我正在尝试为基于电子的桌面应用程序创建 NodeJS API 系统。该应用程序应允许使用用户名和密码进行基本登录,用户登录后,所有后续 API 调用都通过 id 和密钥进行身份验证。我在此处参考了有关使用 express-strompath 描述的指南。我无法像这样执行用户名/密码验证。
curl -L -H "Content-Type: application/json" -X POST -d '{"password":"Som3Pa55Word", "username":"user@domain.ai"}' http://ec2-54-88-168-7.compute-1.amazonaws.com:8000/api/v1.0/login
或通过 javascript
function Login() {
...
var user = {
username: 'user@domain.ai',
password: 'Som3Pa55Word ',
}
var req = {
method: 'POST',
url: apiBaseUrl + '/login',
headers: {
'Content-Type': 'application/json'
},
data: user
}
return $http(req).then(handleSuccess, handleError);
}
但是,当我使用 API 密钥时,我可以登录。
curl -L -H "Content-Type: application/json" -X POST --user ABCDEFGHIJKLMNOPQRSTUVWXYZ:AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz -d '{}' http://ec2-54-88-168-7.compute-1.amazonaws.com:8000/api/v1.0/login
或通过 javascript
var url = apiBaseUrl + '/login';
var sp_api_key_id = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
var sp_api_key_secret ='AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz';
get the Resource object w/ custom "get" method
$resource(url, {}, {
get: {
method: 'GET',
headers: {
Authorization: 'Basic ' +
$base64.encode(sp_api_key_id + ':' + sp_api_key_secret)
}
}
}).get().then(function(result) {
console.log("Loging Success")
});
显然,让用户将他们的 API 密钥输入到表单中进行身份验证是不方便的。我想知道为什么stormpath-express 接受API ID/Secret 组合但不接受用户名/密码。
这是我的 nodejs 服务器的代码
router.post('/login', stormpath.loginRequired, function (req, res, next) {
/*
* If we get here, the user is logged in. Otherwise, they
* were redirected to the login page
*/
var respnse = {
message: 'If you can see this page, you must be logged into your account!'
}
res.json(respnse);
res.status(200);
});
和 Stormpath 设置代码
// Config
app.use(stormpath.init(app, {
// TODO
// apiKeyFile: './app/config/stormpath_apikey.properties',
application: 'https://api.stormpath.com/v1/applications/ABCDEFGHIJKLMNOPQRSTUVWXYZ',
secretKey: settings.stormpath_secret_key,
web: {
login: {
enabled: false
},
register: {
uri: '/user/register'
},
preLoginHandler: function (formData, req, res, next) {
console.log('Got login request', formData);
next();
}
},
postLoginHandler: function (account, req, res, next) {
console.log('User:', account.email, 'just logged in!');
next();
}
}));