当前位置: 文江博客话题详情

错误使用明上文和打字稿对用户进行身份验证

发布于 2025-01-25 08:46:51 字数 4113 浏览 1 评论 0原文

我有一个允许注册和登录的小应用程序,但是我仍在尝试使用会话表达会话。

以下是 server.ts 在其中创建会话,cors等...

import express, { json } from "express";
import { db } from "./models/db-connection";
import { router } from "./routes";
import session from "express-session";
var cors = require("cors");

const app = express();

app.use(
    cors({
        origin: "http://localhost:3000",
        methods: ["POST", "GET"],
        credentials: true,
    })
);
app.use(json());
app.use(
    session({
        secret: "testtest",
        resave: false,
        saveUninitialized: false,
    })
);
app.use(router);

app.listen(3001, async () => {
    try {
        await db.sync();
        console.log("Connected to the database");
    } catch (error) {
        console.error("Failed to connect to the database", error);
    }

});

routes.ts 脚本中,我使用了身份验证函数,这只会允许新用户如果用户已经登录,请注册。 但是问题正好在这里, req.session.authenticated 永远不是真的,即使我将其设置为真,它总是 note ,因为我将在中显示usercontroller.ts

以下是路由。TS

import express from "express";
import UserController from "./controllers/UserController";
import "./session-data";

function authenticate(req: express.Request, res: express.Response, next: express.NextFunction) {
    console.log(req.session);
    if (req.session.authenticated) {
        next();
    } else {
        res.redirect("/login");
    }
}

const router = express.Router();

router.post("/users", authenticate, UserController.create);
router.get("/users/login/:login", UserController.findLogin);

export { router };

如下所示,在 usercontroller.ts req.session.authenticated 时,当我们找到匹配时,我放入了一个console.log。 > Req.Session 在这一点上具有身份验证的属性,但它看起来像 routes.ts 看不到它。

usercontroller.ts

import express, { Request, Response } from "express";
import { UserModel } from "../models/UserModel";
import "../session-data";
const bcrypt = require("bcryptjs");

class UserController {
    async findLogin(req: express.Request, res: express.Response) {
        const email = req.query.email?.toString();
        const password = req.query.password?.toString();

        try {
            const user: any = await UserModel.findOne({
                where: {
                    email: email,
                },
            });

            if (user) {
                const match = await bcrypt.compare(password, user.password);

                if (match) {
                    req.session.authenticated = true;
                    console.log(req.session);
                    return res.status(204).json(user);
                } else {
                    req.session.authenticated = false;
                    return res.status(200).send("invalid password");
                }
            } else {
                req.session.authenticated = false;
                return res.status(201).send("User not found");
            }
        } catch (error: any) {
            req.session.authenticated = false;
            return res.send(error.message);
        }
    }
}

async create(req: Request, res: Response) {
    try {
        const { userName, email, password } = req.body;
        const user = await UserModel.create({
            userName,
            email,
            password,
        });
        return res.status(201).json(user);
    } catch (error: any) {
        console.error(error);
        return res.send(error.message);
    }
}

由于我正在使用Typescript,因此我需要创建一个session-data.ts文件来扩展

session-data.ts.ts

declare module "express-session" {
    interface SessionData {
        authenticated: boolean;
    }
}

export {};

会话存储,也从未创建会话。

你能帮我吗?我不知道为什么 req.session.authenticated 不起作用,我是新手使用TypeScript的新手,我想与此相关。

谢谢!

原文

I have a small app that allows registration and login, but I'm still trying to use session-express to persist the session.

Below is server.ts where I create the session, cors, etc...

import express, { json } from "express";
import { db } from "./models/db-connection";
import { router } from "./routes";
import session from "express-session";
var cors = require("cors");

const app = express();

app.use(
    cors({
        origin: "http://localhost:3000",
        methods: ["POST", "GET"],
        credentials: true,
    })
);
app.use(json());
app.use(
    session({
        secret: "testtest",
        resave: false,
        saveUninitialized: false,
    })
);
app.use(router);

app.listen(3001, async () => {
    try {
        await db.sync();
        console.log("Connected to the database");
    } catch (error) {
        console.error("Failed to connect to the database", error);
    }

});

In the routes.ts script I use the authenticate function which will only allow a new user to be registered if an user is already logged in.
But the problem is exactly here, req.session.authenticated is never true, it is always undefined, even when I set it to true as I will show in UserController.ts.

Below is routes.ts.

import express from "express";
import UserController from "./controllers/UserController";
import "./session-data";

function authenticate(req: express.Request, res: express.Response, next: express.NextFunction) {
    console.log(req.session);
    if (req.session.authenticated) {
        next();
    } else {
        res.redirect("/login");
    }
}

const router = express.Router();

router.post("/users", authenticate, UserController.create);
router.get("/users/login/:login", UserController.findLogin);

export { router };

As you can see below in UserController.ts, req.session.authenticated is true when we find a match, I put in a console.log just to confirm that req.session has the authenticated property at this point, and it does, but it looks like routes.ts can't see it.

UserController.ts

import express, { Request, Response } from "express";
import { UserModel } from "../models/UserModel";
import "../session-data";
const bcrypt = require("bcryptjs");

class UserController {
    async findLogin(req: express.Request, res: express.Response) {
        const email = req.query.email?.toString();
        const password = req.query.password?.toString();

        try {
            const user: any = await UserModel.findOne({
                where: {
                    email: email,
                },
            });

            if (user) {
                const match = await bcrypt.compare(password, user.password);

                if (match) {
                    req.session.authenticated = true;
                    console.log(req.session);
                    return res.status(204).json(user);
                } else {
                    req.session.authenticated = false;
                    return res.status(200).send("invalid password");
                }
            } else {
                req.session.authenticated = false;
                return res.status(201).send("User not found");
            }
        } catch (error: any) {
            req.session.authenticated = false;
            return res.send(error.message);
        }
    }
}

async create(req: Request, res: Response) {
    try {
        const { userName, email, password } = req.body;
        const user = await UserModel.create({
            userName,
            email,
            password,
        });
        return res.status(201).json(user);
    } catch (error: any) {
        console.error(error);
        return res.send(error.message);
    }
}

Since I'm using Typescript, I need to create a session-data.ts file to expand req.session

session-data.ts

declare module "express-session" {
    interface SessionData {
        authenticated: boolean;
    }
}

export {};

In the session store, the session is never created either.
Session Storage

Could you help me please? I don't know why req.session.authenticated isn't working, I'm new to using typescript, I imagine there's something related to that.

Thanks!

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

梦醒时光 2025-02-01 08:46:51

尝试尽可能简化代码,以使问题仍然可再现。以下对我有效:

declare module "express-session" {
    interface SessionData {
        authenticated: boolean;
    }
}
function login(req: express.Request, res: express.Response, next: express.NextFunction) {
    req.session.authenticated = true;
    res.end("Logged in");
}
function authenticate(req: express.Request, res: express.Response, next: express.NextFunction) {
    console.log(req.session);
    if (req.session.authenticated) {
        next();
    } else {
        res.end("Not logged in");
    }
}
express()
.use(session({
    secret: "Se$ion",
    resave: false,
    saveUninitialized: false
}))
.get("/login", login)
.get("/auth", authenticate, function(req, res) {
    res.end("Welcome");
})
.listen(3001);

获取/login返回“已登录”。

然后获取/auth返回“欢迎”,并记录了会话:

Session {
  cookie: { path: '/', _expires: null, originalMaxAge: null, httpOnly: true },
  authenticated: true
}

Try simplifying your code as much as possible so that the problem is still reproducible. The following works for me:

declare module "express-session" {
    interface SessionData {
        authenticated: boolean;
    }
}
function login(req: express.Request, res: express.Response, next: express.NextFunction) {
    req.session.authenticated = true;
    res.end("Logged in");
}
function authenticate(req: express.Request, res: express.Response, next: express.NextFunction) {
    console.log(req.session);
    if (req.session.authenticated) {
        next();
    } else {
        res.end("Not logged in");
    }
}
express()
.use(session({
    secret: "Se$ion",
    resave: false,
    saveUninitialized: false
}))
.get("/login", login)
.get("/auth", authenticate, function(req, res) {
    res.end("Welcome");
})
.listen(3001);

GET /login returns "Logged in".

Then GET /auth return "Welcome" and the session is logged:

Session {
  cookie: { path: '/', _expires: null, originalMaxAge: null, httpOnly: true },
  authenticated: true
}
回复 原文
~没有更多了~

关于作者

千仐

暂无简介

文章
评论
26 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

初吻给了烟

文章 0 评论 0

十二

文章 0 评论 0

这个问题好好想想

文章 0 评论 0

清引

文章 0 评论 0

丢了幸福的猪

文章 0 评论 0

微信用户

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文