passport.session()中间件做什么?
我正在使用Passport.js建立一个身份验证系统,使用这个教程。
I am building an authentication system using Passport.js using this tutorial.
我很困惑什么护照.session()。
I am confused about what passport.session() does.
随着不同的中间件,我明白express.session()是通过cookie发送会话ID到客户端,但我对于什么护照()做了什么以及为什么需要除了express之外,我感到困惑。 session()。
After playing around with the different middleware I came to understand that express.session() is what sends a session ID over cookies to the client, but I'm confused about what passport.session() does and why it is required in addition to express.session().
这是我如何设置我的应用程序:
Here is how I set up my application:
// Server.js配置应用和设置webserver
// Server.js configures the application and sets up the webserver
//importing our modules
var express = require('express');
var app = express();
var port = process.env.PORT || 8080;
var mongoose = require('mongoose');
var passport = require('passport');
var flash = require('connect-flash');
var configDB = require('./config/database.js');
//Configuration of Databse and App
mongoose.connect(configDB.url); //connect to our database
require('./config/passport')(passport); //pass passport for configuration
app.configure(function() {
//set up our express application
app.use(express.logger('dev')); //log every request to the console
app.use(express.cookieParser()); //read cookies (needed for auth)
app.use(express.bodyParser()); //get info from html forms
app.set('view engine', 'ejs'); //set up ejs for templating
//configuration for passport
app.use(express.session({ secret: 'olhosvermelhoseasenhaclassica', maxAge:null })); //session secret
app.use(passport.initialize());
app.use(passport.session()); //persistent login session
app.use(flash()); //use connect-flash for flash messages stored in session
});
//Set up routes
require('./app/routes.js')(app, passport);
//launch
app.listen(port);
console.log("Server listening on port" + port);
passport.session()
充当中间件来更改req对象,并将当前的会话ID(从客户端cookie)更改为真正的反序列化用户对象。
passport.session()
acts as a middleware to alter the req object and change the 'user' value that is currently the session id (from the client cookie) into the true deserialized user object.
虽然其他答案有一些好点,我认为可以提供一些更具体的细节。
Whilst the other answers make some good points I thought that some more specific detail could be provided.
app.use(passport.session());
相当于
app.use(passport.authenticate('session'));
其中会话是指与护照JS捆绑在一起的以下策略。
Where 'session' refers to the following strategy that is bundled with passportJS.
https:// github。 com / jaredhanson / passport / blob / master / lib / strategies / session.js
具体行59-60:
var property = req._passport.instance._userProperty || 'user';
req[property] = user;
它基本上充当中间件,并更改req对象中user属性的值以包含用户的反序列化身份。要使其正常工作,您必须在自定义代码中包含 serializeUser
和 deserializeUser
函数。
Where it essentially acts as a middleware and alters the value of the 'user' property in the req object to contain the deserialized identity of the user. To allow this to work correctly you must include serializeUser
and deserializeUser
functions in your custom code.
passport.serializeUser(function (user, done) {
done(null, user.id);
});
passport.deserializeUser(function (user, done) {
//If using Mongoose with MongoDB; if other you will need JS specific to that schema
User.findById(id, function (err, user) {
done(err, user);
});
});
这将从数据库中找到正确的用户,并将其作为闭包变量传递回回调code> done(err,user); 所以 passport.session()
中的上述代码可以替换 req对象并传递给桩中的下一个中间件。
This will find the correct user from the database and pass it as a closure variable into the callback done(err,user);
so the above code in the passport.session()
can replace the 'user' value in the req object and pass on to the next middleware in the pile.