to help you get started. 有点解释和逐步介绍,因此我添加了指向文档的链接和一些基本示例以帮助您入门。 It will allow you to store user information and uses that to restrict access to a given route 它将允许您存储用户信息,并使用该信息来限制对给定路线的访问
http://passportjs.org/docs http://passportjs.org/docs
Your routes.js 您的route.js
app.all('/privadas/*',AuthHelpers.loginRequired, requiereLogin);
function loginRequired(req, res, next) {
if (!req.session.passport || !req.session.passport.user)
return res.status(401).json({status: 'Please log in'});
return next();
}
Your passport.js 您的passport.js
const passport = require('passport');
var models = require('../server/models/index');
passport.serializeUser((user, done) => {
var session={
user.user,
}
done(null, session);
});
passport.deserializeUser((user, done) => {
models.users.findOne({
where: {
user: user.user
}
}).then(function(user) {
done(null, user);
}).catch(function (err) {
done(err, null);
});
});
module.exports = passport;
In App.js 在App.js中
const passport = require('./auth/local');
app.use(passport.passport.initialize());
app.use(passport.passport.session());
解决方案2
1 2017-08-19 10:48:47
you can use authenticate:tur in route provided 您可以在提供的路线中使用authenticate:tur
.when("/", {
templateUrl: "pages/login.html",
css: ["css/login.css"],
controller: "loginCtrl",
authenticate:true,
controllerAs: "vm",
解决方案3
0 已采纳 2017-08-19 14:40:19
Finally, I have used this tutorial based on the response of Vignesh: 最后,我根据Vignesh的响应使用了本教程:
Creating authentication based routes in Angular JS 在Angular JS中创建基于身份验证的路由
Which explains step by step very well! 一步一步解释得很好! But here, its my code: 但是在这里,这是我的代码:
rutas.js rutas.js
app.config(function($routeProvider){
$routeProvider
.when("/", {
templateUrl: "pages/login.html",
css: ["client/styles/css/login.css"],
controller: "loginCtrl",
controllerAs: "vm"
})
.when("/mapa", {
templateUrl: "pages/privadas/mapa.html",
controller: "mapCtrl",
controllerAs: "vm",
authenticated: true
})
.when("/inicio", {
templateUrl: "pages/privadas/inicio.html",
controller: "inicioCtrl",
controllerAs: "vm",
authenticated: true
})
.otherwise({redirectTo:'/'});
});
app.run(['$rootScope', '$location', 'authFactory', function ($rootScope, $location, authFactory){
$rootScope.$on('$routeChangeStart', function(event, next, current){
console.log(event);
console.log(current);
console.log(next);
//Si la siguiente ruta es privada, el usuario debe tener un token
if(next.$$route.authenticated){
console.log("auth");
var userAuth = authFactory.getAccessToken();
if(!userAuth){
//Redireccionamos a la pagina de login
$location.path('/');
}
}
})
}]);
factorias.js factorias.js
app.factory('authFactory', [function() {
var authFactory = {};
authFactory.setAccessToken = function(accessToken){
authFactory.authToken = accessToken;
};
authFactory.getAccessToken = function(){
return authFactory.authToken;
};
return authFactory;
}]);
And my loginController : 和我的loginController :
app.controller("loginCtrl", function($scope, $http, $location, userService, authFactory){
vm = this;
vm.funciones = {
logearse : function(usuario){
$http.post('/api/user/login', usuario)
.then(function(response){ //Si el login es bueno, obtendremos al usuario, sin la contraseña, y su token.
console.log(response);
//userService es el servicio junto con localStorage, que mantendrá el token y el usuario de la sesión.
userService.token = response.data.token;
userService.user = response.data.userData;
localStorage.setItem('token', JSON.stringify(userService.token));
localStorage.setItem('user', JSON.stringify(userService.user));
authFactory.setAccessToken(response.data.token);
//Redireccionamos a la pagina de inicio
$location.path('/inicio');
}, function(err){
console.error(err);
vm.error = err.data;
})
}
}
});
I hope it will serve more people! 希望它将为更多的人服务!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.