我该怎么办＆＃x27; session＆＃x27;由Passport.js创建？

发布于 2025-02-11 21:26:36 字数 4459 浏览 0 评论 0 原文

我正在实施用户身份验证，并且一旦对其进行身份验证，他们就可以在数据库上弄清他们的用户数据。我目前可以对用户进行身份验证，并让用户注册一个新帐户，但我不确定我的下一步应该是什么。一旦我的用户身份验证，我的节点服务器应该传递到我的前端？我在任何地方都读到我想使用令牌和会话来检查每个请求的用户是否是验证的。

auth.js

const router = express.Router()
const passport = require("passport")


router.post("/login", (req, res, next) => {
    passport.authenticate("local", function(err, user, info) {
        console.log(user)
        if(err){
            return res.status(400).json({errors: err})
        }
        if(!user){
            return res.status(400).json({errors: "Incorrect username or password"})
        }
        //figure out what this does 
        req.logIn(user, function(err){
            if(err){
                return res.status(400).json({errors: err});
            }
            return res.status(200).json({success: `Logged in ${user.id}`})
        })

    })(req, res, next)
})

module.exports = router

setup.js （对于Passportjs）

const bcrypt = require("bcrypt")
const User = require('../models/user')
const passport = require("passport");
const LocalStrategy = require("passport-local").Strategy;

passport.serializeUser((user, done) => {
    done(null, user.id)
})

passport.deserializeUser((id, done) => {
    User.findById(id, (err, user) => {
        done(err, user);
    })
})

passport.use(
    new LocalStrategy({ usernameField: 'email' }, (email, password, done) => {
        //Match user
        User.findOne({ email: email })
            .then(user => {
                //match password
                bcrypt.compare(password, user.password, (err, isMatch) => {
                    if (err) throw err;
                    if (isMatch) {
                        console.log("successfully auth")
                        return done(null, user);
                    } else {
                        console.log("incorrect password ")
                        return done(null, false, { message: "Incorrect Password" })
                    }
                })

            })
            .catch(err => {
                console.log("no account found")
                return done(null, false, { message: err })
            })
    })
)
module.exports = passport

index.js

require('dotenv').config()
const express = require('express');
const session = require('express-session');
const mongoose = require("mongoose")
const MongoStore = require("connect-mongo")
const cors = require("cors");
const axios = require('axios');
const User = require('./models/user')
const bcrypt = require('bcrypt')

const passport = require("./passport/setup")
const auth = require("./routes/auth")


const app = express();
app.use(cors());
let port = process.env.PORT;
if (port == null || port == "") {
  port = 5000;
}

mongoose.connect(process.env.ATLAS_URI).then(console.log("MongoDB Connection Success")).catch(err => console.log("MongoDB Connection Failed" + err))
// For backend and express init
app.use(express.json());
app.use(express.urlencoded({ extended: false }))

app.use(session({
  secret: 'random secret',
  resave: false,
  saveUninitialized: true,
  store: MongoStore.create({ mongoUrl: process.env.ATLAS_URI }),
}));


app.use(passport.initialize())
app.use(passport.session())

app.use("/auth", auth)

app.post('/register', (req, res) => {
  const email = req.body.email
  const plainTextPassword = req.body.password;

  //check if user already exists 
  User.find({ name: email }, (err, existingUser) => {
    if (existingUser.length === 0) {
      bcrypt.hash(plainTextPassword, 8, async (err, hash) => {
        try {
          const user = new User({
            email: email,
            password: hash
          });
          let result = await user.save();
          if (result) { 
            console.log("account registered successfully")
            res.send(result)
          }

        } catch (e) {
          res.send("Something Went Wrong");
          console.log("something went wrong ---" + e)
        }
      })
    } else {
      console.log("user account already exists! Login instead. ")
    }
  })

})

我不想试图调试错误，只需要知道该方法是什么。基本上，我希望用户登录一次，然后能够在Web应用程序周围导航并crud到其数据库。谢谢你！！

我的会议存储在MongoDB的另一个集合中，但IDK如何处理

原文

I am implementing user authentication and and once they are authenticated, they can CRUD their user data on the database. I can currently authenticate users and have users register a new account, but im not sure what my next step should be. What should my Node server pass back to my front end once my user is authenticated? I read everywhere that I am suppose to use tokens and sessions to check if user is auth for every request.

Auth.js

const router = express.Router()
const passport = require("passport")


router.post("/login", (req, res, next) => {
    passport.authenticate("local", function(err, user, info) {
        console.log(user)
        if(err){
            return res.status(400).json({errors: err})
        }
        if(!user){
            return res.status(400).json({errors: "Incorrect username or password"})
        }
        //figure out what this does 
        req.logIn(user, function(err){
            if(err){
                return res.status(400).json({errors: err});
            }
            return res.status(200).json({success: `Logged in ${user.id}`})
        })

    })(req, res, next)
})

module.exports = router

Setup.js (for passportjs)

const bcrypt = require("bcrypt")
const User = require('../models/user')
const passport = require("passport");
const LocalStrategy = require("passport-local").Strategy;

passport.serializeUser((user, done) => {
    done(null, user.id)
})

passport.deserializeUser((id, done) => {
    User.findById(id, (err, user) => {
        done(err, user);
    })
})

passport.use(
    new LocalStrategy({ usernameField: 'email' }, (email, password, done) => {
        //Match user
        User.findOne({ email: email })
            .then(user => {
                //match password
                bcrypt.compare(password, user.password, (err, isMatch) => {
                    if (err) throw err;
                    if (isMatch) {
                        console.log("successfully auth")
                        return done(null, user);
                    } else {
                        console.log("incorrect password ")
                        return done(null, false, { message: "Incorrect Password" })
                    }
                })

            })
            .catch(err => {
                console.log("no account found")
                return done(null, false, { message: err })
            })
    })
)
module.exports = passport

index.js

require('dotenv').config()
const express = require('express');
const session = require('express-session');
const mongoose = require("mongoose")
const MongoStore = require("connect-mongo")
const cors = require("cors");
const axios = require('axios');
const User = require('./models/user')
const bcrypt = require('bcrypt')

const passport = require("./passport/setup")
const auth = require("./routes/auth")


const app = express();
app.use(cors());
let port = process.env.PORT;
if (port == null || port == "") {
  port = 5000;
}

mongoose.connect(process.env.ATLAS_URI).then(console.log("MongoDB Connection Success")).catch(err => console.log("MongoDB Connection Failed" + err))
// For backend and express init
app.use(express.json());
app.use(express.urlencoded({ extended: false }))

app.use(session({
  secret: 'random secret',
  resave: false,
  saveUninitialized: true,
  store: MongoStore.create({ mongoUrl: process.env.ATLAS_URI }),
}));


app.use(passport.initialize())
app.use(passport.session())

app.use("/auth", auth)

app.post('/register', (req, res) => {
  const email = req.body.email
  const plainTextPassword = req.body.password;

  //check if user already exists 
  User.find({ name: email }, (err, existingUser) => {
    if (existingUser.length === 0) {
      bcrypt.hash(plainTextPassword, 8, async (err, hash) => {
        try {
          const user = new User({
            email: email,
            password: hash
          });
          let result = await user.save();
          if (result) { 
            console.log("account registered successfully")
            res.send(result)
          }

        } catch (e) {
          res.send("Something Went Wrong");
          console.log("something went wrong ---" + e)
        }
      })
    } else {
      console.log("user account already exists! Login instead. ")
    }
  })

})

Im not trying to debug an error, just need to know what the approach is. Basically, I want the user to login once, and then be able to navigate around the web app and crud to their database. Thank you!!

My sessions are stored in a different collection in mongodb but idk what to do with this