0

認証が成功した後 req.session.user は存在しますが、ページへのアクセスを制限するためにそれを呼び出そうとすると、もちろん、アクセスしたくないときにアクセスを制限します。範囲の問題は知っていますが、理解できません。

    function restrict(req, res, next) {
  if (req.session.user) {
    next();
  } else {
    req.session.error = 'Access denied!';
    res.redirect('/accessdenied');
  }
}

// Add User Route
app.get('/addUser', restrict, function (req, res, next) 
  {res.render('addUser', {
                        title       : "SC Auds - Ad New User"
                     ,  author      : "Alan Swenson"
                     ,  description : "none"
                   });
                });



app.post('/login', function (req, res, next){

var checkuser = new User({
                      email     : req.body.user.email
                    , password  : req.body.user.password
                  });

 // checkuser.save(function(err) {
  // Successfully Logged In
User.getAuthenticated(checkuser.email, checkuser.password, function(err, user, reason) {

        if (err) {
          throw err;
        // Failed to work
          res.redirect('/error');
        }

        // login was successful if we have a user
        if (user) {
            // handle login success
            req.session.regenerate(function(){
            req.session.user = user;
            req.session.success = 'Authenticated as ' + user.email;
            res.redirect('/admin');
            console.log(req.session.user);
          });
        }

        // otherwise we can determine why we failed
        var reasons = User.failedLogin;
        console.log(User.failedLogin);
        switch (reason) {
            case reasons.NOT_FOUND:
            case reasons.PASSWORD_INCORRECT:
                // note: these cases are usually treated the same - don't tell
                // the user *why* the login failed, only that it did
                break;
            case reasons.MAX_ATTEMPTS:
                // send email or otherwise notify user that account is
                // temporarily locked
                break;

        }

    });



 });

これが私のapp.jsです

/**
 * Module dependencies
 */

var express   = require('express'),
    routes    = require('./routes'),
    tasks     = require("./tasks"),
    mongoose  = require('mongoose');
    crypt     = require('bcrypt');
    RedisStore = require('connect-redis')(express);
    url =       require('url');


// Get yo' models
User = require("./models/user.js");
// Set up the app
app = express();
// Set up the server
var server = require('http').createServer(app);

//set up redis
var redisURL = 'redis://nodejitsu:nodejitsudb3022889634.redis.irstack.com:f327cfe980c971946e80b8e975fbebb4@nodejitsudb3022889634.redis.irstack.com:6379';
var redis = url.parse(redisURL);
console.log(redis);
/**
 * Configuration
 */

app.configure(function(){
  app.set('views', __dirname + '/views');
  app.set('view engine', 'jade');
  // Middle Ware
  app.use(express.favicon(__dirname + '/public/favicon.ico'));
  app.use(express.bodyParser());
  app.use(express.cookieParser());
  app.use(express.session({
    secret: "kaskjbabjkdfkabdfbkadbkjfasdfasdfrterterte",
    store: new RedisStore({ host: redis.hostname, port: redis.port, pass: redis.auth ? redis.auth.substring(redis.auth.indexOf(':') + 1) : null }),
    proxy: true,
    cookie: { secure: true}
  }));
  app.use(express.methodOverride());



  app.use(app.router);
  app.use(express.static(__dirname + '/public'));
  app.enable('trust proxy');
});

/**
 * Set up Listening Ports
 * Development & Production
 */

var port;
app.configure('development', function(){
  port = 3000;
  app.use(express.errorHandler({ dumpExceptions: true, showStack: true }));
 // mongoose.connect('mongodb://localhost/<app_name>');
});

app.configure('production', function(){
  port = 80;
  app.use(express.errorHandler());
  // Production database connection string
   mongoose.connect('mongodb://nodejitsu:c09cdadf6f1c8ecad43a01d54b4da8e4@linus.mongohq.com:10096/nodejitsudb9995237560');
});

/**
 * Open Database
 */

var db = mongoose.connection;
db.on('error', console.error.bind(console, 'connection error:'));
db.once('open', function callback () {
  console.log('opened');
});

var models = {};

/**
 * Set up Routes
 */

// Main Route
app.get('/', routes.home);
// Additional Routes
require('./additionalRoutes')(app)


/**
 * Start Sever Listening
 */

server.listen(port, function(){
});


/*
 * Run background tasks here:
 */

// Run immediately
// tasks.myTask();

// Run periodically
// setInterval(tasks.myTask, 1000 * 60 * 10);
4

2 に答える 2

0

ここに制限機能がありません..

app.post('/login', function (req, res, next){

に変更します。

app.post('/login', restrict, function (req, res, next){
于 2013-09-27T06:36:05.970 に答える