[英]How to fix user access to authorized pages by click on backward button in browsers
I am trying to build login page by paasportjs library, this is my code, it work without error but whenever one user login successfully and when it logout successfully other user without permission(without login) can see this user's pages, only by click on backward button in browser, I am going to know how I can fix backward problem issue?我正在尝试通过 paasportjs 库构建登录页面,这是我的代码,它可以正常工作,但是每当一个用户成功登录并且当它成功注销时,其他未经许可的用户(没有登录)可以看到这个用户的页面,只有通过点击向后浏览器中的按钮,我将知道如何解决后退问题?
//Login Section
const LocalStrategy = require('passport-local').Strategy;
passport.use(new LocalStrategy({
usernameField: "email",
passwordField: "password",
passReqToCallback: true
},
(email, password, done) => {
User.findOne({ email: email }).then(user => {
if (!user) {
return done(null, false, { message: 'The email is not registered' })
}
//Match password
bcrypt.compare(password, user.password, (err, result) => {
if (err) throw err;
if (result) {
return done(null, user)
} else {
return done(null, false, { message: "Password incorrect" })
}
});
})
.catch(err => console.log(err))
})
)
//Serrializer and deserializer section //序列化器和反序列化器部分
passport.serializeUser((user, done) => {
done(null, user.id);
})
passport.deserializeUser((id, done) => {
User.findById(id, (err, user) => {
console.log('deserializing user:', user);
done(err, user);
});
})
app.listen(process.env.PORT || 8008, process.env.ip, function() {
console.log('Server is running!');
});
For the apis which return the pages which you want only authenticated users to see add对于返回您只希望经过身份验证的用户查看的页面的 API,请添加
passport.isAuthenticated
护照.isAuthenticated
for user to be logged in and to check the authorization of the user供用户登录并检查用户的授权
passport.isAuthorized
护照.isAuthorized
during defining the route of that api.You can use both in the same request as well.在定义该 api 的路线期间。您也可以在同一请求中使用两者。 for Example in your code for /dashboard api
例如 /dashboard api 代码中的示例
app.get('/dashboard', passport.isAuthenticated, passport.isAuthorized('user'), (req, res) => {
res.render('dashboard', {
pageName: 'Navid'
})
})
passport.isAuthenticated = (req, res, next) => {
if (req.isAuthenticated()) {
return next();
}
res.status(401);
return next({"ERR MSG"});
};
passport.isAuthorized = (userType) => {
return (req, res, next) => {
if (req.user.userType == userType) {
return next();
}
res.status(403);
return next({"ERR MSG HERE"});
};
};
these are the passport middleware you need to add in your code这些是您需要在代码中添加的护照中间件
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.