简体繁体 English

如何为单个用户（Node、Express）提供身份验证？

[英]How to provide authentication for a single user (Node, Express)?

原文 2020-09-14 16:30:11 2 1 node.js/ express/ authentication

I am currently working on an app with a React frontend and a Node/Express backend.我目前正在开发具有 React 前端和 Node/Express 后端的应用程序。 There are certain functions of the app that I only want an admin user to be able to use, so I want to implement an admin login form that takes a username and password.我只希望管理员用户能够使用该应用程序的某些功能，因此我想实现一个需要用户名和密码的管理员登录表单。 This would be the only user that this app has.这将是此应用程序拥有的唯一用户。

How would I go about implementing this?我将如何实施这个？ I've looked at technologies like passport.js and express-basic-auth, but I'm wondering if there's a simpler way to implement this since there is only a single user.我看过像passport.js 和express-basic-auth 这样的技术，但我想知道是否有更简单的方法来实现它，因为只有一个用户。 Any advice would be greatly appreciated!任何建议将不胜感激！

1 个解决方案

If you wanna do it by yourself then whenever the user logs in the application, create an authtoken for the user and save it in the backend and send the authoken as the response for successful login.如果你想自己做，那么每当用户登录应用程序时，为用户创建一个 authtoken 并将其保存在后端并发送 authoken 作为成功登录的响应。 Further save the authtoken as a cookie on the frontend.进一步将 authtoken 保存为前端的 cookie。 Next will be while performing any action you need to send the authtoken to the server.接下来将执行您需要将 authtoken 发送到服务器的任何操作。 If that authtoken is present on the server side you go on with the action or else send the response error saying that the authtoken is invalid of something like that.如果服务器端存在该 authtoken，您将继续执行该操作，否则会发送响应错误，说明该 authtoken 无效。 On loggin out of the application remember to expire the cookie and also remove the authtoken from the backend.在退出应用程序时，请记住使 cookie 过期并从后端删除 authtoken。

You can add this if you want where if the authoken provided is incorrect you can simple remove the authtoken from the backend and redirect the user to login page expiring the cookie from the frontend.如果您想在提供的身份验证不正确的情况下添加它，您可以简单地从后端删除身份验证并将用户重定向到登录页面，从而使前端的 cookie 过期。