Javascript Passport req.user未定义。反序列化用户正在返回有效用户
我用的是Express,MongoDB,还有MongoJS和Passport。我的前端只是另一个域上的vanilla JS。目前,Express正在将前端表单中的用户保存到Mongo中,并返回浏览器正确保存的cookie。但是,当我通过前端的GET请求启动另一条路由时,我得到的结果是Javascript Passport req.user未定义。反序列化用户正在返回有效用户,javascript,node.js,express,passport.js,Javascript,Node.js,Express,Passport.js,我用的是Express,MongoDB,还有MongoJS和Passport。我的前端只是另一个域上的vanilla JS。目前,Express正在将前端表单中的用户保存到Mongo中,并返回浏览器正确保存的cookie。但是,当我通过前端的GET请求启动另一条路由时,我得到的结果是req.user===“undefined”和req.isAuthenticated()==false。Passport似乎正确运行了Passport.serializeUser和Passport.deseriali
req.user===“undefined”req.isAuthenticated()==falsePassport.serializeUserPassport.deserializeUserapp.use(cookieParser('supernova'));
app.use(bodyParser.urlencoded({ extended: true }));
app.use(bodyParser.json(options));
app.use(session({
secret: 'supernova',
resave: false,
saveUninitialized: false,
cookie: {
maxAge: 60*60*1000,
secure: false,
httpOnly: false,
domain: 'localhost'
}
}));
app.use(passport.initialize());
app.use(passport.session());
passport.use('local', new LocalStrategy(
{passReqToCallback : true},
(req, username, password, done) => {
db.users.findOne({'username': username}, (error, user) => {
if (error) {return done(error);}
if (user) {
log('User already exists');
return done(user);
} else {
crypt.hashPassword(password, ((encryptedPassword) => {
var newUser = new User({username: username, password: encryptedPassword});
db.users.save(newUser, (err, data) => {
if (err) {
log(err);
return done(err)
}
log(data);
return done(null, data);
})
}));
}
})
}
));
passport.serializeUser(function(user, done) {
log('serialize: ' + user._id)
done(null, user._id);
});
passport.deserializeUser(function(id, done) {
log('deserialize: ' + id)
db.users.findOne({_id: mongojs.ObjectId(id)}, (err, user) => {
log(user)
if(err) {
log(err);
return done(err);
}
return done(err, user);
});
});
function loggedIn(req, res, next) {
log('logged in: ' + req.user);
// log(req.session)
if (req.isAuthenticated()) { return next(); }
req.session.error = 'Please sign in!';
}
app.use((req, res, next) => {
res.setHeader('Access-Control-Allow-Origin', 'http://localhost:4200');
res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
res.setHeader('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept');
res.setHeader('Access-Control-Allow-Credentials', true);
next();
});
app.post('/register', passport.authenticate('local', {session: true}), (req, res) => {
req.session.save(() => {
return res.redirect('/')
})
});
app.use('/api', loggedIn, maps);
document.getElementById('signup').addEventListener('submit', function (e) {
e.preventDefault();
window.fetch(process.env.DB_API_URI + '/register', {
method: 'POST',
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json',
},
credentials: 'include',
body: JSON.stringify({
username: document.getElementById('signUpUsername').value,
password: document.getElementById('signUpPassword').value
})
})
req.userreturn window.fetch(process.env.DB_API_URI + '/maps/' + mapId, {
method: 'GET',
headers: {
'Content-Type': 'application/json'
},
credentials: 'include'
})
问题是浏览器发送了两个HTTP请求,一个选项请求和一个GET请求。选项请求未通过凭据发送,因此身份验证检查失败。我通过将我的函数更新为以下内容绕过了此问题:
function loggedIn(req, res, next) {
log('logged in: ' + req.isAuthenticated());
if (req.isAuthenticated() || req.method === 'OPTIONS') {
return next();
}
req.session.error = 'Please sign in!';
res.status(400).send();
}
问题是浏览器发送了两个HTTP请求,一个选项请求和一个GET请求。选项请求未通过凭据发送,因此身份验证检查失败。我通过将我的函数更新为以下内容绕过了此问题:
function loggedIn(req, res, next) {
log('logged in: ' + req.isAuthenticated());
if (req.isAuthenticated() || req.method === 'OPTIONS') {
return next();
}
req.session.error = 'Please sign in!';
res.status(400).send();
}