抱歉,它是用coffeescript(不是纯js)编写的。我一直在查看passport.js,并试图将其包含在项目中,这是其中的简化版本,仅包含auth内容。
express = require 'express'
passport = require 'passport'
LocalStrategy = require 'passport-local'
.Strategy
BasicStrategy = require 'passport-http'
app = express()
server = require 'http'
.createServer app
server.listen 3000
app.use express.cookieParser()
app.use express.session
secret: 'abc'
app.use express.json()
app.use express.urlencoded()
app.set 'views', "#{__dirname}/views"
app.set 'view engine', 'jade'
app.locals.pretty = true
app.use passport.initialize()
app.use passport.session()
passport.use new LocalStrategy (username, password, done) ->
if username is 'admin' and password is 'password'
return done null, user =
username: 'admin'
else
return done null, false, message: 'Incorrect username / password'
passport.serializeUser (user, done) ->
done null, user.username
passport.deserializeUser (username, done) ->
done null, user =
username: username
app.get '/login', (req, res) ->
res.render 'login',
title: 'Login'
app.post '/login', passport.authenticate 'local',
successRedirect: '/admin'
failureRedirect: '/login'
app.get '/admin', (req, res) ->
res.render 'admin',
title: 'Admin'
app.get '/devices', (req, res) ->
res.render 'devices',
title: 'Devices'
这非常基本,因为本地策略仅检查用户名是否为“ admin”,密码是否为“ password”,但我不确定如何保护“ / admin”和“ / devices”路由?我尝试了这种事情:
app.get '/devices', passport.authenticate('local', {
failureRedirect: '/login'
}, (req, res) ->
res.render 'devices',
title: 'Devices'
但这似乎没有用..
如果用户在登录后成功通过身份验证,则可以执行以下操作:
ensureAuthenticated = (req, res, next) ->
if req.isAuthenticated() then return next() else res.send 401
app.get "/devices", ensureAuthenticated, (req, res) ->
res.render 'devices',
title: 'Devices'
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句