我正在
github上使用
this example找到护照本地策略与mongoose / mongodb.
我遇到的问题是,当用户注销时,他们仍然可以通过点击浏览器上的后退按钮来访问受限信息.我是node.js的新手,但我想在需要执行后退和前进按钮之前,需要实现某种类型的钩子来调用ensureAuthenticated函数 – 位于代码最底部的所有方式.在用户注销后,如何通过点击后退按钮来阻止用户访问受限信息?
我遇到的问题是,当用户注销时,他们仍然可以通过点击浏览器上的后退按钮来访问受限信息.我是node.js的新手,但我想在需要执行后退和前进按钮之前,需要实现某种类型的钩子来调用ensureAuthenticated函数 – 位于代码最底部的所有方式.在用户注销后,如何通过点击后退按钮来阻止用户访问受限信息?
var express = require('express'),passport = require('passport'),LocalStrategy = require('passport-local').Strategy,mongodb = require('mongodb'),mongoose = require('mongoose'),bcrypt = require('bcrypt'),SALT_WORK_FACTOR = 10; mongoose.connect('localhost','test'); var db = mongoose.connection; db.on('error',console.error.bind(console,'connection error:')); db.once('open',function callback() { console.log('Connected to DB'); }); // User Schema var userSchema = mongoose.Schema({ username: { type: String,required: true,unique: true },email: { type: String,password: { type: String,required: true},accesstoken: { type: String } // Used for Remember Me }); // Bcrypt middleware userSchema.pre('save',function(next) { var user = this; if(!user.isModified('password')) return next(); bcrypt.genSalt(SALT_WORK_FACTOR,function(err,salt) { if(err) return next(err); bcrypt.hash(user.password,salt,hash) { if(err) return next(err); user.password = hash; next(); }); }); }); // Password verification userSchema.methods.comparePassword = function(candidatePassword,cb) { bcrypt.compare(candidatePassword,this.password,isMatch) { if(err) return cb(err); cb(null,isMatch); }); }; // Remember Me implementation helper method userSchema.methods.generaterandomToken = function () { var user = this,chars = "_!abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMnopQRSTUVWXYZ1234567890",token = new Date().getTime() + '_'; for ( var x = 0; x < 16; x++ ) { var i = Math.floor( Math.random() * 62 ); token += chars.charat( i ); } return token; }; // Seed a user var User = mongoose.model('User',userSchema); // var usr = new User({ username: 'bob',email: 'bob@example.com',password: 'secret' }); // usr.save(function(err) { // if(err) { // console.log(err); // } else { // console.log('user: ' + usr.username + " saved."); // } // }); // Passport session setup. // To support persistent login sessions,Passport needs to be able to // serialize users into and deserialize users out of the session. Typically,// this will be as simple as storing the user ID when serializing,and finding // the user by ID when deserializing. // // Both serializer and deserializer edited for Remember Me functionality passport.serializeUser(function(user,done) { var createAccesstoken = function () { var token = user.generaterandomToken(); User.findOne( { accesstoken: token },function (err,existingUser) { if (err) { return done( err ); } if (existingUser) { createAccesstoken(); // Run the function again - the token has to be unique! } else { user.set('accesstoken',token); user.save( function (err) { if (err) return done(err); return done(null,user.get('accesstoken')); }) } }); }; if ( user._id ) { createAccesstoken(); } }); passport.deserializeUser(function(token,done) { User.findOne( {accesstoken: token },user) { done(err,user); }); }); // Use the LocalStrategy within Passport. // Strategies in passport require a `verify` function,which accept // credentials (in this case,a username and password),and invoke a callback // with a user object. In the real world,this would query a database; // however,in this example we are using a baked-in set of users. passport.use(new LocalStrategy(function(username,password,done) { User.findOne({ username: username },user) { if (err) { return done(err); } if (!user) { return done(null,false,{ message: 'UnkNown user ' + username }); } user.comparePassword(password,isMatch) { if (err) return done(err); if(isMatch) { return done(null,user); } else { return done(null,{ message: 'Invalid password' }); } }); }); })); var app = express(); // configure Express app.configure(function() { app.set('views',__dirname + '/views'); app.set('view engine','ejs'); app.engine('ejs',require('ejs-locals')); app.use(express.logger()); app.use(express.cookieParser()); app.use(express.bodyParser()); app.use(express.methodoverride()); app.use(express.session({ secret: 'keyboard cat' })); // CHANGE THIS SECRET! // Remember Me middleware app.use( function (req,res,next) { if ( req.method == 'POST' && req.url == '/login' ) { if ( req.body.rememberme ) { req.session.cookie.maxAge = 2592000000; // 30*24*60*60*1000 Rememeber 'me' for 30 days } else { req.session.cookie.expires = false; } } next(); }); // Initialize Passport! Also use passport.session() middleware,to support // persistent login sessions (recommended). app.use(passport.initialize()); app.use(passport.session()); app.use(app.router); app.use(express.static(__dirname + '/../../public')); }); app.get('/users',function(req,res) { var users = User.find(); console.log(users); res.send(users); }); app.get('/',res){ res.render('index',{ user: req.user }); }); app.get('/account',ensureAuthenticated,res){ res.render('account',{ user: req.user }); }); app.get('/login',res){ res.render('login',{ user: req.user,message: req.session.messages }); }); // POST /login // Use passport.authenticate() as route middleware to authenticate the // request. If authentication fails,the user will be redirected back to the // login page. Otherwise,the primary route function function will be called,// which,in this example,will redirect the user to the home page. // // curl -v -d "username=bob&password=secret" http://127.0.0.1:3000/login // /***** This version has a problem with flash messages app.post('/login',passport.authenticate('local',{ failureRedirect: '/login',failureFlash: true }),res) { res.redirect('/'); }); */ // POST /login // This is an alternative implementation that uses a custom callback to // acheive the same functionality. app.post('/login',next) { passport.authenticate('local',user,info) { if (err) { return next(err) } if (!user) { req.session.messages = [info.message]; return res.redirect('/login') } req.logIn(user,function(err) { if (err) { return next(err); } return res.redirect('/'); }); })(req,next); }); app.get('/logout',res){ req.logout(); res.redirect('/'); }); app.listen(3000,function() { console.log('Express server listening on port 3000'); }); // Simple route middleware to ensure user is authenticated. // Use this route middleware on any resource that needs to be protected. If // the request is authenticated (typically via a persistent login session),// the request will proceed. Otherwise,the user will be redirected to the // login page. function ensureAuthenticated(req,next) { if (req.isAuthenticated()) { return next(); } res.redirect('/login') }
编辑
我想我可能会做些什么,但却无法让它发挥作用.做了一些研究后,
似乎我需要做的是阻止本地缓存.我正在尝试从我的app.configure函数中执行此操作:
app.configure(function() { app.use(function(req,next) { res.header('Cache-Control','no-cache,private,no-store,must-revalidate,max-stale=0,post-check=0,pre-check=0'); next(); }); });
但是,这似乎并没有影响我的标题.