限制登錄訪問 - Passport.js，谷歌身份驗證

Question

好的，所以使用passport.js工作，並且運行良好，從我所見過的。但是，我不確定如何正確排除某些用戶。如果應用程序的目的是限制訪問，而不僅僅是爲用戶提供登錄方法，那麼我如何通過passport.js限制登錄？目前，用戶只需訪問/login並使用其Google帳戶登錄，即可訪問內部信息。

Answer 1

這裏有一種方法可以做到這一點，並帶有評論。更主要的是從作者理解這一頁：http://passportjs.org/guide/authenticate/，這是我在這個例子解釋一下......

這可能是更容易閱讀底部到頂部：

var authenticate = function(req, success, failure) { 

    // Use the Google strategy with passport.js, but with a custom callback. 
    // passport.authenticate returns Connect middleware that we will use below. 
    // 
    // For reference: http://passportjs.org/guide/authenticate/ 
    return passport.authenticate('google', 
     // This is the 'custom callback' part 
     function (err, user, info) { 

      if (err) { 
       failure(err); 
      } 
      else if (!user) { 
       failure("Invalid login data"); 
      } 
      else { 
       // Here, you can do what you want to control 
       // access. For example, you asked to deny users 
       // with a specific email address: 
       if (user.emails[0].value === "no@emails.com") { 
        failure("User not allowed"); 
       } 
       else { 
        // req.login is added by the passport.initialize() 
        // middleware to manage login state. We need 
        // to call it directly, as we're overriding 
        // the default passport behavior. 
        req.login(user, function(err) { 
         if (err) { 
          failure(err); 
         } 
         success(); 
        }); 
       } 
      } 
     } 
    ); 
}; 

一個想法是包裝上面的代碼中的一些中間件，以使其更易於閱讀：

// This defines what we send back to clients that want to authenticate 
// with the system. 
var authMiddleware = function(req, res, next) { 

    var success = function() { 
     res.send(200, "Login successul"); 
    }; 

    var failure = function(error) { 
     console.log(error); 
     res.send(401, "Unauthorized"); 
    }; 

    var middleware = authenticate(req, success, failure); 
    middleware(req, res, next); 
}; 


// GET /auth/google/return 
// Use custom middleware to handle the return from Google. 
// The first /auth/google call can remain the same. 
app.get('/auth/google/return', authMiddleware); 

（這一切都假定我們正在使用快遞。）

Answer 2

試試這個。

googleLogin: function(req, res) { 
     passport.authenticate('google', { failureRedirect: '/login', scope: ['https://www.googleapis.com/auth/plus.login', 'https://www.googleapis.com/auth/userinfo.profile', 'https://www.googleapis.com/auth/userinfo.email'] }, function(err, user) { 
      req.logIn(user, function(err) { 
      if (err) { 
       console.log(err); 
       res.view('500'); 
       return; 
      } 
      var usrEmail = user['email']; 
       if(usrEmail.indexOf("@something.com") !== -1) 
       { 
       console.log('successful'); 
       res.redirect('/'); 
       return; 
       } 
       else 
       { 
       console.log('Invalid access'); 
       req.logout(); 
       res.view('403'); 
       return; 
       } 

      }); 
     })(req, res); 
     } 

*