javascript 使用身份验证中间件表达资源?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/9213707/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Express resources with authentication middleware?
提问by Patrick
Passport.jsoffers great authentication for node.js and Express including a middleware solution:
Passport.js为 node.js 和 Express 提供了很好的身份验证,包括一个中间件解决方案:
ensureAuthenticated = function(req, res, next) {
if (req.isAuthenticated()) {
return next();
}
return res.redirect("/login");
};
How can I use this middleware in the express-resource module? Unfortunately,
如何在 express-resource 模块中使用这个中间件?很遗憾,
app.resource('users', ensureAuthenticated, require('./resources/users'));
doesn't work.
不起作用。
回答by Lan
I know this is a little too late, and the original post was answered, however, I was looking for the same answer and found a solution I thought others might want to know.
我知道这有点太晚了,原来的帖子得到了回答,但是,我正在寻找相同的答案,并找到了一个我认为其他人可能想知道的解决方案。
Just make sure ensureAuthenticated is called from passport.
只需确保从护照中调用 ensureAuthenticated。
app.resource('users', passport.ensureAuthenticated, require('./resources/users'));
It is found here: https://gist.github.com/1941301
可以在这里找到:https: //gist.github.com/1941301
回答by Patrick
Workaround. Ensure authentication on all requests and ignore requests going to /auth and /auth/callback.
解决方法。确保对所有请求进行身份验证并忽略进入 /auth 和 /auth/callback 的请求。
app.all('*', function(req, res, next) {
if (/^\/auth/g.test(req.url)) {
return next();
} else if (req.isAuthenticated()) {
return next();
} else {
return next(new Error(401));
}
});
回答by tbjers
You will need to do some magic in order to have each resource use the authentication middleware. The following gist explains how to accomplish this by using a menu structure.
为了让每个资源使用身份验证中间件,您需要做一些魔术。以下要点说明了如何通过使用菜单结构来完成此操作。
https://gist.github.com/3610934
https://gist.github.com/3610934
Essentially, you need the following logic:
本质上,您需要以下逻辑:
app.all('/' + item.name + '*', ensureAuthenticated, function (req, res, next) {
next();
});
You could then in your menu structure specify what resources are protected, and if they require any kind of specific permissions, even down to the HTTP method level.
然后,您可以在菜单结构中指定受保护的资源,以及它们是否需要任何类型的特定权限,甚至可以低至 HTTP 方法级别。
Hopefully this helps someone!
希望这对某人有所帮助!
回答by az_
I was looking up this topic as well, and found https://npmjs.org/package/express-resource-middleware. Haven't tested it, though.
我也在查找这个主题,并找到了https://npmjs.org/package/express-resource-middleware。不过没测试过。
回答by fent
I'm not sure if express-resource has the option of inserting middleware into specific resources, but you could always insert checking if you are in that resource inside the middleware.
我不确定 express-resource 是否可以选择将中间件插入到特定资源中,但是您始终可以插入检查您是否在中间件内的该资源中。
ensureAuthenticated = function(req, res, next) {
if (!/^users/.test(req.url) || req.isAuthenticated()) {
return next();
}
return res.redirect("/login");
};
回答by jabbermonkey
This works:
这有效:
app.get('/', ensureAuthenticated, admin.index);
app.get('/', ensureAuthenticated, admin.index);
As long as your strategy is setup correctly. I'm using the local strategy. Check out the guide:
只要您的策略设置正确。我正在使用本地策略。查看指南:
