Node.js如何获取先前的网址 [英] Node.js How to get previous url
问题描述
我想获取以前的网址,例如在我的 / admin 路线的 all 中,我打开一个需要管理员重新输入的表单他的密码被重定向到他请求的路由,但是问题是在我验证了他的密码并且尝试将他重定向到他最初请求的路由之后,我不再有该路由,它已经丢失了。例如,管理员请求/ admin / register,将出现一个表单,该表单发布到 validate-password ,然后如果发现密码匹配(输入了正确的密码),则应该将用户重定向到他曾经请求的路线,但我不知道如何获取他请求的初始路线
I want to get previous url, for example in all my /admin routes I open a form where the admin needs to re-enter his password to get redirected to the route he requested, but the problem is after I validate his password and I try to redirect him to the route he initially requested, I don't have this route anymore, it's lost. For example, admin requests /admin/register, a form appears that posts to validate-password, and then if it finds that the password matches (correct password entered), it should redirect the user to the route he once requested, but I don't know how to get the initial route he requested
router.all('/admin/*', isAdmin, (req, res, next) => {
res.render('validatePassword', {message: 'Please re-enter your password to get access to ' + req.originalUrl});
// next();
});
router.get('/admin/register', (req, res) => {
res.render('register', {message: req.flash('message'), role_id: req.user.role_id})
});
// Validate password, admin re-enter password to get access to /admin routes
router.post('/validate-password', async (req, res, next) => {
const password = req.body.password;
const match = await passwordController.comparePassword(password, req.user.password);
console.log(password);
if (match) {
// return res.redirect('/' +); HOW DO I REDIRECT HERE
return next();
} else {
// return res.render('changePassword', {role_id: req.user.role_id});
return res.render('validatePassword', {message: 'Wrong password'});
}
});
推荐答案
这是您在cookie或服务器端使用的东西会话(也使用Cookie)。您对用户进行一次身份验证,设置一个cookie,然后在该浏览器发出以后的请求时,该cookie将随每个请求一起发送,然后您可以检查该cookie以查看它们是否经过身份验证,然后确定它们是或不是。不得基于此做。那就是网络上几乎每个使用登录的网站都可以正常工作的方式。
This is what you use cookies for or server-side sessions for (which also use a cookie). You authenticate the user once, set a cookie and then on future requests from that browser, the cookie will be sent along with each request and you can then check that cookie to see if they are authenticated or not and decide what they are or aren't authorized to do based on that. That's how nearly every site on the web that uses a login works.
我建议使用 express-session 模块,它将为您创建服务器端会话(并自动管理它的cookie为您),然后当用户通过身份验证时,您可以在会话中设置一个auth标志,以便您所有需要身份验证的路由都可以检查。
I would recommend using the express-session module which creates a server-side session for you (and manages the cookie for it automatically for you) and then when the user is authenticated, you can set an auth flag in the session that all your routes that require auth can check.
您没有使用快速会话。您可以自己管理cookie,但是随后必须确保cookie正确加密(JWT是该类的流行库),以便流氓客户端可以轻松地伪造它。而且,您要为用户保留的任何状态要么必须保留在cookie本身中(cookie的大小就不要太大,因为它们会在每个http请求上来回发送并存储在浏览器中),或者将加密的ID放入Cookie中,您可以将其用作自己的服务器端会话对象的密钥。
You don't have to use express-session. You can manage the cookie yourself, but then you'll have to make sure the cookie is properly encrypted (JWT is a popular library for that) so it can be easily forged by a rogue client. And, any state you want to keep for the user will either have to be kept in the cookie itself (cookies should be kept not real large because they are sent back and forth on every http request and stored in the browser) or you would have to put an encrypted id in the cookie that you can use as a key to your own server-side session object.
添加的修改在OP明确说明它们已经在使用express-session之后。
Edits added after OP clarifies they are already using express-session.
重定向到登录名时,通常会发送查询字符串或隐藏表单元素,它是用户想要访问的原始URL。然后,登录表单会将查询字符串或隐藏的表单元素及其登录表单数据发送到服务器。成功登录后,服务器会将您重定向到用户想要访问的原始目标URL。因此,用户转到 / admin / add ,重定向到 / login ,但是该登录表单包含一个隐藏表单元素 / admin / add 。用户提交密码表单。
It's common when redirected to login that you send a query string or hidden form element which is the original URL the user wanted to go to. Then, the login form will send that query string or hidden form element along with it's login form data to the server. After successfully logging in, the server then redirects you to the original target URL that the user wanted to go to. so, users goes to /admin/add, gets redirected to /login, but that login form contains a hidden form element /admin/add. User submits password form.
服务器验证密码,然后从登录表单获取原始的 / admin / add 网址,将用户重定向到该URL。您进行的身份验证检查发现该用户刚刚登录,因此允许他们继续操作。
Server validates pwd, then gets original /admin/add url from the login form and redirects user to that URL. Your auth check for that sees that the user just logged in so they are allowed to proceed.
这篇关于Node.js如何获取先前的网址的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
