如何使用express-session和express-mysql-session创建登录端点
[英]How to create login endpoint using express-session and express-mysql-session
问题描述
我想创建一个安全的登录名。 我想添加会话,但是我不知道应该如何一起使用它们。
我有2个代码,一个代码来自express-mysql-session ,另一个代码是我编写的,具有登录(/ api / login)端点。
下面是我从express-mysql-session的readme.md复制的代码,它可以正常工作。
var express = require('express');
var app = module.exports = express();
var session = require('express-session');
var MySQLStore = require('express-mysql-session')(session);
var options = {
host: 'localhost',
port: 3306,
user: 'root',
password: 'password',
database: 'session_test'
};
var sessionStore = new MySQLStore(options);
app.use(session({
key: 'session_cookie_name',
secret: 'session_cookie_secret',
store: sessionStore,
resave: true,
saveUninitialized: true
}));
这是终端上的输出。 上面的代码运行良好,但不确定其功能。 我看到它已经使用netstat命令建立了与本地运行的mysql的连接
tcp4 0 0 127.0.0.1.3306 127.0.0.1.52470 ESTABLISHED
tcp4 0 0 127.0.0.1.52470 127.0.0.1.3306 ESTABLISHED
然后输出
$ DEBUG=express-mysql-session* node index.js
express-mysql-session:log Creating session store +0ms
express-mysql-session:log Setting default options +2ms
express-mysql-session:log Creating sessions database table +46ms
express-mysql-session:log Setting expiration interval: 900000ms +42ms
express-mysql-session:log Clearing expiration interval +0ms
接下来是我使用Express创建的基本登录身份验证端点。 这可行,但我想添加express-session , express-mysql-session以及使用crypt, bcrypt or scrypt-for-humans但不确定如何集成它。
const express = require('express');
const bodyParser = require('body-parser');
const mysql = require('mysql');
const app = express();
app.use(bodyParser.json()); // to support JSON-encoded bodies
app.use(bodyParser.urlencoded({ // to support URL-encoded bodies
extended: true
}));
app.set('port', (process.env.API_PORT || 8000));
const connection = mysql.createConnection({
host : 'localhost',
user : 'root',
password : 'password',
database : 'authdb'
});
connection.connect(function(err) {
if (err) {
console.error('error connecting: ' + err.stack);
return;
}
console.log('connected as id ' + connection.threadId);
});
app.post('/api/login', function(req, res) {
const user_id = req.body.user_id;
const password = req.body.password;
let response = {};
res.setHeader('Content-Type', 'application/json');
connection.query('SELECT password from user WHERE `username` = "' + user_id + '"' , function(err, rows) {
if (err) throw err;
if (rows.length > 0) {
if (password === rows[0].password) {
response.status = 200;
response.message = "authenticated";
response.authenticated = true;
response.user_id = user_id;
} else {
response.status = 403;
response.message = "Login failed!";
response.authenticated = false;
response.user_id = user_id;
}
} else {
response.status = 403;
response.message = "Login failed!";
response.authenticated = false;
response.user_id = user_id;
}
res.status(response.status).send(JSON.stringify(response));
});
});
app.listen(app.get('port'), () => {
console.log(`Find the server at: http://localhost:${app.get('port')}/`);
});
1 个解决方案
解决方案1
0 2016-12-25 08:05:14
我让它正常工作,并对结果感到非常满意。 我的登录端点运行良好! 我现在对如何使它更好也有更多的想法。 这是REST客户端的屏幕截图-http: //i.imgur.com/fJOvmzh.png ,下面是端点
app.post('/api/login', function(req, res) {
const user_id = req.body.user_id;
const password = req.body.password;
let response = {};
res.setHeader('Content-Type', 'application/json');
connection.query('SELECT * FROM authdb.users as authusers inner join authdb.passwords as hashed on authusers.email = hashed.email WHERE authusers.email = "' + user_id + '"' , function(err, rows) {
if (err) throw err;
Promise.try(function(){
return scrypt.verifyHash(password, rows[0].password);
}).then(function(){
var sess = req.session;
if (sess.views) {
sess.views++;
} else {
sess.views = 1
}
response = { status: 200, message: "Login successful!", authenticated: true, user_id: user_id, views: sess.views }
res.status(response.status).send(JSON.stringify(response));
}).catch(scrypt.PasswordError, function(err){
response = { status: 403, message: "Login failed!", authenticated: false, user_id: user_id }
res.status(response.status).send(JSON.stringify(response));
});
});
});
为了确保安全,我将在ELB后面设置EC2,该EC2终止所有SSL连接,并将所有流量明确发送给运行由PM2或其他更好的均衡器生成的ExpressJS的NodeJS。 AWS secgroup将仅接受源为ELB的流量。
如何使用 express-mysql-session 存储我的 session MySQL
[英]How to store my session MySQL with express-mysql-session
如何在Typescript项目中使用express-mysql-session?
[英]How to use express-mysql-session in Typescript projects?
会话的 express-mysql-session "expires" 值搞砸了
[英]express-mysql-session "expires" value of session is messed up
使用passport.js,mysql和express-session保持登录状态
[英]Persisting login states with passport.js, mysql, and express-session
Express-mysql-session阻止护照deserializeUser运行
[英]Express-mysql-session preventing passport deserializeUser from running
快速会话过多 MySQL SELECT/UPDATE session 调用
[英]express-session excessive MySQL SELECT/UPDATE session calls
sessionStore.close()在“ express-mysql-session”中实际上做什么?
[英]What does sessionStore.close() actually do in `express-mysql-session`?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
使用express-mysql-session进行验证
如何使用 express-mysql-session 存储我的 session MySQL
如何在Typescript项目中使用express-mysql-session?
会话的 express-mysql-session "expires" 值搞砸了
使用passport.js,mysql和express-session保持登录状态
如何实现带有快速会话的会话?
Express-mysql-session阻止护照deserializeUser运行
快速会话过多 MySQL SELECT/UPDATE session 调用
未创建快速会话 session tbl
sessionStore.close()在“ express-mysql-session”中实际上做什么?
相关标签