Node.js 如何使用postman测试nodejs中的express会话类型会话?
我有一个nodejs后端,使用npm模块进行会话。我想用邮递员测试会话 我想要的是,仅当用户当前正在会话中时,才允许用户通过Node.js 如何使用postman测试nodejs中的express会话类型会话?,node.js,express,session,server-side,express-session,Node.js,Express,Session,Server Side,Express Session,我有一个nodejs后端,使用npm模块进行会话。我想用邮递员测试会话 我想要的是,仅当用户当前正在会话中时,才允许用户通过/getUsers路径访问用户列表。但是,当我使用postman测试后端时,即使在登录之后,用户也无法使用/getUsers路由访问用户。这和邮递员有关吗 这是我的app.js const express = require("express"); const app = express(); const authRoutes=require('./routes/auth'
/getUsers
路径访问用户列表。但是,当我使用postman测试后端时,即使在登录之后,用户也无法使用/getUsers
路由访问用户。这和邮递员有关吗
这是我的app.js
const express = require("express");
const app = express();
const authRoutes=require('./routes/auth');
const mongoose=require('mongoose');
const bodyParser = require("body-parser");
require("dotenv").config();
const nodemailer = require("nodemailer");
const session = require('express-session');
const RedisStore = require('connect-redis')(session);
const cors = require('cors');
app.use(cors({
origin:['http://localhost:8080'],
methods:['GET','POST'],
credentials: true // enable set cookie
}));
app.use(
// Creates a session middleware with given options.
session({
name: 'sid',
saveUninitialized: false,
resave: false,
secret: 'sssh, quiet! it\'s a secret!',
cookie: {
httpOnly: true,
maxAge: 1000 * 60 * 60 * 2,
sameSite: true,
secure: true
}
})
);
mongoose.connect(process.env.LOCAL_MONGO_URI,{useNewUrlParser:true},function (err) {
if (err) throw err
console.log("Connected to local mongo db database");
});
app.get("/",(req,res)=> {console.log("A request was made to /")
console.log("/GET called");
});
app.use(bodyParser.json());
app.use("/",authRoutes);
const port = process.env.PORT||8080
app.listen(port,()=> {
console.log("Hello world");
})
这是我的路线/auth.js:
const express = require("express");
const {
signup,login,verifyemail,requiresLogin,getUsers,logout
} = require("../handler/auth")
const router = express.Router();
router.post("/signup",signup);
router.post("/login",login);
router.get("/verifyemail/:token",verifyemail);
router.get("/getUsers",requiresLogin,getUsers);
router.get("/getUsers",requiresLogin,getUsers);
router.get("/logout",requiresLogin,logout);
module.exports=router;
这是我的handler/auth.js
const User = require("../models/user");
const bcrypt = require('bcrypt');
const crypto = require('crypto');
exports.signup = async (req, res) => {
const email = req.body.email;
User.findOne({email},function(err,user){
if(err) return res.status(500).json({message:err.message});
else if(user) return res.status(403).json({"message":"User exists"});
const password = req.body.password;
const name = req.body.name;
bcrypt.hash(password, 10)
.then(async function(hashed_password) {
const user = await new User({email,name,hashed_password});
user.emailVerificationToken = crypto.randomBytes(20).toString('hex');
user.emailVerificationTokenExpires = Date.now() + 3600000*24;
await user.save(function(err) {
if(!err) {
const resetURL = `http://${req.headers.host}/verifyemail/${user.emailVerificationToken}`;
const sgMail = require('@sendgrid/mail');
sgMail.setApiKey(process.env.SENDGRID_API_KEY);
const msg = {
from: 'admin@pinclone.com',
to: email,
subject: 'Email verification link',
html: `Verify your email <a href="${resetURL}">here</a> to login to your account`,
};
sgMail.send(msg);
return res.json({message:"verify email address to login"});
}
return res.status(500).send({ message: err.message });
});
})
.catch(function(error){
res.status(500).send({message:error.message});
});
});
};
exports.login = (req,res) => {
const email = req.body.email;
const password = req.body.password;
User.findOne({email},function(err,user) {
if(err) return res.status(500).json({message:err.message});
if(!user) return res.status(403).json({"message":"User does not exists"});
bcrypt.compare(password,user.hashed_password,(err,result) => {
if(result) {
if(user.isVerified)
return res.status(200).json({"message":"successfully logged in"});
else
return res.status(403).json({"message":"user is not verified"});
}
else return res.status(403).json({message: "email address password do not match"});
});
});
};
exports.verifyemail = async (req,res) => {
User.findOneAndUpdate({emailVerificationToken: req.params.token,emailVerificationTokenExpires: { $gt: Date.now() }}, {$set:{isVerified:true}}, {new: true}, (err, user) => {
if (err) {
res.status(403).send({message:"Link invalid or expired"});
// res.status(500).send({message:"Something wrong when updating data!"});
}
if(user) {
res.status(200).send({"message":"email verification successful you can login now!"});
}
});
};
exports.requiresLogin = (req, res, next) => {
if (req.cookies.sid) {
return next();
} else {
var err = new Error('You must be logged in to view this page.');
err.status = 401;
return next(err);
}
};
exports.logout = (req, res) => {
res.clearCookie('sid');
res.send("logout success");
};
exports.getUsers = (req,res) => {
User.find({},function(err,users){
res.send(users);
});
};
const User=require(“../models/User”);
const bcrypt=require('bcrypt');
const crypto=require('crypto');
exports.signup=async(请求、回复)=>{
const email=req.body.email;
User.findOne({email},函数(err,User){
if(err)返回res.status(500.json)({message:err.message});
else if(user)返回res.status(403.json)({“message”:“user exists”});
const password=req.body.password;
const name=req.body.name;
bcrypt.hash(密码,10)
.then(异步函数(哈希密码){
const user=等待新用户({电子邮件、姓名、哈希密码});
user.emailVerificationToken=crypto.randomBytes(20).toString('hex');
user.emailVerificationTokenExpires=Date.now()+3600000*24;
等待用户保存(函数(错误){
如果(!err){
const resetURL=`http://${req.headers.host}/verifyemail/${user.emailVerificationToken}`;
const sgMail=require('@sendgrid/mail');
sgMail.setApiKey(process.env.SENDGRID\u API\u KEY);
常数msg={
发件人:'admin@pinclone.com',
致:电邮:,
主题:“电子邮件验证链接”,
html:`验证您的电子邮件以登录您的帐户`,
};
sgMail.send(msg);
返回res.json({message:“验证要登录的电子邮件地址”});
}
返回res.status(500).send({message:err.message});
});
})
.catch(函数(错误){
res.status(500).send({message:error.message});
});
});
};
exports.login=(请求、回复)=>{
const email=req.body.email;
const password=req.body.password;
User.findOne({email},函数(err,User){
if(err)返回res.status(500.json)({message:err.message});
如果(!user)返回res.status(403.json)({“消息”:“用户不存在”});
bcrypt.compare(密码,用户。哈希密码,(错误,结果)=>{
如果(结果){
if(user.isVerified)
返回res.status(200.json)({“message”:“已成功登录”});
其他的
返回res.status(403.json)({“message”:“用户未验证”});
}
else返回res.status(403.json)({message:“电子邮件地址密码不匹配”});
});
});
};
exports.verifyemail=async(请求、回复)=>{
User.findOneAndUpdate({emailVerificationToken:req.params.token,emailVerificationTokenExpires:{$gt:Date.now()},{$set:{isVerified:true},{new:true},(错误,用户)=>{
如果(错误){
res.status(403).send({消息:“链接无效或已过期”});
//res.status(500).send({message:“更新数据时出错!”});
}
如果(用户){
res.status(200).send({“message”:“电子邮件验证成功,您现在可以登录!”);
}
});
};
exports.requiresLogin=(请求、回复、下一步)=>{
if(请求cookies.sid){
返回next();
}否则{
var err=new Error('您必须登录才能查看此页面');
err.status=401;
返回下一个(错误);
}
};
exports.logout=(请求、回复)=>{
res.clearCookie(“sid”);
res.send(“注销成功”);
};
exports.getUsers=(请求、回复)=>{
User.find({},函数(err,users){
res.send(用户);
});
};
您可以使用键在选项卡标题中设置会话。
你可以阅读更多细节
您应该阅读《如何使用邮递员》中的会话?部分。至少有人能帮我在问题中添加更多信息,以便让问题变得足够清楚吗。