[英]Express resources with authentication middleware?
Passport.js offers great authentication for node.js and Express including a middleware solution: Passport.js为node.js和Express提供了很好的身份验证,包括一个中间件解决方案:
ensureAuthenticated = function(req, res, next) {
if (req.isAuthenticated()) {
return next();
}
return res.redirect("/login");
};
How can I use this middleware in the express-resource module? 如何在快速资源模块中使用此中间件? Unfortunately,
不幸,
app.resource('users', ensureAuthenticated, require('./resources/users'));
doesn't work. 不起作用。
I know this is a little too late, and the original post was answered, however, I was looking for the same answer and found a solution I thought others might want to know. 我知道这有点太晚了,原来的帖子得到了解答,但是,我正在寻找相同的答案并找到了我认为其他人可能想知道的解决方案。
Just make sure ensureAuthenticated is called from passport. 只需确保从护照中调用ensureAuthenticated即可。
app.resource('users', passport.ensureAuthenticated, require('./resources/users'));
It is found here: https://gist.github.com/1941301 它在这里找到: https : //gist.github.com/1941301
Workaround. 解决方法。 Ensure authentication on all requests and ignore requests going to /auth and /auth/callback.
确保对所有请求进行身份验证,并忽略进入/ auth和/ auth / callback的请求。
app.all('*', function(req, res, next) {
if (/^\/auth/g.test(req.url)) {
return next();
} else if (req.isAuthenticated()) {
return next();
} else {
return next(new Error(401));
}
});
You will need to do some magic in order to have each resource use the authentication middleware. 为了让每个资源都使用身份验证中间件,您需要做一些魔术。 The following gist explains how to accomplish this by using a menu structure.
以下要点解释了如何通过使用菜单结构来实现此目的。
https://gist.github.com/3610934 https://gist.github.com/3610934
Essentially, you need the following logic: 基本上,您需要以下逻辑:
app.all('/' + item.name + '*', ensureAuthenticated, function (req, res, next) {
next();
});
You could then in your menu structure specify what resources are protected, and if they require any kind of specific permissions, even down to the HTTP method level. 然后,您可以在菜单结构中指定受保护的资源,以及它们是否需要任何类型的特定权限,甚至可以指向HTTP方法级别。
Hopefully this helps someone! 希望这有助于某人!
I was looking up this topic as well, and found https://npmjs.org/package/express-resource-middleware . 我也在查找这个主题,并找到了https://npmjs.org/package/express-resource-middleware 。 Haven't tested it, though.
但是没有测试过。
I'm not sure if express-resource has the option of inserting middleware into specific resources, but you could always insert checking if you are in that resource inside the middleware. 我不确定express-resource是否可以选择将中间件插入特定资源,但是如果您在中间件内的资源中,则可以随时插入检查。
ensureAuthenticated = function(req, res, next) {
if (!/^users/.test(req.url) || req.isAuthenticated()) {
return next();
}
return res.redirect("/login");
};
This works: 这有效:
app.get('/', ensureAuthenticated, admin.index); app.get('/',ensureAuthenticated,admin.index);
As long as your strategy is setup correctly. 只要您的策略设置正确。 I'm using the local strategy.
我正在使用本地策略。 Check out the guide:
查看指南:
http://passportjs.org/guide/username-password.html http://passportjs.org/guide/username-password.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.