我正在构建一个简单的应用程序,有2个页面,即登录和受保护的页面,我有一个中间件,它可以检查用户是否在试图访问路由受保护的时候登录,如果用户已经登录,他将被授予访问权,否则将被重定向到登录。
如果密码匹配,用户现在得到了一个会话,并重定向到protected我的代码无法工作,它一直重定向到登录而不是protected,即使登录信息是正确的。
这是我的代码
const express = require('express');
const app = express();
const port = 8080;
const mongoose = require('mongoose');
const bodyParser = require('body-parser');
const multer = require('multer');
const upload = multer();
const session = require('express-session');
const cookieParser = require('cookie-parser');
mongoose.connect("mongodb://localhost/Barclays_Bank",
{useUnifiedTopology:true,useNewUrlParser:true,useFindAndModify:false,useCreateIndex:true});
app.set('view engine','pug');
app.set('views','./views');
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true }));
app.use(upload.array());
app.use(cookieParser());
app.use(session({secret:"secret",cookie:{maxAge:60000},resave:true, saveUninitialized:true}));
var staffschema = mongoose.Schema({
email:{
type:String,
unique:true,
},
password:{
type:String,
password:String,
}
})
var staff = mongoose.model("staff",staffschema);
//Route To Render login Page
app.get('/login',(req,res)=>{
res.render('login');
});
//Route To Handle Post request on login page
app.post('/login',(req,res)=>{
staff.findOne({email:req.body.email})
.then((result)=>{
if(req.body.password === result.password){
req.session.currentstaff = staff;
res.redirect('/login');
}
else{
console.log('User Not Found!!!');
}
})
.catch((err)=>{
console.log("Error!!!");
})
})
//Middleware Function
ensureIsLoggedIn =(req,res,next)=>{
if(req.session.currentstaff){
next();
}else{
res.redirect('/login');
}
};
//Route To Render Protected Page
app.get('/protected',ensureIsLoggedIn,(req,res)=>{
res.render('protected');
})
//Route to handle post request on logout
app.post('/logout',(req,res)=>{
req.session.destroy((err)=>{
res.redirect('/login');
console.log('User loggedout');
})
})
//port
app.listen(port,()=>{
console.log('App is running...');
})
看起来你是在把用户重定向到了 "保护页面"。/login
路径,即使他们在这里成功地登录了
if(req.body.password === result.password){
req.session.currentstaff = staff;
res.redirect('/login'); // you should redirect the user to the '/protected' route
}