Sails.js 与护照-http-bearer 身份验证不起作用
Posted
技术标签:
【中文标题】Sails.js 与护照-http-bearer 身份验证不起作用【英文标题】:Sails.js with passport-http-bearer authentication not working 【发布时间】:2013-12-28 16:15:28 【问题描述】:我正在对护照使用多种策略(本地和不记名策略)。使用本地策略登录有效。我们登录后生成一个token,token存放在redis中。初始登录后,只要在 redis 中找到令牌,我就想使用不带会话的不记名身份验证。如果我发送正确的令牌,我可以查询 redis 并获取用户数据,但节点仍然发送 403 响应而不是我期望的 200 状态代码。如果在 redis 中找不到 token,sails 会崩溃并报以下错误:
/workspace/rs-api-sails/node_modules/redis/index.js:587
throw err;
^
Error: Can't set headers after they are sent.
at ServerResponse.OutgoingMessage.setHeader (http.js:691:11)
at ServerResponse.res.setHeader (/workspace/rs-api-sails/node_modules/sails/node_modules/express/node_modules/connect/lib/patch.js:59:22)
at allFailed (/workspace/rs-api-sails/node_modules/passport/lib/passport/middleware/authenticate.js:153:13)
at attempt (/workspace/rs-api-sails/node_modules/passport/lib/passport/middleware/authenticate.js:232:28)
at Context.delegate.fail (/workspace/rs-api-sails/node_modules/passport/lib/passport/middleware/authenticate.js:227:9)
at Context.actions.fail (/workspace/rs-api-sails/node_modules/passport/lib/passport/context/http/actions.js:35:22)
at verified (/workspace/rs-api-sails/node_modules/passport-http-bearer/lib/strategy.js:125:19)
at /workspace/rs-api-sails/config/bootstrap.js:40:18
at try_callback (/workspace/rs-api-sails/node_modules/redis/index.js:580:9)
at RedisClient.return_reply (/workspace/rs-api-sails/node_modules/redis/index.js:670:13)
10 Dec 13:25:15 - [nodemon] app crashed - waiting for file changes before starting...
这是 bootstrap.js 中承载身份验证的代码:
passport.use(new BearerStrategy(
function(token, done)
var redis = require("redis"),
client = redis.createClient(null, null, detect_buffers: true);
client.get(token, function (err, reply)
if (reply === null)
// if token is not a key in redis, node throws the headers already sent error
return done(null, false);
else
User.findOne( id: reply.toString() ).done(function(err, user)
sails.log(user);
// here we get the user data from waterline but node still sends a 403
return done(null, user);
);
);
));
此代码在策略/isAuthenticated.js 中:
module.exports = function(req, res, next)
var passport = require('passport');
passport.authenticate('bearer', session: false )(req, res, next);
// User is allowed, proceed to the next policy,
// or if this is the last policy, the controller
if (req.isAuthenticated())
return next();
// User is not allowed
// (default res.forbidden() behavior can be overridden in `config/403.js`)
return res.forbidden('You are not permitted to perform this action.');
;
我是 node 新手,非常感谢任何帮助!
【问题讨论】:
【参考方案1】:更新:在对政策/isAuthenticated.js 进行一些更改后,现在似乎可以正常工作了:
var passport = require('passport');
module.exports = function(req, res, next)
passport.authenticate('bearer', session: false , function(err, user, info)
if (req.isAuthenticated())
// user is allowed through local strategy
return next();
if (err)
return res.send(403, error: 'Error: ' + info );
if (!user)
return res.send(403, error: 'Invalid token' );
if (user)
sails.log(user);
return next();
// (default res.forbidden() behavior can be overridden in `config/403.js`)
return res.forbidden('You are not permitted to perform this action.');
)(req, res, next);
;
【讨论】:
以上是关于Sails.js 与护照-http-bearer 身份验证不起作用的主要内容,如果未能解决你的问题,请参考以下文章
使用 Passport.js 和 Sails.js 注册后如何重定向到特定位置?