一. 使用cookie-parser、express-session来处理cookie和session。
const cookieParser = require('cookie-parser');
const session = require('express-session');
app.use(cookieParser('swq'));
app.use(session({
secret: 'swq',
resave: false,
saveUninitialized: true
}))
二. 登陆成功后,将用户ID生成cookie。
home.login = (req, res, next) => {
let data = req.body;
if(data.username == '') {
return res.send({
resultCode: 400, resultMsg: '用户名为空'});
} else if(data.password == '') {
return res.send({
resultCode: 400, resultMsg: '密码为空'});
} else {
User.findOne({
name: data.name}).then(user => {
if(!user) {
return res.send({
resultCode: 400, resultMsg: '用户不存在'});
}
if(data.password != user.password) {
return res.send({
resultCode: 400, resultMsg: '密码错误'});
}
//生成cookie
auth.gen_session(user, res);
return res.send({
resultCode: 200, resultMsg: '登录成功'});
})
}
}
// 生成cookie
gen_session: (user, res) => {
let auth_user = `${user._id}`;
res.cookie('suweiqing', auth_user, {
path: '/',
signed: true,//对cookie密码进行加密的话, 需要使用到cookieParser
httpOnly: true,
maxAge: 30 * 24 * 60 * 60 * 1000
});
},
三. 编写中间件,判断用户是否登录(判断session中是否有用户信息)。