1

我有三种用户:

  1. 查看者(登录链接:auth/ v /twitter)
  2. 创建者(登录链接:auth/ c /twitter)
  3. 管理员(登录链接:auth/ a /twitter)

而且我还有 3 个不同的数据库/集合

  1. c_viewer
  2. c_creator
  3. c_admin

每种用户都有不同的登录链接。

现在让我们看一下代码

var passport = require('passport')
   ,TwitterStrategy = require('passport-twitter').Strategy;

passport.use(new TwitterStrategy({
  consumerKey: config.development.tw.consumerKey,
  consumerSecret: config.development.tw.consumerSecret,
  callbackURL: config.development.tw.callbackURL
},

function(token, tokenSecret, profile, done) {
  process.nextTick(function(req, res) {
    var query = User.findOne({ 'twId': profile.id});
    query.exec(function(err, oldUser){
      if(oldUser) {
        done(null, oldUser);
      } else {
        var newUser = new User();
        newUser.twId = profile.id;
        newUser.twUsername = profile.username;
        newUser.name = profile.displayName;
        newUser.avatar = profile.photos[0].value;
     -> newUser.age = req.body.creator.age; ???
        newUser.save(function(err) {
          if(err) throw err;
          done(null, newUser);
        });
      };
    });
  });
}));

app.get('/auth/c/twitter', passport.authenticate('twitter'),
function(req, res) {
  var userUrl = req.url;
  // codes to pass the userUrl to TwitterStrategy
});
app.get('/auth/twitter/callback', 
passportForCreator.authenticate('twitter', { successRedirect: '/dashboard', failureRedirect: '/' }));

这是我的表格

<input type="text" name="creator[age]" placeholder="How old are you?">
<a id="si" class="btn" href="/auth/c/twitter">Sign in</a>

我的问题:

1.我们可以将<input>数据传递给登录过程吗?所以我们可以读取 TwitterStrategy 中的输入数据,并保存到数据库
2.我们可以从登录 url (auth/ c /twitter) 中获取“c”并将其传递给 TwitterStrategy 吗?所以我们可以简单地签入不同的数据库/集合并更改查询。

4

1 回答 1

3

这个想法是在将用户重定向到 twitter 以进行身份​​验证之前存储您的值,并在用户返回后重新使用这些值。

OAuth2 包含范围参数,非常适合这种情况。不幸的是,TwitterStrategy 基于 OAuth1。但我们可以解决它!

下一个技巧是关于创建用户的时间。声明策略时不应该这样做(因为您无法访问输入数据),但稍后,在最后一个身份验证回调中, 请参见此处的回调参数

宣布你的策略: 

passport.use(new TwitterStrategy({
  consumerKey: config.development.tw.consumerKey,
  consumerSecret: config.development.tw.consumerSecret,
  callbackURL: config.development.tw.callbackURL
}, function(token, tokenSecret, profile, done) {
  // send profile for further db access
  done(null, profile);
}));

声明您的身份验证 URL 时(对 a/twitter 和 v/twitter 重复): 

// declare states where it's accessible inside the clusre functions
var states={};

app.get("/auth/c/twitter", function (req, res, next) {
  // save here your values: database and input
  var reqId = "req"+_.uniqueId();
  states[reqId] = {
    database: 'c',
    age: $('input[name="creator[age]"]').val()
  };
  // creates an unic id for this authentication and stores it.
  req.session.state = reqId;
  // in Oauth2, its more like : args.scope = reqId, and args as authenticate() second params
  passport.authenticate('twitter')(req, res, next)
}, function() {});

然后在声明回调时: 

app.get("/auth/twitter/callback", function (req, res, next) {
  var reqId = req.session.state;
  // reuse your previously saved state
  var state = states[reqId]

  passport.authenticate('twitter', function(err, token) {
    var end = function(err) {
      // remove session created during authentication
      req.session.destroy()
      // authentication failed: you should redirect to the proper error page
      if (err) {
        return res.redirect("/");
      }
      // and eventually redirect to success url
      res.redirect("/dashboard");
    }

    if (err) {
      return end(err);
    }

    // now you can write into database:
    var query = User.findOne({ 'twId': profile.id});
    query.exec(function(err, oldUser){
      if(oldUser) {
        return end()
      } 
      // here, choose the right database depending on state
      var newUser = new User();
      newUser.twId = profile.id;
      newUser.twUsername = profile.username;
      newUser.name = profile.displayName;
      newUser.avatar = profile.photos[0].value;
      // reuse the state variable
      newUser.age = state.age
      newUser.save(end);
    });
  })(req, res, next)
});
于 2013-08-22T08:24:50.073 回答