我已经构建了一些基本的后端api,需要多次身份验证。现在我尝试使用Bell连接到Twitter API,但问题是不是显示页面让我验证应用程序显示错误 {" statusCode":500,&# 34;错误":"内部服务器错误","消息":"发生内部服务器错误"}
以下是依赖文件:
'use strict';
import * as hapi from "hapi";
import * as boom from "boom";
import router from './router/router';
const server: hapi.Server = new hapi.Server();
server.connection({ port: 3000, host: 'localhost' });
// .register(...) registers a module within the instance of the API. The callback is then used to tell that the loaded module will be used as an authentication strategy.
server.register( [require( 'hapi-auth-jwt' ), require('hapi-auth-cookie'), require('bell')], ( err ) => {
// normal server auth strategy using JWT
server.auth.strategy( 'token', 'jwt', {
key: 'secretkey',
verifyOptions: {
algorithms: [ 'HS256' ],
},
redirectTo: '/login'
} );
//Setup the session strategy
server.auth.strategy('session', 'cookie', {
password: 'secret_cookie_encryption_password', //Use something more secure in production
redirectTo: '/login', //If there is no session, redirect here
isSecure: false //Should be set to true (which is the default) in production
});
//Setup the social Twitter login strategy
server.auth.strategy('twitter', 'bell', {
provider: 'twitter',
password: 'secret_cookie_encryption_password', //Use something more secure in production
clientId: 'secretkey',
clientSecret: ' secretkey',
isSecure: false //Should be set to true (which is the default) in production
});
//server.auth.default('token');
// Make sure server get auth first before attach the router
router.forEach( ( router ) => {
console.log( `attaching ${ router.path }` );
server.route( router );
} );
} );
server.start((err) => {
if (err) {
throw err;
}
console.log(`Server running at: ${server.info.uri}`);
});
'use strict';
import controllers from '../server/controllers/Index';
import models from '../server/models/index';
import { compareHashPassword } from '../Helper';
import * as jwt from "jsonwebtoken";
import * as Boom from "boom";
// Init express router saja
let router;
let User = models.User;
// Setting API URL
router = [
{
method: 'GET',
path: '/',
config: {
auth: {
strategies: ['token', 'session'],
}, //<-- require a session for this, so we have access to the twitter profile
handler: function(request, reply) {
//Return a message using the information from the session
return reply('Hello, ' + request.auth.credentials.displayName + '!');
}
}
},
{
method: 'GET',
path: '/login',
handler: function(request, reply) {
return reply('Please Login to ReviewUr!');
}
},
// Authentication route for Token
{
path: '/auth',
method: 'POST',
handler: controllers.Auths.list
},
// Authentication route for Twitter
{
method: 'GET',
path: '/auth/twitter',
config: {
auth: 'twitter',
handler: function(request, reply) {
if (!request.auth.isAuthenticated) {
//return reply(Boom.unauthorized('Authentication failed: ' + request.auth.error.message));
return reply('unauthorized!');
}
const profile = request.auth.credentials.profile;
request.cookieAuth.set({
twitterId: profile.id,
username: profile.username,
displayName: profile.displayName
});
return reply.redirect('/').catch(error => reply(error));
}
}
},
///////////////////////////////////////
];
export default router
我有什么遗失的吗?
答案 0 :(得分:0)
您是否尝试将'/ auth / twitter'路线移至'/ auth',似乎它在'/ auth / twitter'之前处理'/ auth'。 您试图在哪条路线中显示用户登录选项? /登录 ?
您是否尝试过不使用jwt或auth-cookie,只需使用twitter即可?也许其他插件有问题。
这是我从实时应用中提取的实现。
应用-auth.js
const Boom = require('boom');
const internals = {};
const config = require('config');
exports.register = function (server, options, next) {
server.auth.scheme('basic', internals.implementation);
server.auth.strategy('simple', 'basic', true);
// handle twitter login errors here
server.ext('onPreResponse', function (request, reply) {
const req = request.response;
if (req.isBoom && request.path === 'login') {
// there has been an error occurred during login process, sent user to home page
server.log(['error', 'auth', 'twitter'], req.output.payload.error);
return reply.redirect('/?error=103&account_error=' + encodeURIComponent(req.output.payload.error));
}
return reply.continue();
});
// twitter application registration
server.auth.strategy('twitter', 'bell', {
provider: 'twitter',
password: config.get('twitter.pass'),
clientId: config.get('twitter.key'),
clientSecret: config.get('twitter.secret'),
isSecure: config.get('authSecurity')
});
return next();
};
internals.implementation = function (server, options) {
return {
authenticate: function (request, reply) {
// if there is no session information
if (!request.yar.get('auth')) {
const headers = request.headers;
// if this request is xmlhttp then return as json
if (headers['x-requested-with'] === 'XMLHttpRequest') {
return reply(Boom.unauthorized("Please sign-in to system."));
}
return reply.redirect('/login');
}
return reply.continue({credentials: request.yar.get('auth')});
}
}
};
exports.register.attributes = {
name: 'app_auth',
version: require('../package.json').version
};
<强> Twitter的route.js
exports.view = {
description: 'Twitter authentication handler',
auth: 'twitter',
handler: async (request, reply) => {
// something went wrong
if (!request.auth.isAuthenticated) {
request.yar.flash('ERROR', request.auth.error.message);
return reply.redirect('/login_error?error=103&account_error=' + encodeURIComponent(request.auth.error.message));
}
// profile information coming from twitter
const profile = request.auth.credentials.profile;
// do what ever you want with profile
}
};