抱歉,它是用coffeescript(不是纯js)编写的。我一直在查看passport.js,并试图将其包含在项目中,这是其中的简化版本,仅包含auth内容。
express = require 'express'
passport = require 'passport'
LocalStrategy = require 'passport-local'
.Strategy
BasicStrategy = require 'passport-http'
app = express()
server = require 'http'
.createServer app
server.listen 3000
app.use express.cookieParser()
app.use express.session
secret: 'abc'
app.use express.json()
app.use express.urlencoded()
app.set 'views', "#{__dirname}/views"
app.set 'view engine', 'jade'
app.locals.pretty = true
app.use passport.initialize()
app.use passport.session()
passport.use new LocalStrategy (username, password, done) ->
if username is 'admin' and password is 'password'
return done null, user =
username: 'admin'
else
return done null, false, message: 'Incorrect username / password'
passport.serializeUser (user, done) ->
done null, user.username
passport.deserializeUser (username, done) ->
done null, user =
username: username
app.get '/login', (req, res) ->
res.render 'login',
title: 'Login'
app.post '/login', passport.authenticate 'local',
successRedirect: '/admin'
failureRedirect: '/login'
app.get '/admin', (req, res) ->
res.render 'admin',
title: 'Admin'
app.get '/devices', (req, res) ->
res.render 'devices',
title: 'Devices'
这是非常基本的,因为本地策略仅检查用户名是'admin'和密码是'password',但是我不确定如何保护'/ admin'和'/ devices'路由?我尝试过这种事情:
app.get '/devices', passport.authenticate('local', {
failureRedirect: '/login'
}, (req, res) ->
res.render 'devices',
title: 'Devices'
但是这似乎没有用。。
抱歉,它是用coffeescript(不是纯js)编写的。我一直在查看passport.js,并试图将其包含在项目中,这是其中的简化版本,仅包含auth内容。表达= ...
如果用户在登录后成功通过身份验证,则可以执行以下操作:
res.send(401)现在已弃用。