req.isAuthenticated() 總是返回 false 並且 req.session.passport 未定義

Question

我知道已經有一些這樣的問題，但我已經嘗試了每一個響應，但沒有任何效果，我不知道要添加到 app.js 中以使其工作並存儲會話。

這是我的 app.js：

const express = require("express");
const cors = require("cors");
const usersRouter = require("./routes/users");
const passport = require("passport");
const cookieParser = require("cookie-parser");
const session = require("express-session");
require("dotenv").config();

const app = express();

const connectDB = require("./db/connect");

app.use(express.json());
app.use(express.urlencoded({ extended: true }));
app.use(cookieParser(process.env.SESSION_SECRET));
app.use(
  session({
    secret: process.env.SESSION_SECRET,
    resave: true,
    saveUninitialized: true,
    cookie: { secure: false },
  })
);
app.use(passport.initialize());
app.use(passport.session());

app.use(cors());

app.use("/api/v1/users", usersRouter);

const PORT = process.env.PORT || 5000;

const start = async () => {
  try {
    await connectDB(process.env.MONGO_URI);
    app.listen(PORT, console.log(`Server is listening on port: ${PORT}....`));
  } catch (error) {
    console.log(error);
  }
};

const notFound = require("./middleware/notFound");
app.use(notFound);

start();

我的護照配置如下所示：

const localStrategy = require("passport-local").Strategy;
const bcrypt = require("bcryptjs");
const User = require("../models/user");

const initialize = (passport) => {
  const authenticateUser = async (email, password, done) => {
    let user = await User.findOne({ email: email });
    User.findOne({ email: email });
    if (!user) {
      return done(null, false, {
        message: "That email is not registered",
      });
    }
    try {
      if (await bcrypt.compare(password, user.password)) {
        return done(null, user, { message: "User logged in" });
      } else {
        return done(null, false, { message: "Password incorrect" });
      }
    } catch (e) {
      return done(e);
    }
  };
  passport.use(new localStrategy({ usernameField: "email" }, authenticateUser));
  passport.serializeUser(function (user, done) {
    done(null, user.id);
  });

  passport.deserializeUser(function (user, done) {
    User.findById(id, function (err, user) {
      done(err, user);
    });
  });
};

module.exports = initialize;

我的用戶路由器看起來像這樣：

const express = require("express");
const router = express.Router();
const passport = require("passport");

const initializePassport = require("../config/passport-config");
initializePassport(passport);

const { postRegister } = require("../controllers/register");
router.route("/register").post(postRegister);

router.post("/login", function (req, res, next) {
  passport.authenticate("local", function (err, user, info) {
    if (err) {
      return next(err);
    }
    if (!user) {
      return res.status(401).json({ message: info.message });
    }
    console.log(req.session.passport);
    res.status(200).json(user);
  })(req, res, next);
});

module.exports = router;

我正在制作一個中間件來根據是否經過身份驗證來授權或不授權對另一個端點的調用。

這是該中間件的外觀：

const checkAuthenticated = (req, res, next) => {
  const isAuthenticated = req.isAuthenticated();
  console.log(req.session.passport);
  if (isAuthenticated) {
    next();
  }
  next();
};

module.exports = checkAuthenticated;

const checkNotAuthenticated = (req, res, next) => {
  const isAuthenticated = req.isAuthenticated();
  if (!isAuthenticated) {
    res
      .status(401)
      .json({ msg: "Not allowed to this path without credentials" });
  }
};

module.exports = checkNotAuthenticated;

req.session.passport 未定義，isAuthenticated() 始終為假，我不知道要添加什么。

Answer 1

您在解串器 function 中的錯誤：

它將通過將反序列化器回調參數從 user 更改為 id 來工作，如下所示。

passport.deserializeUser(function (id, done) {
User.findById(id, function (err, user) {
  done(err, user);
});

這對我來說是一個非常明顯的錯誤，以確保您沒有遺漏任何其他內容，請查看幾分鍾前我在另一個線程上給出的冗長答案： https://github.com/jaredhanson/passport/issues /914#issuecomment-1241921637

祝你好運。