我正在node.js中实现身份验证系统,其中express由用户的redis数据库支持,connect-redis用于持久的可扩展会话存储。

这是我的应用程序的核心,即服务器:

// Module Dependencies

var express = require('express');
var redis = require('redis');
var client = redis.createClient();
var RedisStore = require('connect-redis')(express);
var crypto = require('crypto');

var app = module.exports = express.createServer();

// Configuration

app.configure(function(){
  app.set('views', __dirname + '/views');
  app.set('view engine', 'jade');
  app.use(express.bodyParser());
  app.use(express.methodOverride());
  app.use(express.cookieParser());
  app.use(express.session({ secret: 'obqc487yusyfcbjgahkwfet73asdlkfyuga9r3a4', store: new RedisStore }));
  app.use(require('stylus').middleware({ src: __dirname + '/public' }));
  app.use(app.router);
  app.use(express.static(__dirname + '/public'));
});

app.configure('development', function(){
  app.use(express.errorHandler({ dumpExceptions: true, showStack: true }));
});

app.configure('production', function(){
  app.use(express.errorHandler());
});

// Message Helper

app.dynamicHelpers({
  // Index Alerts
  indexMessage: function(req){
    var msg = req.sessionStore.indexMessage;
    if (msg) return '<p class="message">' + msg + '</p>';
  },
  // Login Alerts
  loginMessage: function(req){
    var err = req.sessionStore.loginError;
    var msg = req.sessionStore.loginSuccess;
    delete req.sessionStore.loginError;
    delete req.sessionStore.loginSuccess;
    if (err) return '<p class="error">' + err + '</p>';
    if (msg) return '<p class="success">' + msg + '</p>';
  },
  // Register Alerts
  registerMessage: function(req){
    var err = req.sessionStore.registerError;
    var msg = req.sessionStore.registerSuccess;
    delete req.sessionStore.registerError;
    delete req.sessionStore.registerSuccess;
    if (err) return '<p class="error">' + err + '</p>';
    if (msg) return '<p class="success">' + msg + '</p>';
  },
  // Session Access
  sessionStore: function(req, res){
    return req.sessionStore;
  }
});

// Salt Generator

function generateSalt(){
  var text = "";
  var possible= "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*"
  for(var i = 0; i < 40; i++)
    text += possible.charAt(Math.floor(Math.random() * possible.length));
  return text;
}

// Generate Hash

function hash(msg, key){
  return crypto.createHmac('sha256', key).update(msg).digest('hex');
}

// Authenticate

function authenticate(username, pass, fn){
  client.get('username:' + username + ':uid', function(err, uid){
    if (uid !== null){
      client.hgetall('uid:' + uid, function(err, user){
        if (user.pass == hash(pass, user.salt)){
          return fn(null, user);
        }
        else{
          fn(new Error('invalid password'));
        }
      });
    }
    else{
      return fn(new Error('cannot find user'));
    }
  });
}

function restrict(req, res, next){
  if (req.sessionStore.user) {
    next();
  } else {
    req.sessionStore.loginError = 'Access denied!';
    res.redirect('/login');
  }
}

function accessLogger(req, res, next) {
  console.log('/restricted accessed by %s', req.sessionStore.user.username);
  next();
}

// Routes

app.get('/', function(req, res){
  res.render('index', {
    title: 'TileTabs'
  });
});

app.get('/restricted', restrict, accessLogger, function(req, res){
  res.render('restricted', {
    title: 'Restricted Section'
  });
});

app.get('/logout', function(req, res){
  req.sessionStore.destroy(function(err){
    if (err){
      console.log('Error destroying session...');
    }
    else{
      console.log(req.sessionStore.user.username + ' has logged out.');
      res.redirect('home');
    }
  });
});

app.get('/login', function(req, res){
  res.render('login', {
    title: 'TileTabs Login'
  });
});

app.post('/login', function(req, res){
  var usernameLength = req.body.username.length;
  var passwordLength = req.body.password.length;
  if (usernameLength == 0 && passwordLength == 0){
    req.sessionStore.loginError = 'Authentication failed, please enter a username and password!';
    res.redirect('back');
  }
  else{
    authenticate(req.body.username, req.body.password, function(err, user){
      if (user) {
        req.session.regenerate(function(){
          req.sessionStore.user = user;
          req.sessionStore.indexMessage = 'Authenticated as ' + req.sessionStore.user.name + '.  Click to <a href="/logout">logout</a>. ' + ' You may now access <a href="/restricted">the restricted section</a>.';
          console.log(req.sessionStore.user.username + ' logged in!');
          res.redirect('home');
        });
      } else {
        req.sessionStore.loginError = 'Authentication failed, please check your username and password.';
        res.redirect('back');
      }
    });
  }
});

app.get('/register', function(req, res){
  res.render('register', {
    title: 'TileTabs Register'
  });
});

app.post('/register', function(req, res){
  var name = req.body.name;
  var username = req.body.username;
  var password = req.body.password;
  var salt = generateSalt();

  if (name.length == 0 && username.length == 0 && password.length == 0){
    req.sessionStore.registerError = 'Registration failed, please enter a name, username and password!';
    res.redirect('back');
  }
  else{
    client.get('username:' + username + ':uid', function(err, uid){
      if (uid !== null){
        req.sessionStore.registerError = 'Registration failed, ' + username + ' already taken.';
        res.redirect('back');
      }
      else{
        client.incr('global:nextUserId', function(err, uid){
          client.set('username:' + username + ':uid', uid);
          client.hmset('uid:' + uid, {
            name: name,
            username: username,
            salt: salt,
            pass: hash(password, salt)
          }, function(){
            req.sessionStore.loginSuccess = 'Thanks for registering!  Try logging in!';
            console.log(username + ' has registered!');
            res.redirect('/login');
          });
        });
      }
    });
  }
});

// Only listen on $ node app.js

if (!module.parent) {
  app.listen(80);
  console.log("Express server listening on port %d", app.address().port);
}


注册和登录身份验证可以很好地工作,但是由于某些原因,当连接的用户尝试注销时,我遇到了麻烦。

从我的/logout路线可以看到,

app.get('/logout', function(req, res){
  req.sessionStore.destroy(function(err){
    if (err){
      console.log('Error destroying session...');
    }
    else{
      console.log(req.sessionStore.user.username + ' has logged out.');
      res.redirect('home');
    }
  });
});


我有两个console.log尝试确定冻结发生的位置。有趣的是,什么都没有记录。

因此,无论出于何种原因,均未正确调用destroy()

我不确定是否只是在搞语法,或者是什么,但是根据connect documentation,它似乎好像是我正确设置的一样。

最佳答案

您必须使用req.session而不是req.sessionStore。 req.sessionStore是单个RedisStore实例,不会由connect动态设置。这意味着您的代码仅适用于一个用户。您的用户将以这种方式共享相同的会话数据。

req.sessionStore也有一个destroy方法,这就是为什么您没有收到任何错误的原因。没有调用您的回调,因为在此方法中,回调是第二个参数。

只需将req.sessionStore替换为所有代码中的req.session。例如。:

 req.session.destroy(function(err) { ... });

关于session - 卡住connect-redis session 销毁?,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/6921231/

10-13 08:55