NodeJs Express会话管理

Question

I have this question here, I have been trying to search around the internet and even here on Stackoverflow but I am not getting the exact solution I need. I am creating some application that is driven by a basic authentication where user is required to login the when they are logged in I want to sendFile() them which will be home page I want on home page to be able to check if session are set then if not then redirect to login using NodeJS, Javascript, as well as Express.

This if it was on PHP was to be similar to this:

session_start();
if(!isset($_SESSION['user_id'])
     location('header: login.php')
<html>
      <?php
         echo "Your user id is: ".user_id;
      ?>
</html>

Basically I want to set in the session on id and be able to read it in home page/other pages without doing this on only the server but also in home.html.

Answer 1

You probably don't want to use sendFile, instead you probably want to use res.redirect, to send the user to a different endpoint. This endpoint could be your home page for example, but it's generally a better to use proper express rendering rather than sendFile unless you're trying to do something like letting the user download a blob file.

You could setup an endpoint such as:

const express = require('express');
const app = express();

// setup render system here...

app.use('/', (req, res) => {
    res.render('home');
});

This will call the render on the home template. To setup a templating engine, you can use something like express-hbs or other rendering engines. These will allow you to inject values into the HTML before returning it, which might be useful if you wish to add an error message.

Once that's configured you can create a template called something like home.hbs (the location and extension will depend on your library and settings).

You can then use express-session to check for a session.

app.use('/secured', (req, res) => {
    if (req.session) {
        // We have a session! Now you can validate it to check it's a good session
    } else {
        // No session at all, redirect them to the home screen.
        // You might want to make this the login screen instead.
        res.redirect('/');
    }
});

Some final demo code might look like this

const express = require('express');
const app = express();

// Setup express session...
const session = require('express-session');

app.use(session({
  secret: 'keyboard cat',
  resave: false,
  saveUninitialized: true,
  cookie: { secure: true }
}));

// Setup the vie engine...
var hbs = require('express-hbs');

// Use `.hbs` for extensions and find partials in `views/partials`.
app.engine('hbs', hbs.express4({
  partialsDir: __dirname + '/views/partials'
}));
app.set('view engine', 'hbs');
app.set('views', __dirname + '/views');

// Place a file called `views/home.hbs` in the views folder at the top level of your project.
// Fill it with some html, all html is valid, handlebars just adds additional features for you.

// A public route which requires no session
app.use('/', (req, res) => {
    // Renders "views/home.hbs"
    res.render('home');
});

// A secured route that requires a session
app.use('/secured', (req, res) => {
    if (req.session) {
        // We have a session! Now you can validate it to check it's a good session
    } else {
        // No session at all, redirect them to the home screen.
        // You might want to make this the login screen instead.
        res.redirect('/');
    }
});

Note, I've not actually run this code, so there may be a few syntax errors and such.