nodejs+express中设置登录拦截器
在nodejs+express中,采用nodejs后端路由控制用户登录后,为了加强前端的安全性控制,阻止用户通过在浏览器地址栏中输入地址访问后台接口,在app.js中需要加入拦截器进行拦截:
/*************************导入需要的包************************************************/
1
2
3
4
5
6
7
|
var express = require( 'express' ); var path = require( 'path' ); var favicon = require( 'serve-favicon' ); var logger = require( 'morgan' ); var cookieParser = require( 'cookie-parser' ); //1、引入cookie模块,拦截器中req.cookies.userCookies是依赖于该模块的; var bodyParser = require( 'body-parser' ); var ejs=require( "ejs" ); |
/**************************设置nodejs路由对应的文件***************************/
1
2
3
4
5
6
7
8
9
|
var index = require( './routes/index' ); var ccap=require( './routes/ccap' ); var jiami=require( "./routes/jiami" ); var changePwd=require( './routes/changePwd' ); var login=require( "./routes/login" ); var business=require( "./routes/pay/business" ); var logs=require( "./routes/pay/logs" ); var channel=require( "./routes/pay/channel" ); var config=require( "./routes/pay/config" ); |
/******************express配置模板视图**********************************/
1
2
3
4
5
6
|
var app = express(); // view engine setup app.set( 'views' , path.join(__dirname, 'views' )); //app.set('view engine', 'ejs');//设置视图为ejs引擎 app.engine( 'html' ,ejs.__express); //设置视图为html引擎,ejs在页面仍然可用 app.set( 'view engine' , 'html' ); //设置视图为html引擎,ejs在页面仍然可用 |
/******************引入要使用的模块**********************************************/
1
2
3
4
5
6
7
|
// uncomment after placing your favicon in /public //app.use(favicon(path.join(__dirname, 'public', 'favicon.ico'))); app.use(logger( 'dev' )); app.use(bodyParser.json()); app.use(bodyParser.urlencoded({ extended: false })); app.use(cookieParser()); //2、引入cookie,h后可开始使用cookie模块获取客户端的cookies; app.use(express. static (path.join(__dirname, 'public' ))); |
/*************************登录拦截器**************************************/
1
2
3
4
5
6
7
8
9
10
11
|
app.use( function (req, res, next) { var url = req.originalUrl; //获取浏览器中当前访问的nodejs路由地址; var userCookies=req.cookies.userCookies; //获取客户端存取的cookie,userCookies为cookie的名称;//有时拿不到cookie值,可能是因为拦截器位置放错,获取该cookie的方式是依赖于nodejs自带的cookie模块,//因此,获取cookie必须在1,2步之后才能使用,否则拿到的cookie就是undefined. console.log( "123" +url); console.log( "app获得cookie" +req.cookies.userCookies+ "真假11111:" +(req.cookies.userCookies==undefined)); if (url== '/login' &&!(userCookies==undefined)){ //通过判断控制用户登录后不能访问登录页面; return res.redirect( '/' ); //页面重定向; } next(); }); |
/*********************************node路由配置**********************************/
1
2
3
4
5
6
7
8
9
|
app.use( '/' , index); app.use( '/ccap' ,ccap); app.use( "/app/jiami" ,jiami); app.use( "/login" ,login); app.use( "/changePwd" ,changePwd); app.use( "/business" ,business); app.use( "/logs" ,logs); app.use( "/channel" ,channel); app.use( "/config" ,config); |
/*******************************捕获异常***********************************/
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
// catch 404 and forward to error handler app.use( function (req, res, next) { var err = new Error( 'Not Found' ); err.status = 404; next(err); }); // error handlers // development error handler // will print stacktrace if (app.get( 'env' ) === 'development' ) { app.use( function (err, req, res, next) { res.status(err.status || 500); res.render( 'error' , { message: err.message, error: err }); }); } // production error handler // no stacktraces leaked to user app.use( function (err, req, res, next) { res.status(err.status || 500); res.render( 'error' , { message: err.message, error: {} }); }); module.exports = app; |