Passport在登录时多次反序列化?

内容来源于 Stack Overflow,并遵循CC BY-SA 3.0许可协议进行翻译与使用

  • 回答 (2)
  • 关注 (0)
  • 查看 (221)

问题是当我登录时,Passport将运行其反序列化功能很多次。虽然这对事情没有任何影响,但我知道,这样做可能会在以后的路上出现问题。这是日志:

Bloodmorphed has been Serialized
Bloodmorphed has been deserialized
Bloodmorphed has been deserialized
Bloodmorphed has been deserialized
Bloodmorphed has been deserialized
Bloodmorphed has been deserialized
Bloodmorphed has been deserialized

这是Passport:

/*jshint esversion: 6 */
const LocalStrategy = require('passport-local').Strategy;
const db = require('../config/db');
const bcrypt = require('bcryptjs');
let io = require('./io');

module.exports = (passport) => {

  // =========================================================================
  // passport session setup ==================================================
  // =========================================================================

  // used to serialize the user for the session
  passport.serializeUser((user, done) => {
    console.log(user.username + ' has been Serialized');
    done(null, user.id);
  });

  // used to deserialize the user
  passport.deserializeUser((id, done) => {
    let sql = 'SELECT * FROM users, users_meta WHERE users.id = ? AND users_meta.id =?';
    db.query(sql, [id, id]).then(results => {
      var userdata = results[0];
      console.log(userdata.username + ' has been deserialized');
      done(null, userdata);
    });
  });

  // Local Strategy login
  passport.use('local-login', new LocalStrategy({
    passReqToCallback: true,
  }, (req, username, password, done) => {
    // Match Username
    let sql = 'SELECT * FROM users WHERE username = ?';
    db.query(sql, [username]).then(results => {
      if (!results.length) {
        return done(null, false, {
          type: 'loginMessage',
          message: 'Wrong Login',
        });
      }

      //  Match Password
      bcrypt.compare(password, results[0].password, (err, isMatch) => {
        if (isMatch) {
          var userData = results[0];
          sql = 'SELECT * FROM users_meta WHERE id = ?';
          db.query(sql, userData.id).then(results => {
            Object.assign(userData, results[0]);
            return done(null, userData);
          });

        } else {
          return done(null, false, {
            type: 'loginMessage',
            message: 'Wrong Login',
          });
        }
      });
    });
  }));
};

虽然目前这不是一个高优先级的问题,但我想修复它

提问于
用户回答回答于

请参阅https://github.com/jaredhanson/passport/issues/14#issuecomment-4863459

静态文件的提供应该在之前完成passport.session

例如,根据审查来源:

app.configure(function() {
  app.use(express.session({ secret: 'keyboard cat' }));
  app.use(passport.initialize());
  // passport session is triggered, causing deserializeUser to be invoked
  app.use(passport.session());
  // but request was for a static asset, for which authentication is not
  // necessary
  app.use(express.static(__dirname + '/../../public'));
});

应改为:

app.configure(function() {
  app.use(express.logger())
  // requests for static assets will be handled immediately and will not continue
  // down the middleware stack
  app.use(express.static(__dirname + '/../../public'));
  // any request that gets here is a dynamic page, and benefits from session
  // support
  app.use(express.session({ secret: 'keyboard cat' }));
  app.use(passport.initialize());
  app.use(passport.session());
});
用户回答回答于

如果内存正确,那么Passport将对每个请求进行反序列化。因为会话密钥存储在用户浏览器上的cookie中。

PassportJS文件:

在典型的Web应用程序中,用于验证用户身份的凭据只能在登录请求期间传输。如果身份验证成功,将通过用户浏览器中的cookie集来建立和维护会话。每个后续请求将不包含凭据,而是包含标识会话的唯一cookie。为了支持登录会话,Passport将在会话之间序列化和反序列化用户实例。

扫码关注云+社区

领取腾讯云代金券