1 HTTP身份验证
const express = require('express');
const app = express();
const basicAuth = require('basic-auth-connect');
app.listen(8080);
/* all route use auth
app.use(basicAuth((user, passwd) => {
return (user === 'admin' && passwd === '123456');
}));
*/
const auth = basicAuth((user, passwd) => {
return (user === 'admin' && passwd === '123456');
});
//single route use auth
app.get('/sercet', auth, (req, res) => {
res.send('success');
});
app.get('/', (req, res) => {
res.send('success');
});
2 Session身份验证
'use strict';
const express = require('express');
const bodyParser = require('body-parser');
const cookieParser = require('cookie-parser');
const session = require('express-session');
const crypto = require('crypto');
const app = express();
function hashPW(passwd) {
return crypto.createHash('sha256').update(passwd).
digest('base64').toString();
}
app.use(cookieParser('MAGICSTRING'));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({
extended: false
}));
app.use(session({
resave: false,
saveUninitialized: true,
secret: 'asgjkasg'
}));
app.get('/login', (req, res) => {
var response = '<form method="POST">username:<input type="text" name="username"><br>password:' +
'<input type="password" name="password"><br><input type="submit" value="Submit"></form>';
if (req.session.user) {
res.redirect('/main');
} else if (req.session.error) {
response += '<h2>' + req.session.error + '</h2>';
}
res.type('html');
res.send(response);
});
app.post('/login', (req, res) => {
const user = {
uname: req.body.username,
passwd: hashPW('123456')
};
if (user.passwd === hashPW(req.body.password)) {
console.log('success');
req.session.regenerate(() => {
req.session.user = user;
req.session.success = 'Authenticated as ' + user.uname;
res.redirect('/main');
});
} else {
console.log('failed');
req.session.regenerate(() => {
req.session.error = 'authentication failed';
res.redirect('/login');
});
}
});
app.get('/main', (req, res) => {
if (req.session.user) {
res.send('<h1>success</h1>' + '<a href="logout">logout</a>');
} else{
req.session.error = 'access denied!';
res.redirect('/login');
}
});
app.get('/logout', (req, res) => {
req.session.destroy(() => {
res.redirect('/login');
})
});
app.listen(8080);