如何解决HapiJS 用户会话管理
以下代码来自 HapiJS 文档,它描述了如何使用 @hapi/cookie 插件来使用会话和 cookie。
'use strict';
const Hapi = require('@hapi/hapi');
const internals = {};
// Simulate database for demo
internals.users = [
{
id: 1,name: 'john',password: 'password',},];
internals.renderHtml = {
login: (message) => {
return `
<html><head><title>Login page</title></head><body>
${message ? '<h3>' + message + '</h3><br></a>' : ''}
<form method="post" action="/login">
Username: <input type="text" name="username"><br>
Password: <input type="password" name="password"><br></a>
<input type="submit" value="Login"></form>
</body></html>
`;
},home: (name) => {
return `
<html><head><title>Login page</title></head><body>
<h3>Welcome ${name}! You are logged in!</h3>
<form method="get" action="/logout">
<input type="submit" value="Logout">
</form>
</body></html>
`;
}
};
internals.server = async function () {
const server = Hapi.server({ port: 8000 });
await server.register(require('@hapi/cookie'));
server.auth.strategy('session','cookie',{
cookie: {
name: 'sid-example',// Don't forget to change it to your own secret password!
password: 'password-should-be-32-characters',// For working via HTTP in localhost
isSecure: false
},redirectTo: '/login',validateFunc: async (request,session) => {
const account = internals.users.find((user) => (user.id === session.id));
if (!account) {
// Must return { valid: false } for invalid cookies
return { valid: false };
}
return { valid: true,credentials: account };
}
});
server.auth.default('session');
server.route([
{
method: 'GET',path: '/',options: {
handler: (request,h) => {
return internals.renderHtml.home(request.auth.credentials.name);
}
}
},{
method: 'GET',path: '/login',options: {
auth: {
mode: 'try'
},plugins: {
'hapi-auth-cookie': {
redirectTo: false
}
},handler: async (request,h) => {
if (request.auth.isAuthenticated) {
return h.redirect('/');
}
return internals.renderHtml.login();
}
}
},{
method: 'POST',h) => {
const { username,password } = request.payload;
if (!username || !password) {
return internals.renderHtml.login('Missing username or password');
}
// Try to find user with given credentials
const account = internals.users.find(
(user) => user.name === username && user.password === password
);
if (!account) {
return internals.renderHtml.login('Invalid username or password');
}
request.cookieAuth.set({ id: account.id });
return h.redirect('/');
}
}
},path: '/logout',h) => {
request.cookieAuth.clear();
return h.redirect('/');
}
}
}
]);
await server.start();
console.log(`Server started at: ${server.info.uri}`);
};
internals.start = async function() {
try {
await internals.server();
}
catch (err) {
console.error(err.stack);
process.exit(1);
}
};
internals.start();
我的问题是:在 POST 登录路由中,在用户成功登录后,request.cookieAuth.set({ id: account.id }); 是否将 {id:account.id} 保存在内存(缓存)中并将其作为 cookie 发送给客户端?或者这里什么也没有保存?
同样,request.cookieAuth.clear(); 是否从内存和客户端清除会话??
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
