Javascript Expressjs身份验证
我有一些关于登录和会话的问题。我有以下代码: 数据库查询:Javascript Expressjs身份验证,javascript,authentication,node.js,express,Javascript,Authentication,Node.js,Express,我有一些关于登录和会话的问题。我有以下代码: 数据库查询: login: function(req,callback) { var query = 'SELECT id FROM users WHERE email = "' + req.body.email_login + '" AND password = "' + hashlib.sha1(req.body.password_login) + '" LIMIT 1'; client.query(query, callback
login: function(req,callback) {
var query = 'SELECT id FROM users WHERE email = "' + req.body.email_login + '" AND password = "' + hashlib.sha1(req.body.password_login) + '" LIMIT 1';
client.query(query, callback);
}
app.post('/login', function(req, res, next) {
users.login(req,function(err, results) {
if (err) {
res.render('index');
} else if (results[0]) {
req.session.userdata = results[0];
req.session.is_logged_in = true;
res.render('site/news');
}
}
}
var auth = function (req, res, next) {
if (req.session.userdata && req.session.is_logged_in === true) {
next();
} else {
res.redirect('/');
}
}
// e.g. get the session.id from dynamichelper
if (data.userid === session.userdata.id) {
// The form where user can change his data contained within here
}
login: function(req,callback) {
var query = 'SELECT id FROM users WHERE email = "' + req.body.email_login + '" AND password = "' + hashlib.sha1(req.body.password_login) + '" LIMIT 1';
client.query(query, callback);
}
app.post('/login', function(req, res, next) {
users.login(req,function(err, results) {
if (err) {
res.render('index');
} else if (results[0]) {
req.session.userdata = results[0];
req.session.is_logged_in = true;
res.render('site/news');
}
}
}
var auth = function (req, res, next) {
if (req.session.userdata && req.session.is_logged_in === true) {
next();
} else {
res.redirect('/');
}
}
// e.g. get the session.id from dynamichelper
if (data.userid === session.userdata.id) {
// The form where user can change his data contained within here
}
login: function(req,callback) {
var query = 'SELECT id FROM users WHERE email = "' + req.body.email_login + '" AND password = "' + hashlib.sha1(req.body.password_login) + '" LIMIT 1';
client.query(query, callback);
}
app.post('/login', function(req, res, next) {
users.login(req,function(err, results) {
if (err) {
res.render('index');
} else if (results[0]) {
req.session.userdata = results[0];
req.session.is_logged_in = true;
res.render('site/news');
}
}
}
var auth = function (req, res, next) {
if (req.session.userdata && req.session.is_logged_in === true) {
next();
} else {
res.redirect('/');
}
}
// e.g. get the session.id from dynamichelper
if (data.userid === session.userdata.id) {
// The form where user can change his data contained within here
}
/domain/users/1login: function(req,callback) {
var query = 'SELECT id FROM users WHERE email = "' + req.body.email_login + '" AND password = "' + hashlib.sha1(req.body.password_login) + '" LIMIT 1';
client.query(query, callback);
}
app.post('/login', function(req, res, next) {
users.login(req,function(err, results) {
if (err) {
res.render('index');
} else if (results[0]) {
req.session.userdata = results[0];
req.session.is_logged_in = true;
res.render('site/news');
}
}
}
var auth = function (req, res, next) {
if (req.session.userdata && req.session.is_logged_in === true) {
next();
} else {
res.redirect('/');
}
}
// e.g. get the session.id from dynamichelper
if (data.userid === session.userdata.id) {
// The form where user can change his data contained within here
}
George在db查询代码中,检查req.body.email\u登录名和req.body.password\u登录名,以确保它们不为空且为字符串。有人可能会发送一个空的响应,这将在您这边生成一个内部错误 同样在路由中,您可能希望记录错误并将用户重定向到/500.html页面(内部错误): 您不应该在视图中执行此操作:
if(data.userid === session.userdata.id) { //The form where user can change his data contained within here }
res.render('view', { loggedIn: true });
function checkUser(id, session) {
return (userid === session.userdata.id);
}
...
module.exports.checkUser = checkUser;
你可能还想再看一次Hi:)好的,好的建议,但我不确定我是否掌握了一件事,为什么我不应该在视图中检查id?那会是什么样子?也许是个小例子?你可以这样做,这只是一个建议,让这些东西在其他地方结构化:助手,模型。我现在要加上这个例子。哦,我明白了,这是一个很好的方法。更易于维护。谢谢你的建议:)