node.js - express, authentication without 401 -
this resume authentication method.
tried use express.basicauth, forces browser ask user , pass, , need use own login page, google, facebook yahoo...
is right? there better way this?
want avoid modules, passport, if can.
i want use function this, using auth middleware (app.get('/loggedin', auth, function(req, res)...) var express = require('express'); var app = express();
app.use(express.cookieparser()); var redisstore = require('connect-redis')(express); app.use(express.session({ store: new redisstore({ host: 'localhost', port: 6379, db: 2, pass: 'redispass' }), secret: '1234567890qwerty' })); var auth = function(req, res, next) { if (req.session.authstatus === 'loggedin') next(); else res.redirect('/login'); }; app.get('/', function(req, res) { console.log("/"); res.send('not authenticate'); }); app.get('/signin', function(req, res) { console.log("/signin"); if (req.body.user && req.body.pass) { req.user = req.body.user; req.remoteuser = req.body.user; req.session.authstatus = 'loggedin'; req.session.lastpage = '/signin'; res.redirect('/loggedin'); } else res.redirect('/login'); }); app.get('/loggedin', auth, function(req, res) { if(req.session.lastpage) { res.write('last page was: ' + req.session.lastpage + '. '); } req.session.lastpage = '/loggedin'; res.write('yeeeeeeeeeee'); res.end(); }); app.get('/loggedin2', auth, function(req, res) { console.log("/loggedin2"); if(req.session.lastpage) { res.write('last page was: ' + req.session.lastpage + '. '); } req.session.lastpage = '/loggedin2'; res.write('wowwwww!!!!!!'); res.end(); }); app.get('/logout', auth, function(req, res) { console.log("/logout"); req.session.destroy(); }); app.get('/login', function(req, res) { console.log("/notlogged"); res.send('enter user , pass...'); }); app.listen(process.env.port || 8080);
you use passport middleware module in npm — passport-local module provides authentication against local resource such database.
Comments
Post a Comment