Node.js学习日记(八):用cookie-session完成简单的登陆验证

176 阅读1分钟

整体还是用connect框架实现的,用表单提交数据,服务器端form-data的获取方法在前一章有讲到。每次登录验证它的session.logged_in是否是真,如果不为真,则显示表单进行登陆验证,否则显示已登录

session.js

var connect=require('connect')
,cookieSession=require('cookie-session')
,users=require('./users')
,morgan = require('morgan')
,multipart = require('connect-multiparty');
var server=connect()
    .use(cookieSession({
        name:'session',
        keys: ['key1','key2'],
        maxAge:1000*30
    }))
    .use(morgan())
    .use(multipart())

    .use(function(req,res,next){
        if('/'==req.url&&req.session['logged_in']==true){
            console.log('relogging')
            res.writeHead(200,{'Content-Type':'text/html'})
            res.end(`<h1>welcome back,<b>${req.session['name']}</b></h1><p><a>log Out</a></p>`)
        }else{
            next()
        }
    })
    .use(function(req,res,next){
        if('/'==req.url&&req.method=="GET"){
            console.log(req.session['logged_in'])
            res.writeHead(200,{'Content-type':'text/html'})
            res.end(`<form action="/login" method="POST" enctype="multipart/form-data">
                <fieldset>
                    <p>
                        <span>username</span>
                        <input type="text" name="username"/>
                    </p>                    
                    <p>
                        <span>password</span>
                        <input type="password" name="password"/>
                    </p>
                    <input type="submit" name="submit" value="submit"/>
                </fieldset>
            </form>
            `)
        }
        else{
            next()
        }
    })
    .use(function(req,res,next){
        if(req.url=="/login"&&req.method=="POST"){
            //console.log(req.body)
            res.writeHead(200)
            if(req.body.password!=users[req.body.username].password||!users[req.body.username].password){
                res.end('Wrong password')
            }else{
                req.session.logged_in=true
                req.session['name']=users[req.body.username].name
                res.end('Authenticated')
            }
        }else{
            next()
        }
    })
    .use(function(req,res,next){
        if('/logout'==req.url&&req.method=="GET"){
            req.session['logged_in']=false;
            res.writeHead(200)
            res.end("Logged out")
        }else{
            next()
        }
    })
    server.listen(3000)

刷新后session居然没保存上,还有待改进.... 问了下师兄,发现是一个之前一直忽视的问题:req要写在res之前。我真蠢,真的。 好了现在就对了。

    .use(function(req,res,next){
        if(req.url=="/login"&&req.method=="POST"){
            //console.log(req.body)
            
            if(req.body.password!=users[req.body.username].password||!users[req.body.username].password){
                res.writeHead(200)
                res.end('Wrong password')
            }else{
                req.session.logged_in=true
                req.session['name']=users[req.body.username].name
                res.writeHead(200)
                res.end('Authenticated')
            }
        }else{
            next()
        }
    })