6

我正在尝试使用和组合一个小应用NodeJS程序。请求授权时 -这是一个 3 步过程,首先需要获取,然后用户授权他们访问保管箱页面,然后才请求,基于用户已授权请求的事实。node-dboxExpressDropBoxrequest_tokenaccess_tokenrequest_token

但是,当我为第 1 步和第 2 步提供页面时(获取request_token并为用户提供 url) -request_token实例已经消失了!所以在第 3 步中我无法请求access_token,因为它需要request_token通过

我正在尝试保存request_token在 cookie 中,但鉴于其中包含敏感数据,将其发送给客户端可能不是一个好主意。有任何想法吗?

简化代码如下:

(function() {
    var dbox = require('dbox'),
        config = require('easy-config'),
        express = require('express'),
        dboxApp = dbox.app(config.dropbox_credentials),
        app = express();

    app.use(express.cookieParser());

    app.get('/', function(req, res) {
        dboxApp.requesttoken(function(status, request_token) {
            res.cookie('request_token', JSON.stringify(request_token));
            res.send("<a href='" + request_token.authorize_url + "' targe='_new'>authorize via dropbox</a><br/>" + "<a href='/next'>next</a>");
        });
    });

    app.get('/next', function(req, res) {
        var request_token = JSON.parse(req.cookies.request_token);
        if(request_token) {
            dboxApp.accesstoken(request_token, function(status, access_token) {
                var client = dboxApp.client(access_token);
                client.account(function(status, reply){
                  res.send(reply);
                });
            });
        } else {
            res.send('sorry :(');
        }
    });

    app.listen(3000);

})();

额外的问题:client是用创建的access_token,所以无论是客户端实例还是access_token需要在页面刷新之间进行维护,最好的方法是什么?

4

1 回答 1

2

我设法通过执行以下操作使其工作:

根据 Dropbox Developer 参考,您可以通过指定回调 url 以及此处所述的请求来提供回调 url:

https://www.dropbox.com/developers/blog/20

https://www.dropbox.com/1/oauth/authorize?oauth_token=<request-token>&oauth_callback=<callback-url>

通过将请求令牌存储在会话中并重定向到回调 url,您就可以访问请求令牌并继续前进。几个 Express 路由处理程序,将成员 ID 作为参数传递,请求然后处理响应可能如下所示:

 linkAccount : function(req, res){
      var  memberId = req.params.memberId,
        appKey = 'MYAPPKEY',
        appSecret = 'MYAPPSECRET',
        dbox = require('dbox'),
        dboxApp = dbox.app({ "app_key": appKey, "app_secret": appSecret });


      req.session.dboxStore = {};
      req.session.dboxStore.dboxApp = dboxApp;

      dboxApp.requesttoken(function(status, request_token){
        req.session.dboxStore.request_token = request_token;
        console.log("request_token = ", request_token);

        res.redirect('https://www.dropbox.com/1/oauth/authorize?oauth_token='+request_token.oauth_token+
          '&oauth_callback=http://myhost.local/linksuccess/dropbox/'+memberId);
        res.end;
      });
    },

    linkSuccess : function(req, res){
      var memberId = req.params.memberId;
      var appKey = 'MYAPPKEY';
      var appSecret = 'MYAPPSECRET';
      var dbox = require('dbox');
      var dboxApp = dbox.app({ "app_key": appKey, "app_secret": appSecret });
      var request_token = req.session.dboxStore.request_token;

      dboxApp.accesstoken(request_token, function(status, access_token){
        console.log('access_token = ', access_token);

        Member.setAuthToken(memberId, 'dropbox', access_token, function(err, member){
          res.render('index', { title:'SUCCESSFUL DROPBOX AUTH' });
          res.end;
        });
      });
    }
于 2013-03-18T22:52:03.863 回答