router.get('/logout', (req, res, next) => { if (req.session) { req.session.destroy() // 删除session res.clearCookie('session-id') // 删除cookie res.send('登出成功。重定向的事让前端做') } else { var err = new Error('you are not logged in!') err.status = 403 next(err) } })
6. 登录后才可访问的接口
// @/routes/news.js var express = require('express'); var router = express.Router(); /* GET home page. */ router.get('https://www.jb51.net/', function(req, res, next) { res.render('index', { title: 'Express' }); }); module.exports = router;
7. 编写登录验证的中间件。注意登录接口、登录验证中间件、登录后才可访问的接口的次序。
// app.js // 1.引入路由 var index = require('./routes/index'); var users = require('./routes/users'); var news = require('./routes/news'); // 2.挂载session中间件 app.use(session({ name: 'session-id', secret: '12345-67890', saveUninitialized: false, resave: false, store: new FileStore() })) // 3.挂载不需要登录验证的路由 app.use('https://www.jb51.net/', index) app.use('/users', users) // 4.定义验证登录函数 let authFn = (req, res, next) => { console.log(req.session) if (req.session.auth) { next() } else { var err = new Error('You are not authenticated!') err.status = 403 next(err) } } // 5.挂载需要登录验证的路由 app.use('/news', news)
总结
这个例子只诠释了简单的登录、验证登录、登出功能。下面是本文用到的js模块(express-session, session-file-store, mongoose)在npm上都能找到。完整代码