致力于护照本地战略项目。一切正常,除非登录失败(例如由于密码不正确),我可以通过在地址栏中输入受保护的路线来访问受保护的页面。如果没有事先登录失败,它就会按预期运行。安装的依赖项:express、express-session、mongoose、passport、passport-local。这是app.js:
'use strict';
require('dotenv').config();
const express = require('express');
const app = express();
const ejs = require('ejs');
app.set('view engine', 'ejs');
app.use(express.static('public'));
app.get('/', (req, res) => res.render('home'));
app.get('/login', (req, res) => res.render('login'));
app.get('/register', (req, res) => res.render('register'));
const session = require('express-session');
app.use(session({
secret: process.env.SESSION_KEY,
resave: false,
saveUninitialized: false
}));
const passport = require('passport');
app.use(passport.initialize());
app.use(passport.session());
passport.serializeUser(function(user, cb) {
process.nextTick(function() {
return cb(null, {
id: user.id,
username: user.username,
picture: user.picture
});
});
});
passport.deserializeUser(function(user, cb) {
process.nextTick(function() {
return cb(null, user);
});
});
const mongoose = require('mongoose');
mongoose.set('strictQuery', false);
mongoose.connect(process.env.DB_STRING).then(
console.log('got the db')
).catch(
err => console.error(err)
);
const User = require('./User');
passport.use(User.createStrategy());
app.get('/restricted', async (req, res) => {
if (req.isAuthenticated()) {
try {
const foundUsers = await User.find({'secrets': {$ne: []}});
res.render('restricted', {usersWithSecrets: foundUsers});
} catch(err) {
console.log(err);
}
} else {
res.redirect('/login');
}
});
app.get('/submit', (req, res) => {
if (req.isAuthenticated()) {
res.render('submit');
} else {
res.redirect('/login');
}
});
app.post('/logout', function(req, res, next){
req.logout(function(err) {
if (err) { return next(err); }
res.redirect('/');
});
});
const bodyParser = require('body-parser');
app.use(bodyParser.urlencoded({extended: true}));
app.post('/login', (req, res) => {
const user = new User({
username: req.body.username,
password: req.body.password
});
req.login(user, function(err) {
if (err) {
console.log(err);
} else {
passport.authenticate('local') (req, res, function() {
res.redirect('/restricted');
});
}
});
});
app.post('/register', (req, res) => {
User.register({username: req.body.username}, req.body.password, function(err, user) {
if (err) {
console.log(err);
res.redirect('/register');
} else {
passport.authenticate('local'), (req, res, function() {
res.redirect('/restricted');
});
}
});
});
app.post('/submit', async (req, res) => {
try {
await User.findOneAndUpdate({_id: req.user.id}, {$push: {'secrets': req.body.secretToPost}});
} catch (err) {
console.log(err);
}
});
app.post('/submit', async (req, res) => {
try {
await User.findOneAndUpdate({_id: req.user.id}, {$push: {'secrets': req.body.secretToPost}});
} catch (err) {
console.log(err);
}
});
let port = process.env.PORT || 3000;
app.listen(port, console.log('app is up'));