如何在 Express.js 中设置身份验证中间件 [英] How to setup an authentication middleware in Express.js
问题描述
我设置了一个 Web 应用程序,其中包含一些需要登录的内部页面.我使用 Node 和 Express.js 来设置服务器并控制路由和身份验证工作正常.
I have set up a web application with some internal pages requiring a login. I used Node with Express.js to set up the server and controlling the routes and authentication works fine.
我在与同一个应用避免在每个页面的路由中复制验证码,就像现在一样.
I came up to a @zanko suggestion in a question related to the same application to avoid the replication of the authentication code in the route of every page, like is now.
目前我的 app.js 看起来是这样的(以下是摘录):
At the moment my app.js looks like this (the following is an excerpt):
var session = require('express-session');
//use sessions for tracking logins
app.use(session({
secret: 'mercuia',
resave: true,
saveUninitialized: false,
store: new MongoStore({
mongooseConnection: db
})
}));
// serve static files from template
app.use(express.static(__dirname + '/public'));
// include routes
var routes = require('./routes/router');
app.use('/', routes);
// catch 404 and forward to error handler
app.use(function (req, res, next) {
var err = new Error('File Not Found');
err.status = 404;
next(err);
});
// error handler
// define as the last app.use callback
app.use(function (err, req, res, next) {
res.status(err.status || 500);
res.send(err.message);
});
我的身份验证方法(在 routes.js 中)如下所示(在示例中,对于路由/clientPage):
and my authentication method (in routes.js) looks like this (in the example, for the route /clientPage):
// GET route after registering
router.get('/clientPage', function (req, res, next) {
User.findById(req.session.userId)
.exec(function (error, user) {
if (error) {
return next(error);
} else {
if (user === null) {
var err = new Error('Not authorized! Go back!');
err.status = 400;
return next(err);
} else {
return res.sendFile(path.join(__dirname + '/../views/clientPage.html'));
}
}
});
});
我该如何编写身份验证中间件(使用相同的逻辑)并为所有且仅需要的路由调用它?
How can I write an authentication middleware instead (using the same logic) and call it for all and only the requiring routes?
推荐答案
您可以创建一个名为 auth.js
的新模块,然后用它来检查用户是否被授权:
You can create a new module called auth.js
and then use it to check if users are authorized or not:
auth.js
module.exports.isAuthorized = function(req, res, next) {
User.findById(req.session.userId).exec(function (error, user) {
if (error) {
return next(error);
} else {
if (user === null) {
var err = new Error('Not authorized! Go back!');
err.status = 401;
return next(err);
} else {
return next();
}
}
});
}
routes.js
var auth = require('./auth');
// GET route after registering
router.get('/clientPage', auth.isAuthorized, function (req, res, next) {
res.sendFile(path.join(__dirname + '/../views/clientPage.html'));
});
这篇关于如何在 Express.js 中设置身份验证中间件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!