问题描述
我正在尝试为我的node.js应用程序设置一个基本的身份验证系统。现在我使用express(3.0.0rc5),护照(0.1.12)和socket.io(0.9.10)与Mongoose作为存储会话数据。我也一直在玩$ code> everyauth ,但我不喜欢使用承诺。
当前情况:
通过护照进行身份验证(Facebook策略)成功,客户端上设置了一个 session.sid 重定向,我可以在我的数据库中看到一个会话文档。我可以通过 socket.handshake.headers.cookie 访问 socket.io 中的会话cookie。
如果我正确理解了护照概念,则成功认证passport.serializeUser 被调用,使我能够添加信息到会议在我的情况下,最重要的信息是电子邮件,所以我以下列方式设置序列化:
passport.serializeUser function(user,done){
done(null,user.email);
});
现在我只是在我的socket.io事件中只使用cookie信息从会话中提取电子邮件地址。
var connect = require('connect'),
parseSignedCookie = connect.utils.parseSignedCookie,
cookie = require('express / node_modules / cookie');
io.on('connection',function(socket){
if(socket.handshake.headers.cookie){
var cookie = cookie.parse(socket.handshake
var sessionID = parseSignedCookie(cookie ['connect.sid'],'secret');
}
});
passport.deserializeUser(function(id,done){
// so,should be done here?
});
所以如果我没有错,那么任务现在要使用 deserializeUser 以访问相应的电子邮件地址。
我该怎么做?任何指针都非常感激。
我得到它的工作。我必须要访问sessionStore。以下是代码,以防任何人绊倒这个特殊问题:
//#app.js
var express = require('express'),
routes = require('./ routes'),
http = require('http'),
path = '),
app = express(),
护照= require('护照'),
SessionMongoose = require(session-mongoose),
mongooseSessionStore = new SessionMongoose {
url:mongodb:// localhost / login,
interval:120000
});
var config = require('game / config.js')//保存我的整个服务器配置
server = require('game / lib / server.js');
//保存sessionStore以配置以备以后访问
config.setSessionStore(mongooseSessionStore);
//配置express使用护照和mongooseSessionStore
app.configure(function(){
app.set('port',config.port);
app.set('env',config.environment);
app.set('dbPrefix',config.dbPrefix);
app.set('views',__dirname +'/ views');
app.set('view engine','jade');
app.use(express.favicon());
app.use(express.bodyParser());
app.use(express.cookieParser());
app.use(express.session({secret:'totallysecret',store:mongooseSessionStore})),
app.use(express.methodOverride ());
app.use(passport.initialize());
app.use(passport.session());
app.use(app.router);
app.use(express ['static'](path.join(__ dirname,'public')));
});
app.get('/',routes.index);
app.get('/ auth / facebook',passport.authenticate('facebook',{scope:'email'}));
app.get('/ auth / facebook / callback',
passport.authenticate('facebook',{successRedirect:'/',
failureRedirect:'/'}));
// #### Init httpserver
var httpServer = http.createServer(app);
httpServer.listen(app.get('port'));
// ####服务器启动
server.init(httpServer);
我的序列化函数看起来很简单:
passport.serializeUser(function(user,done){
//将user.email保存到session.passport.user
done(null,user.email) ;
});
passport.deserializeUser(function(obj,done){
done(null,obj);
});
最后socket.io实现:
var util = require('util'),
connect = require('connect'),
parseSignedCookie = connect.utils.parseSignedCookie,
cookie = require('express / node_modules / cookie'),
io = require('socket.io')。listen(httpServer);
var config = require('../ config.js');
io.configure(function(){
io.set('authorization',function(data,callback){
if(data.headers.cookie){
//将parsedSessionId保存到handshakeData
data.cookie = cookie.parse(data.headers.cookie);
data.sessionId = parseSignedCookie(data.cookie ['connect.sid'],'totalsecret ');
}
回调(null,true);
});
io.on('connection',function(socket){
//引用我初始化的sessionStore在app.js
var sessionStore = config.sessionStore;
var sessionId = socket.handshake.sessionId;
sessionStore.get(sessionId, function(err,session){
if(!err){
if(session.passport.user){
console.log('这是用户电子邮件地址%s',会话.passport.user);
}
});
});
});
使用session-mongoose模块我可以访问:
pre $
sessionStore.get(sessionId,callback)
sessionStore.set(sessionId,data,callback)
sessionStore.destroy(sessionId,callback)
sessionStore.all(callback)//返回所有可用的会话
sessionStore.clear(callback)//删除所有会话数据
sessionStore.length(callback)//返回$ b中的会话数$ b
I am currently trying to set up a basic authentication system for my node.js app. For now I am using express (3.0.0rc5), passport (0.1.12) and socket.io (0.9.10) with Mongoose as Store for session data. I have also been playing around with everyauth but I didn't like to work with promises.
Current situation:
Authentication through passport (facebook strategy) is successful, a session.sid cookie is set on the client after the redirect and I am able to see a session document in my database. I can access the session cookie in socket.io through socket.handshake.headers.cookie.
If I understood the passport concept correctly, after successful authentication passport.serializeUser is called which enables me to add information to the session. In my case the most important information is the email, so I set the serializer up in the following way:
passport.serializeUser(function(user, done) {
done(null, user.email);
});
Now I am at the point where I have to use only the cookie information in my socket.io event to extract the email address from the session.
var connect = require('connect'),
parseSignedCookie = connect.utils.parseSignedCookie,
cookie = require('express/node_modules/cookie');
io.on('connection', function(socket) {
if(socket.handshake.headers.cookie) {
var cookie = cookie.parse(socket.handshake.headers.cookie);
var sessionID = parseSignedCookie(cookie['connect.sid'], 'secret');
}
});
passport.deserializeUser(function(id, done) {
// so, what is supposed to be done here?
});
So if I am not mistaken, the task is now to use deserializeUser to access the corresponding email address.
How would I do that? Any pointers are highly appreciated.
I got it to work. What I had to to is get access to the sessionStore. Here is the code in case anyone else stumbles over this particular problem:
// # app.js
var express = require('express'),
routes = require('./routes'),
http = require('http'),
path = require('path'),
app = express(),
passport = require('passport'),
SessionMongoose = require("session-mongoose"),
mongooseSessionStore = new SessionMongoose({
url: "mongodb://localhost/login",
interval: 120000
});
var config = require('game/config.js'), // holds my whole server configuration
server = require('game/lib/server.js');
// save sessionStore to config for later access
config.setSessionStore(mongooseSessionStore);
// configure express to use passport and mongooseSessionStore
app.configure(function(){
app.set('port', config.port);
app.set('env', config.environment);
app.set('dbPrefix', config.dbPrefix);
app.set('views', __dirname + '/views');
app.set('view engine', 'jade');
app.use(express.favicon());
app.use(express.bodyParser());
app.use(express.cookieParser());
app.use(express.session({secret : 'totallysecret', store : mongooseSessionStore })),
app.use(express.methodOverride());
app.use(passport.initialize());
app.use(passport.session());
app.use(app.router);
app.use(express['static'](path.join(__dirname, 'public')));
});
app.get('/', routes.index);
app.get('/auth/facebook', passport.authenticate('facebook', { scope: 'email' }));
app.get('/auth/facebook/callback',
passport.authenticate('facebook', { successRedirect: '/',
failureRedirect: '/' }));
// #### Init httpserver
var httpServer = http.createServer(app);
httpServer.listen(app.get('port'));
// #### Server startup
server.init(httpServer);
My serialization functions look simple like this:
passport.serializeUser(function(user, done) {
// saves user.email to session.passport.user
done(null, user.email);
});
passport.deserializeUser(function(obj, done) {
done(null, obj);
});
And finally the socket.io implementation:
var util = require('util'),
connect = require('connect'),
parseSignedCookie = connect.utils.parseSignedCookie,
cookie = require('express/node_modules/cookie'),
io = require('socket.io').listen(httpServer);
var config = require('../config.js');
io.configure(function () {
io.set('authorization', function (data, callback) {
if(data.headers.cookie) {
// save parsedSessionId to handshakeData
data.cookie = cookie.parse(data.headers.cookie);
data.sessionId = parseSignedCookie(data.cookie['connect.sid'], 'totallysecret');
}
callback(null, true);
});
io.on('connection', function(socket) {
// reference to my initialized sessionStore in app.js
var sessionStore = config.sessionStore;
var sessionId = socket.handshake.sessionId;
sessionStore.get(sessionId, function(err, session) {
if( ! err) {
if(session.passport.user) {
console.log('This is the users email address %s', session.passport.user);
}
});
});
});
Using the session-mongoose module I have access to:
sessionStore.get(sessionId, callback)
sessionStore.set(sessionId, data, callback)
sessionStore.destroy(sessionId, callback)
sessionStore.all(callback) // returns all available sessions
sessionStore.clear(callback) // deletes all session data
sessionStore.length(callback) // returns number of sessions in the
这篇关于如何用express和socket.io使用护照?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!