2016-12-20 2 views




'use strict'; 

import path from 'path'; 

import passport from 'passport'; 
import {Strategy as LocalStrategy} from 'passport-local'; 

import express from 'express'; 
import session from 'express-session'; 

import _ from 'lodash'; 
import Session from '../../api/session/session.model'; 

var app = express(); 

function localAuthenticate(User, email, password, done, req) { 
    email: email.toLowerCase() 
    .then(user => { 

     if (!user) { 
     return done(null, false, { 
      message: 'This email is not registered.' 

     // HERE is where I am trying to check if a user 
     // already has a living session when they login 

     // I tried to use the runMiddleware 
     // to query mongodb for all the existing sessions 
     // but I get this error: http://pastebin.com/YTeu5AwA 
     console.log(code) // 200 
     console.log(data) // { user: '20', name: 'Moyshale' } 

     // Is there a way to access and use an existing route? 

     user.authenticate(password, function(authError, authenticated) { 
     if (authError) { 
      return done(authError); 
     if (!authenticated) { 
      return done(null, false, { message: 'This password is not correct.' }); 
     } else { 
      return done(null, user); 
    .catch(err => done(err)); 

export function setup(User, config) { 

    passport.use(new LocalStrategy({ 
    passReqToCallback: true, 
    usernameField: 'email', 
    passwordField: 'password' // this is the virtual field on the model 
    }, function(req, email, password, done) { 
    return localAuthenticate(User, email, password, done, req); 

[この質問](http://stackoverflow.com/questions/21434922/node-js-one-session-per-user)とその答えを確認してください。 – robertklep




enter image description here


  1. 私はモンゴDBに保存されたセッションを照会し、修正することができるように、私は「セッション」API endpointを作成しました。セッションモデルにNumber型の '座席'レコードを追加しました。これは、各セッションのユーザーのシート状態を追跡するために使用されます。各ユーザには、このフィールドに値を設定するために使用される 'loginSeat'値が与えられます。また、セッションにはBoolean型のseatAllowedがあります。つまり、ユーザーはサイトにアクセスできます。false:ユーザーはサイトへのアクセスを許可されていません。

    'use strict'; 
    import mongoose from 'mongoose'; 
    var SessionSchema = new mongoose.Schema({ 
        _id: String, 
        session: String, 
        expires: Date, 
        seat: Number, 
        seatAllowed: Boolean // true: the user is allowed to access the site, false: the user is not allowed access to the site 
    export default mongoose.model('Session', SessionSchema); 
  2. 時にユーザがログインするサイトに、マッチング座と他のすべてのユーザーが出てぶつかっているように、私はserver/auth/login/passport.jsを変更しました。

    'use strict'; 
    import path from 'path'; 
    import passport from 'passport'; 
    import {Strategy as LocalStrategy} from 'passport-local'; 
    import _ from 'lodash'; 
    import Sessions from '../../api/session/session.model'; 
    function saveUpdates(updates) { 
        return function(entity) { 
        var updated = _.merge(entity, updates); 
        return updated.save() 
         .then(updated => { 
         return updated; 
    function localAuthenticate(User, email, password, done, req) { 
        email: email.toLowerCase() 
        .then(user => { 
         if (!user) { 
         return done(null, false, { 
          message: 'This email is not registered.' 
         // When a user logs into the site we flag their seat as allowed 
         var updateSession = {'seat': user.loginSeat, 'seatAllowed': true}; 
         // When a user logs into the site, we disallow the seats of all other sessions with matching seat 
         .then(sessions => { 
         // Check for existing user logged in with matching login seat 
         for (var i = 0; i < sessions.length; i++) { 
          if (sessions[i].seat === user.loginSeat && sessions[i].id !== req.session.id) { 
          console.log('DISALOW SEAT:'); 
          var updateSession = {'seatAllowed': false}; 
         user.authenticate(password, function(authError, authenticated) { 
         if (authError) { 
          return done(authError); 
         if (!authenticated) { 
          return done(null, false, { message: 'This password is not correct.' }); 
         } else { 
          return done(null, user); 
        .catch(err => done(err)); 
    export function setup(User, config) { 
        passport.use(new LocalStrategy({ 
        passReqToCallback: true, 
        usernameField: 'email', 
        passwordField: 'password' // this is the virtual field on the model 
        }, function(req, email, password, done) { 
        return localAuthenticate(User, email, password, done, req); 
  3. クライアントがisAuthenticated機能がトリガーされた要求をするたびに。それ

    function saveUpdates(updates) { 
        return function(entity) { 
        var updated = _.merge(entity, updates); 
        return updated.save() 
         .then(updated => { 
         return updated; 
    * Attaches the user object to the request if authenticated 
    * Otherwise returns 403 
    export function isAuthenticated() { 
        return compose() 
        // Validate jwt 
        .use(function(req, res, next) { 
         // Allow access_token to be passed through query parameter as well 
         if (req.query && req.query.hasOwnProperty('access_token')) { 
         req.headers.authorization = 'Bearer ' + req.query.access_token; 
         validateJwt(req, res, next); 
        // Attach user to request 
        .use(function(req, res, next) { 
         .then(user => { 
          if (!user) { 
          return res.status(401).end(); 
          req.user = user; 
          // Login seat limitation // 
          // Check if the user seat is allowed 
          .then(thisSession => { 
           // TODO access the session in a better way 
           if (thisSession.seatAllowed === false || thisSession.seatAllowed === undefined) { 
         .catch(err => next(err)); 

