Passport.js:登录失败后能够通过地址栏访问受保护的路由

问题描述 投票:0回答:0

致力于护照本地战略项目。一切正常,除非登录失败(例如由于密码不正确),我可以通过直接在地址栏中输入受保护的路线来直接进入受保护的页面。然而,如果没有故意登录失败,它就会按预期运行。安装的依赖项:express、express-session、mongoose、passport、passport-local。这是app.js:

'use strict';
require('dotenv').config();
const express = require('express');
const app = express();

const ejs = require('ejs');
app.set('view engine', 'ejs');
app.use(express.static('public'));

app.get('/', (req, res) => res.render('home'));
app.get('/login', (req, res) => res.render('login'));
app.get('/register', (req, res) => res.render('register'));

const session = require('express-session');
app.use(session({
  secret: process.env.SESSION_KEY,
  resave: false,
  saveUninitialized: false
}));

const passport = require('passport');
app.use(passport.initialize());
app.use(passport.session());

passport.serializeUser(function(user, cb) {
  process.nextTick(function() {
    return cb(null, {
      id: user.id,
      username: user.username,
      picture: user.picture
    });
  });
});

passport.deserializeUser(function(user, cb) {
process.nextTick(function() {
  return cb(null, user);
});
});

const mongoose = require('mongoose');
mongoose.set('strictQuery', false);
mongoose.connect(process.env.DB_STRING).then(
  console.log('got the db')
).catch(
  err => console.error(err)
  );

const User = require('./User');

passport.use(User.createStrategy());

app.get('/restricted', async (req, res) => {
  if (req.isAuthenticated()) {
    try {
      const foundUsers = await User.find({'secrets': {$ne: []}});
      res.render('restricted', {usersWithSecrets: foundUsers});
    } catch(err) {
      console.log(err);
    }
  } else {
    res.redirect('/login');
  }
});


app.get('/submit', (req, res) => {
  if (req.isAuthenticated()) {
    res.render('submit');
  } else {
    res.redirect('/login');
  }
});

app.post('/logout', function(req, res, next){
  req.logout(function(err) {
    if (err) { return next(err); }
    res.redirect('/');
  });
});

const bodyParser = require('body-parser');
app.use(bodyParser.urlencoded({extended: true}));

app.post('/login', (req, res) => {
  const user = new User({
    username: req.body.username,
    password: req.body.password
  });

  req.login(user, function(err) {
    if (err) {
      console.log(err);
    } else {
      passport.authenticate('local') (req, res, function() {
        res.redirect('/restricted');
      });
    }
  });
});

app.post('/register', (req, res) => {
  User.register({username: req.body.username}, req.body.password, function(err, user) {
    if (err) {
      console.log(err);
      res.redirect('/register');
    } else {
      passport.authenticate('local'), (req, res, function() {
        res.redirect('/restricted');
      });
    }
  });
});

app.post('/submit', async (req, res) => {
  try {
    await User.findOneAndUpdate({_id: req.user.id}, {$push: {'secrets': req.body.secretToPost}});
  } catch (err) {
    console.log(err);
  }
});

app.post('/submit', async (req, res) => {
  try {
    await User.findOneAndUpdate({_id: req.user.id}, {$push: {'secrets': req.body.secretToPost}});
  } catch (err) {
    console.log(err);
  }
});

let port = process.env.PORT || 3000;
app.listen(port, console.log('app is up'));
authentication passport.js
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.