问题描述
我使用建立一个认证系统Passport.js使用
我感到困惑的是什么passport.session()一样。
在不同的中间件玩弄后,我才明白,前press.session()是在饼干给客户端发送一个会话ID,但我感到困惑的是什么passport.session()不和为什么它是必需的,除了前press.session()。
下面是我如何设置我的应用程序:
// Server.js配置应用程序和设置了网络服务器
//导入我们的模块
VAR前preSS =要求('前preSS');
VAR应用=前preSS();
VAR端口= process.env.PORT || 8080;
VAR猫鼬=要求('猫鼬');
VAR护照=要求('护照');
VAR闪光灯=要求('接闪');VAR configDB =要求('./配置/ database.js');// DATABSE和App的配置mongoose.connect(configDB.url); //连接到我们的数据库要求('./配置/护照')(护照); //传递护照的配置app.configure(函数(){ //设置我们的前preSS应用 app.use(如press.logger('开发')); //记录每个请求到控制台
app.use(如press.cookieParser()); //读取cookies(需要验证)
app.use(如press.bodyParser()); //从HTML表单信息 app.set(视图引擎','EJS'); //设置为模板EJS //护照配置
app.use(如press.session({秘密:olhosvermelhoseasenhaclassica',MAXAGE:空})); //会话秘密
app.use(passport.initialize());
app.use(passport.session()); //永久登录会话
app.use(闪光灯()); //使用连接闪存存储在会话闪存的消息});//设置路线
要求('./应用/ routes.js')(应用程序,护照);//发射
app.listen(端口);
的console.log(服务器侦听端口+端口);
passport.session()
作为一个中间件改变REQ对象,并改变'用户'值是当前会话ID(从客户端的cookie)进入真正的反序列化用户对象。
虽然其他的答案让我觉得可以提供一些更具体的细节一些很好的意见。
app.use(passport.session());
等同于
app.use(passport.authenticate(会议));
在哪里会话是指以下策略,捆绑passportJS。
https://github.com/jaredhanson/passport/blob/master/lib/strategies/session.js
具体线路59-60:
VAR财产= req._passport.instance._userProperty || '用户';
REQ [属性] =用户;
在哪里它本质上作为一个中间件和改变的请求头'用户'属性的值包含用户的身份反序列化。为了让这个正常工作,你必须在你的自定义code serializeUser和deserializeUser功能。
passport.serializeUser(功能(用户,完成){
DONE(NULL,user.id);
});passport.deserializeUser(功能(用户,完成){
//如果使用猫鼬与MongoDB的;如果其他你需要JS特定于该模式
User.findById(ID,函数(ERR,用户){
DONE(ERR,用户);
});
});
这会发现从数据库中正确的用户,并把它作为一个闭包变量进入回调完成(ERR,用户);
因此,上述code在在 passport.session()
可在REQ对象代替用户的价值和传递到桩下一个中间件。
I am building an authentication system using Passport.js using this tutorial.
I am confused about what passport.session() does.
After playing around with the different middleware I came to understand that express.session() is what sends a session ID over cookies to the client, but I'm confused about what passport.session() does and why it is required in addition to express.session().
Here is how I set up my application:
// Server.js configures the application and sets up the webserver
//importing our modules
var express = require('express');
var app = express();
var port = process.env.PORT || 8080;
var mongoose = require('mongoose');
var passport = require('passport');
var flash = require('connect-flash');
var configDB = require('./config/database.js');
//Configuration of Databse and App
mongoose.connect(configDB.url); //connect to our database
require('./config/passport')(passport); //pass passport for configuration
app.configure(function() {
//set up our express application
app.use(express.logger('dev')); //log every request to the console
app.use(express.cookieParser()); //read cookies (needed for auth)
app.use(express.bodyParser()); //get info from html forms
app.set('view engine', 'ejs'); //set up ejs for templating
//configuration for passport
app.use(express.session({ secret: 'olhosvermelhoseasenhaclassica', maxAge:null })); //session secret
app.use(passport.initialize());
app.use(passport.session()); //persistent login session
app.use(flash()); //use connect-flash for flash messages stored in session
});
//Set up routes
require('./app/routes.js')(app, passport);
//launch
app.listen(port);
console.log("Server listening on port" + port);
passport.session()
acts as a middleware to alter the req object and change the 'user' value that is currently the session id (from the client cookie) into the true deserialized user object.
Whilst the other answers make some good points I thought that some more specific detail could be provided.
app.use(passport.session());
is equivalent to
app.use(passport.authenticate('session'));
Where 'session' refers to the following strategy that is bundled with passportJS.
https://github.com/jaredhanson/passport/blob/master/lib/strategies/session.js
Specifically lines 59-60:
var property = req._passport.instance._userProperty || 'user';
req[property] = user;
Where it essentially acts as a middleware and alters the value of the 'user' property in the request headers to contain the deserialized identity of the user. To allow this to work correctly you must include serializeUser and deserializeUser functions in your custom code.
passport.serializeUser(function (user, done) {
done(null, user.id);
});
passport.deserializeUser(function (user, done) {
//If using Mongoose with MongoDB; if other you will need JS specific to that schema
User.findById(id, function (err, user) {
done(err, user);
});
});
This will find the correct user from the database and pass it as a closure variable into the callback done(err,user);
so the above code in the passport.session()
can replace the 'user' value in the req object and pass on to the next middleware in the pile.
这篇关于什么是passport.session()中间件吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!