如何在节点中进行身份验证。我可以在我的网站上使用js吗?

时间:2022-11-29 22:39:03

I want a Node.js service to authenticate the user of my website. How can I do this?

我想要一个节点。js服务认证我网站的用户。我该怎么做呢?

I want to implement Everyauth authentication using the simple password method, not OpenID.

我希望使用简单的密码方法(而不是OpenID)实现所有身份验证。

I tried https://github.com/jimpick/everyauth-example-password and it works.

我尝试了https://github.com/jimpick/everyauth-examplepassword,它有效。

I want to use the database to store. This script does not use a database. I have used MySQL in past so I prefer that but I am ok with anything else as well such as MongoDB.

我想使用数据库来存储。此脚本不使用数据库。我以前用过MySQL,所以我更喜欢它,但是我对其他的东西也没什么问题,比如MongoDB。

I just want to add database to my script. Please help.

我只想在脚本中添加数据库。请帮助。

1 个解决方案

#1


3  

You only need to modify .authenticate method. Since connecting to database is (or should be) an asynchronous operation, then you need to add promise object (see everyauth documentation).

只需修改.authenticate方法。由于连接到数据库是(或应该是)一个异步操作,因此需要添加promise对象(请参阅everyauth文档)。

Assuming you have some ORM with user data corresponding to user object with username and password attributes (in my example I'll use mongoose engine), this is how it may look:

假设您有一些ORM,它的用户数据与具有用户名和密码属性的用户对象相对应(在我的示例中,我将使用mongoose引擎),它的外观可能是这样的:

.authenticate( function (login, password) {
    var promise = this.Promise(); /* setup promise object */

    /* asynchrnously connect to DB and retrieve the data for authentication */
    db.find({ username:login }, function(err, user) {
        if (err)
            return promise.fulfill([err]);
        if ((!user) || (user.password != password))
            return promise.fulfill(['Incorrect username or password!']);
        promise.fulfill(user);
    });

    return promise; /* return promise object */
})

I didn't test it, but according to the documentation it should work. Remember that errors are supposed to be held in array.

我没有测试它,但是根据文档,它应该可以工作。记住错误应该在数组中保存。

By the way: if you are using only the password method, then there is no need to, you know, use a cannon against a fly. :) Writing your own (not necessarly perfect, but working) authentication mechanism is really simple and if you don't know how to do this you should learn it. It will benefit in the future, because authentication and security in general are very important in every web app.

顺便说一句:如果你只使用密码方法,那就没必要用大炮对付苍蝇了。:)编写您自己的(不一定是完美的,但是可以工作的)身份验证机制非常简单,如果您不知道如何实现这一点,那么您应该学习它。它将在未来受益,因为身份验证和安全性在每个web应用程序中都非常重要。

#1


3  

You only need to modify .authenticate method. Since connecting to database is (or should be) an asynchronous operation, then you need to add promise object (see everyauth documentation).

只需修改.authenticate方法。由于连接到数据库是(或应该是)一个异步操作,因此需要添加promise对象(请参阅everyauth文档)。

Assuming you have some ORM with user data corresponding to user object with username and password attributes (in my example I'll use mongoose engine), this is how it may look:

假设您有一些ORM,它的用户数据与具有用户名和密码属性的用户对象相对应(在我的示例中,我将使用mongoose引擎),它的外观可能是这样的:

.authenticate( function (login, password) {
    var promise = this.Promise(); /* setup promise object */

    /* asynchrnously connect to DB and retrieve the data for authentication */
    db.find({ username:login }, function(err, user) {
        if (err)
            return promise.fulfill([err]);
        if ((!user) || (user.password != password))
            return promise.fulfill(['Incorrect username or password!']);
        promise.fulfill(user);
    });

    return promise; /* return promise object */
})

I didn't test it, but according to the documentation it should work. Remember that errors are supposed to be held in array.

我没有测试它,但是根据文档,它应该可以工作。记住错误应该在数组中保存。

By the way: if you are using only the password method, then there is no need to, you know, use a cannon against a fly. :) Writing your own (not necessarly perfect, but working) authentication mechanism is really simple and if you don't know how to do this you should learn it. It will benefit in the future, because authentication and security in general are very important in every web app.

顺便说一句:如果你只使用密码方法,那就没必要用大炮对付苍蝇了。:)编写您自己的(不一定是完美的,但是可以工作的)身份验证机制非常简单,如果您不知道如何实现这一点,那么您应该学习它。它将在未来受益,因为身份验证和安全性在每个web应用程序中都非常重要。