具有基本身份验证的 Express 4 抱怨 "Can't set headers after they are sent"
Express 4 with Basic Auth complains with "Can't set headers after they are sent"
我想对尝试访问我的平均应用程序的编辑功能的用户进行授权。
var basicAuth = require('basic-auth');
...
var auth = function (req, res, next) {
function unauthorized(res) {
res.set('WWW-Authenticate', 'Basic realm=Authorization Required');
return res.sendStatus(401);
};
var user = basicAuth(req);
if (!user || !user.name || !user.pass) {
return unauthorized(res);
};
config.administrators.forEach(function(admin){
if (admin.email == user.name){
if (admin.pwhash == (md5(admin.salt + user.pass))){
req.admin = admin;
return next();
}
}
});
return unauthorized(res);
};
router.get('/edit/', auth, function(req, res) {
models.QuizModel.find({'author':req.admin.email}, function (err, quizes){
res.status(200).send({'quizes': quizes});
});
});
app.use('/api', router);
但是我在成功验证后得到的只是以下错误消息:
_http_outgoing.js:335
throw new Error('Can\'t set headers after they are sent.');
^
Error: Can't set headers after they are sent.
at ServerResponse.OutgoingMessage.setHeader (_http_outgoing.js:335:11)
at ServerResponse.header (C:\nodejs\node_modules\express\lib\response.js:718:10)
at ServerResponse.send (C:\nodejs\node_modules\express\lib\response.js:163:12)
at ServerResponse.json (C:\nodejs\node_modules\express\lib\response.js:249:15)
at ServerResponse.send (C:\nodejs\node_modules\express\lib\response.js:151:21)
at C:\nodejs\projects\demo\server.js:69:19
at C:\nodejs\node_modules\mongoose\node_modules\kareem\index.js:109:16
at process._tickCallback (node.js:355:11)
如果我去掉model上的mongoose find,直接发送一个带有一些虚假信息的response,我仍然会得到发送后无法设置headers的错误,但是app不会崩溃我实际上可以进入下一页。但是我需要了解我的方法中的潜在问题。
谢谢!
您正在从 forEach
回调调用 return next()
。一旦 next() 被调用,路由器的第二个回调被调用并发送状态 200。然后它返回到 auth 函数,完成迭代并调用 unauthorized(res)
再次发送 401 状态。
所以只需将 forEach
替换为 for
循环即可。
我想对尝试访问我的平均应用程序的编辑功能的用户进行授权。
var basicAuth = require('basic-auth');
...
var auth = function (req, res, next) {
function unauthorized(res) {
res.set('WWW-Authenticate', 'Basic realm=Authorization Required');
return res.sendStatus(401);
};
var user = basicAuth(req);
if (!user || !user.name || !user.pass) {
return unauthorized(res);
};
config.administrators.forEach(function(admin){
if (admin.email == user.name){
if (admin.pwhash == (md5(admin.salt + user.pass))){
req.admin = admin;
return next();
}
}
});
return unauthorized(res);
};
router.get('/edit/', auth, function(req, res) {
models.QuizModel.find({'author':req.admin.email}, function (err, quizes){
res.status(200).send({'quizes': quizes});
});
});
app.use('/api', router);
但是我在成功验证后得到的只是以下错误消息:
_http_outgoing.js:335
throw new Error('Can\'t set headers after they are sent.');
^
Error: Can't set headers after they are sent.
at ServerResponse.OutgoingMessage.setHeader (_http_outgoing.js:335:11)
at ServerResponse.header (C:\nodejs\node_modules\express\lib\response.js:718:10)
at ServerResponse.send (C:\nodejs\node_modules\express\lib\response.js:163:12)
at ServerResponse.json (C:\nodejs\node_modules\express\lib\response.js:249:15)
at ServerResponse.send (C:\nodejs\node_modules\express\lib\response.js:151:21)
at C:\nodejs\projects\demo\server.js:69:19
at C:\nodejs\node_modules\mongoose\node_modules\kareem\index.js:109:16
at process._tickCallback (node.js:355:11)
如果我去掉model上的mongoose find,直接发送一个带有一些虚假信息的response,我仍然会得到发送后无法设置headers的错误,但是app不会崩溃我实际上可以进入下一页。但是我需要了解我的方法中的潜在问题。
谢谢!
您正在从 forEach
回调调用 return next()
。一旦 next() 被调用,路由器的第二个回调被调用并发送状态 200。然后它返回到 auth 函数,完成迭代并调用 unauthorized(res)
再次发送 401 状态。
所以只需将 forEach
替换为 for
循环即可。