javascript - express passport nginx 代理不适用于旧版浏览器
问题描述
我确认这在 Chrome 55 上失败了,并且在我的客户使用旧版 Firefox 时失败了。Passport成功完成登录,在inspector中可以看到cookie。但是下一个页面请求缺少 req.user 。我在会话设置中尝试了所有 cookie 类型的组合。我正在使用 nginx 代理,这适用于较新的浏览器。尝试删除 gzip,并进行了大量研究。并排(干净的 Windows 7 x64 virtualbox 中的 chrome 55 和 chrome 70+(在 Brave 中))显示没有控制台输出差异,直到 chrome 55 中的下一个请求。
编辑:看起来像旧版浏览器没有调用反序列化,req.logIn() 到底是怎么说一切正常的?withCredentials: true,我还尝试了在 fetch for /log_in 帖子中的 SO 答案和cookie:{secure: 'auto'}
连载:
function serialize(account, cb) {
cb(null, account.email)
}
function deserialize(email, cb) {
console.log("deserialize");
getAccount(email, function (err, account) {
if (err) {
log('deserialize err',err)
return cb(err)
}
cb(null, account)
})
}
nginx的配置:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name xxxxxxxxxxxxx
root xxxxxxxxxxxxxxx;
index index.html;
gzip on;
gzip_types text/plain application/xml application/javascript text/css;
gzip_proxied no-cache no-store private expired auth;
gzip_min_length 1000;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 1000;
proxy_send_timeout 1500;
proxy_read_timeout 2000;
}
登录代码:
app.post('/log_in', loggedOut, function(req, res, next) {
passport.authenticate('local', function(err, user, info) {
if (err) {
log('/log_in passport Error',err)
return res.json({error:true, msg:SWR})
}
if (!user) {
log('/log_in passport incorrect login credentials Error')
return res.json({error:true, msg:"Incorrect name, email or password"})
}
log('/log_in trying to logIn()',user.username,'|',user.email)
req.logIn(user, function(err) {
console.log(user) // always shows correct
console.log(req.user) // always shows correct
if (err) {
log('/log_in passport login Error')
return res.json({error:true, msg:SWR})
}
if (req.body.remember) {
req.session.cookie.maxAge = SECS_IN_30_DAYS*1000 // ms
} else {
req.session.cookie.expires = false
}
log(`/log_in passport Success (Remeber-me ${req.body.remember})`)
return res.json({error:false})
})
会议:
exports.redis_session = session({
secret: process.env.SESSION_SECRET,
store: new redis_store({
host: '127.0.0.1',
port: 6379,
client: redis.createClient(),
ttl: SECS_IN_30_DAYS
}),
saveUninitialized: true,
resave: false,
proxy: true,
cookie: {
maxAge: SECS_IN_5_MINS * 1000, // in ms, overwritten if remember-me-30-day is ticked
httpOnly: true,
secure: true,
sameSite: 'Lax'
}
})
表示:
app.set('views', __dirname + '/views')
app.set('view engine', 'ejs')
app.set('trust proxy', 1)
app.use(morgan('logFormat')) // console
app.use(morgan('logFormat', {"stream": logStream})) // file
// app.use(helmet())
app.use(express.urlencoded({ extended: false, parameterLimit: BODY_PARAM_LIMIT }))
app.use(express.json({limit: BODY_SIZE_LIMIT}))
app.use(db.redis_session)
app.use(passport.initialize())
app.use(passport.session())
// fix deleted user with valid cookie
app.use(function(err, req, res, next) {
if (err) {
log('cookie logout starting')
req.logout() // So deserialization won't continue to fail.
res.redirect('/sign_out')
} else {
next()
}
})
log('[HTTP] Port', HTTP_PORT)
app.listen(HTTP_PORT)
}