2013-08-20 41 views
2

我正在用mongo,express,angular和node創建我的第一個完整堆棧web應用程序。我來自前端背景,並且我在身份驗證實現方面掙扎了一番。在mongo,節點,護照和heroku上驗證用戶。幾天後停止工作

我的(不完整)應用程序工作了幾天,但今天它突然中斷,然後我奇蹟般地修復它。我很確定我沒有改變代碼中的任何東西。該錯誤導致所有經過身份驗證的用戶看到「訪客用戶」帳戶。這將允許他們登錄,但用戶將以guest用戶身份從mongo返回。你看到這個代碼中缺少的東西嗎?

var express = require('express'), 
    routes = require('./routes'), 
    api = require('./routes/api'), 
    http = require('http'), 
    path = require('path'), 
    mongoose = require('mongoose'), 
    passport = require('passport'), 
    LocalStrategy = require('passport-local').Strategy; 

var app = module.exports = express(); 

var uristring = 
process.env.MONGOLAB_URI || 
process.env.MONGOHQ_URL || 
'mongodb://localhost/HelloMongoose'; 

mongoose.connect(uristring, function (err, res) { 
    if (err) { 
    console.log ('ERROR connecting to: ' + uristring + '. ' + err); 
    } else { 
    console.log ('Succeeded connected to: ' + uristring); 
    } 
}); 

var Schema = mongoose.Schema, 
    ObjectId = Schema.ObjectId; 

var Tasks = new Schema({ 
    "title": String, 
    "description": String, 
    "difficulty": Number, 
    "completed": Boolean 
}); 

var Project = new Schema({ 
    "title": String, 
    "tasks": [ Tasks ] 
}); 

var User = new Schema({ // update data model here 
    "first_name": String, 
    "last_name": String, 
    "email": {type: String, unique: true}, 
    "username": {type: String, unique: true}, 
    "password": String, 
    "projects": [ Project ] 
}); 

var User = mongoose.model('User', User); 
    User.prototype.validPassword = function(pass) { 
    return (this.password === pass); 
} 

/** 
* Configuration 
*/ 

// all environments 
app.set('port', process.env.PORT || 3000); 
app.set('views', __dirname + '/views'); 
app.set('view engine', 'jade'); 
app.use(express.logger('dev')); 
app.use(express.bodyParser()); 
app.use(express.methodOverride()); 
app.use(express.static(path.join(__dirname, 'public'))); 
app.use(express.cookieParser()); 
app.use(express.session({ secret: 'keyboardcat' })); 
app.use(passport.initialize()); 
app.use(passport.session()); 
app.use(app.router); 

// development only 
if (app.get('env') === 'development') { 
    app.use(express.errorHandler()); 
} 

// production only 
if (app.get('env') === 'production') { 
    // TODO 
}; 

passport.use(new LocalStrategy(
    function(username, password, done) { 
    mongoose.model('User').findOne({ username: username }, function (err, user) { 
     if (err) { 
     console.log('There was an error'); 
     return done(err); 
     } 
     if (!user) { 
     console.log('Username invalid'); 
     return done(null, false, { message: 'Incorrect username.' }); 
     } 
     if (!user.validPassword(password)) { 
     console.log('Password incorrect'); 
     return done(null, false, { message: 'Incorrect password.' }); 
     } 
     return done(null, user); 
    }); 
    } 
)); 

passport.serializeUser(function(user, done) { 
    done(null, user.id); 
}); 

passport.deserializeUser(function(id, done) { 
    User.findOne(id, function (err, user) { 
    done(err, user); 
    }); 
}); 


/** 
* Routes 
*/ 

// serve index and view partials 
app.get('/', routes.index); 

app.get('/login', function(req, res) { 
    console.log(req.session.user); 
    if (!req.session.user) { 
     res.render('login'); 
    } else { 
     res.redirect('/'); 
    } 
}); 

app.post('/login', passport.authenticate('local', { 
    failureRedirect: '/login' 
}), function(req, res) { 
    req.session.user = req.body.username; 
    res.redirect('/'); 
}); 
app.get('/signup', function(req, res) { 
    if (!req.session.user) { 
     res.render('signup'); 
    } else { 
     res.redirect('/'); 
    } 
}); 

app.get('/logout', function(req, res) { 
    req.session.user = undefined; 
    res.redirect('/login'); 
}); 

app.post('/signup', function(req,res) { 
    if (req.body.username && req.body.password) { 
     var user = new User({ 
      first_name: req.body.first_name, 
      last_name: req.body.last_name, 
      email: req.body.email, 
      username: req.body.username, 
      password: req.body.password 
     }); 
     user.save(function(err) { 
      if (!err) { 
       console.log(user.username); 
       req.session.user = req.body.username; 
       res.redirect('/'); 
      } else { 
       console.log(err); 
       res.redirect('/signup'); 
      } 
     }); 
    } else { 
     res.redirect('/signup'); 
    } 
}); 

app.get('/person', function(req,res) { 
    if (!req.session.user) { 
     res.redirect('/login'); 
    } else { 
     mongoose.model('User').findOne({username: new RegExp('^'+req.session.user+'$', "i")}, function(err, user) { 
      if (!err) { 
       console.log(JSON.stringify(user)); 
       res.send(user); 
      } else { 
       console.log(err); 
      } 
     }); 
    } 
}); 

app.put('/person', function(req,res) { 
    if (!req.session.user) { 
     res.redirect('/login'); 
    } else { 
     console.log('Updating user'); 
     console.log(req.body.projects); 
     mongoose.model('User').findOne({username: new RegExp('^'+req.session.user+'$', "i")}, function(err, user) { 
      console.log(user); 
      user.projects = req.body.projects; 
      console.log(user.first_name + ' is here'); 
      user.save(function(err) { 
       if (!err) { 
        console.log('User updated'); 
       } else { 
        console.log(err); 
       } 
      }); 
     }); 
    } 
}); 


app.get('/:user', function(req, res) { 
    if (!req.session.user) { 
     res.redirect('/login'); 
    } else if (req.params.user != req.session.user) { 
     res.redirect('/' + req.session.user); 
    } else { 
     res.render('index'); 
    } 
}); 



app.get('/partials/:name', routes.partials); 

// JSON API 
app.get('/api/name', api.name); 

// redirect all others to the index (HTML5 history) 
app.get('*', function(req, res) { 
    if (!req.session.user) { 
     res.render('login'); 
    } else { 
     res.redirect('/'); 
    } 
}); 


/** 
* Start Server 
*/ 

http.createServer(app).listen(app.get('port'), function() { 
    console.log('Express server listening on port ' + app.get('port')); 
}); 
+0

您可能想抓住記錄你的蒙戈DB和驗證它們是有效的JSON(JSON林特)。確保編碼URI組件,轉義val,驗證您的字段。可能是壞的數據可能導致服務器響應失敗,然後默認返回 – netpoetica

+0

我認爲/用戶路由也可能被懷疑 - 可能會出現會話中間件出錯,並將它們作爲guest虛擬機發送到/ index – netpoetica

回答

0

假設您從here獲得了大部分代碼,我可以看到您對其進行了更改,可能導致該故障。

passport.use(new LocalStrategy(
    function(username, password, done) { 
    mongoose.model('User').findOne({ username: username }, function (err, user) { 

您已經添加到validPasswordUser,所以大概應該是

passport.use(new LocalStrategy(
    function(username, password, done) { 
    User.findOne({ username: username }, function (err, user) { 
0

由於:

用戶會從蒙戈回來爲guestuser的

...你也許應該把一些記錄和/或錯誤處理此:

passport.deserializeUser(function(id, done) { 
    User.findOne(id, function (err, user) { 
    done(err, user); 
    }); 
}); 

幫助你追蹤它。既然你剛剛開始,我建議你看看winston和loggly,如果你想探索在node/heroku中記錄工具。

你的應用程序看起來非常「有彈性」,爲了產生一個短語 - 大量的重定向似乎在各地的地方。你有沒有看過fnakstad's technique進行節點/角度認證? (請注意,github頁面引用了兩篇博客帖子來解釋這些內容)。它可能會給你一些關於如何控制事情的想法。

+0

感謝反饋。我會檢查一下,然後和你一起回去。 –