Cookies @哈皮/贝尔(不和谐)-->@hapi/cookie认证切换
我正在构建一个hapi(v18.4.0)API,我想根据Discord OAuth2服务对用户进行身份验证。我使用@hapi/bell(v11.1.0)来处理OAuth2握手 我可以通过Discord进行身份验证,但我无法让@hapi/cookie(v10.1.2)接管身份验证职责。我可以看到正在创建cookie,但我唯一看到调用cookie validateFunc函数的时间是使用“注销”路由。我相信我已经为在localhost上开发设置了所有必要的标志 基本上我无法让cookie auth策略工作。我很惊讶,当我转到需要身份验证的路由时,没有看到调用validateFunc 下面是我的身份验证策略设置、cookie validateFunc功能、登录/注销路由和测试路由 谢谢你的帮助Cookies @哈皮/贝尔(不和谐)-->@hapi/cookie认证切换,cookies,oauth,hapi,Cookies,Oauth,Hapi,我正在构建一个hapi(v18.4.0)API,我想根据Discord OAuth2服务对用户进行身份验证。我使用@hapi/bell(v11.1.0)来处理OAuth2握手 我可以通过Discord进行身份验证,但我无法让@hapi/cookie(v10.1.2)接管身份验证职责。我可以看到正在创建cookie,但我唯一看到调用cookie validateFunc函数的时间是使用“注销”路由。我相信我已经为在localhost上开发设置了所有必要的标志 基本上我无法让cookie auth策
exports.plugin = {
name: 'auth',
dependencies: ['hapi-mongodb', 'bell', '@hapi/cookie'],
register: (server, options) => {
server.auth.strategy('session', 'cookie', {
cookie: {
name: 'sid-demo',
password: SECRET_KEY,
isSecure: false,
isSameSite: 'Lax'
},
redirectTo: '/demo-server/api/v1/auth/login', //If there is no session, redirect here
validateFunc: async (request, session) => {
console.log("validating cookie...");
const db = request.mongo.db;
const ObjectID = request.mongo.ObjectID;
try {
const user = await db.collection(usersTable).findOne({ _id: new ObjectID(session.id) });
if (!user) {
console.log("no user found, cookie invalid");
return { valid: false };
}
return { valid: true, credentials: user };
}
catch (err) {
console.log("Validation error:", err);
return { valid: false };
}
}
});
server.auth.strategy('discord', 'bell', {
provider: 'discord',
password: SECRET_KEY,
clientId: DISCORD_CLIENT_ID,
clientSecret: DISCORD_SECRET,
isSecure: false,
isSameSite: 'Lax'
});
}
};
发现问题。。。
我需要设置API根目录的路径
cookie: {
name: 'sid-demo',
password: SECRET_KEY, //Use something more secure in production
path: '/demo-server', // <--- This was what fixed the issue
isSecure: false,
isSameSite: 'Lax'
},
cookie:{
名称:“sid演示”,
密码:SECRET\u KEY,//在生产中使用更安全的密码
路径:'/demo服务器'//
exports.plugin = {
name: 'routes-default',
dependencies: ['auth'],
register: (server, options) => {
server.route({
method: 'GET',
path: '/demo-server',
handler: (request, h) => {
return h.response({ result: 'Welcome to demo-server!' }).code(200);
},
config: {
description: 'This is default route for the API.',
response: {
status: {}
},
tags: ['default','test']
}
});
server.route({
method: 'GET',
path: '/demo-server/restricted',
handler: (request, h) => {
return h.response({ message: 'Ok, You are authorized.' }).code(200);
},
config: {
auth: {
mode: 'try'
},
description: 'This is a default route used for testing the jwt authentication.',
response: {
status: {}
},
tags: ['default','test','auth']
}
});
}
};
cookie: {
name: 'sid-demo',
password: SECRET_KEY, //Use something more secure in production
path: '/demo-server', // <--- This was what fixed the issue
isSecure: false,
isSameSite: 'Lax'
},