我有一个具有以下配置的 nodeJs 服务器
const corsOpts = {
origin: ['https://192.168.100.101:3000'],
credentials: true,
methods: 'GET, POST, PUT, DELETE, OPTIONS',
allowedHeaders:"Origin, X-Requested-With, Content-Type, Accept, Authorization"
};
app.use(express.json());
app.use(express.urlencoded({ extended: true }));
app.use(session({
store: new RedisStore({ client: cachingServer.getClient(), ttl: 3600 }),
resave: true,
saveUninitialized: false,
secret: "bdmp-backend",
cookie: {
secure: true,
httpOnly:true,
maxAge: 60 * 60 * 1000 //this value is in milli seconds
},
name: "thisissecretkey"
}));
app.use(cors(corsOpts));
app.use("/", require("./apps/routes/main")(app));
app.use("/api", require("./apps/routes/api")(app));
app.use("/node", require("./apps/routes/node")(app));
我的登录api代码
router.post('/authenticate', function (req, res) {
/* API TO AUTHENTICATE TO CREATE SESSION */
let sess = req.session;
let username = req.body.username;
let password = req.body.password;
if (username && password) {
User.findOne({ username: username }).exec(function (user_err, user) {
if (user_err) {
logger.error("API => /api/authenticate : Failed to fetch user from database due to " + commonFunc.parseMongoError(err));
res.json({
status: false,
loggedIn: false,
authorize: true,
data: "Failed to fetch data from database!"
});
}
else {
if (user) {
let passValid = false;
user.comparePassword(password, function (data) {
passValid = data;
next_1();
});
function next_1() {
if (passValid) { // password is valid
req.session.username = user.username;
req.session.userLevel = user.userLevel;
req.session.creator = user.creator;
req.session.loggedIn = true;
req.session.emailId = user.emailId;
req.session.save((err) => {
if(err){
logger.debug("API => /api/authenticate : Failed to create sessiondue to " + err.stack);
logger.error("API => /api/authenticate : Failed to create sessiondue to " + err.stack);
res.json({
status: false,
loggedIn: false,
authorize: true,
data: "Failed to create session.Please try again!"
});
}
else{
res.json({
status: true,
loggedIn: true,
authorize: true,
data: "User LoggedIn Successfully",
session: req.session
});
}
})
}
else { //password is not valid
res.json({
status: false,
loggedIn: false,
authorize: true,
data: "Invalid Password"
});
}
}
}
else {
res.json({
status: false,
loggedIn: false,
authorize: true,
data: "No Such User Exist!"
});
}
}
});
}
else {
res.json({
status: false,
loggedIn: true,
aut
horize: true,
data: "Please provide all the required fields!"
});
}
});
登录完全成功 但是当我尝试从 React 应用程序中获取保存会话参数时,它返回了 null
客户端代码
axios.get("https://172.16.11.11:5001/getSession", { withCredentials: true }).then(function (res) {
console.log(res.data)
if (res.data.loggedIn) {
setIsLoggedIn(true);
}
else {
navigate("/login")
}
}).catch(function (err) {
console.log(err.stack)
});
我的服务器端getSession api代码
router.get("/getSession",authenticate(),function(req,res){
/* This function will return session details */
res.json({
status:true,
loggedIn:true,
atuhorize:true,
data:{
username:req.session.username,
userLevel:req.session.userLevel,
creator:req.session.creator,
emailId:req.session.emailId
}
})
});
authenticate() 是一个中间件函数,用于检查用户是否登录。下面提供了代码片段
function authenticate(__logoutOnFailed = false) {
return [
(req, res, next) => {
let session = req.session;
//next();
if (session.username && session.loggedIn) {
next();
} else {
if (__logoutOnFailed) {
res.status(307).redirect('/logout');
} else {
res.json({
status: false,
loggedIn: false,
authorize: false
});
}
}
}
]
}
module.exports = authenticate;
现在每次如果调用此 getSession api,我都会在成功登录尝试后收到以下响应
{
status: false,
loggedIn: false,
authorize: false
}
React js 应用程序网址:https://192.168.100.101:3000 Nodejs 服务器网址:https://172.16.11.11:5001
有什么建议我在这里遗漏或做错了什么吗?
在打印 req.session 时我低于输出
Session {
cookie: {
path: '/',
_expires: 2023-04-10T12:10:16.104Z,
originalMaxAge: 3600000,
httpOnly: true,
secure: true
}
}