passport.session() 中间件有什么作用? [英] What does passport.session() middleware do?
问题描述
我正在使用 Passport.js 构建一个身份验证系统,使用 Easy Node Authentication:设置和本地教程.
I am building an authentication system using Passport.js using Easy Node Authentication: Setup and Local tutorial.
我对 passport.session() 的作用感到困惑.
I am confused about what passport.session() does.
在尝试了不同的中间件后,我开始明白 express.session() 是通过 cookie 向客户端发送会话 ID 的原因,但我对什么是 passport 感到困惑.session() 确实以及为什么除了 express.session() 之外还需要它.
After playing around with the different middleware I came to understand that express.session() is what sends a session ID over cookies to the client, but I'm confused about what passport.session() does and why it is required in addition to express.session().
以下是我设置应用程序的方法:
Here is how I set up my application:
//Server.js 配置应用程序并设置网络服务器
// Server.js configures the application and sets up the webserver
//importing our modules
var express = require('express');
var app = express();
var port = process.env.PORT || 8080;
var mongoose = require('mongoose');
var passport = require('passport');
var flash = require('connect-flash');
var configDB = require('./config/database.js');
//Configuration of Databse and App
mongoose.connect(configDB.url); //connect to our database
require('./config/passport')(passport); //pass passport for configuration
app.configure(function() {
//set up our express application
app.use(express.logger('dev')); //log every request to the console
app.use(express.cookieParser()); //read cookies (needed for auth)
app.use(express.bodyParser()); //get info from html forms
app.set('view engine', 'ejs'); //set up ejs for templating
//configuration for passport
app.use(express.session({ secret: 'olhosvermelhoseasenhaclassica', maxAge:null })); //session secret
app.use(passport.initialize());
app.use(passport.session()); //persistent login session
app.use(flash()); //use connect-flash for flash messages stored in session
});
//Set up routes
require('./app/routes.js')(app, passport);
//launch
app.listen(port);
console.log("Server listening on port" + port);
推荐答案
passport.session() 充当中间件来更改 req 对象并更改当前会话的用户"值id(来自客户端 cookie)到真正的反序列化用户对象中.
passport.session() acts as a middleware to alter the req object and change the 'user' value that is currently the session id (from the client cookie) into the true deserialized user object.
虽然其他答案提出了一些很好的观点,但我认为可以提供一些更具体的细节.
Whilst the other answers make some good points I thought that some more specific detail could be provided.
app.use(passport.session());
相当于
app.use(passport.authenticate('session'));
其中会话"是指与passportJS 捆绑在一起的以下策略.
Where 'session' refers to the following strategy that is bundled with passportJS.
这是文件的链接:https://github.com/jaredhanson/passport/blob/master/lib/strategies/session.js
还有一个 永久链接在撰写本文时以下几行:
And a permalink pointing to the following lines at the time of this writing:
var property = req._passport.instance._userProperty || 'user';
req[property] = user;
它本质上充当中间件并更改 req 对象中用户"属性的值以包含反序列化的用户身份.要使其正常工作,您必须在自定义代码中包含 serializeUser 和 deserializeUser 函数.
Where it essentially acts as a middleware and alters the value of the 'user' property in the req object to contain the deserialized identity of the user. To allow this to work correctly you must include serializeUser and deserializeUser functions in your custom code.
passport.serializeUser(function (user, done) {
done(null, user.id);
});
passport.deserializeUser(function (user, done) {
//If using Mongoose with MongoDB; if other you will need JS specific to that schema.
User.findById(user.id, function (err, user) {
done(err, user);
});
});
这将从数据库中找到正确的用户并将其作为闭包变量传递给回调 done(err,user); 所以 passport.session() 中的上述代码 可以替换 req 对象中的 'user' 值并传递给堆中的下一个中间件.
This will find the correct user from the database and pass it as a closure variable into the callback done(err,user); so the above code in the passport.session() can replace the 'user' value in the req object and pass on to the next middleware in the pile.
这篇关于passport.session() 中间件有什么作用?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
