我在heroku上托管的Web应用程序上工作。作为数据库,我尝试使用back4app。在back4app documention的帮助下,我已经实现了登录。自两天以来,我一直试图使该会话能够使用。

因此,我读了很多博客,文章,当然还有parse documentation。但是我无法使其正常工作。希望您能找到我的问题。以下代码是我最后的尝试:

const express = require('express');
const server = express();
const path = require('path');
const bodyParser = require('body-parser');

const port = process.env.PORT || 8080;

const back4app = require('parse/node');

back4app.initialize("xxx","yyy");
back4app.serverURL = 'https://parseapi.back4app.com/';


server.use(express.static('web'));
server.use(bodyParser.json());

server.get('/lgn', (req, resp) => {
console.log("server.get('/lgn',...");
    resp.sendFile(path.join(__dirname + '/web/login.html'));
});

server.post('/lgn', (req, resp) => {
    const data =  req.body;

    console.log("server.post('/lgn',...");

    if(data.email != undefined){
        console.log(data.email);
        resetPassword(data);
    } else{
        logIn(data, function(err, user){
            console.log(user.get("sessionToken"));


            //How to get the user object in other routes?
            console.log('session');
            back4app.User.enableUnsafeCurrentUser(); //is this a secure solution?

            back4app.User.currentAsync().then(function(userObj) {
                console.dir(userObj.get("sessionToken"));
            });

            if(user){
                resp.send( JSON.stringify( {url: '/'}) );
            } else{
                console.log(err);
            }
        });
    }
});


function logIn(data, cb) {
    // Create a new instance of the user class
    var user = back4app.User
        .logIn(data.username, data.password)
            .then(function(user) {
                console.log('User successful logged in with name: ' +     user.get("username"));
                cb(null, user);
            })
            .catch(function(error){
                console.log("Error: " + error.code + " " + error.message);
                cb(error);
    });
}


server.listen(port, (err) => {
    if (err) {
        return console.log('something bad happened', err)
    }
    console.log(`server is listening on ${port}`)
});


userObj为空。但为什么?我必须做些什么,才能使currentUser及其会话在其他路线上获得?

(我也尝试过使用back4app.Session,但没有得到我想要的东西。)

最佳答案

在Node.js应用程序中使用currentUser方法是不安全的。

代替:

logIn(data, function(err, user){
            console.log(user.get("sessionToken"));


            //How to get the user object in other routes?
            console.log('session');
            back4app.User.enableUnsafeCurrentUser(); //is this a secure solution?

            back4app.User.currentAsync().then(function(userObj) {
                console.dir(userObj.get("sessionToken"));
            });

            if(user){
                resp.send( JSON.stringify( {url: '/'}) );
            } else{
                console.log(err);
            }
        });


采用:

logIn(data, function(err, user){
            // This is your session token. You will have to send it back to your client. The client should store it and send it to the server in the other routes.
            const sessionToken = user.get("sessionToken");
            console.log(sessionToken);


            //How to get the user object in other routes?
            //In order to get the user in other routes you will have to use the sessionToken like this:
            back4app.User.me({ sessionToken }).then(function(userObj) {
                console.dir(userObj.get("sessionToken"));
            });

            if(user){
                resp.send( JSON.stringify( {url: '/'}) );
            } else{
                console.log(err);
            }
        });

09-26 02:10