How does connect's session work? I'm following this tutorial. I've noticed that even though i've commented out the session.save() call everything still works, that property still gets persisted to the session. Does Express automatically call session.save() every time a response is served up? If that's the case, what is the purpose of the save method?
var BaseController = require('./Base'),
View = require('../views/Base');
module.exports = BaseController.extend({
name: 'Admin',
username: 'dadams',
password: 'dadams',
run: function(req, res, next) {
if(this.authorize(req)) {
req.session.fastdelivery = true;
// req.session.save(function(err) {
var v = new View(res, 'admin');
v.render({
title: 'Administration',
content: 'Welcome to the control panel'
});
// });
} else {
var v = new View(res, 'admin-login');
v.render({
title: 'Please login'
});
}
},
authorize: function(req) {
return (
req.session &&
req.session.fastdelivery &&
req.session.fastdelivery === true
) || (
req.body &&
req.body.username === this.username &&
req.body.password === this.password
);
}
});
Connect’s session handling is automatic. Looking at the code, save gets called automatically on res.end (when your response is sent), so there’s no need to call it separately.
Consider it an implementation detail that’s exposed to you. I can’t think of many reasons why you would use it. Maybe if you are saving to Redis or a database and you want the session to be committed early for some reason, before calling end?
Related
I am trying to keep a session open with the Bloomberg Public API, relaying calls from my own service's API to it to fetch data. I am running the Node.JS / Express server locally right now. I have an API route that works fine the first time: I send the GET, and quickly get the response back. If I then send another GET to the same route, and I can see the data that the Bloomberg API returns in my server console, but it seems that the server gets stuck at the res.send(...) and I have no Idea why. I've tried numerous things like moving code blocks around and forcefully destroying variables, but to no avail. Do you guys see anything obvious that would/might work?
'use strict';
var _ = require('lodash');
var Blpapi = require('./blpapi.model');
var count = 0;
var blpapi = require('blpapi');
// Add 'authenticationOptions' key to session options if necessary.
var session = new blpapi.Session({ serverHost: '10.8.8.1', serverPort: 8194 });
var service_refdata = 1; // Unique identifier for refdata service
session.start();
session.on('SessionStarted', function(m) {
console.log(m);
session.openService('//blp/refdata', service_refdata);
});
session.on('ServiceOpened', function(m) {
console.log(m);
});
session.on('SessionStartupFailure', function(m) {
console.log('SessionStartupFailure', util.inspect(m));
session.stop();
session.destroy();
});
session.on('SessionTerminated', function(m) {
console.log('Session Terminated');
session.stop();
session.destroy();
});
exports.getStock = function (req, res) {
var stock = req.url.substring(8, req.url.length);
stock = stock.replace(/_/g, ' ');
session.on('HistoricalDataResponse', function(m) {
console.log(m);
if(m.eventType === 'RESPONSE' && m.correlations[0].value === 101) {
console.log('send');
res.send(m.data.securityData);
}
else {
res.send(500);
}
});
newRequest(stock);
};
function newRequest(sec) {
if(typeof sec !== 'string') return;
session.request('//blp/refdata', 'HistoricalDataRequest',
{ securities: [sec],
fields: ['PX_LAST', 'OPEN'],
startDate: "20140101",
endDate: "20140301",
periodicitySelection: "DAILY" }, 101);
}
function handleError(res, err) {
return res.send(500, err);
}
Edit1: If I change the res.send(m.data.securityData); to res.send(201);, the requests come back fine, so I'm figuring it has to do with that object.
I figured it out. It's because I was declaring the session.on('HistoricalDataResponse', .... statement inside of my route controller. Moving it out and adding a bit of logic around it solved the problem.
The session variable is created when user logs in to the system. Then I load session variable in my authorization code. I want to destroy that variable when user logs out. Here is some simplified code
store = new express.session.MemoryStore();
var parseCookie = express.cookieParser('secret');
app.use(parseCookie);
app.use(express.session({store: store, key:'sid'}));
app.post('/login', function(req,res){
var post = req.body;
if (post.user == 'hugo' && post.password == '123')
{
req.session.user_name = post.user;
res.redirect('/mypage');
}
else res.send('wrong user or pass');
});
io.set('authorization', function (data, callback) {
parseCookie(data, {}, function(prserr) {
var sess = (data.secureCookies && data.secureCookies['sid']);
store.load(sess, function(err, session){
if (err || !session ) { callback('not logged in', false); }
else {
data.session = session; // save session
callback(null, true);
}
});
});
});
and finally
app.get('/logout', function (req, res) {
req.session.destroy();
/* Here I want to destroy session variable that is declared in
authorization code (see above: data.session = session )*/
res.redirect('/');
});
while destroying session via req.session.destroy() the variable
socket.handshake.session.user_name still exists. I want to destroy it too. But I have no idea how to access desired variable in above mentioned place (in logout code).
Have you considered using Passport? It might be quicker (and more efficient) than trying to roll your own authentication solution.
I'm developing my first test application on NodeJS and encountered the following problem: i can't figure out how to properly organize routes in ExpressJS framework. For example i want to do registration, so i create route like:
app.get('/registration', function (request, response) {
if (request.body.user.email && request.body.user.password) {
var user = new User();
var result = user.createNew(request.body.user.email, request.body.user.email);
// do stuff...
}
response.render('registration.html', config);
});
User function looks like this (not the final):
function User() {
var userSchema = new mongoose.Schema({
'email': {
'type': String,
'required': true,
'lowercase': true,
'index': { 'unique': true }
},
'password': {
'type': String,
'required': true
}
});
var userModel = mongoose.model('users', userSchema);
this.createNew = function(email, password) {
var new_user = new users({'email': email, 'password': password});
new_user.save(function(err){
console.log('Save function');
if (err)
return false;
return true;
});
}
}
I try to do a bit of structured applications like MVC. The problem is that the save method is asynch and each time i registrate new user get registration.html without waiting for the result.
Basically i need to run route callback in save callback, but how to do this in the right way i can't figure out by myself...
this.createNew = function(email, password, callback) {
var new_user = new users({'email': email, 'password': password});
new_user.save(function(err){
console.log('Save function');
if (err)
// return false;
callback (false);
else
//return true;
callback (true);
});
}
I find that whenever I'm using some module (db for example) and it's using a callback, I will often have to also use a callback for any function I wrap around it (unless I don't care about the results).
Here:
app.get('/registration', function (request, response) {
if (request.body.user.email && request.body.user.password) {
var user = new User();
// var result = user.createNew(request.body.user.email, request.body.user.email);
user.createNew(request.body.user.email, request.body.user.email, function (results) {
// do something with results (will be true or false)
// not sure why you have this with the actual registration stuff,
// but it's your site. :)
response.render('registration.html', config);
});
}
});
Also, you might want to put your object methods in the prototype, instead of:
this.createNew = function (....) {}
Try:
User.prototype.createNew = function ( ... ) { }
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Closures#Performance_considerations for info on why.
For a starting point on organising your Node.js app, try reading through the source code on this demo express.js app. Click here for the link
It's a fairly popular repo, which I often find myself referencing when building Node.js apps from scratch.
It may be a good reference for your project given it's done in an the MVC style and it uses mongoose. The routes are organised into a single file which can be found in config/routes.js. You should also take a look at the models in app/models/ for an alternative way to organise your user model
I've got a working node app where I need to connect to different DBs based on what user is connecting to the app via basicAuth.
Here's a sample:
// Authenticating function
var sgAuth = express.basicAuth(function(user, pass, callback){
if(config.credentials.clients[user] === undefined) {
callback(null, false);
} else {
callback(null, config.credentials.clients[user].password == pass);
}
});
// This function needs to know what user has authenticated
function putEvents(req, res) {
//How do I know what user authenticated in this request?
var authUser = ???;
var table = getUserTable(authUser);
...
}
app.post('/put', sgAuth, putEvents);
Storing username in sgAuth to some var surely won't work, because there can be many incoming connections from different users, so you can't guarantee that its the same user, right? Can this info be retrieved from the request header somehow?
The basicAuth() middleware will set req.user and req.remoteUser once authorized.
Though, note that the 2nd argument to the callback is expected to be the user, not simply an authorized boolean. But, it can be any truthy value you desire, including the user name.
callback(null, config.credentials.clients[user].password == pass ? user : null);
After that, you should be able to retrieve it with:
var authUser = req.user;
Note that: basicAuth is deprecated
Here the code:
app.use(express.basicAuth(function(user, pass, callback){
if(config.credentials.clients[user] === undefined) {
callback('user not found!!!');
} else {
if(config.credentials.clients[user].password === pass) {
callback(null, config.credentials.clients[user]);
} else {
callback('wrong pass!!!');
}
}
});
app.post('/put', function putEvents(req, res) {
console.log(req.user.name)
res.end();
});
Guys I am trying to get myself authenticated and for this I am using node.js and mongo DB.But the thing is that after registarion the user is not able to authenticate himself.Here is my snippet
app.post('/login',function(req,res){
ContactProvider.findAll(function(error, posts) {
var aut = req.body;
if (aut.user == posts.user && aut.pass == posts.pass) {
req.session.name = {name:aut.user};
res.redirect('/home');
} else {
res.send('Bad user/pass');
}
});
});
Below is my snippet for registering the user
app.post('/register',function(req, res) {
var post=req.body;
if(post.pass!=post.cpass) {
res.send("Error:Password doesnt match");
} else {
ContactProvider.save({
user: req.param('user'),
pass: req.param('pass'),
cpass: req.param('cpass'),
email: req.param('email')
}, function(error, docs) {
res.redirect('/');
});
}
});
The ContactProvider is the one below where post provider is a different file where all the mongoose things happen
var ContactProvider = require('./PostProvider').ContactProvider;
var ContactProvider= new ContactProvider();
This is the finone query in the postprovider file
ContactProvider.prototype.findone = function(name,pass, callback) {
Post.findOne({name:name},{pass:pass}, function (err, post) {
callback(null, post);
});
};
Something's seriously wrong with your code ( why you use name posts for an array of ContactProvider? ). You have to search for ContactProvider based on username and password. Something like this:
app.post('/login',function(req,res){
var aut = req.body;
ContactProvider.findOne(
{
user: aut.user,
pass: aut.pass
},
function(err, usr) {
if (error || !usr) {
res.send('Bad user/pass');
} else {
// we have a user, authenticate!
req.session.name = {name:aut.user};
res.redirect('/home');
}
}
);
});
SIDE NOTE: This is a very simple way of authenticating users, but it is not secure at all. You should read more about authentication and security in the internet. Very useful knowledge indeed.
EDIT: There's also an issue with your registration. Your data is stored in post variable, so use it on ContactProvider as well:
// some other code
ContactProvider.save({
user: post.user,
pass: post.pass,
cpass: post.cpass, // no need to store the same thing twice
email: post.email