如何使用express-session和express-mysql-session創建登錄端點
[英]How to create login endpoint using express-session and express-mysql-session
問題描述
我想創建一個安全的登錄名。 我想添加會話,但是我不知道應該如何一起使用它們。
我有2個代碼,一個代碼來自express-mysql-session ,另一個代碼是我編寫的,具有登錄(/ api / login)端點。
下面是我從express-mysql-session的readme.md復制的代碼,它可以正常工作。
var express = require('express');
var app = module.exports = express();
var session = require('express-session');
var MySQLStore = require('express-mysql-session')(session);
var options = {
host: 'localhost',
port: 3306,
user: 'root',
password: 'password',
database: 'session_test'
};
var sessionStore = new MySQLStore(options);
app.use(session({
key: 'session_cookie_name',
secret: 'session_cookie_secret',
store: sessionStore,
resave: true,
saveUninitialized: true
}));
這是終端上的輸出。 上面的代碼運行良好,但不確定其功能。 我看到它已經使用netstat命令建立了與本地運行的mysql的連接
tcp4 0 0 127.0.0.1.3306 127.0.0.1.52470 ESTABLISHED
tcp4 0 0 127.0.0.1.52470 127.0.0.1.3306 ESTABLISHED
然后輸出
$ DEBUG=express-mysql-session* node index.js
express-mysql-session:log Creating session store +0ms
express-mysql-session:log Setting default options +2ms
express-mysql-session:log Creating sessions database table +46ms
express-mysql-session:log Setting expiration interval: 900000ms +42ms
express-mysql-session:log Clearing expiration interval +0ms
接下來是我使用Express創建的基本登錄身份驗證端點。 這可行,但我想添加express-session , express-mysql-session以及使用crypt, bcrypt or scrypt-for-humans但不確定如何集成它。
const express = require('express');
const bodyParser = require('body-parser');
const mysql = require('mysql');
const app = express();
app.use(bodyParser.json()); // to support JSON-encoded bodies
app.use(bodyParser.urlencoded({ // to support URL-encoded bodies
extended: true
}));
app.set('port', (process.env.API_PORT || 8000));
const connection = mysql.createConnection({
host : 'localhost',
user : 'root',
password : 'password',
database : 'authdb'
});
connection.connect(function(err) {
if (err) {
console.error('error connecting: ' + err.stack);
return;
}
console.log('connected as id ' + connection.threadId);
});
app.post('/api/login', function(req, res) {
const user_id = req.body.user_id;
const password = req.body.password;
let response = {};
res.setHeader('Content-Type', 'application/json');
connection.query('SELECT password from user WHERE `username` = "' + user_id + '"' , function(err, rows) {
if (err) throw err;
if (rows.length > 0) {
if (password === rows[0].password) {
response.status = 200;
response.message = "authenticated";
response.authenticated = true;
response.user_id = user_id;
} else {
response.status = 403;
response.message = "Login failed!";
response.authenticated = false;
response.user_id = user_id;
}
} else {
response.status = 403;
response.message = "Login failed!";
response.authenticated = false;
response.user_id = user_id;
}
res.status(response.status).send(JSON.stringify(response));
});
});
app.listen(app.get('port'), () => {
console.log(`Find the server at: http://localhost:${app.get('port')}/`);
});
1 個解決方案
解決方案1
0 2016-12-25 08:05:14
我讓它正常工作,並對結果感到非常滿意。 我的登錄端點運行良好! 我現在對如何使它更好也有更多的想法。 這是REST客戶端的屏幕截圖-http: //i.imgur.com/fJOvmzh.png ,下面是端點
app.post('/api/login', function(req, res) {
const user_id = req.body.user_id;
const password = req.body.password;
let response = {};
res.setHeader('Content-Type', 'application/json');
connection.query('SELECT * FROM authdb.users as authusers inner join authdb.passwords as hashed on authusers.email = hashed.email WHERE authusers.email = "' + user_id + '"' , function(err, rows) {
if (err) throw err;
Promise.try(function(){
return scrypt.verifyHash(password, rows[0].password);
}).then(function(){
var sess = req.session;
if (sess.views) {
sess.views++;
} else {
sess.views = 1
}
response = { status: 200, message: "Login successful!", authenticated: true, user_id: user_id, views: sess.views }
res.status(response.status).send(JSON.stringify(response));
}).catch(scrypt.PasswordError, function(err){
response = { status: 403, message: "Login failed!", authenticated: false, user_id: user_id }
res.status(response.status).send(JSON.stringify(response));
});
});
});
為了確保安全,我將在ELB后面設置EC2,該EC2終止所有SSL連接,並將所有流量明確發送給運行由PM2或其他更好的均衡器生成的ExpressJS的NodeJS。 AWS secgroup將僅接受源為ELB的流量。
如何使用 express-mysql-session 存儲我的 session MySQL
[英]How to store my session MySQL with express-mysql-session
如何在Typescript項目中使用express-mysql-session?
[英]How to use express-mysql-session in Typescript projects?
會話的 express-mysql-session "expires" 值搞砸了
[英]express-mysql-session "expires" value of session is messed up
使用passport.js,mysql和express-session保持登錄狀態
[英]Persisting login states with passport.js, mysql, and express-session
Express-mysql-session阻止護照deserializeUser運行
[英]Express-mysql-session preventing passport deserializeUser from running
快速會話過多 MySQL SELECT/UPDATE session 調用
[英]express-session excessive MySQL SELECT/UPDATE session calls
sessionStore.close()在“ express-mysql-session”中實際上做什么?
[英]What does sessionStore.close() actually do in `express-mysql-session`?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
使用express-mysql-session進行驗證
如何使用 express-mysql-session 存儲我的 session MySQL
如何在Typescript項目中使用express-mysql-session?
會話的 express-mysql-session "expires" 值搞砸了
使用passport.js,mysql和express-session保持登錄狀態
如何實現帶有快速會話的會話?
Express-mysql-session阻止護照deserializeUser運行
快速會話過多 MySQL SELECT/UPDATE session 調用
未創建快速會話 session tbl
sessionStore.close()在“ express-mysql-session”中實際上做什么?
相關標簽