節點通行證身份驗證REST URL

Question

我試圖確保將通行證身份驗證到其他URL。

var isAuthenticated = function (req, res, next) { 
    var isAuthenticated = function (req, res, next) 
    if (req.isAuthenticated()) 
    return next(); 
    res.redirect('/'); 
}; 

但通過努力獲得：

​​

我得到這個錯誤：通過獲得無內部的任何PARAMS一個URL

if (req.isAuthenticated()) 
     ^ 
TypeError: Cannot read property 'isAuthenticated' of null 

，沒有錯誤，即

router.post('/create_grem_user',isAuthenticated, function(req, res, next){[...]} 

有沒有人有解決方案這個？

Answer 1

想知道你爲什麼要定義兩次isAuthenticated：

var isAuthenticated = function (req, res, next) { 
    var isAuthenticated = function (req, res, next) 

反正我已經創建了一個例子模仿你的背景：

// Express server 
var express = require('express'); 
var app = express(); 

// Passport 
var passport = require('passport'); 
var LocalStrategy = require('passport-local').Strategy; 

// Middlewares 
var flash = require('connect-flash'); 
var bodyParser = require('body-parser'); 
var cookieParser = require('cookie-parser'); 
var methodOverride = require('method-override'); 
var session = require('express-session'); 

var users = [ 
    { 
    id: 1, 
    username: 'wilson', 
    password: 'secret', 
    email: 'wilson.balderrama@gmail.com' 
    } 
]; 

function findUserById(id, cb) { 
    var idx = id - 1; 
    var user = users[idx]; 

    if (user) { 
    cb(null, user); 
    } else { 
    fn(new Error('User ' + id + ' does not exist.')); 
    } 
} 

function findUserByUsername(username, cb) { 
    var userFound = null; 

    users.some(function(user) { 
    if (user.username === username) { 
     userFound = user; 
     return true; 
    } 
    }); 

    return cb(null, userFound); 
} 

function isAuthenticated(req, res, next) { 
    if (req.isAuthenticated()) { 
    return next(); 
    } 

    next(new Error('You are not authenticated!.\n')); 
} 

passport.serializeUser(function(user, done) { 
    done(null, user.id); 
}); 

passport.deserializeUser(function(id, done) { 
    findUserById(id, done); 
}); 

passport.use(new LocalStrategy(function(username, password, done) { 
    process.nextTick(function() { 
    findUserByUsername(username, function(err, user) { 
     if (err) return done(err); 
     if (!user) return done(null, false, {message: 'Unknown user ' + username}); 
     if (user.password !== password) return done(null, false, {message: 'Invalid Password.'}); 

     return done(null, user); 
    }); 
    }); 
})); 

app.use(cookieParser()); 
app.use(bodyParser.json()); 
app.use(bodyParser.urlencoded({extended: true})); 
app.use(methodOverride()); 
app.use(session({ 
    secret: 'mysecret', 
    resave: false, 
    saveUninitialized: true 
})); 

app.use(flash()); 
app.use(passport.initialize()); 
app.use(passport.session()); 

app.post(
    '/auth', 
    passport.authenticate('local', {}), 
    function(req, res, next) { 
    res.send('You just authenticated!\n'); 
    } 
); 

app.get('/get-route/:something', isAuthenticated, function(req, res, next) { 
    var something = req.params.something; 
    res.send('hello from get-route here is your param: '+ something +'\n'); 
}); 

app.post('/post-route', isAuthenticated, function(req, res, next) { 
    res.send('hello from post-route\n'); 
}); 

// handling errors 
app.use(function(err, req, res, next) { 
    res.status(err.status || 500).send(err.message); 
}); 

app.listen(4040, function() { 
    console.log('server up and running'); 
}); 

凡/get-route/:something和/post-route可以通過認證的用戶僅消耗。

因此，如果您嘗試在未驗證身份的情況下使用/get-route/:something，則會看到一條消息：You are not authenticated!。

首先，你需要消耗/auth路過的用戶名和密碼，在這個例子中已經有一個用戶存儲：用戶名：wilson，密碼：secret，等你以後有此憑證進行身份驗證，您將能夠消耗的保護路由。

注意：您需要安裝以下庫：

"dependencies": { 
    "body-parser": "^1.13.2", 
    "cookie-parser": "^1.3.5", 
    "express": "^4.13.1", 
    "connect-flash": "^0.1.1", 
    "express-session": "^1.11.3", 
    "method-override": "^2.3.3", 
    "passport": "^0.2.2", 
    "passport-local": "^1.0.0" 
    }