1. 首页
  2. 问答
  3. REST调用护照本地会话保持为空

REST调用护照本地会话保持为空

2017-09-15 86 views
0

我在使本地护照正常工作时遇到了一些麻烦。 我有一个使用React和React-Router v4的小网站。我可以登录,并在重新加载时保持登录状态。所有REST对管理部分的调用都会导致返回登录屏幕。REST调用护照本地会话保持为空

我想有只有某些REST调用认证(即/管理员*),但这些REST调用都返回一个“/登录”页面。

好吧,代码:

import express from 'express'; 
import compression from 'compression'; 
import bodyParser from 'body-parser'; 
import cookieParser from 'cookie-parser'; 
import passport from 'passport'; 
import session from 'express-session'; 
import { Strategy as LocalStrategy } from 'passport-local'; 

const secret = 'foo'; 

const app = express(); 

app.use(bodyParser.urlencoded({ extended: false })); 
app.use(bodyParser.json()); 

app.use(cookieParser(secret)); 
app.use(
session({ 
    secret, 
    saveUninitialized: false, 
    resave: false, 
    maxAge: null, 
    cookie: { 
    path: '/admin', 
    secure: process.env.NODE_ENV === 'production', 
    }, 
}), 
); 
app.use(passport.initialize()); 
app.use(passport.session()); 

passport.use(new LocalStrategy((email, password, done) => 
    User.findOne({ where: { email } }) 
    .then((user) => { 
     if (!user) return done(null, false, { message: `There is no record of the email ${email}.` }); 

     return user.comparePassword(password).then((result) => { 
     if (result) done(null, user); 
     else done(null, false, { message: 'Your email/password combination is incorrect.' }); 
     }); 
    }) 
    .catch((err) => { 
     console.log(err); 
     done(null, false, { message: 'Something went wrong trying to authenticate' }); 
    }))); 

passport.serializeUser((user, done) => { 
done(null, user.id); 
}); 

passport.deserializeUser((id, done) => { 
    console.log('find by id', id); 
    User.findById(id) 
    .then((user) => { 
     done(null, user.get()); 
    }) 
    .catch(done); 
}); 

app.use(...cspSecurity); 

app.use(compression()); 

//sequelize connect 
connect();

路线

app.post('/admin/logout', userController.logout); 
app.post('/admin/login', userController.login); 
app.get('/admin/rest/*', (req, res, next) { 
    console.log('authenticated', req.isAuthenticated()); 

    if (req.isAuthenticated()) { 
    next(); 
    } else { 
    res.redirect('/login'); 
    } 
}); 

app.get('/admin/rest/user', userController.all); 
app.post('/admin/rest/user', userController.add); 
app.put('/admin/rest/user/:id', userController.update);

饼干从登录返回:

set-cookie:connect.sid=s%3AUtm0CymuTprJHwJb_XVFscXb73-p-F0m.BIZ4R7gCy%2BHkSc%2FbC423FG71mWLxgdsdfsdMkjDRhIe8w; Path=/admin; HttpOnly

基于一个建议,我看见了,我尝试添加该到我的REST来电,不得要领:

const res = await fetch(`/admin/rest/user/${data.id}`, { 
    method: 'PUT', 
    headers: { 
     'Content-Type': 'application/json', 
    }, 
    credentials: 'same-origin', 
    body: JSON.stringify(data), 
});

有什么建议?

来源

2017-09-15 Marc

回答

0

这与CloudFlare和我的服务器之间的非安全连接以及设置安全cookie的服务器有关

来源

2017-09-23 21:39:02 Marc

相关问题

 相关问题