Authentication Node.js可以';t在发送邮件后设置邮件头
我正在处理一个需要身份验证的简单node.js项目。我决定使用connectredis进行会话,并使用redis支持的数据库存储用户登录数据 以下是我到目前为止的设置:Authentication Node.js可以';t在发送邮件后设置邮件头,authentication,node.js,http-headers,redis,express,Authentication,Node.js,Http Headers,Redis,Express,我正在处理一个需要身份验证的简单node.js项目。我决定使用connectredis进行会话,并使用redis支持的数据库存储用户登录数据 以下是我到目前为止的设置: // Module Dependencies var express = require('express'); var redis = require('redis'); var client = redis.createClient(); var RedisStore = require('connect-redis')(
// Module Dependencies
var express = require('express');
var redis = require('redis');
var client = redis.createClient();
var RedisStore = require('connect-redis')(express);
var crypto = require('crypto');
var app = module.exports = express.createServer();
// Configuration
app.configure(function(){
app.set('views', __dirname + '/views');
app.set('view engine', 'jade');
app.use(express.bodyParser());
app.use(express.methodOverride());
app.use(express.cookieParser());
app.use(express.session({ secret: 'obqc487yusyfcbjgahkwfet73asdlkfyuga9r3a4', store: new RedisStore }));
app.use(require('stylus').middleware({ src: __dirname + '/public' }));
app.use(app.router);
app.use(express.static(__dirname + '/public'));
});
app.configure('development', function(){
app.use(express.errorHandler({ dumpExceptions: true, showStack: true }));
});
app.configure('production', function(){
app.use(express.errorHandler());
});
// Message Helper
app.dynamicHelpers({
// Index Alerts
indexMessage: function(req){
var msg = req.sessionStore.indexMessage;
if (msg) return '<p class="message">' + msg + '</p>';
},
// Login Alerts
loginMessage: function(req){
var err = req.sessionStore.loginError;
var msg = req.sessionStore.loginSuccess;
delete req.sessionStore.loginError;
delete req.sessionStore.loginSuccess;
if (err) return '<p class="error">' + err + '</p>';
if (msg) return '<p class="success">' + msg + '</p>';
},
// Register Alerts
registerMessage: function(req){
var err = req.sessionStore.registerError;
var msg = req.sessionStore.registerSuccess;
delete req.sessionStore.registerError;
delete req.sessionStore.registerSuccess;
if (err) return '<p class="error">' + err + '</p>';
if (msg) return '<p class="success">' + msg + '</p>';
},
// Session Access
sessionStore: function(req, res){
return req.sessionStore;
}
});
// Salt Generator
function generateSalt(){
var text = "";
var possible= "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*"
for(var i = 0; i < 40; i++)
text += possible.charAt(Math.floor(Math.random() * possible.length));
return text;
}
// Generate Hash
function hash(msg, key){
return crypto.createHmac('sha256', key).update(msg).digest('hex');
}
// Authenticate
function authenticate(username, pass, fn){
client.get('username:' + username + ':uid', function(err, reply){
var uid = reply;
client.get('uid:' + uid + ':pass', function(err, reply){
var storedPass = reply;
client.get('uid:' + uid + ':salt', function(err, reply){
var storedSalt = reply;
if (uid == null){
return fn(new Error('cannot find user'));
}
if (storedPass == hash(pass, storedSalt)){
client.get('uid:' + uid + ':name', function(err, reply){
var name = reply;
client.get('uid:' + uid + ':username', function(err, reply){
var username = reply;
var user = {
name: name,
username: username
}
return fn(null, user);
});
});
}
});
});
});
fn(new Error('invalid password'));
}
function restrict(req, res, next){
if (req.sessionStore.user) {
next();
} else {
req.sessionStore.loginError = 'Access denied!';
res.redirect('/login');
}
}
function accessLogger(req, res, next) {
console.log('/restricted accessed by %s', req.sessionStore.user.username);
next();
}
// Routes
app.get('/', function(req, res){
res.render('index', {
title: 'TileTabs'
});
});
app.get('/restricted', restrict, accessLogger, function(req, res){
res.render('restricted', {
title: 'Restricted Section'
});
});
app.get('/logout', function(req, res){
console.log(req.sessionStore.user.username + ' has logged out.');
req.sessionStore.destroy(function(){
res.redirect('home');
});
});
app.get('/login', function(req, res){
res.render('login', {
title: 'TileTabs Login'
});
});
app.post('/login', function(req, res){
authenticate(req.body.username, req.body.password, function(err, user){
if (user) {
req.session.regenerate(function(){
req.sessionStore.user = user;
req.sessionStore.indexMessage = 'Authenticated as ' + req.sessionStore.user.name + '. Click to <a href="/logout">logout</a>. ' + ' You may now access <a href="/restricted">the restricted section</a>.';
res.redirect('home');
console.log(req.sessionStore.user.username + ' logged in!');
});
} else {
req.sessionStore.loginError = 'Authentication failed, please check your '
+ ' username and password.';
res.redirect('back');
}
});
});
app.get('/register', function(req, res){
res.render('register', {
title: 'TileTabs Register'
});
});
app.post('/register', function(req, res){
var name = req.body.name;
var username = req.body.username;
var password = req.body.password;
var salt = generateSalt();
client.get('username:' + username + ':uid', function(err, reply){
if (reply !== null){
console.log(reply);
req.sessionStore.registerError = 'Registration failed, ' + username + ' already taken.';
res.redirect('back');
}
else{
client.incr('global:nextUserId');
client.get('global:nextUserId', function(err, reply){
client.set('username:' + username + ':uid', reply);
client.set('uid:' + reply + ':name', name);
client.set('uid:' + reply + ':username', username);
client.set('uid:' + reply + ':salt', salt);
client.set('uid:' + reply + ':pass', hash(password, salt));
});
req.sessionStore.loginSuccess = 'Thanks for registering! Try logging in!';
console.log(username + ' has registered!');
res.redirect('/login');
}
});
});
// Only listen on $ node app.js
if (!module.parent) {
app.listen(80);
console.log("Express server listening on port %d", app.address().port);
}
我已设法在app.post('/login')
中识别引发此错误的行(res.redirect('home');
)。我只是想知道,除了我糟糕的代码,我需要做什么来修复这个错误
更新:
版本:
节点0.4.10快报2.4.3
npm 1.0.22
redis 2.4.0 rc5
连接1.6.0
连接redis 1.0.6 以下是指向我的应用程序的链接:
我的猜测是,
req.sessionStore.destroy
可能正在发送一个“Set Cookie”头来终止/删除会话Cookie,并且由于涉及IO,节点有机会在res.redirect
代码运行之前发送HTTP响应头,因此产生错误。试着直接在app.post中执行res.redirect
,而不是在destroy
回调中执行,看看这样是否可以避免错误
如果代码在发送邮件后试图读取邮件头,您也可能会遇到问题。Update
问题是authenticate()。以下是我认为正确的实施方法:
function authenticate(username, pass, fn){
client.get('username:' + username + ':uid', function (err, reply) {
var uid = reply;
client.get('uid:' + uid + ':pass', function(err, reply){
var storedPass = reply;
client.get('uid:' + uid + ':salt', function(err, reply){
var storedSalt = reply;
if (uid == null){
fn(new Error('cannot find user'));
return;
} else if (storedPass == hash(pass, storedSalt)) {
client.get('uid:' + uid + ':name', function(err, reply){
var name = reply;
client.get('uid:' + uid + ':username', function(err, reply){
var username = reply;
var user = {
name: name,
username: username
}
fn(null, user);
return;
});
});
} else {
return fn(new Error('invalid password'));
}
});
});
});
//return fn(new Error('invalid password'));
}
我无法运行该示例,因为我没有您的手写笔文件。你不能将你的项目归档并发布到这里,这样我们就可以运行你的代码了。如果我的记忆正常,当你把旧模块和新模块结合起来时,你可能会遇到这些问题。您安装了哪些版本的express、connect redis、redis、connect等
附言:如果你上传,我不能立即运行你的代码,因为我早上要睡觉和工作。但希望到时候有人能帮你。或者可能是安装模块的问题。遗憾的是,这并没有解决问题。尽管如此,您确定正在查看正确的res.redirect
?我在注销时没有遇到问题,(嗯,实际上不确定;因为我无法登录),我在登录时遇到了问题。我指的res.redirect
在app.post('/login')
路径中。在这里?你是说在github上发布还是什么?让我检查一下我的版本。例如,你可以将其存档并放入Dropbox的公用文件夹中。或者上传到任何上传站点,比如mediafire.com更新版的op,希望这就足够了。@Boss,这就足够了,我解决了这个问题。已多次调用身份验证,而不是仅调用一次!你应该完全归档你的项目。至少是app.js所需的部件。现在我缺少触控笔,翡翠模板…还有你正在使用的哪些连接,哪些连接redis。附言:你们的快车已经很旧了。npm更新后我得到=>connect@1.6.0,连接-redis@1.0.6, express@2.4.3So抱歉耽搁了。我刚刚更新到express 2.4.3,但仍然存在相同的问题。我还更新了我应用程序压缩文件的链接。另外,我如何检查connect和connect redis版本号?我假设您已经安装了npm。发布npm-ls
明确。我得到的版本与你为connect和connect redis所做的版本相同。
function authenticate(username, pass, fn){
client.get('username:' + username + ':uid', function (err, reply) {
var uid = reply;
client.get('uid:' + uid + ':pass', function(err, reply){
var storedPass = reply;
client.get('uid:' + uid + ':salt', function(err, reply){
var storedSalt = reply;
if (uid == null){
fn(new Error('cannot find user'));
return;
} else if (storedPass == hash(pass, storedSalt)) {
client.get('uid:' + uid + ':name', function(err, reply){
var name = reply;
client.get('uid:' + uid + ':username', function(err, reply){
var username = reply;
var user = {
name: name,
username: username
}
fn(null, user);
return;
});
});
} else {
return fn(new Error('invalid password'));
}
});
});
});
//return fn(new Error('invalid password'));
}