Cookies @哈皮/贝尔（不和谐）-->@hapi/cookie认证切换_Cookies_Oauth_Hapi

Cookies @哈皮/贝尔（不和谐）-->@hapi/cookie认证切换

cookies oauth

Cookies @哈皮/贝尔（不和谐）-->@hapi/cookie认证切换,cookies,oauth,hapi,Cookies,Oauth,Hapi,我正在构建一个hapi（v18.4.0）API，我想根据Discord OAuth2服务对用户进行身份验证。我使用@hapi/bell（v11.1.0）来处理OAuth2握手我可以通过Discord进行身份验证，但我无法让@hapi/cookie（v10.1.2）接管身份验证职责。我可以看到正在创建cookie，但我唯一看到调用cookie validateFunc函数的时间是使用“注销”路由。我相信我已经为在localhost上开发设置了所有必要的标志基本上我无法让cookie auth策

我正在构建一个hapi（v18.4.0）API，我想根据Discord OAuth2服务对用户进行身份验证。我使用@hapi/bell（v11.1.0）来处理OAuth2握手

我可以通过Discord进行身份验证，但我无法让@hapi/cookie（v10.1.2）接管身份验证职责。我可以看到正在创建cookie，但我唯一看到调用cookie validateFunc函数的时间是使用“注销”路由。我相信我已经为在localhost上开发设置了所有必要的标志

基本上我无法让cookie auth策略工作。我很惊讶，当我转到需要身份验证的路由时，没有看到调用validateFunc

下面是我的身份验证策略设置、cookie validateFunc功能、登录/注销路由和测试路由

谢谢你的帮助

exports.plugin = {
  name: 'auth',
  dependencies: ['hapi-mongodb', 'bell', '@hapi/cookie'],
  register: (server, options) => {

    server.auth.strategy('session', 'cookie', {
      cookie: {
        name: 'sid-demo',
        password: SECRET_KEY,
        isSecure: false,
        isSameSite: 'Lax'
      },
      redirectTo: '/demo-server/api/v1/auth/login', //If there is no session, redirect here
      validateFunc: async (request, session) => {

        console.log("validating cookie...");
        const db = request.mongo.db;
        const ObjectID = request.mongo.ObjectID;

        try {
          const user = await db.collection(usersTable).findOne({ _id: new ObjectID(session.id) });
          if (!user) {
            console.log("no user found, cookie invalid");
            return { valid: false };
          }

          return { valid: true, credentials: user };

        }
        catch (err) {
          console.log("Validation error:", err);
          return { valid: false };        
        }
      }
    });

    server.auth.strategy('discord', 'bell', {
      provider: 'discord',
      password: SECRET_KEY,
      clientId: DISCORD_CLIENT_ID,
      clientSecret: DISCORD_SECRET,
      isSecure: false,
      isSameSite: 'Lax'
    });
  }
};

发现问题。。。我需要设置API根目录的路径

cookie: {
        name: 'sid-demo',
        password: SECRET_KEY, //Use something more secure in production
        path: '/demo-server', // <--- This was what fixed the issue
        isSecure: false,
        isSameSite: 'Lax'
      },

cookie:{
名称：“sid演示”，
密码：SECRET\u KEY，//在生产中使用更安全的密码
路径：'/demo服务器'//
exports.plugin = {
  name: 'routes-default',
  dependencies: ['auth'],
  register: (server, options) => {

    server.route({
      method: 'GET',
      path: '/demo-server',
      handler: (request, h) => {

        return h.response({ result: 'Welcome to demo-server!' }).code(200);
      },
      config: {
        description: 'This is default route for the API.',
        response: {
          status: {}
        },
        tags: ['default','test']
      }
    });

    server.route({
      method: 'GET',
      path: '/demo-server/restricted',
      handler: (request, h) => {

        return h.response({ message: 'Ok, You are authorized.' }).code(200);

      },
      config: {
        auth: {
          mode: 'try'
        },
        description: 'This is a default route used for testing the jwt authentication.',
        response: {
          status: {}
        },
        tags: ['default','test','auth']
      }
    });
  }
};

cookie: {
        name: 'sid-demo',
        password: SECRET_KEY, //Use something more secure in production
        path: '/demo-server', // <--- This was what fixed the issue
        isSecure: false,
        isSameSite: 'Lax'
      },