为了创建身份验证系统,无涯教程需要创建一个注册页面和一个用户密码存储,以下代码创建了一个帐户并将其存储在内存中,这只是出于演示的目的;建议始终使用永久性存储(数据库或文件)来存储用户信息。
var express=require('express'); var app=express(); var bodyParser=require('body-parser'); var multer=require('multer'); var upload=multer(); var session=require('express-session'); var cookieParser=require('cookie-parser'); app.set('view engine', 'pug'); app.set('views','./views'); app.use(bodyParser.json()); app.use(bodyParser.urlencoded({ extended: true })); app.use(upload.array()); app.use(cookieParser()); app.use(session({secret: "Your secret key"})); var Users=[]; app.get('/signup', function(req, res){ res.render('signup'); }); app.post('/signup', function(req, res){ if(!req.body.id || !req.body.password){ res.status("400"); res.send("Invalid details!"); } else { Users.filter(function(user){ if(user.id === req.body.id){ res.render('signup', { message: "User Already Exists! Login or choose another user id"}); } }); var newUser={id: req.body.id, password: req.body.password}; Users.push(newUser); req.session.user=newUser; res.redirect('/protected_page'); } }); app.listen(3000);
现在为注册表单创建一个名为 signup.jade的新视图。
注册会员
html head title Signup body if(message) h4 #{message} form(action="/signup" method="POST") input(name="id" type="text" required placeholder="User ID") input(name="password" type="password" required placeholder="Password") button(type="Submit") Sign me up!
通过访问localhost:3000/signup检查此页面是否加载。
为这两个字段都设置了必填属性。在具有以下内容的视图中创建一个名为 protected_page.pug 的新文件-
html head title Protected page body div Hey #{id}, How are you doing today? div Want to log out? div Logout
仅当用户刚刚注册或登录时,此页面才应该可见。现在定义其路由以及登录和注销的路由-
var express=require('express'); var app=express(); var bodyParser=require('body-parser'); var multer=require('multer'); var upload=multer(); var session=require('express-session'); var cookieParser=require('cookie-parser'); app.set('view engine', 'pug'); app.set('views','./views'); app.use(bodyParser.json()); app.use(bodyParser.urlencoded({ extended: true })); app.use(upload.array()); app.use(cookieParser()); app.use(session({secret: "Your secret key"})); var Users=[]; app.get('/signup', function(req, res){ res.render('signup'); }); app.post('/signup', function(req, res){ if(!req.body.id || !req.body.password){ res.status("400"); res.send("Invalid details!"); } else { Users.filter(function(user){ if(user.id === req.body.id){ res.render('signup', { message: "User Already Exists! Login or choose another user id"}); } }); var newUser={id: req.body.id, password: req.body.password}; Users.push(newUser); req.session.user=newUser; res.redirect('/protected_page'); } }); function checkSignIn(req, res){ if(req.session.user){ next(); //If session exists, proceed to page } else { var err=new Error("Not logged in!"); console.log(req.session.user); next(err); //Error, trying to access unauthorized page! } } app.get('/protected_page', checkSignIn, function(req, res){ res.render('protected_page', {id: req.session.user.id}) }); app.get('/login', function(req, res){ res.render('login'); }); app.post('/login', function(req, res){ console.log(Users); if(!req.body.id || !req.body.password){ res.render('login', {message: "Please enter both id and password"}); } else { Users.filter(function(user){ if(user.id === req.body.id && user.password === req.body.password){ req.session.user=user; res.redirect('/protected_page'); } }); res.render('login', {message: "Invalid credentials!"}); } }); app.get('/logout', function(req, res){ req.session.destroy(function(){ console.log("user logged out.") }); res.redirect('/login'); }); app.use('/protected_page', function(err, req, res, next){ console.log(err); //User should be authenticated! Redirect him to log in. res.redirect('/login'); }); app.listen(3000);
无涯教程创建了一个中间件函数 checkSignIn 来检查用户是否已登录, protected_page 使用此函数,为了注销用户,销毁了会话(session)。
现在创建登录页面。将视图命名为 login.pug ,然后输入内容-
html head title Signup body if(message) h4 #{message} form(action="/login" method="POST") input(name="id" type="text" required placeholder="User ID") input(name="password" type="password" required placeholder="Password") button(type="Submit") Log in
简单身份验证应用程序现已完成;现在测试该应用程序。使用 nodemon index.js 运行该应用程序,然后转到localhost:3000/signup。
输入用户名和密码,然后单击注册-
现在退出该应用程序。这会将重定向到登录页面-
该路由受到保护,这样,如果未经身份验证的人尝试访问它,他将被重定向到无涯教程的登录页面。
参考链接
https://www.learnfk.com/expressjs/expressjs-authentication.html