我的验证系统未按预期工作。护照验证req.isAuthenticated始终为false
首先我要告诉你我的node.js文件
//Initialize Express Web Server
var express = require('express');
var app = express();
var http = require("http").Server(app);
var lusca = require('lusca');
var io = require("socket.io")(http);
//require needs
var api = express.Router();
var ejs = require('ejs');
var expressValidator = require("express-validator");
var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');
var LocalStrategy = require('passport-local').Strategy;
var session = require('express-session');
var passport = require('passport');
var morgan = require('morgan');
var mongo = require('mongodb');
var MongoStore = require('connect-mongo')(session);
//Connect to MongoDB
var mongoose = require('mongoose');
var configDB = require('./config/database.js');
mongoose.connect(configDB.url);
//Resolving paths with nodejs
var path = require('path');
app.use(express.static(path.join(__dirname+"/MP/")));
//cookie parser middleware
app.use(cookieParser());
//Body Parser Middleware
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({extended:false}));
//Init Sessions
app.use(session({
secret:'SOME_HIDDEN_TEXT',
cookie:{httpOnly:true/*, secure: true*/},
saveUninitialized: false,
resave: false,
store: new MongoStore({mongooseConnection: mongoose.connection, autoReconnect: true})
}));
//Init Passport
app.use(passport.initialize());
app.use(passport.session());
app.use(expressValidator({
errorFormatter: function(param, msg, value) {
var namespace = param.split('.')
, root = namespace.shift()
, formParam = root;
while(namespace.length) {
formParam += '[' + namespace.shift() + ']';
}
return {
param : formParam,
msg : msg,
value : value
};
}
}));
//Security
app.use(morgan('dev'));
//app.use(lusca.csrf());
/*app.use(lusca.csp(
{"policy":{
"default-src":"'self'",
"script-src":"'self' 'https://ajax.googleapis.com/ajax/libs/jquery/1.10.2/*'",
"img-src":"'self' 'http://placehold.it/*'",
"connect-src":"'self'",
"font-src":"*",
"style-src":"'self' 'unsafe-inline' *"
}}
));*/
app.use(lusca.hsts({maxAge:31536000}));
app.use(lusca.xframe('SAMEORIGIN'));
app.use(lusca.p3p('ABCDEF'));
app.use(lusca.xssProtection(true));
app.use(lusca.nosniff());
//Init API
var User = require(path.join(__dirname+"/model/user"));
require("./MP/routes/api")(api);
app.use("/api", api);
/*app.use(function(req, res, next) {
res.header('Access-Control-Allow-Credentials', true);
res.header('Access-Control-Allow-Origin', "http://localhost:3000");
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
res.header('Access-Control-Allow-Headers', 'X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept');
if ('OPTIONS' == req.method) {
res.send(200);
} else {
next();
}
});*/
//Setting up listening port
var port = 3000;
io.on("connection", function(socket){
console.log("user connected");
});
app.set('view engine', 'ejs');
app.set("views", path.resolve(__dirname,"MP","view"));
//Render View for Angular
app.get('/', function(req,res){
res.render("index.ejs");
console.log(req.headers.origin);
});
http.listen(port,function(){
console.log('SERVER LISTENING ON PORT: '+port);
});
下一页我的角度应用
"use strict";
var app = angular.module("app", ["ngRoute","ui.router", "ngSanitize","ngResource"]);
app.config(["$stateProvider" , "$urlRouterProvider", "$locationProvider" , function ($stateProvider , $urlRouterProvider, $locationProvider, loginService) {
$stateProvider
.state("login", {
url: "/",
templateUrl: "partials/index.html",
controller: "indexCtrl"
})
.state("register", {
url:"/register",
templateUrl: "partials/register.html",
controller: "indexCtrl"
})
.state("home", {
url: "/en/",
abstract: true,
templateUrl: "partials/home.html",
resolve: {
loggedIn: checkLogin
}
})
.state("home.news", {
url: "",
templateUrl: "partials/news.html",
resolve: {
loggedIn: checkLogin
}
})
.state("home.gamer", {
url: "gamer/",
templateUrl: "partials/gamer.html",
resolve: {
loggedIn: checkLogin
}
})
.state("home.search", {
url: "search/",
templateUrl: "partials/search.html",
resolve: {
loggedIn: checkLogin
}
})
.state("home.games",{
url: "games/",
templateUrl: "partials/games.html",
resolve: {
loggedIn: checkLogin
}
})
.state("home.verify", {
url: "verify/",
templateUrl: "partials/verify.html",
resolve: {
loggedIn: checkLogin
}
});
$urlRouterProvider.otherwise("/");
$locationProvider.html5Mode({
enabled: true,
requireBase: false
});
}]);
function checkLogin(loginService){
return loginService.loggedIn();
}
这里是我的login服务
"use strict";
app.factory("loginService",["Api", "$location", "$state", "$q", "$rootScope", function (Api,$location,$state,$q,$rootScope) {
return {
login: function (user,scope) {
Api.login.post(user, function(regRes){
console.log(regRes.data);
if(regRes.data.error){
scope.error = { error : regRes.data.error};
}else if(regRes.data.success === 1){
$state.go("home.news");
}
});
},
loggedIn: function(){
var deferred = $q.defer();
Api.login.get(function(user){
if(user.data != "0"){
$rootScope.currentUser = user;
deferred.resolve();
}else{
$rootScope.currentUser = null;
deferred.reject();
$state.go("login");
}
});
return deferred.promise;
}
}
}]);
最后但并非最不重要我的api
'use strict';
var User = require("../../model/user");
var passport = require("passport");
var LocalStrategy = require("passport-local").Strategy;
passport.use(new LocalStrategy({usernameField: "e", passwordField: "p"},function(email, password, done){
var user = new User();
user.findEmail(escape(email),function(err, user){
if(err){
throw err;
}
if(!user){
return done(null,false, {error: "Email or Password is wrong. Please try again."});
}
user.comparePw(escape(password),user.password,function(err, isMatched){
if(!isMatched){
return done(null,false, {error: "Email or Password is wrong. Please try again."});
}else{
return done(null,user);
}
});
});
}));
passport.serializeUser(function(user,done){
done(null, user.id);
});
passport.deserializeUser(function(user,done){
var user = new User();
user.findUserById(user, function(err, user){
done(err,user);
});
});
module.exports = function(router){
router.get("/user", function(req, res){
var user = new User();
user.getGamer(function(err,response){
if(err){
throw err;
}else{
res.json(response);
}
});
});
router.post("/user/login", function(req, res, next) {
passport.authenticate('local', {session: true},function(err, user, info) {
console.log(user + " " + info + " " + err);
if (err) { return next(err); }
if (!user) { return res.json({error: "Email or Password is wrong. Please try again."}); }
if(user.confirm == 0){ return res.json({error: "Please confirm your email address and try again."})}
console.log(req.user);
req.logIn(user, function(err) {
console.log(req.session.id);
console.log(req.user); //req.user is defined
console.log(req.isAuthenticated()); //req.isAuthenticated() is true
if (err) { return next(err); }
res.json({success: 1});
});
})(req, res, next);
});
router.get("/user/login", function(req, res, next) {
console.log(req.isAuthenticated()); //returns false
res.send(req.isAuthenticated() ? req.user: "0"); //send object with data:"0";
});
};
UPDATE:这是我的API服务
app.factory("Api", ["$resource", function($resource){
return {
gamer: $resource("/api/user/:id", {_id: "@id"},{
"get": {
method: "GET",
interceptor: {
response: function(response) {
return response;
}
}
},
"post":{
method: "POST",
interceptor:{
response: function(response){
return response;
}
}
}
}),
login: $resource("/api/user/login", {},{
"post":{
method: "POST",
interceptor:{
response: function(response){
return response;
}
}
},
"get":{
method: "GET",
interceptor:{
response: function(response){
return response;
}
}
}
})
}
}]);
所有时间我叫的loggedIn功能我得到的数据对象的回应:“0”。我不知道为什么req.isAuthenticated()在通过护照成功登录时总是为false。一个名为connect.sid的会话cookie被正确设置,并获得与存储在猫鼬数据库中的会话cookie相同的值。如果我console.log isAuthenticated登录后,我得到的答复是真实的,否则它总是虚假的。我也试图让CORS,但它没有奏效。我搜索了整整一天在谷歌找到一个解决方案。有人可以帮助我吗?
问候Chzn
当你打电话给你的API,你把'withCredentials:true'?否则,您的AJAX请求将无法获取(httpOnly)Cookie。 –
我更新了我的帖子。我想我没有这样做:/ – chzn