PassportJS - 在将负载数据作为请求参数传递给 passport.authenticate 之前获取负载数据
PassportJS - Getting payload data before it is passed to passport.authenticate as request parameter
有一个passport.js implementation which is being used for LDAP-auth which works. Now the next step is to encrypt the password on the client-side using Crypto-js如下:
Client-side angular-js controller
$scope.authenticate = function () {
var auth = new login();
auth.username = $scope.username;
auth.password = CryptoJS.AES.encrypt($scope.password); //// HERE
auth.$save(function (response){
console.log(response);
},function(err){
console.log(err);
});
}
Server-side service
.....
.....
app.post('/login', passport.authenticate('ldapauth'), (req, res) => {
console.log("req.user: ",req.user);
req.session.username = req.user[ldap.username];
req.session.userModel = req.user;
res.status(200).send({"success": 'success'});
});
.....
在服务器端服务上调用passport.authenticate请求'req'之前需要解密aes加密密码。如何在这里实施? (问题不在于加密,而在于如何在数据作为请求传递给 passport.authenticate 之前获取数据)
@Abhijay Ghildyal 我认为他们不理解你的问题。在请求传递给 passport.authenticate() 之前拦截请求确实是可能的。您想要做的是将这段代码添加到您的 express.js 或您在其中执行快速服务器实现的任何文件。此外,我在这里解密 request.body 而不是 req.user因为在那个时候用户还没有登录,但是如果你的情况不同那么没关系,你可以用同样的方式解密 req.user 。 (此处的变量 app 是您的服务器的名称,即 var app = express();)
app.use(function(req, res, next) {
if(req.url === '/login'){
//CryptoJS.AES.decrypt() is Assumed to be the decrypter function here.
req.body = CryptoJS.AES.decrypt(req.body);
console.log(req.body); //To view decrypted body
}
next();
});
就是这样。该中间件函数将在 passport.authenticate() 函数之前首先到达。只要确保如果你将它应用到 req.body 你首先添加这些代码行,在导入 bodyParser (bodyParser = require('body-parser');)在上面的段落之前。
app.use(bodyParser.urlencoded({
extended: true
}));
app.use(bodyParser.json());
有一个passport.js implementation which is being used for LDAP-auth which works. Now the next step is to encrypt the password on the client-side using Crypto-js如下:
Client-side angular-js controller
$scope.authenticate = function () {
var auth = new login();
auth.username = $scope.username;
auth.password = CryptoJS.AES.encrypt($scope.password); //// HERE
auth.$save(function (response){
console.log(response);
},function(err){
console.log(err);
});
}
Server-side service
.....
.....
app.post('/login', passport.authenticate('ldapauth'), (req, res) => {
console.log("req.user: ",req.user);
req.session.username = req.user[ldap.username];
req.session.userModel = req.user;
res.status(200).send({"success": 'success'});
});
.....
在服务器端服务上调用passport.authenticate请求'req'之前需要解密aes加密密码。如何在这里实施? (问题不在于加密,而在于如何在数据作为请求传递给 passport.authenticate 之前获取数据)
@Abhijay Ghildyal 我认为他们不理解你的问题。在请求传递给 passport.authenticate() 之前拦截请求确实是可能的。您想要做的是将这段代码添加到您的 express.js 或您在其中执行快速服务器实现的任何文件。此外,我在这里解密 request.body 而不是 req.user因为在那个时候用户还没有登录,但是如果你的情况不同那么没关系,你可以用同样的方式解密 req.user 。 (此处的变量 app 是您的服务器的名称,即 var app = express();)
app.use(function(req, res, next) {
if(req.url === '/login'){
//CryptoJS.AES.decrypt() is Assumed to be the decrypter function here.
req.body = CryptoJS.AES.decrypt(req.body);
console.log(req.body); //To view decrypted body
}
next();
});
就是这样。该中间件函数将在 passport.authenticate() 函数之前首先到达。只要确保如果你将它应用到 req.body 你首先添加这些代码行,在导入 bodyParser (bodyParser = require('body-parser');)在上面的段落之前。
app.use(bodyParser.urlencoded({
extended: true
}));
app.use(bodyParser.json());