我有一个用 ECMA 语法编写的 nodejs 应用程序,带有 dependencies.mjs 和 index.js。我 think 我已经正确设置了 express-mysql-session 和 express-session,就像我之前在一个 commonJS 项目中一样,但是这种奇怪的行为让我头疼。
index.js中的相关代码:
'use strict';
import dotenv from 'dotenv';
dotenv.config();
import dependencies from "./dependencies.mjs";
const { DateTime, express, connectToDb, cors, mysql2 } = dependencies;
import session from "express-session";
import MySQLStore from "express-mysql-session";
const sessconn = mysql2.createPool({
host: process.env.SESSION_DB_HOST,
user: process.env.SESSION_DB_USER,
password: process.env.SESSION_DB_PASSWORD,
database: process.env.SESSION_DB_NAME,
socketPath: process.env.SOCKET_PATH,
connectionLimit: 1,
});
const sessionStore = new (MySQLStore(session))({
clearExpired: true,
expiration: 86400000,
checkExpirationInterval: 3600000,
createDatabaseTable: true,
},
sessconn);
connectToDb().then(()=>{
console.log('connected to db!!');
}
).catch((err)=>{
return res.status(500).send({msg: 'Error connecting to database', err: err.message})
})
const app = express();
app.use(express.json({ limit: '300kb' }))
app.use(cors({
origin: process.env.WEBSITE_DOMAIN,
allowedHeaders: ["content-type", "authorization"],
credentials: true,
}));
app.use(session({
name: 'session_name',
store: sessionStore,
secret: process.env.SESSION_SECRET,
saveUninitialized: false,
resave: false,
cookie: {
sameSite: 'none',
secure: false
maxAge: +process.env.COOKIE_MAXAGE,
httpOnly: true,
}
}));
app.use(express.static('public'));
import { router as authRoutes } from './routes/auth.mjs';
app.use('/auth', authRoutes)
// auth middleware / login wall
app.use((req,res,next) => {
if (req.session.user) {
let expiry = DateTime.now().plus({hours: 1}).toISO();
req.session.user.expiry = expiry;
next();
} else {
res.status(403).send({ msg: "You must be logged in to access this resource."});
}
})
app.listen(port, () => console.log(`Its alive on port ${port}!`))
和我的 dependencies.mjs
"use strict";
import dotenv from 'dotenv';
dotenv.config();
import express from 'express';
import cors from 'cors';
import { DateTime, Settings } from 'luxon';
Settings.defaultZone = "Australia/Brisbane";
import validation from 'express-validator';
const { body, validationResult, param, check } = validation;
import mysql2 from 'mysql2/promise';
const dbconn = await mysql2.createConnection({
host: process.env.DB_HOST,
user: process.env.DB_USER,
password: process.env.DB_PASSWORD,
database: process.env.DB_NAME,
socketPath: process.env.SOCKET_PATH,
});
async function connectToDb() {
try {
await dbconn.connect()
} catch (err) {
return err
}
}
import bcrypt from 'bcrypt'
import crypto from 'crypto'
import sgMail from '@sendgrid/mail';
sgMail.setApiKey(process.env.SENDGRID_API_KEY);
export default {
DateTime,
Settings,
express,
body,
check,
param,
validationResult,
dbconn,
bcrypt,
crypto,
sgMail,
cors,
connectToDb,
mysql2
};
我有一条授权路线,一旦用户登录,我就在其中设置会话:
if(req.session.user){
return res.status(200).send({msg: "Logged in already.", user: req.session.user});
} else {
const expireTime = DateTime.now().plus({hours: 1}).toISO();
req.session.cookie.user = {
id: user_object.id,
email: req.body.username,
name: `${first} ${last}`,
expiry: expireTime
}
return res.status(200).send({msg: "Session created", user: req.session.user});
}
这会将记录保存在正确数据库的正确表中。记录看起来是正确的,我只是通过终端访问 mysql 来检查它是否存在。
然而,当我在登录墙下方调用路由时,它返回的会话与我写入数据库的会话不同。我不知道为什么,我已经尽我最大的努力来坚持这本书来实现它。任何帮助将不胜感激!
(ChatGPT,保佑它的心,也帮不上什么忙,我也没有运气通过谷歌搜索找到类似的问题)。
捂脸时刻,但值得分享。
基本上后端一切都很好。自发布以来我已经改变了一些东西,但我相信这仍然有效。
我没有发送带有“凭据”的 api 调用,即没有发送 cookie。这导致每次调用都会创建一个新会话。
在 api 调用中使用“withCredentials: true”解决了这个问题。