[英]Do auth login in Protected route
我们如何在受保护的路由中进行身份验证登录。
例如,我有一个受保护的地方,允许用户在登录后连接他们的社交媒体资料。
通常使用href
事件发生护照身份验证,即<a href="base_url/auth/facebook"> Cick here to connect facebook </a>
现在,如果我想在用户登录后连接用户,我不确定如何使用我的href
设置 cookie(如果这是理想的方式)。
这是我的中间件的样子
async verifyMiddleWare(req, res, next) {
const token = req.cookies
if (token) {
try {
const userToken = token.userToken
const tokenVerficiation = await verifyToken(userToken)
res.locals.userId = tokenVerficiation.userId
res.locals.acessLevel = tokenVerficiation.acessLevel
if (tokenVerficiation.acessLevel === this.routePermission) next()
else
res
.status(AUTH_ERRORS.INVALID_ACCESS_TOKEN.status)
.send(AUTH_ERRORS.INVALID_ACCESS_TOKEN.message)
} catch (error) {
return res
.status(AUTH_ERRORS.UNAUTHORIZED_TO_VIEW.status)
.send(AUTH_ERRORS.UNAUTHORIZED_TO_VIEW.message)
}
} else {
return res
.status(AUTH_ERRORS.MISSING_ACCESS_TOKEN.status)
.send(AUTH_ERRORS.MISSING_ACCESS_TOKEN.message)
}
}
和护照代码(我不是序列化和反序列化用户)
const passport = require('passport')
const FacebookStrategy = require('passport-facebook').Strategy
const config = require('./../../config')
passport.use(
new FacebookStrategy(
{
clientID: config.FACEBOOK_APP_ID,
clientSecret: config.FACEBOOK_APP_SECRET,
callbackURL: config.FACEBOOK_REDIRECT_URL,
profileFields: ['id', 'displayName', 'email', 'gender']
},
async (accessToken, refreshToken, profile, done) => {
return done(null, { accessToken, refreshToken, profile })
}
)
)
我在身份验证期间设置这样的cookie
app.get(`/${serviceName}/callback`, passport.authorize(serviceName), async (req, res) => {
const facebookDetials = req.account
// the output from passport should mandatorily have email
const userEmail = facebookDetials.profile.emails[0].value
// Checking if user data exsists, corresponding to email id entered
try {
const userData = await getSelectedThingFromTable(
SIGNUP_TABLES.userAuth,
`email = "${userEmail}"`
)
if (userData.length > 0) {
// Means email Exist
const { userId, acessLevel } = userData[0] //
const createNewAccessToken = await JWT.generateToken({ userId, acessLevel })
//setting cookies
res.cookie('userToken', createNewAccessToken)
return res.redirect(config.BASE_CONFIG_URL)
(localhost:8000/auth/facebook)
然后转到localhost:8000/social/twitter
-> 这里我的令牌将是未定义的我很容易出错,但我猜 cookie 似乎没有设置,因为它与错误的域名相关联。
尝试改变
res.cookie('userToken', createNewAccessToken)
至
res.cookie('userToken', createNewAccessToken, {domain: 'localhost:8000'})
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.