REST 调用的护照本地会话仍然为空
passport-local session remains empty for REST calls
我在使 passport-local 正常工作时遇到了一些问题。
我有一个使用 React 和 React-Router v4 的小网站。我可以正常登录,并在重新加载时保持登录状态。我对管理部分的所有 REST 调用都会导致登录屏幕被 returned。
我只想对某些 REST 调用进行身份验证(即 /admin*),但这些 REST 调用全部 return 一个“/登录”页面。
好的,代码:
import express from 'express';
import compression from 'compression';
import bodyParser from 'body-parser';
import cookieParser from 'cookie-parser';
import passport from 'passport';
import session from 'express-session';
import { Strategy as LocalStrategy } from 'passport-local';
const secret = 'foo';
const app = express();
app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json());
app.use(cookieParser(secret));
app.use(
session({
secret,
saveUninitialized: false,
resave: false,
maxAge: null,
cookie: {
path: '/admin',
secure: process.env.NODE_ENV === 'production',
},
}),
);
app.use(passport.initialize());
app.use(passport.session());
passport.use(new LocalStrategy((email, password, done) =>
User.findOne({ where: { email } })
.then((user) => {
if (!user) return done(null, false, { message: `There is no record of the email ${email}.` });
return user.comparePassword(password).then((result) => {
if (result) done(null, user);
else done(null, false, { message: 'Your email/password combination is incorrect.' });
});
})
.catch((err) => {
console.log(err);
done(null, false, { message: 'Something went wrong trying to authenticate' });
})));
passport.serializeUser((user, done) => {
done(null, user.id);
});
passport.deserializeUser((id, done) => {
console.log('find by id', id);
User.findById(id)
.then((user) => {
done(null, user.get());
})
.catch(done);
});
app.use(...cspSecurity);
app.use(compression());
//sequelize connect
connect();
路线
app.post('/admin/logout', userController.logout);
app.post('/admin/login', userController.login);
app.get('/admin/rest/*', (req, res, next) {
console.log('authenticated', req.isAuthenticated());
if (req.isAuthenticated()) {
next();
} else {
res.redirect('/login');
}
});
app.get('/admin/rest/user', userController.all);
app.post('/admin/rest/user', userController.add);
app.put('/admin/rest/user/:id', userController.update);
Cookie return来自登录:
set-cookie:connect.sid=s%3AUtm0CymuTprJHwJb_XVFscXb73-p-F0m.BIZ4R7gCy%2BHkSc%2FbC423FG71mWLxgdsdfsdMkjDRhIe8w; Path=/admin; HttpOnly
根据我看到的建议,我尝试将其添加到我的 REST 调用中,但无济于事:
const res = await fetch(`/admin/rest/user/${data.id}`, {
method: 'PUT',
headers: {
'Content-Type': 'application/json',
},
credentials: 'same-origin',
body: JSON.stringify(data),
});
有什么建议吗?
这与 CloudFlare 和我的服务器之间的非安全连接以及设置安全 cookie 的服务器有关
我在使 passport-local 正常工作时遇到了一些问题。 我有一个使用 React 和 React-Router v4 的小网站。我可以正常登录,并在重新加载时保持登录状态。我对管理部分的所有 REST 调用都会导致登录屏幕被 returned。
我只想对某些 REST 调用进行身份验证(即 /admin*),但这些 REST 调用全部 return 一个“/登录”页面。
好的,代码:
import express from 'express';
import compression from 'compression';
import bodyParser from 'body-parser';
import cookieParser from 'cookie-parser';
import passport from 'passport';
import session from 'express-session';
import { Strategy as LocalStrategy } from 'passport-local';
const secret = 'foo';
const app = express();
app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json());
app.use(cookieParser(secret));
app.use(
session({
secret,
saveUninitialized: false,
resave: false,
maxAge: null,
cookie: {
path: '/admin',
secure: process.env.NODE_ENV === 'production',
},
}),
);
app.use(passport.initialize());
app.use(passport.session());
passport.use(new LocalStrategy((email, password, done) =>
User.findOne({ where: { email } })
.then((user) => {
if (!user) return done(null, false, { message: `There is no record of the email ${email}.` });
return user.comparePassword(password).then((result) => {
if (result) done(null, user);
else done(null, false, { message: 'Your email/password combination is incorrect.' });
});
})
.catch((err) => {
console.log(err);
done(null, false, { message: 'Something went wrong trying to authenticate' });
})));
passport.serializeUser((user, done) => {
done(null, user.id);
});
passport.deserializeUser((id, done) => {
console.log('find by id', id);
User.findById(id)
.then((user) => {
done(null, user.get());
})
.catch(done);
});
app.use(...cspSecurity);
app.use(compression());
//sequelize connect
connect();
路线
app.post('/admin/logout', userController.logout);
app.post('/admin/login', userController.login);
app.get('/admin/rest/*', (req, res, next) {
console.log('authenticated', req.isAuthenticated());
if (req.isAuthenticated()) {
next();
} else {
res.redirect('/login');
}
});
app.get('/admin/rest/user', userController.all);
app.post('/admin/rest/user', userController.add);
app.put('/admin/rest/user/:id', userController.update);
Cookie return来自登录:
set-cookie:connect.sid=s%3AUtm0CymuTprJHwJb_XVFscXb73-p-F0m.BIZ4R7gCy%2BHkSc%2FbC423FG71mWLxgdsdfsdMkjDRhIe8w; Path=/admin; HttpOnly
根据我看到的建议,我尝试将其添加到我的 REST 调用中,但无济于事:
const res = await fetch(`/admin/rest/user/${data.id}`, {
method: 'PUT',
headers: {
'Content-Type': 'application/json',
},
credentials: 'same-origin',
body: JSON.stringify(data),
});
有什么建议吗?
这与 CloudFlare 和我的服务器之间的非安全连接以及设置安全 cookie 的服务器有关