我是 PassportJS 和 AngularJS 的新手,我对如何进行此授权有疑问。
我有 Oauth2 保护的 Spring REST API,但我必须像这样一起发送用户凭据:
[http://localhost:8080/myapp/oauth/token]
grant_type=password&username=email&password=password&client_id=09e749d8309f4044&client_secret=189309492722aa5a&scope=read
在客户端我的应用程序中我使用 Passport 并且我想授权/验证我的用户,我该如何为此创建策略?
我将把我的服务器配置和我的安全库发送到这里。
服务器.js
var fs = require('fs');
var http = require('http');
var https = require('https');
var privateKey = fs.readFileSync(__dirname + '/cert/privatekey.pem').toString();
var certificate = fs.readFileSync(__dirname + '/cert/certificate.pem').toString();
var credentials = {key: privateKey, cert: certificate};
var express = require('express');
var config = require('./config.js');
var passport = require('passport');
var security = require('./lib/security');
var xsrf = require('./lib/xsrf');
var protectJSON = require('./lib/protectJSON');
require('express-namespace');
var app = express();
var secureServer = https.createServer(credentials, app);
var server = http.createServer(app);
// Serve up the favicon
app.use(express.favicon(config.server.distFolder + '/favicon.ico'));
// First looks for a static file: index.html, css, images, etc.
app.use(config.server.staticUrl, express.compress());
app.use(config.server.staticUrl, express['static'](config.server.distFolder));
app.use(config.server.staticUrl, function(req, res, next) {
res.send(404); // If we get here then the request for a static file is invalid
});
app.use(protectJSON);
app.use(express.logger()); // Log requests to the console
app.use(express.bodyParser()); // Extract the data from the body of the request - this is needed by the LocalStrategy authenticate method
app.use(express.cookieParser(config.server.cookieSecret)); // Hash cookies with this secret
app.use(express.cookieSession()); // Store the session in the (secret) cookie
app.use(passport.initialize()); // Initialize PassportJS
app.use(passport.session()); // Use Passport's session authentication strategy - this stores the logged in user in the session and will now run on any request
app.use(xsrf); // Add XSRF checks to the request
security.initialize(config.oauth.authorize_url, config.oauth.access_token, config.oauth.apiKey, config.oauth.secretKey, config.oauth.scopereq); // Add a Oauth strategy for handling the authentication
app.use(function(req, res, next) {
if ( req.user ) {
console.log('Current User:', req.user.firstName, req.user.lastName);
} else {
console.log('Unauthenticated');
}
next();
});
app.post('/login', security.login);
app.post('/logout', security.logout);
// Retrieve the current user
app.get('/current-user', security.sendCurrentUser);
// Retrieve the current user only if they are authenticated
app.get('/authenticated-user', function(req, res) {
security.authenticationRequired(req, res, function() { security.sendCurrentUser(req, res); });
});
// Retrieve the current user only if they are admin
app.get('/admin-user', function(req, res) {
security.adminRequired(req, res, function() { security.sendCurrentUser(req, res); });
});
// This route deals enables HTML5Mode by forwarding missing files to the index.html
app.all('/*', function(req, res) {
// Just send the index.html for other files to support HTML5Mode
res.sendfile('index.html', { root: config.server.distFolder });
});
// A standard error handler - it picks up any left over errors and returns a nicely formatted server 500 error
app.use(express.errorHandler({ dumpExceptions: true, showStack: true }));
// Start up the server on the port specified in the config
server.listen(config.server.listenPort, 'localhost', 511, function() {
// // Once the server is listening we automatically open up a browser
var open = require('open');
open('http://localhost:' + config.server.listenPort + '/');
});
console.log('Deengo Business App Server - listening on port: ' + config.server.listenPort);
secureServer.listen(config.server.securePort);
console.log('Deengo Business App Server - listening on secure port: ' + config.server.securePort);
lib/security.js
var express = require('express');
var passport = require('passport');
var app = express();
var BearerStrategy = require('passport-http-bearer').Strategy
var filterUser = function(user) {
if ( user ) {
return {
user : {
id: user._id.$oid,
email: user.email,
firstName: user.firstName,
lastName: user.lastName,
admin: user.admin
}
};
} else {
return { user: null };
}
};
var security = {
initialize: function(_authorize_url, _access_token, _apiKey, _secretKey, _scopereq) {
passport.use('deengo-auth', new OAuth2Strategy({
authorizationURL: _authorize_url,
tokenURL: _access_token,
clientID: _apiKey,
clientSecret: _secretKey,
callbackURL: 'http://localhost:3000/oauth/autorize/callback',
scope: _scopereq,
passReqToCallback: true,
skipUserProfile: true
},
function(req, accessToken, refreshToken, profile, done) {
client['headers']['authorization'] = 'bearer ' + req.session.passport.accessToken;
User.findOrCreate({ clientId: clientId }, function(err, user) {
done(err, user);
});
}
));
},
authenticationRequired: function(req, res, next) {
console.log('authRequired');
if (req.isAuthenticated()) {
next();
} else {
res.json(401, filterUser(req.user));
}
},
adminRequired: function(req, res, next) {
console.log('adminRequired');
if (req.user && req.user.admin ) {
next();
} else {
res.json(401, filterUser(req.user));
}
},
sendCurrentUser: function(req, res, next) {
res.json(200, filterUser(req.user));
res.end();
},
login: function(req, res, next) {
console.log(req.body.email);
console.log(req.body.password);
function authenticationFailed(err, user, info){
//if (err) { return next(err); }
/*if (!user) { return res.json(filterUser(user)); }
req.logIn(user, function(err) {
if ( err ) { return next(err); }
return res.json(filterUser(user));
});*/
}
//passport.authenticate("deengo-auth", authenticationFailed)(req, res, next);
return null;
},
logout: function(req, res, next) {
req.logout();
res.send(204);
}
};
module.exports = security;
lib/DeengoStrategy.js
var util = require('util');
var passport = require('passport');
var LocalStrategy = require('passport-local').Strategy;
var BearerStrategy = require('passport-http-bearer').Strategy;
var rest = require('request');
function DeengoRestStrategy(authorize_url, access_token, apiKey, secretKey, scopereq) {
this.authorize_url = authorize_url;
this.access_token = access_token;
this.apiKey = apiKey;
this.secretKey = secretKey;
this.scopereq = secretKey;
this.baseUrl = 'http://localhost:8080/deengo/api/';
// Call the super constructor - passing in our user verification function
// We use the email field for the username
LocalStrategy.call(this, { usernameField: 'email' }, this.verifyUser.bind(this));
// Serialize the user into a string (id) for storing in the session
passport.serializeUser(function(user, done) {
done(null, user.id);
});
// Deserialize the user from a string (id) into a user (via a cll to REST)
passport.deserializeUser(this.get.bind(this));
// We want this strategy to have a nice name for use by passport, e.g. app.post('/login', passport.authenticate('deengo'));
this.name = DeengoRestStrategy.name;
}
// DeengoRestStrategy inherits from LocalStrategy
util.inherits(DeengoRestStrategy, LocalStrategy);
DeengoRestStrategy.name = "deengo";
// Query the users collection
DeengoRestStrategy.prototype.query = function(query, done) {
query.accessToken = this.accessToken; // Add the apiKey to the passed in query
var request = rest.get(this.baseUrl, { qs: query, json: {} }, function(err, response, body) {
done(err, body);
});
};
// Get a user by id
DeengoRestStrategy.prototype.get = function(id, done) {
var query = { apiKey: this.apiKey };
var request = rest.get(this.baseUrl + id, { qs: query, json: {} }, function(err, response, body) {
done(err, body);
});
};
// Find a user by their email
DeengoRestStrategy.prototype.findByEmail = function(email, done) {
this.query({ q: JSON.stringify({email: email}) }, function(err, result) {
if ( result && result.length === 1 ) {
return done(err, result[0]);
}
done(err, null);
});
};
// Check whether the user passed in is a valid one
DeengoRestStrategy.prototype.verifyUser = function(email, password, done) {
this.findByEmail(email, function(err, user) {
if (!err && user) {
if (user.password !== password) {
user = null;
}
}
done(err, user);
});
};
module.exports = DeengoRestStrategy;
不知道要不要用passport-Bearer,不知道怎么用。
提前感谢您的帮助。
问候,
爱德华多。
最佳答案
I do not know if I have to use passport-Bearer or not and how to use-it.
没有。还有其他选择,例如:
以下是如何使用 Passport 的示例:
// Express using passport-local
// This code is adaptation of examples/express3 from https://github.com/jaredhanson/passport-local
// configure Express
app.configure(function() {
// ...
app.use(express.session({
// The domain should start with a dot, as this allows the subdomain.
domain: '.app.local',
secret: 'keyboard cat'
}));
// Enable cors.
app.use(function(req, res, next) {
res.header('Access-Control-Allow-Credentials', true);
res.header('Access-Control-Allow-Origin', req.headers.origin);
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
res.header('Access-Control-Allow-Headers', 'X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept');
next();
});
// ...
});
app.get('/account', ensureAuthenticated, function(req, res){
// Return the current user's info
res.json(req.user);
});
引用文献
关于angularjs - Angular JS + Node JS + Passport + Spring OAuth2 认证/授权,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/18260230/
我的瘦服务器配置了nginx,我的ROR应用程序正在它们上运行。在我发布代码更新时运行thinrestart会给我的应用程序带来一些停机时间。我试图弄清楚如何优雅地重启正在运行的Thin实例,但找不到好的解决方案。有没有人能做到这一点? 最佳答案 #Restartjustthethinserverdescribedbythatconfigsudothin-C/etc/thin/mysite.ymlrestartNginx将继续运行并代理请求。如果您将Nginx设置为使用多个上游服务器,例如server{listen80;server
如何将send与+=一起使用?a=20;a.send"+=",10undefinedmethod`+='for20:Fixnuma=20;a+=10=>30 最佳答案 恐怕你不能。+=不是方法,而是语法糖。参见http://www.ruby-doc.org/docs/ProgrammingRuby/html/tut_expressions.html它说Incommonwithmanyotherlanguages,Rubyhasasyntacticshortcut:a=a+2maybewrittenasa+=2.你能做的最好的事情是:
我对如何计算通过{%assignvar=0%}赋值的变量加一完全感到困惑。这应该是最简单的任务。到目前为止,这是我尝试过的:{%assignamount=0%}{%forvariantinproduct.variants%}{%assignamount=amount+1%}{%endfor%}Amount:{{amount}}结果总是0。也许我忽略了一些明显的东西。也许有更好的方法。我想要存档的只是获取运行的迭代次数。 最佳答案 因为{{incrementamount}}将输出您的变量值并且不会影响{%assign%}定义的变量,我
我有一个数组数组,想将元素附加到子数组。+=做我想做的,但我想了解为什么push不做。我期望的行为(并与+=一起工作):b=Array.new(3,[])b[0]+=["apple"]b[1]+=["orange"]b[2]+=["frog"]b=>[["苹果"],["橙子"],["Frog"]]通过推送,我将推送的元素附加到每个子数组(为什么?):a=Array.new(3,[])a[0].push("apple")a[1].push("orange")a[2].push("frog")a=>[[“苹果”、“橙子”、“Frog”]、[“苹果”、“橙子”、“Frog”]、[“苹果”、“
有没有办法让Ruby能够做这样的事情?classPlane@moved=0@x=0defx+=(v)#thisiserror@x+=v@moved+=1enddefto_s"moved#{@moved}times,currentxis#{@x}"endendplane=Plane.newplane.x+=5plane.x+=10putsplane.to_s#moved2times,currentxis15 最佳答案 您不能在Ruby中覆盖复合赋值运算符。任务在内部处理。您应该覆盖+,而不是+=。plane.a+=b与plane.a=
简单代码require'net/http'url=URI.parse('getjson/otherdatahere[link]')req=Net::HTTP::Get.new(url.to_s)res=Net::HTTP.start(url.host,url.port){|http|http.request(req)}putsres.body只是想知道如何在phpcURL中放置身份验证token,我是这样做的 curl_setopt($ch,CURLOPT_HTTPHEADER,array('Authorization:Bearerxxx'));//Bearertokenfora
出于某种原因,heroku尝试要求dm-sqlite-adapter,即使它应该在这里使用Postgres。请注意,这发生在我打开任何URL时-而不是在gitpush本身期间。我构建了一个默认的Facebook应用程序。gem文件:source:gemcuttergem"foreman"gem"sinatra"gem"mogli"gem"json"gem"httparty"gem"thin"gem"data_mapper"gem"heroku"group:productiondogem"pg"gem"dm-postgres-adapter"endgroup:development,:t
谁能提供一个使用HTTParty和digestauth的例子?我在网上找不到例子,希望有人能提供一些帮助。谢谢。 最佳答案 您可以在定义类时使用digest_auth方法设置用户名和密码classFooincludeHTTPartydigest_auth'username','password'end 关于ruby-HTTParty摘要认证,我们在StackOverflow上找到一个类似的问题: https://stackoverflow.com/questi
我是Ruby和这个网站的新手。下面两个函数是不同的,一个在函数外修改变量,一个不修改。defm1(x)x我想确保我理解正确-当调用m1时,对str的引用被复制并传递给将其视为x的函数。运算符当调用m2时,对str的引用被复制并传递给将其视为x的函数。运算符+创建一个新字符串,赋值x=x+"4"只是将x重定向到新字符串,而原始str变量保持不变。对吧?谢谢 最佳答案 String#+::str+other_str→new_strConcatenation—ReturnsanewStringcontainingother_strconc
我正在使用PostgreSQL9.1.3(x86_64-pc-linux-gnu上的PostgreSQL9.1.3,由gcc-4.6.real(Ubuntu/Linaro4.6.1-9ubuntu3)4.6.1,64位编译)和在ubuntu11.10上运行3.2.2或3.2.1。现在,我可以使用以下命令连接PostgreSQLsupostgres输入密码我可以看到postgres=#我将以下详细信息放在我的config/database.yml中并执行“railsdb”,它工作正常。开发:adapter:postgresqlencoding:utf8reconnect:falsedat