Sails.js 与护照-http-bearer 身份验证不起作用

Posted 2023-03-08

【中文标题】Sails.js 与护照-http-bearer 身份验证不起作用

【英文标题】：Sails.js with passport-http-bearer authentication not working

【发布时间】：2013-12-28 16:15:28

【问题描述】：

我正在对护照使用多种策略（本地和不记名策略）。使用本地策略登录有效。我们登录后生成一个token，token存放在redis中。初始登录后，只要在 redis 中找到令牌，我就想使用不带会话的不记名身份验证。如果我发送正确的令牌，我可以查询 redis 并获取用户数据，但节点仍然发送 403 响应而不是我期望的 200 状态代码。如果在 redis 中找不到 token，sails 会崩溃并报以下错误：

 /workspace/rs-api-sails/node_modules/redis/index.js:587
            throw err;
                  ^
Error: Can't set headers after they are sent.
  at ServerResponse.OutgoingMessage.setHeader (http.js:691:11)
  at ServerResponse.res.setHeader (/workspace/rs-api-sails/node_modules/sails/node_modules/express/node_modules/connect/lib/patch.js:59:22)
  at allFailed (/workspace/rs-api-sails/node_modules/passport/lib/passport/middleware/authenticate.js:153:13)
  at attempt (/workspace/rs-api-sails/node_modules/passport/lib/passport/middleware/authenticate.js:232:28)
  at Context.delegate.fail (/workspace/rs-api-sails/node_modules/passport/lib/passport/middleware/authenticate.js:227:9)
  at Context.actions.fail (/workspace/rs-api-sails/node_modules/passport/lib/passport/context/http/actions.js:35:22)
  at verified (/workspace/rs-api-sails/node_modules/passport-http-bearer/lib/strategy.js:125:19)
  at /workspace/rs-api-sails/config/bootstrap.js:40:18
  at try_callback (/workspace/rs-api-sails/node_modules/redis/index.js:580:9)
  at RedisClient.return_reply (/workspace/rs-api-sails/node_modules/redis/index.js:670:13)
10 Dec 13:25:15 - [nodemon] app crashed - waiting for file changes before starting...

这是 bootstrap.js 中承载身份验证的代码：

passport.use(new BearerStrategy(
  function(token, done) 
    var redis = require("redis"),
    client = redis.createClient(null, null, detect_buffers: true);

    client.get(token, function (err, reply) 
      if (reply === null) 
        // if token is not a key in redis, node throws the headers already sent error
        return done(null, false);
       else 
        User.findOne( id: reply.toString() ).done(function(err, user) 
          sails.log(user);

          // here we get the user data from waterline but node still sends a 403
          return done(null, user);
        );
      
    );
  
));  

此代码在策略/isAuthenticated.js 中：

module.exports = function(req, res, next) 
  var passport = require('passport');    

  passport.authenticate('bearer',  session: false )(req, res, next);  

  // User is allowed, proceed to the next policy, 
  // or if this is the last policy, the controller
  if (req.isAuthenticated()) 
    return next();
  

  // User is not allowed
  // (default res.forbidden() behavior can be overridden in `config/403.js`)
  return res.forbidden('You are not permitted to perform this action.');
;

我是 node 新手，非常感谢任何帮助！

【参考方案1】：

更新：在对政策/isAuthenticated.js 进行一些更改后，现在似乎可以正常工作了：

var passport = require('passport');   

module.exports = function(req, res, next)  

  passport.authenticate('bearer',  session: false , function(err, user, info) 

    if (req.isAuthenticated()) 
      // user is allowed through local strategy
      return next();
      

    if (err) 
      return res.send(403,  error: 'Error: ' + info );        
    

    if (!user) 
      return res.send(403,  error: 'Invalid token' );
     

    if (user) 
      sails.log(user);
      return next();
    

    // (default res.forbidden() behavior can be overridden in `config/403.js`)
    return res.forbidden('You are not permitted to perform this action.');    

  )(req, res, next);

;