2017-01-24 93 views
1

我正在創建在線課程應用程序,我只希望通過身份驗證的用戶查看課程詳細信息和課程講座。我正在使用本地策略的護照身份驗證進行用戶身份驗證。我在我的路由中添加了isAuthenticated,但是,未經身份驗證的用戶仍然可以查看視頻講座。 這是我的路線文件。文件名: - courses.server.routes.jsisAuthenticated()函數不工作node.js護照

'use strict'; 

/** 
* Module dependencies 
*/ 
var coursesPolicy = require('../policies/courses.server.policy'), 
courses = require('../controllers/courses.server.controller'); 
var passport = require('passport'); 

var isAuthenticated = function(req, res, next) { 
// if user is authenticated in the session, call the next() to call the next request handler 
// Passport adds this method to request object. A middleware is allowed to add properties to 
// request and response objects 
if (req.isAuthenticated()) 
    return next(); 
// if the user is not authenticated then redirect the user to the login page 
res.redirect('/'); 
}; 

module.exports = function (app) { 
// Courses collection routes 
app.route('/api/courses').all(coursesPolicy.isAllowed) 
.get(courses.list) 
.post(courses.create); 

// Single course routes 
app.route('/api/courses/:courseId', isAuthenticated).all(coursesPolicy.isAllowed) 
.get(courses.read) 
.put(courses.update) 
.delete(courses.delete); 

// Finish by binding the course middleware 
app.param('courseId', courses.courseByID); 
}; 

這裏是我的路由控制器文件。文件名: - courses.server.controller.js

'use strict'; 

/** 
* Module dependencies 
*/ 
var path = require('path'), 
mongoose = require('mongoose'), 
Course = mongoose.model('Course'), 
errorHandler = require(path.resolve('./modules/core/server/controllers/errors.server.controller')); 
var passport = require('passport'); 

/** 
* Create an course 
*/ 
exports.create = function (req, res) { 
var course = new Course(req.body); 
course.user = req.user; 

course.save(function (err) { 
if (err) { 
    return res.status(422).send({ 
    message: errorHandler.getErrorMessage(err) 
    }); 
} else { 
    res.json(course); 
} 
}); 
}; 

/** 
* Show the current course 
*/ 
exports.read = function (req, res) { 
// convert mongoose document to JSON 
var course = req.course ? req.course.toJSON() : {}; 

// Add a custom field to the Course, for determining if the current User is the "owner". 
// NOTE: This field is NOT persisted to the database, since it doesn't exist in the Course model. 
course.isCurrentUserOwner = !!(req.user && course.user && course.user._id.toString() === req.user._id.toString()); 

console.log('course value is: ' + course); 
console.log('video lecture embed value is: ' + course.courseLecture.lecture_video); 

res.json(course); 
}; 

/** 
* Update an course 
*/ 
exports.update = function (req, res) { 
var course = req.course; 

course.title = req.body.title; 
course.content = req.body.content; 
course.courseLecture.lecture_video = req.body.courseLecture.lecture_video; 
console.log('course lecture video url is: ' + req.body.courseLecture.lecture_video); 
course.save(function (err) { 
if (err) { 
    return res.status(422).send({ 
    message: errorHandler.getErrorMessage(err) 
    }); 
} else { 
    res.json(course); 
} 
}); 
}; 

/** 
* Delete an course 
*/ 
exports.delete = function (req, res) { 
var course = req.course; 

course.remove(function (err) { 
if (err) { 
    return res.status(422).send({ 
    message: errorHandler.getErrorMessage(err) 
    }); 
} else { 
    res.json(course); 
} 
}); 
}; 

/** 
* List of Courses 
*/ 
exports.list = function (req, res) { 
Course.find().sort('-created').populate('user', 'displayName').exec(function (err, courses) { 
if (err) { 
    return res.status(422).send({ 
    message: errorHandler.getErrorMessage(err) 
    }); 
} else { 
    res.json(courses); 
} 
}); 
}; 

/** 
* Course middleware 
*/ 
exports.courseByID = function (req, res, next, id) { 

if (!mongoose.Types.ObjectId.isValid(id)) { 
return res.status(400).send({ 
    message: 'Course is invalid' 
}); 
} 

Course.findById(id).populate('user', 'displayName').exec(function (err, course) { 
if (err) { 
    return next(err); 
} else if (!course) { 
    return res.status(404).send({ 
    message: 'No course with that identifier has been found' 
    }); 
} 
req.course = course; 
next(); 
}); 
}; 

我無法弄清楚,這裏出了什麼問題。

回答

1

呼叫從http動詞isAuthenticated功能是指從get, post, patch, delete

,如:

app.route('/api/courses/:courseId') 
.get(isAuthenticated, courses.read) 

isAuthenticated可以在另一個文件編寫,並從您的路線使用它

Can see this example

+0

這使得很有道理。它是有效的。我只是沒有意識到。非常感謝您的幫助。 @ shaishab羅伊 –