2017-08-19 40 views
0

林試圖與令牌過濾器以限制網頁訪問未註冊的用戶在node.js的0.10,我用這樣的中間件:Node.js.如何將頁面訪問限制爲未記錄的用戶?

app.all("/product/*" , handler); 
// won't match /product  <-- Important 
// will match /product/cool 
// will match /product/foov 

從這個頁面:Express.js Middleware Tutorial,whitout結果,我的所有網頁除登錄頁面是私人的,我想要的是,如果一個未登錄的用戶嘗試去某個私人頁面,他會被重定向到登錄頁面。令牌在登錄時工作得很完美。這是我的代碼:

我的組件樹

server 
     - routes 
      - usuario.js 
    server.js 
    pages 
     - privadas 
      -inicio.html 
      -mapa.html 
      -menu.html 
     - login.html 

server.js

var app = express(); 
...  
var requiereLogin = require('./server/routes/usuario');   
app.all('/privadas/*', requiereLogin); 
... 

usuario.js

var express = require('express'); 
var router = express.Router(); 
... 
router.use(function(req,res,next){ 

    console.log("filter..."); 

    var token = req.headers['auth-token']; 

    jwt.verify(token, process.env.SECRET, function(err, decoded){ 
     if (err){ 
      res.redirect('/login');     
     } else { 
      req.user_id = decoded.IDU; 
      next(); 
     } 
    }) 
}); 

的app.config

app.config(function($routeProvider){ 
    $routeProvider 
    .when("/", { 
     templateUrl: "pages/login.html", 
     css: ["css/login.css"], 
     controller: "loginCtrl", 
     controllerAs: "vm" 
    }) 
    .when("/privadas/mapa", { 
     templateUrl: "pages/privadas/mapa.html", 
     controller: "mapCtrl", 
     controllerAs: "vm" 
    }) 
    .when("/privadas/inicio", { 
     templateUrl: "pages/privadas/inicio.html", 
     controller: "inicioCtrl", 
     controllerAs: "vm" 
    }) 
    .otherwise({redirectTo:'/'}); 

}); 

任何想法?謝謝!

回答

0

最後,我已經使用基於維涅什的響應本教程:

Creating authentication based routes in Angular JS

哪一步一步解釋非常好!但在這裏,它的我的代碼:

rutas.js

app.config(function($routeProvider){  
    $routeProvider 
    .when("/", { 
     templateUrl: "pages/login.html", 
     css: ["client/styles/css/login.css"], 
     controller: "loginCtrl", 
     controllerAs: "vm" 
    }) 
    .when("/mapa", { 
     templateUrl: "pages/privadas/mapa.html", 
     controller: "mapCtrl", 
     controllerAs: "vm", 
     authenticated: true 
    }) 
    .when("/inicio", { 
     templateUrl: "pages/privadas/inicio.html", 
     controller: "inicioCtrl", 
     controllerAs: "vm", 
     authenticated: true 
    }) 
    .otherwise({redirectTo:'/'}); 

}); 

app.run(['$rootScope', '$location', 'authFactory', function ($rootScope, $location, authFactory){ 
    $rootScope.$on('$routeChangeStart', function(event, next, current){ 
     console.log(event); 
     console.log(current); 
     console.log(next); 

     //Si la siguiente ruta es privada, el usuario debe tener un token 
     if(next.$$route.authenticated){ 
      console.log("auth"); 
      var userAuth = authFactory.getAccessToken(); 
      if(!userAuth){ 
       //Redireccionamos a la pagina de login 
       $location.path('/');  
      } 
     } 
    }) 
}]); 

factorias。JS

app.factory('authFactory', [function() { 
    var authFactory = {}; 

    authFactory.setAccessToken = function(accessToken){ 
     authFactory.authToken = accessToken; 
    }; 

    authFactory.getAccessToken = function(){ 
     return authFactory.authToken; 
    }; 

    return authFactory; 
}]); 

而且我的LoginController

app.controller("loginCtrl", function($scope, $http, $location, userService, authFactory){ 
    vm = this; 

    vm.funciones = { 

     logearse : function(usuario){ 

      $http.post('/api/user/login', usuario) 
      .then(function(response){ //Si el login es bueno, obtendremos al usuario, sin la contraseña, y su token. 
       console.log(response); 

       //userService es el servicio junto con localStorage, que mantendrá el token y el usuario de la sesión. 
       userService.token = response.data.token; 
       userService.user = response.data.userData; 

       localStorage.setItem('token', JSON.stringify(userService.token)); 
       localStorage.setItem('user', JSON.stringify(userService.user)); 

       authFactory.setAccessToken(response.data.token); 

       //Redireccionamos a la pagina de inicio 
       $location.path('/inicio'); 

      }, function(err){ 
       console.error(err); 
       vm.error = err.data; 
      }) 
     } 
    } 
}); 

我希望這將有助於更多的人!

2

我會建議passport.js。 它有點解釋和通過,所以我添加了一個鏈接到文檔和一些基本的例子,以幫助您開始。它可以讓你來存儲用戶信息,並使用該限制訪問給定的路線

http://passportjs.org/docs

你routes.js

app.all('/privadas/*',AuthHelpers.loginRequired, requiereLogin); 



function loginRequired(req, res, next) { 
    if (!req.session.passport || !req.session.passport.user) 
    return res.status(401).json({status: 'Please log in'}); 
    return next(); 
} 

你passport.js

const passport = require('passport'); 
var models = require('../server/models/index'); 

passport.serializeUser((user, done) => { 

    var session={ 
    user.user, 
    } 
    done(null, session); 
}); 

passport.deserializeUser((user, done) => { 
    models.users.findOne({ 
     where: { 
     user: user.user 
     } 
    }).then(function(user) { 
     done(null, user); 
    }).catch(function (err) { 
    done(err, null); 
    }); 
}); 

module.exports = passport; 

在App.js

const passport = require('./auth/local'); 
app.use(passport.passport.initialize()); 
app.use(passport.passport.session()); 
+0

我會嘗試使用它,謝謝! ;) –

1

您可以使用身份驗證:TUR在路徑上設置

.when("/", { 
    templateUrl: "pages/login.html", 
    css: ["css/login.css"], 
    controller: "loginCtrl", 
    authenticate:true, 
    controllerAs: "vm", 
相關問題