Hapi 身份验证 cookie 设置但 request.auth.credentials 为空
Hapi auth cookie sets but request.auth.credentials is null
我已阅读 hapi-auth-cookie 的文档以尝试在我的网站上进行验证。
Cookie 已设置,我可以在 chrome browser dev tools application tab
中看到它
但是当我 console.log request.auth.credentials 结果是 null
我想要完成的是将用户限制为 http://localhost:3000/restricted,我认为缺少的 link 是 request.auth.credentials,因为它是 null
这是我的代码
const users = [
{
username: 'john',
password: 'b$nrkw6Mco2j7YyBqZSWRAx.P3XEZsZg3MNfma2ECO8rGMUTcF9gHO.', // 'secret'
name: 'John Doe',
id: '2133d32a'
}
];
await server.register(require('hapi-auth-cookie'));
//strategy
server.auth.strategy('session', 'cookie', {
cookie: {
name: 'sid-example',
password: '!wsYhFA*C2U6nz=Bu^%A@^F#SF3&kSR6',
isSecure: false
},
redirectTo: '/login',
validateFunc: async (request, session) => {
const account = await users.find(
(user) => (user.id === session.id)
);
if (!account) {
return { valid: false };
}
return { valid: true, credentials: account };
}
});
server.auth.default({strategy: 'session', mode: 'try'});
//login post
server.route({
method: 'POST',
path: '/login',
handler: async (request, h) => {
console.log(request.payload)
const { username, password } = request.payload;
const account = users.find(
(user) => user.username === username
);
if (!account || !(await Bcrypt.compare(password, users[0].password))) {
console.log('user or password incorrect')
return h.view('login');
}
request.cookieAuth.set({ id: users.id });
console.log('login successful')
return h.redirect().location("/")
}
})
//restricted
server.route({
method: 'GET',
path: '/restricted',
options: {
auth: {
mode: 'required',
strategy: 'session'
}
},
handler: (request, h) => {
return new Promise ((resolve, reject) => {
let views = () => {
return h.view('restricted');
}
return resolve(views());
});
}
});
我尝试将 options.auth.mode 设置为 restricted route 内的 'try' 并尝试完全删除 options。
所有路由都正常,但限制路由即使登录也打不开
请帮忙
你没有正确设置cookie认证,你的id是undefined,把users.id换成account.id:
request.cookieAuth.set({ id: account.id });
我已阅读 hapi-auth-cookie 的文档以尝试在我的网站上进行验证。
Cookie 已设置,我可以在 chrome browser dev tools application tab
但是当我 console.log request.auth.credentials 结果是 null
我想要完成的是将用户限制为 http://localhost:3000/restricted,我认为缺少的 link 是 request.auth.credentials,因为它是 null
这是我的代码
const users = [
{
username: 'john',
password: 'b$nrkw6Mco2j7YyBqZSWRAx.P3XEZsZg3MNfma2ECO8rGMUTcF9gHO.', // 'secret'
name: 'John Doe',
id: '2133d32a'
}
];
await server.register(require('hapi-auth-cookie'));
//strategy
server.auth.strategy('session', 'cookie', {
cookie: {
name: 'sid-example',
password: '!wsYhFA*C2U6nz=Bu^%A@^F#SF3&kSR6',
isSecure: false
},
redirectTo: '/login',
validateFunc: async (request, session) => {
const account = await users.find(
(user) => (user.id === session.id)
);
if (!account) {
return { valid: false };
}
return { valid: true, credentials: account };
}
});
server.auth.default({strategy: 'session', mode: 'try'});
//login post
server.route({
method: 'POST',
path: '/login',
handler: async (request, h) => {
console.log(request.payload)
const { username, password } = request.payload;
const account = users.find(
(user) => user.username === username
);
if (!account || !(await Bcrypt.compare(password, users[0].password))) {
console.log('user or password incorrect')
return h.view('login');
}
request.cookieAuth.set({ id: users.id });
console.log('login successful')
return h.redirect().location("/")
}
})
//restricted
server.route({
method: 'GET',
path: '/restricted',
options: {
auth: {
mode: 'required',
strategy: 'session'
}
},
handler: (request, h) => {
return new Promise ((resolve, reject) => {
let views = () => {
return h.view('restricted');
}
return resolve(views());
});
}
});
我尝试将 options.auth.mode 设置为 restricted route 内的 'try' 并尝试完全删除 options。
所有路由都正常,但限制路由即使登录也打不开
请帮忙
你没有正确设置cookie认证,你的id是undefined,把users.id换成account.id:
request.cookieAuth.set({ id: account.id });