javascript - 如何通过 NodeJS 身份验证解决此问题？

Question

我正在尝试使用 Express 和 Cookie-Parser 进行身份验证。我不明白为什么如果我尝试检查 PersonLoginPOST，即使我传递的凭据完全错误，它也总是以代码 200 响应我。它起作用的独特情况是当我传递不同类型的凭据时。我在这里发布我的代码感兴趣的部分。

我的 index.js 是：

'use strict';

var fs = require('fs'),
    path = require('path'),
    http = require('http');

const express = require('express');
//const cors = require('cors');
const app = express();

//app.use(cors());
//let bodyParser=require("body-parser")
let cookieParser= require("cookie-parser");
let cookieSession=require("cookie-session");

//app.use(bodyParser.json())
app.use(cookieParser());
app.use(cookieSession({name: "session",keys:["abc","def"] }));
/*
app.use('/login', (req, res) => {
  res.send({
    token: 'test123'
  });
});
*/
//var app = require('connect')();
var swaggerTools = require('swagger-tools');
var jsyaml = require('js-yaml');
var serverPort = process.env.PORT || 5000;

这是我的 API

 /people/login:
    post:
      tags:
      - "person"
      summary: Login
      description: login with a form
      operationId: "personLoginPOST"
      consumes:
        - application/x-www-form-urlencoded
      produces:
        - application/json
      parameters:
      - name: telefono
        in: formData
        required: true
        type: integer
      - name: password
        in: formData
        required: true
        type: string
      responses:
        '200':
          description: succesfull login
        '401':
          description: unathorized
      x-swagger-router-controller: "Person"

这是控制器 Person.js 中的方法

 module.exports.personLoginPOST= function personLoginPOST (req,res,next){
    var telefono= req.swagger.params['telefono'].value;
    var password= req.swagger.params['password'].value;
    Person.personLoginPOST(telefono, password)
     .then(function (response) {
        req.session.uid = response.telefono;
        res.writeHead(301,{Location:"/"}); //redirect the client
        res.end();
    })
    .catch(function (response) {
      utils.writeJson(res, response);
    });

这是我在服务中的简单方法：

exports.personLoginPOST = function(telefono,password) {
  return new Promise(function(resolve, reject) {
    resolve();
  });
}