Sails.js与护照-HTTP承载认证不起作用

Question

我使用多种策略与护照（本地和承载策略）。本地策略的登录工作。我们在登录后生成一个令牌，令牌存储在redis中。在初始登录后，只要在redis中找到令牌，我就想使用不带会话的承载认证。如果我发送正确的令牌，我可以查询redis并获取用户数据，但节点仍发送403响应，而不是我期望的200状态码。如果Redis的找不到令牌，帆崩溃，并显示以下错误：

/workspace/rs-api-sails/node_modules/redis/index.js:587 
      throw err; 
       ^
Error: Can't set headers after they are sent. 
    at ServerResponse.OutgoingMessage.setHeader (http.js:691:11) 
    at ServerResponse.res.setHeader (/workspace/rs-api-sails/node_modules/sails/node_modules/express/node_modules/connect/lib/patch.js:59:22) 
    at allFailed (/workspace/rs-api-sails/node_modules/passport/lib/passport/middleware/authenticate.js:153:13) 
    at attempt (/workspace/rs-api-sails/node_modules/passport/lib/passport/middleware/authenticate.js:232:28) 
    at Context.delegate.fail (/workspace/rs-api-sails/node_modules/passport/lib/passport/middleware/authenticate.js:227:9) 
    at Context.actions.fail (/workspace/rs-api-sails/node_modules/passport/lib/passport/context/http/actions.js:35:22) 
    at verified (/workspace/rs-api-sails/node_modules/passport-http-bearer/lib/strategy.js:125:19) 
    at /workspace/rs-api-sails/config/bootstrap.js:40:18 
    at try_callback (/workspace/rs-api-sails/node_modules/redis/index.js:580:9) 
    at RedisClient.return_reply (/workspace/rs-api-sails/node_modules/redis/index.js:670:13) 
10 Dec 13:25:15 - [nodemon] app crashed - waiting for file changes before starting... 

下面是bootstrap.js用于承载验证码：

passport.use(new BearerStrategy(
    function(token, done) { 
    var redis = require("redis"), 
    client = redis.createClient(null, null, {detect_buffers: true}); 

    client.get(token, function (err, reply) { 
     if (reply === null) { 
     // if token is not a key in redis, node throws the headers already sent error 
     return done(null, false); 
     } else { 
     User.findOne({ id: reply.toString() }).done(function(err, user) { 
      sails.log(user); 

      // here we get the user data from waterline but node still sends a 403 
      return done(null, user); 
     }); 
     } 
    }); 
    } 
)); 

此代码是在政策/ isAuthenticated.js ：

module.exports = function(req, res, next) { 
    var passport = require('passport');  

    passport.authenticate('bearer', { session: false })(req, res, next); 

    // User is allowed, proceed to the next policy, 
    // or if this is the last policy, the controller 
    if (req.isAuthenticated()) { 
    return next(); 
    } 

    // User is not allowed 
    // (default res.forbidden() behavior can be overridden in `config/403.js`) 
    return res.forbidden('You are not permitted to perform this action.'); 
}; 

我是新来的节点，非常感谢任何帮助！

Answer 1

更新：似乎政策/ isAuthenticated.js一些变化后要现在的工作：

var passport = require('passport'); 

module.exports = function(req, res, next) { 

    passport.authenticate('bearer', { session: false }, function(err, user, info) { 

    if (req.isAuthenticated()) { 
     // user is allowed through local strategy 
     return next(); 
    } 

    if (err) { 
     return res.send(403, { error: 'Error: ' + info });   
    } 

    if (!user) { 
     return res.send(403, { error: 'Invalid token' }); 
    } 

    if (user) { 
     sails.log(user); 
     return next(); 
    } 

    // (default res.forbidden() behavior can be overridden in `config/403.js`) 
    return res.forbidden('You are not permitted to perform this action.');  

    })(req, res, next); 

};