节点和护照:passport.js 应该在 gitignore 中吗?
Node and passport: Should passport.js be in gitignore?
我正在按照此 tutorial 构建用户身份验证。在这里,作者在配置目录中有 passport.js 文件,以及身份验证令牌和数据库登录字符串。我明白为什么数据库和身份验证配置不应该是 public,所以通常我会 .gitignore 整个配置目录。然而,这个 passport.js 文件是我想要对其进行版本控制的代码。这个文件不属于 public 版本控制有什么原因吗?如果是这样,我应该如何删除该内容以便可以签入代码的逻辑。
Passport.JS
var LocalStrategy = require('passport-local').Strategy;
var FacebookStrategy = require('passport-facebook').Strategy;
var TwitterStrategy = require('passport-twitter').Strategy;
var GoogleStrategy = require('passport-google-oauth').OAuth2Strategy;
var User = require('../app/models/user');
var configAuth = require('../config/auth');
module.exports = function(passport){
passport.serializeUser(function(user, done){
done(null, user.id);
});
passport.deserializeUser(function(id, done){
User.findById(id,function(err, user){
done(err, user);
});
});
passport.use(new GoogleStrategy(
{
clientID: configAuth.googleAuth.clientID,
clientSecret: configAuth.googleAuth.clientSecret,
callbackURL: configAuth.googleAuth.callbackURL,
passReqToCallback: true
},
function(req, token, refreshToken, profile, done){
process.nextTick(function(){
if(!req.user)
{
User.findOne({'google.id': profile.id}, function(err, user){
if(err)
{
return done(err);
}
if(user)
{
return done(null, user);
}
else
{
var newUser = new User();
newUser.account.google_id = profile.id;
newUser.account.google_token = token;
newUser.account.name = profile.displayName;
newUser.account.email = profile.emails[0].value;
newUser.save(function(err){
if(err)
{
throw err;
}
return done(null, newUser);
});
}
});
}
else
{
var user = req.user;
user.account.google_id = profile.id;
user.account.google_token = token;
user.account.name = profile.displayName;
user.account.email = profile.emails[0].value;
user.save(function(err){
if(err)
{
throw err;
}
return done(null, user);
});
}
});
}
));
passport.use(new TwitterStrategy(
{
consumerKey: configAuth.twitterAuth.consumerKey,
consumerSecret: configAuth.twitterAuth.consumerSecret,
callbackURL: configAuth.callbackURL,
passReqToCallback: true
},
function(req, token, tokenSecret, profile, done){
console.log(token);
process.nextTick(function(){
if(!req.user)
{
User.findOne({'twitter.id': profile.id }, function(err, user){
if(err)
{
return done(err);
}
if(user)
{
return done(null, user);
}
else
{
var newUser = new User();
newUser.account.twitter_id = profile.id;
newUser.account.twitter_token = token;
newUser.account.twitter_username = profile.username;
console.log(newUser);
newUser.save(function(err){
if(err)
{
throw err;
}
return done(null, newUser);
});
}
});
}
else{
var user = req.user;
user.account.twitter_id = profile.id;
user.account.twitter_token = token;
user.account.twitter_username = profile.username;
user.save(function(err){
if(err)
{
throw err;
}
return done(null, user);
});
}
});
}
));
passport.use(new FacebookStrategy(
{
clientID: configAuth.facebookAuth.clientID,
clientSecret: configAuth.facebookAuth.clientSecret,
callbackURL : configAuth.facebookAuth.callbackURL,
passReqToCallback: true,
profileFields: ["email", "name"],
},
function(req, token, refreshToken, profile, done){
process.nextTick(function(){
if(!req.user)
{
User.findOne({'facebook.id' : profile.id}, function(err, user){
if(err)
{
return done(err);
}
if(user)
{
return done(null, user);
}
else
{
var newUser = new User();
newUser.account.facebook_id = profile.id;
newUser.account.facebook_token = token;
newUser.account.name = profile.displayName;
newUser.save(function(err){
if(err)
{
throw err;
}
return done(null, newUser);
});
}
});
}
else
{
var user = req.user;
user.account.facebook_id = profile.id;
user.account.facebook_token = token;
user.account.name = profile.displayName;
user.save(function(err){
if(err)
{
throw err;
}
return done(null, user);
});
}
});
}
));
passport.use('local-signup', new LocalStrategy(
{
usernameField: 'email',
passwordField: 'password',
passReqToCallback: true
},
function(req, email, password, done){
process.nextTick(function(){
User.findOne({'local.email': email}, function(err, user){
if(err)
{
return done(err);
}
if(user){
return done(null, false, req.flash('signupMessage',' That email is already taken'));
}
else
{
var newUser = new User();
newUser.account.email = email;
newUser.account.password = newUser.generateHash(password);
newUser.save(function(err){
if(err)
{
throw err;
}
return done(null, newUser);
});
}
});
});
}));
passport.use('local-login', new LocalStrategy(
{
usernameField: 'email',
passwordField: 'password',
passReqToCallback : true
},
function(req, email, password, done){
User.findOne({'local.email': email}, function(err, user){
if(err)
{
return done(err);
}
if(!user)
{
return done(null, false, req.flash('loginMessage', 'Username not found!'));
}
if (!user.validPassword(password))
{
return done(null, false, req.flash('loginMessage', 'Incorrect Password'));
}
return done(null, user);
});
}
));
}
规则是:将敏感数据置于版本控制之外。
我在文件中看不到任何敏感内容,因此应该将其签入版本控制。
我正在按照此 tutorial 构建用户身份验证。在这里,作者在配置目录中有 passport.js 文件,以及身份验证令牌和数据库登录字符串。我明白为什么数据库和身份验证配置不应该是 public,所以通常我会 .gitignore 整个配置目录。然而,这个 passport.js 文件是我想要对其进行版本控制的代码。这个文件不属于 public 版本控制有什么原因吗?如果是这样,我应该如何删除该内容以便可以签入代码的逻辑。
Passport.JS
var LocalStrategy = require('passport-local').Strategy;
var FacebookStrategy = require('passport-facebook').Strategy;
var TwitterStrategy = require('passport-twitter').Strategy;
var GoogleStrategy = require('passport-google-oauth').OAuth2Strategy;
var User = require('../app/models/user');
var configAuth = require('../config/auth');
module.exports = function(passport){
passport.serializeUser(function(user, done){
done(null, user.id);
});
passport.deserializeUser(function(id, done){
User.findById(id,function(err, user){
done(err, user);
});
});
passport.use(new GoogleStrategy(
{
clientID: configAuth.googleAuth.clientID,
clientSecret: configAuth.googleAuth.clientSecret,
callbackURL: configAuth.googleAuth.callbackURL,
passReqToCallback: true
},
function(req, token, refreshToken, profile, done){
process.nextTick(function(){
if(!req.user)
{
User.findOne({'google.id': profile.id}, function(err, user){
if(err)
{
return done(err);
}
if(user)
{
return done(null, user);
}
else
{
var newUser = new User();
newUser.account.google_id = profile.id;
newUser.account.google_token = token;
newUser.account.name = profile.displayName;
newUser.account.email = profile.emails[0].value;
newUser.save(function(err){
if(err)
{
throw err;
}
return done(null, newUser);
});
}
});
}
else
{
var user = req.user;
user.account.google_id = profile.id;
user.account.google_token = token;
user.account.name = profile.displayName;
user.account.email = profile.emails[0].value;
user.save(function(err){
if(err)
{
throw err;
}
return done(null, user);
});
}
});
}
));
passport.use(new TwitterStrategy(
{
consumerKey: configAuth.twitterAuth.consumerKey,
consumerSecret: configAuth.twitterAuth.consumerSecret,
callbackURL: configAuth.callbackURL,
passReqToCallback: true
},
function(req, token, tokenSecret, profile, done){
console.log(token);
process.nextTick(function(){
if(!req.user)
{
User.findOne({'twitter.id': profile.id }, function(err, user){
if(err)
{
return done(err);
}
if(user)
{
return done(null, user);
}
else
{
var newUser = new User();
newUser.account.twitter_id = profile.id;
newUser.account.twitter_token = token;
newUser.account.twitter_username = profile.username;
console.log(newUser);
newUser.save(function(err){
if(err)
{
throw err;
}
return done(null, newUser);
});
}
});
}
else{
var user = req.user;
user.account.twitter_id = profile.id;
user.account.twitter_token = token;
user.account.twitter_username = profile.username;
user.save(function(err){
if(err)
{
throw err;
}
return done(null, user);
});
}
});
}
));
passport.use(new FacebookStrategy(
{
clientID: configAuth.facebookAuth.clientID,
clientSecret: configAuth.facebookAuth.clientSecret,
callbackURL : configAuth.facebookAuth.callbackURL,
passReqToCallback: true,
profileFields: ["email", "name"],
},
function(req, token, refreshToken, profile, done){
process.nextTick(function(){
if(!req.user)
{
User.findOne({'facebook.id' : profile.id}, function(err, user){
if(err)
{
return done(err);
}
if(user)
{
return done(null, user);
}
else
{
var newUser = new User();
newUser.account.facebook_id = profile.id;
newUser.account.facebook_token = token;
newUser.account.name = profile.displayName;
newUser.save(function(err){
if(err)
{
throw err;
}
return done(null, newUser);
});
}
});
}
else
{
var user = req.user;
user.account.facebook_id = profile.id;
user.account.facebook_token = token;
user.account.name = profile.displayName;
user.save(function(err){
if(err)
{
throw err;
}
return done(null, user);
});
}
});
}
));
passport.use('local-signup', new LocalStrategy(
{
usernameField: 'email',
passwordField: 'password',
passReqToCallback: true
},
function(req, email, password, done){
process.nextTick(function(){
User.findOne({'local.email': email}, function(err, user){
if(err)
{
return done(err);
}
if(user){
return done(null, false, req.flash('signupMessage',' That email is already taken'));
}
else
{
var newUser = new User();
newUser.account.email = email;
newUser.account.password = newUser.generateHash(password);
newUser.save(function(err){
if(err)
{
throw err;
}
return done(null, newUser);
});
}
});
});
}));
passport.use('local-login', new LocalStrategy(
{
usernameField: 'email',
passwordField: 'password',
passReqToCallback : true
},
function(req, email, password, done){
User.findOne({'local.email': email}, function(err, user){
if(err)
{
return done(err);
}
if(!user)
{
return done(null, false, req.flash('loginMessage', 'Username not found!'));
}
if (!user.validPassword(password))
{
return done(null, false, req.flash('loginMessage', 'Incorrect Password'));
}
return done(null, user);
});
}
));
}
规则是:将敏感数据置于版本控制之外。
我在文件中看不到任何敏感内容,因此应该将其签入版本控制。