具有基本身份验证的 Express 4 抱怨 "Can't set headers after they are sent"

Express 4 with Basic Auth complains with "Can't set headers after they are sent"

我想对尝试访问我的平均应用程序的编辑功能的用户进行授权。

var basicAuth = require('basic-auth');

...

var auth = function (req, res, next) {
    function unauthorized(res) {
        res.set('WWW-Authenticate', 'Basic realm=Authorization Required');
        return res.sendStatus(401);
    };

    var user = basicAuth(req);

    if (!user || !user.name || !user.pass) {
        return unauthorized(res);
    };

    config.administrators.forEach(function(admin){
        if (admin.email == user.name){
            if (admin.pwhash == (md5(admin.salt + user.pass))){
                req.admin = admin;
                return next();
            }
        }
    });
    return unauthorized(res);
};

router.get('/edit/', auth, function(req, res) {
    models.QuizModel.find({'author':req.admin.email}, function (err, quizes){
        res.status(200).send({'quizes': quizes});
    });
});

app.use('/api', router);

但是我在成功验证后得到的只是以下错误消息:

_http_outgoing.js:335
    throw new Error('Can\'t set headers after they are sent.');
          ^
Error: Can't set headers after they are sent.
    at ServerResponse.OutgoingMessage.setHeader (_http_outgoing.js:335:11)
    at ServerResponse.header (C:\nodejs\node_modules\express\lib\response.js:718:10)
    at ServerResponse.send (C:\nodejs\node_modules\express\lib\response.js:163:12)
    at ServerResponse.json (C:\nodejs\node_modules\express\lib\response.js:249:15)
    at ServerResponse.send (C:\nodejs\node_modules\express\lib\response.js:151:21)
    at C:\nodejs\projects\demo\server.js:69:19
    at C:\nodejs\node_modules\mongoose\node_modules\kareem\index.js:109:16
    at process._tickCallback (node.js:355:11)

如果我去掉model上的mongoose find,直接发送一个带有一些虚假信息的response,我仍然会得到发送后无法设置headers的错误,但是app不会崩溃我实际上可以进入下一页。但是我需要了解我的方法中的潜在问题。

谢谢!

您正在从 forEach 回调调用 return next()。一旦 next() 被调用,路由器的第二个回调被调用并发送状态 200。然后它返回到 auth 函数,完成迭代并调用 unauthorized(res) 再次发送 401 状态。

所以只需将 forEach 替换为 for 循环即可。