1. 首页
  2. 问答
  3. NodeJS ExpressJS PassportJS - 仅限管理页面

NodeJS ExpressJS PassportJS - 仅限管理页面

2013-06-20 46 views
4

使用NodeJS,ExpressJS,Mongoose,PassportJS & connect-ensure-login。对用户进行身份验证完美无缺。NodeJS ExpressJS PassportJS - 仅限管理页面

.... 
var passport = require('passport') 
    , LocalStrategy = require('passport-local').Strategy 
    , ensureLoggedIn = require('connect-ensure-login').ensureLoggedIn; 

var app = express(); 
... 
app.use(passport.initialize()); 
app.use(passport.session());  
... 


passport.use(new LocalStrategy({usernameField: 'email', passwordField: 'password'}, 
    function(email, password, done) { 
    User.findOne({ 'email': email, 'password': password }, 
       {'_id': 1, 'email':1}, function(err, user) { 

    if (err) { return done(err); } 

    if (!user) { 
     return done(null, false, { message: 'Incorrect username.' }); 
    } 

    return done(null, user); 
    }); 
})); 

passport.serializeUser(function(user, done) { 
    done(null, user); 
}); 

passport.deserializeUser(function(user, done) { 
    done(null, user); 
}); 

app.post('/login', passport.authenticate('local', 
    { successReturnToOrRedirect: '/home', failureRedirect: '/login' })); 

app.get('/logout', function(req, res){ 
    req.logout(); 
    res.redirect('/'); 
});

现在,我想为一些路由添加限制,只能通过管理员访问。我怎样才能做到这一点?例如/admin/*

var schema = new mongoose.Schema({ 
    name: String, 
    email: String, 
    password: String, 
    isAdmin: { type: Boolean, default: false } 
}); 

mongoose.model('User', schema);

任何提示?由于

来源

2013-06-20 JR Galia

回答

11

您可以附加一个自定义的中间件到/admin/*路线将经过对任何更具体的/admin/路线的请求之前检查管理状态:

var ensureLoggedIn = require('connect-ensure-login').ensureLoggedIn; 
... 
var requiresAdmin = function() { 
    return [ 
    ensureLoggedIn('/login'), 
    function(req, res, next) { 
     if (req.user && req.user.isAdmin === true) 
     next(); 
     else 
     res.send(401, 'Unauthorized'); 
    } 
    ] 
}; 

app.all('/admin/*', requiresAdmin()); 
app.get('/admin/', ...);

来源

2013-06-20 06:41:50 robertklep

+0

我加了你的解决方案,但我想我错过了一些东西,它总是未经授权。 –

+0

它使用'ensureLoggedIn('/ login'),'谢谢 –

+0

@JRGalia你是非常正确的,我编辑我的答案来解决这个错误:) – robertklep

-1 
//Add following function to your app.js above **app.use(app.router)** call; 

//This function will be called every time when the server receive request. 

app.use(function (req, res, next) { 
    if (req.isAuthenticated || req.isAuthenticated()) 
    { 
    var currentUrl = req.originalUrl || req.url; 
    //Check wheather req.user has access to the above URL 
    //If req.user don't have access then redirect the user 
    // to home page or login page 
    res.redirect('HOME PAGE URL'); 
    } 
    next(); 
});

我还没有尝试过但我认为它会起作用。

来源

2013-06-20 06:43:28

+0

应该是'if(req.isAuthenticated())' – Joey

相关问题

 相关问题