Javascript Node.js。如何限制未标记用户的页面访问?
我正在尝试使用令牌制作一个过滤器,以限制node.js 0.10上未标记用户的页面访问,我使用如下中间件:Javascript Node.js。如何限制未标记用户的页面访问?,javascript,angularjs,node.js,express,Javascript,Angularjs,Node.js,Express,我正在尝试使用令牌制作一个过滤器,以限制node.js 0.10上未标记用户的页面访问,我使用如下中间件: app.all( "/product/*" , handler); // won't match /product <-- Important // will match /product/cool // will match /product/foov server.js var app = express(); ... var requiereLogin
app.all( "/product/*" , handler);
// won't match /product <-- Important
// will match /product/cool
// will match /product/foov
server.js
var app = express();
...
var requiereLogin = require('./server/routes/usuario');
app.all('/privadas/*', requiereLogin);
...
app.config(function($routeProvider){
$routeProvider
.when("/", {
templateUrl: "pages/login.html",
css: ["client/styles/css/login.css"],
controller: "loginCtrl",
controllerAs: "vm"
})
.when("/mapa", {
templateUrl: "pages/privadas/mapa.html",
controller: "mapCtrl",
controllerAs: "vm",
authenticated: true
})
.when("/inicio", {
templateUrl: "pages/privadas/inicio.html",
controller: "inicioCtrl",
controllerAs: "vm",
authenticated: true
})
.otherwise({redirectTo:'/'});
});
app.run(['$rootScope', '$location', 'authFactory', function ($rootScope, $location, authFactory){
$rootScope.$on('$routeChangeStart', function(event, next, current){
console.log(event);
console.log(current);
console.log(next);
//Si la siguiente ruta es privada, el usuario debe tener un token
if(next.$$route.authenticated){
console.log("auth");
var userAuth = authFactory.getAccessToken();
if(!userAuth){
//Redireccionamos a la pagina de login
$location.path('/');
}
}
})
}]);
app.factory('authFactory', [function() {
var authFactory = {};
authFactory.setAccessToken = function(accessToken){
authFactory.authToken = accessToken;
};
authFactory.getAccessToken = function(){
return authFactory.authToken;
};
return authFactory;
}]);
usuario.js
var express = require('express');
var router = express.Router();
...
router.use(function(req,res,next){
console.log("filter...");
var token = req.headers['auth-token'];
jwt.verify(token, process.env.SECRET, function(err, decoded){
if (err){
res.redirect('/login');
} else {
req.user_id = decoded.IDU;
next();
}
})
});
app.config
app.config(function($routeProvider){
$routeProvider
.when("/", {
templateUrl: "pages/login.html",
css: ["css/login.css"],
controller: "loginCtrl",
controllerAs: "vm"
})
.when("/privadas/mapa", {
templateUrl: "pages/privadas/mapa.html",
controller: "mapCtrl",
controllerAs: "vm"
})
.when("/privadas/inicio", {
templateUrl: "pages/privadas/inicio.html",
controller: "inicioCtrl",
controllerAs: "vm"
})
.otherwise({redirectTo:'/'});
});
有什么想法吗?谢谢 我会建议passport.js。 这有点需要解释和演练,所以我添加了一个指向文档的链接和一些基本示例,以帮助您入门。它将允许您存储用户信息,并使用这些信息限制对给定路由的访问 你的routes.js
app.all('/privadas/*',AuthHelpers.loginRequired, requiereLogin);
function loginRequired(req, res, next) {
if (!req.session.passport || !req.session.passport.user)
return res.status(401).json({status: 'Please log in'});
return next();
}
你的passport.js
const passport = require('passport');
var models = require('../server/models/index');
passport.serializeUser((user, done) => {
var session={
user.user,
}
done(null, session);
});
passport.deserializeUser((user, done) => {
models.users.findOne({
where: {
user: user.user
}
}).then(function(user) {
done(null, user);
}).catch(function (err) {
done(err, null);
});
});
module.exports = passport;
在App.js中
const passport = require('./auth/local');
app.use(passport.passport.initialize());
app.use(passport.passport.session());
您可以在提供的路由中使用authenticate:tur
.when("/", {
templateUrl: "pages/login.html",
css: ["css/login.css"],
controller: "loginCtrl",
authenticate:true,
controllerAs: "vm",
最后,我根据Vignesh的回答使用了本教程: 这一步一步解释得很好!但这里是我的代码: rutas.js
var app = express();
...
var requiereLogin = require('./server/routes/usuario');
app.all('/privadas/*', requiereLogin);
...
app.config(function($routeProvider){
$routeProvider
.when("/", {
templateUrl: "pages/login.html",
css: ["client/styles/css/login.css"],
controller: "loginCtrl",
controllerAs: "vm"
})
.when("/mapa", {
templateUrl: "pages/privadas/mapa.html",
controller: "mapCtrl",
controllerAs: "vm",
authenticated: true
})
.when("/inicio", {
templateUrl: "pages/privadas/inicio.html",
controller: "inicioCtrl",
controllerAs: "vm",
authenticated: true
})
.otherwise({redirectTo:'/'});
});
app.run(['$rootScope', '$location', 'authFactory', function ($rootScope, $location, authFactory){
$rootScope.$on('$routeChangeStart', function(event, next, current){
console.log(event);
console.log(current);
console.log(next);
//Si la siguiente ruta es privada, el usuario debe tener un token
if(next.$$route.authenticated){
console.log("auth");
var userAuth = authFactory.getAccessToken();
if(!userAuth){
//Redireccionamos a la pagina de login
$location.path('/');
}
}
})
}]);
app.factory('authFactory', [function() {
var authFactory = {};
authFactory.setAccessToken = function(accessToken){
authFactory.authToken = accessToken;
};
authFactory.getAccessToken = function(){
return authFactory.authToken;
};
return authFactory;
}]);
factorias.js
var app = express();
...
var requiereLogin = require('./server/routes/usuario');
app.all('/privadas/*', requiereLogin);
...
app.config(function($routeProvider){
$routeProvider
.when("/", {
templateUrl: "pages/login.html",
css: ["client/styles/css/login.css"],
controller: "loginCtrl",
controllerAs: "vm"
})
.when("/mapa", {
templateUrl: "pages/privadas/mapa.html",
controller: "mapCtrl",
controllerAs: "vm",
authenticated: true
})
.when("/inicio", {
templateUrl: "pages/privadas/inicio.html",
controller: "inicioCtrl",
controllerAs: "vm",
authenticated: true
})
.otherwise({redirectTo:'/'});
});
app.run(['$rootScope', '$location', 'authFactory', function ($rootScope, $location, authFactory){
$rootScope.$on('$routeChangeStart', function(event, next, current){
console.log(event);
console.log(current);
console.log(next);
//Si la siguiente ruta es privada, el usuario debe tener un token
if(next.$$route.authenticated){
console.log("auth");
var userAuth = authFactory.getAccessToken();
if(!userAuth){
//Redireccionamos a la pagina de login
$location.path('/');
}
}
})
}]);
app.factory('authFactory', [function() {
var authFactory = {};
authFactory.setAccessToken = function(accessToken){
authFactory.authToken = accessToken;
};
authFactory.getAccessToken = function(){
return authFactory.authToken;
};
return authFactory;
}]);
和我的登录控制器:
app.controller("loginCtrl", function($scope, $http, $location, userService, authFactory){
vm = this;
vm.funciones = {
logearse : function(usuario){
$http.post('/api/user/login', usuario)
.then(function(response){ //Si el login es bueno, obtendremos al usuario, sin la contraseña, y su token.
console.log(response);
//userService es el servicio junto con localStorage, que mantendrá el token y el usuario de la sesión.
userService.token = response.data.token;
userService.user = response.data.userData;
localStorage.setItem('token', JSON.stringify(userService.token));
localStorage.setItem('user', JSON.stringify(userService.user));
authFactory.setAccessToken(response.data.token);
//Redireccionamos a la pagina de inicio
$location.path('/inicio');
}, function(err){
console.error(err);
vm.error = err.data;
})
}
}
});
我希望它能为更多的人服务