限制登录访问-Passport.js，Google身份验证 [英] Restricting Login Access - Passport.js, Google Authentication

问题描述

好的，所以从我所看到的情况来看，使用passport.js可以正常工作.但是，我不确定如何正确排除某些用户.如果该应用程序旨在限制访问，而不仅仅是为用户提供一种登录方法，那么我该如何通过passport.js限制登录?就目前而言，用户只需访问/login并使用其Google帐户登录，即可访问内部组件.

Okay, so using passport.js works, and works well, from what I've seen. However, I'm not sure how to properly exclude certain users. If the application is intended to have restricted access, rather than just providing the user a method for logging in, how can I restrict the login through passport.js? As it stands, users can just visit /login and log in with their Google account, thereby getting access to the internals.

推荐答案

这里是其中一种方法，其中包含注释.最主要的是从作者那里了解此页面: http://passportjs.org/guide/authenticate/，我对此进行了解释在这个例子中还有更多...

Here is one way to do this, with comments throughout. The main thing is understanding this page from the author: http://passportjs.org/guide/authenticate/, which I explain a little more in this example ...

从下至上阅读可能会更容易:

It might be easier to read bottom to top:

var authenticate = function(req, success, failure) {

    // Use the Google strategy with passport.js, but with a custom callback.
    // passport.authenticate returns Connect middleware that we will use below.
    //
    // For reference: http://passportjs.org/guide/authenticate/
    return passport.authenticate('google', 
        // This is the 'custom callback' part
        function (err, user, info) {

            if (err) { 
                failure(err);
            }
            else if (!user) { 
                failure("Invalid login data");
            }
            else {
                // Here, you can do what you want to control 
                // access. For example, you asked to deny users 
                // with a specific email address:
                if (user.emails[0].value === "no@emails.com") {
                    failure("User not allowed");
                }
                else {
                    // req.login is added by the passport.initialize() 
                    // middleware to manage login state. We need 
                    // to call it directly, as we're overriding
                    // the default passport behavior.
                    req.login(user, function(err) {
                        if (err) { 
                            failure(err);
                        }
                        success();
                    });
                }
            }
        }
    );
};

一个想法是将以上代码包装在更多的中间件中，以使其更易于阅读:

One idea is to wrap the above code in some more middleware, to make it easier to read:

// This defines what we send back to clients that want to authenticate
// with the system.
var authMiddleware = function(req, res, next) {

    var success = function() {
        res.send(200, "Login successul");
    };

    var failure = function(error) {
        console.log(error);
        res.send(401, "Unauthorized"); 
    };

    var middleware = authenticate(req, success, failure);
    middleware(req, res, next);
};


// GET /auth/google/return
//   Use custom middleware to handle the return from Google.
//   The first /auth/google call can remain the same.
app.get('/auth/google/return', authMiddleware);

(所有这些都假设我们正在使用Express.)

(This all assumes we're using Express.)

这篇关于限制登录访问-Passport.js，Google身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！