[英]Do auth login in Protected route
我們如何在受保護的路由中進行身份驗證登錄。
例如,我有一個受保護的地方,允許用戶在登錄后連接他們的社交媒體資料。
通常使用href
事件發生護照身份驗證,即<a href="base_url/auth/facebook"> Cick here to connect facebook </a>
現在,如果我想在用戶登錄后連接用戶,我不確定如何使用我的href
設置 cookie(如果這是理想的方式)。
這是我的中間件的樣子
async verifyMiddleWare(req, res, next) {
const token = req.cookies
if (token) {
try {
const userToken = token.userToken
const tokenVerficiation = await verifyToken(userToken)
res.locals.userId = tokenVerficiation.userId
res.locals.acessLevel = tokenVerficiation.acessLevel
if (tokenVerficiation.acessLevel === this.routePermission) next()
else
res
.status(AUTH_ERRORS.INVALID_ACCESS_TOKEN.status)
.send(AUTH_ERRORS.INVALID_ACCESS_TOKEN.message)
} catch (error) {
return res
.status(AUTH_ERRORS.UNAUTHORIZED_TO_VIEW.status)
.send(AUTH_ERRORS.UNAUTHORIZED_TO_VIEW.message)
}
} else {
return res
.status(AUTH_ERRORS.MISSING_ACCESS_TOKEN.status)
.send(AUTH_ERRORS.MISSING_ACCESS_TOKEN.message)
}
}
和護照代碼(我不是序列化和反序列化用戶)
const passport = require('passport')
const FacebookStrategy = require('passport-facebook').Strategy
const config = require('./../../config')
passport.use(
new FacebookStrategy(
{
clientID: config.FACEBOOK_APP_ID,
clientSecret: config.FACEBOOK_APP_SECRET,
callbackURL: config.FACEBOOK_REDIRECT_URL,
profileFields: ['id', 'displayName', 'email', 'gender']
},
async (accessToken, refreshToken, profile, done) => {
return done(null, { accessToken, refreshToken, profile })
}
)
)
我在身份驗證期間設置這樣的cookie
app.get(`/${serviceName}/callback`, passport.authorize(serviceName), async (req, res) => {
const facebookDetials = req.account
// the output from passport should mandatorily have email
const userEmail = facebookDetials.profile.emails[0].value
// Checking if user data exsists, corresponding to email id entered
try {
const userData = await getSelectedThingFromTable(
SIGNUP_TABLES.userAuth,
`email = "${userEmail}"`
)
if (userData.length > 0) {
// Means email Exist
const { userId, acessLevel } = userData[0] //
const createNewAccessToken = await JWT.generateToken({ userId, acessLevel })
//setting cookies
res.cookie('userToken', createNewAccessToken)
return res.redirect(config.BASE_CONFIG_URL)
(localhost:8000/auth/facebook)
然后轉到localhost:8000/social/twitter
-> 這里我的令牌將是未定義的我很容易出錯,但我猜 cookie 似乎沒有設置,因為它與錯誤的域名相關聯。
嘗試改變
res.cookie('userToken', createNewAccessToken)
至
res.cookie('userToken', createNewAccessToken, {domain: 'localhost:8000'})
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.