我是一名初学者开发人员,尝试基于 Passport.js 和 Mongoose 创建一个具有授权的全栈应用程序,但我不确定我是否走在正确的道路上
const express = require('express');
const path = require('path');
const session = require('express-session');
const passport = require('passport');
const LocalStrategy = require('passport-local').Strategy;
const mongoose = require('mongoose');
const Schema = mongoose.Schema;
const mongoDb = 'mongodb://localhost:27017/auth-test';
mongoose.connect(mongoDb);
const db = mongoose.connection;
db.on('error', console.error.bind(console, 'error mongo'));
const User = mongoose.model(
'User',
new Schema({
username: { type: String, required: true },
password: { type: String, required: true }
})
);
const app = express();
app.set('views', __dirname);
app.set('view engine', 'ejs');
passport.use(
new LocalStrategy(async (username, password, done) => {
try {
let user = await User.findOne({ username: username }).exec();
if (!user) {
console.log("Incorrect username");
return done(null, false);
}
if (user.password !== password) {
console.log("Incorrect password");
return done(null, false);
}
console.log("ACCEPTED");
console.log(user.toObject());
return done(null, user.toObject());
// i use toObject or have 'MongooseError: Model.findById() no longer accepts a callback'
}
catch (err) {
console.log(err);
return err;
}
})
);
passport.serializeUser(function(user, done) {
done(null, user.id);
});
passport.deserializeUser(function(id, done) {
User.findById(id, function(err, user) {
done(err, user);
});
});
app.use(session({ secret: 'cats!@#$', resave: false, saveUninitialized: true }));
app.use(passport.initialize());
app.use(passport.session());
app.use(express.urlencoded({ extended: false }));
app.get("/log-out", (req, res) => {
req.logout();
res.redirect("/");
});
app.get("/", (req, res) => {
res.render("index", { user: req.user });
});
app.get("/register", (req, res) => res.render("register"));
app.post("/register", async (req, res, next) => {
try {
const user = new User({
username: req.body.username,
password: req.body.password
});
await user.save();
res.redirect("/");
} catch (err) {
console.log(err);
return next(err);
}
});
app.post(
"/log-in",
passport.authenticate("local", {
successRedirect: "/",
failureRedirect: "/"
})
);
app.listen(3000, () => console.log('lisenning on 3000'));
我无法将用户模型传递给 LocalStrategy 的回调,现在我抛出
ACCEPTED
{
_id: new ObjectId('65abe002893f59c8f9883320'),
username: 'qwerty123',
password: 'ASDASD',
__v: 0
}
错误:无法将用户序列化到会话中,我可以修复它,将 user.id 更改为 user._id
passport.serializeUser(function(user, done) {
done(null, user.id);
});
但是我有新的错误“MongooseError:Model.findById() 不再接受回调”等等,更多,更多...请帮助我,我认为我做错了一切。
我想这个例子可以工作了
passport.serializeUser(function(user, done) {
done(null, user._id);
});
passport.deserializeUser( async function(_id, done) {
await User.findById(_id).then((user,err)=>{
done(err, user);
})
});
并且需要修复注销路线
app.get("/log-out", (req, res) => {
req.logout(function(err) {
if (err) { return next(err); }
});
res.redirect("/");
});
但在我看来 - 我走错了路,告诉我是否有更好的解决方案,现在我想知道是否应该使用护照本地猫鼬来散列密码或通过 bcrypt 手动执行。另外,我将使用存储会话快速,是否值得为此使用 mongoose 和 mongodb?