As a development tool for implementing server-side JavaScript runtime environment, Node.js has gradually been widely used. Node.js provides a way to write network applications in an event-driven manner, allowing developers to easily set up servers and build web-based applications.
In many web applications, user login is a very important part. Administrators need to log in to the backend management system to manage data and business. Therefore, in Node.js, it is necessary to implement basic login authentication. This process requires a series of operations such as user identity authentication and callback management.
This article will introduce some common login authentication methods in Node.js, including using middleware, using session session management, and using JSON Web Token (JWT) to implement token authentication.
Using middleware
In Node.js, middleware is an important concept that handles HTTP requests and allows modification of the response and the decision to pass the request to the next middleware. Therefore, implementing the login function can also be completed through middleware.
The biggest benefit of using middleware is that it can improve the readability and maintainability of the code. At the same time, it can also reduce repeated modules of code.
Code example:
const express = require('express');
const app = express();
const port = 3000;
//中间件
app.use(express.urlencoded({extended: false}));
app.use(express.json());
//登录页面
app.get('/login', function(req, res) {
res.sendFile(__dirname + '/login.html');
});
//登录验证
app.post('/login', function(req, res){
const username = req.body.username;
const password = req.body.password;
if(username === 'admin' && password === '123456'){
// 验证成功,则可以将用户信息存储到session中
req.session.userinfo = req.body;
res.send('登录成功');
}else{
res.send('用户名或密码错误!');
}
});
app.listen(port, function(){
console.log(`Server is running on port ${port}`);
});Copy after login
In the above code, we have used the express middleware to handle HTTP requests and responses, and express-sessionMiddleware manages user sessions.
Use session session management
In Web development practice, session refers to a mechanism for storing information on the server side. It is stored in the form of key-value, the key is the sessionID, and the value is an object in JSON format, which can store the user's identity information, permission information, etc.
To implement basic session management in Node.js, you need to use express-sessionmiddleware. When using the express-session middleware, you need to set a parameter secret for signature, which can ensure the security of the session. At the same time, you need to set the resave parameter and the saveUnitialized parameter to false, which can avoid session rewriting and save uninitialized sessions.
Code example:
const express = require('express');
const app = express();
const session = require('express-session');
const port = 3000;
//使用express-session中间件
app.use(session({
secret: 'sessiontest',
resave: false,
saveUnitialized: false,
cookie: {
maxAge: 1000 * 60 * 30
}
}));
// 登录页面
app.get('/login', function(req, res) {
res.sendFile(__dirname + '/login.html');
});
//登录验证
app.post('/login', function(req, res){
const username = req.body.username;
const password = req.body.password;
if(username === 'admin' && password === '123456'){
// 验证成功,则可以将用户信息存储到session中
req.session.userinfo = req.body;
res.send('登录成功');
}else{
res.send('用户名或密码错误!');
}
});
//后台页面
app.get('/admin', function(req, res){
// 验证session中是否存储了用户信息
const userinfo = req.session.userinfo;
if(userinfo && userinfo.username){
res.sendFile(__dirname + '/admin.html');
}else{
//如果未存储,则重定向到登录页面
res.redirect('/login');
}
});
app.listen(port, function(){
console.log(`Server is running on port ${port}`);
});Copy after login
Use JSON Web Token (JWT) to implement token authentication
In addition to using session to manage user login status, you can also use JSON Web Token ( JWT) to implement token authentication. JWT is a lightweight, secure, and flexible authentication protocol. In this protocol, the server generates a token containing user information and then returns the token to the client. Subsequent requests need to carry the token in the HTTP header.
The advantage of using JWT is that it does not need to store user information on the server, but encodes the user information into the token, thus reducing the storage pressure on the server. At the same time, since the token contains user information, user identity information can be easily transferred between the client and server.
To use JWT, you need to use the jsonwebtoken library to implement query operations, which can work in node.js and work in the browser. When using jsonwebtoken, you need to set a key and validity period to ensure that the generated token can be authenticated and accepted.
Code example:
const express = require('express');
const jwt = require('jsonwebtoken');
const app = express();
const port = 3000;
//生成Token
app.post('/login', function(req, res){
const username = req.body.username;
const password = req.body.password;
if(username === 'admin' && password === '123456'){
const userinfo = {
name: username
}
//在jsonwebtoken中生成Token
jwt.sign(userinfo, 'secretkey', {expiresIn: '10min'}, function(err, token){
if(err) throw err;
res.json({
token: token
});
})
}else{
res.send('用户名或密码错误!');
}
});
// 验证Token
app.get('/admin', verifyToken, function(req, res){
res.sendFile(__dirname + '/admin.html');
});
//中间件,用于验证Token
function verifyToken(req, res, next){
//从请求头中获取Token
const bearerHeader = req.hearders['authorization'];
if(typeof bearerHeader !== 'undefined'){
const bearerToken = bearerHeader.split(' ')[1];
// 在jsonwebtoken中验证Token
jwt.verify(bearerToken, 'secretkey', function(err, data){
if(err) res.sendStatus(403);
req.userinfo = data;
next();
});
}else{
res.sendStatus(403);
}
};
app.listen(port, function(){
console.log(`Server is running on port ${port}`);
});Copy after login
Through the above method, we can implement basic login authentication function in Node.js. Different solutions can be selected based on specific business needs. At the same time, you also need to pay attention to the security and stability of login to ensure that no loopholes will occur and user data will be damaged.
The above is the detailed content of How to log in to the backend with nodejs. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
