koajs / userauth Goto Github PK
View Code? Open in Web Editor NEWkoa user auth middleware
License: MIT License
koa user auth middleware
License: MIT License
The correct spelling of formater is formatter
When we use fetch to get json data from server,userauth return 302 with redirect url。Fetch will throw TypeError: failed to fetch caused by cors error. It's better to throw 403 with login expired message to make frontend do the re-login easily.
https://github.com/koajs/session is now the normal session store
Hi,
Are you going to migrate this module to koa v2 middleware signature?
if (options.rootPath !== '/') {
options.loginPath = path.join(options.rootPath, options.loginPath);
options.logoutPath = path.join(options.rootPath, options.logoutPath);
options.loginCallbackPath = path.join(options.rootPath, options.loginCallbackPath);
}
https://github.com/koajs/userauth/blob/master/index.js#L65-L69
path.join在windows下是反斜杠,登录跳转地址有误,出现重定向循环
just confused :)
return function* userauth(next) {
var loginRequired = !!needLogin(this.path, this);
debug('url: %s, path: %s, loginPath: %s, session exists: %s, login required: %s',
this.url, this.path, options.loginPath, !!this.session, loginRequired);
if (!this.session) {
debug('this.session not exists');
// ignore not match path
if (!loginRequired) {
debug('not match needLogin path, %j', this.path);
return yield* next;
}
debug('relogin again');
return yield* loginHandler.call(this, next);
}
if (!this.session)
这个判断逻辑能否改成
if (!loginRequired) {
debug('not match needLogin path, %j', this.path);
return yield* next;
} else if (loginRequired && !this.session) {
debug('this.session not exists');
debug('relogin again');
return yield* loginHandler.call(this, next);
}
因为needLogin这个判断逻辑本身就是让业务方自己去判断是否要走登录校验,如果这里加了只允许已经登录过的逻辑才能走进来,就不太合理了。
Whenever a user which is not logined visit the site, it throws a getUser error. Why is userauth
trying to login directly before redirect to login path? In my case, it will always fail.
function formatReferer(ctx, pathname, rootPath) {
var query = ctx.query;
var referer = query.redirect || ctx.get('referer') || rootPath;
if (referer[0] !== '/') {
// ignore protocol://xxx/abc
referer = rootPath;
} else if (referer.indexOf(pathname) >= 0) {
referer = rootPath;
}
return referer;
}
其中referer.indexOf(pathname) >= 0
是否应该改为referer.startsWith(pathname)
更加合适?
因回跳的url中可能会包含/login
字符串,这种情况会引起误判。
RT,
因为简单的path判断并不能满足复杂的处理逻辑。需要获取当前执行环境帮助判断。
https://github.com/koajs/userauth/blob/master/index.js#l132
var loginRequired = !!needLogin.call(this,this.path);
I am kinda to stupid ti get ohe usage of this, especially all that redirect url stuff...
Could you provide a little example for idiots?
thx ^^;
if (!this.session) {
debug('this.session not exists');
// ignore not match path
if (!loginRequired) {
debug('not match needLogin path, %j', this.path);
return yield next;
}
debug('relogin again');
return yield loginHandler.call(this, next);
}
// get login path
if (this.path === options.loginPath) {
debug('match login path');
return yield loginHandler.call(this, next);
}
场景:
当
loginPath=/login
loginHost=demo.xxx.com
浏览器中输入demo.xxx.com/login (带有部分cookie),这是就能跳过第一个判断if (!this.session)
而 if (this.path === options.loginPath) 符合条件!
最终就会执行到loginHandler 的 redirect(this, loginURL);
@fengmk2
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.