node.js - how to set Sessions when log in using Passport and Express in order to req.user._id? -


i have mean app based in tutorial: https://www.youtube.com/watch?v=uonz0lewft0&t=113s (great 1 way).

the functionality includes: register, login, authentication using jwt strategy , sessions.

to handle sessions uses front end (angular2) store user credentials in localstorage of browser.

i think lack of security , want include list belongs user, having 2 models 'users' , 'tasks' (one many). that's why need current user._id reference. example post newtask:

var task = new task({     title: req.body.title,     owner : req.user._id });

i read way handle sessions, storing current user @ backend, using passport. after reading documentation i'm little bit confused, perhaps answer questions:

  • where should include serializeuser , deserializeuser methods? intuit must when user makes log in, this:

    router.post('/authenticate', (req, res, next)=> {   const username = req.body.username;   const password = req.body.password; user.getuserbyusername(username, (err, user)=>{     if(err) throw err;     if(!user){         return res.json({success: false, msg: 'user not found'});     }     user.comparepassword(password, user.password, (err, ismatch) =>{         if(err) throw err;         if(ismatch){ ///------------- here ------------------                 passport.serializeuser(function(user, done) {                 done(null, user.id);                 });                 passport.deserializeuser(function(id, done) {                 user.findbyid(id, function(err, user) {                     done(err, user);                 });             });             const token = jwt.sign(user, config.secret, {                 expiresin: 604800 //1 week             });             res.json({                 success: true,                 token:'jwt '+token,                 user:{                     id: user._id,                     name: user.name,                     username: user.username,                     email: user.email                 }             });         }else{             return res.json({ success: false, msg:"wrong password"});         }     }); }); });

  • where session stored? (i'm using mongodb)

  • is enough make req.user anywhere or should include middleware strategy or install dependencies such 'express-session' or 'cookieparser', etc.. ?

thank beforehand.


Comments

Post a Comment

Popular posts from this blog

c# - Update a combobox from a presenter (MVP) -

i using mvp in project, new in mvp. have 2 comboboxes. when select option in combobox, combobox should filled new data. this action in presenter. view 'view1' in presenter, , introduced combobox1 , combobox2 properties in 'view1', because need 'datasource', 'displaymember', 'valuemember' , 'refresh()' in method below. but, when using pattern, enough send property like public string combobox2 { { return combobox1.selectedvalue.tosstring(); } } into presenter not whole combobox. how can solve problem? public void onselectedindexchangedcombobox1() { if (view1.combobox1.selectedindex == -1) { return; } datatable dt = tools.getdatatable("a path"); var query = (from o in dt.asenumerable() o.field<string>("afield") == farmerview.combobox1.selectedvalue.tostring() orderby o.field<string>("anotherfield") select...
Read more

How to understand 2 main() functions after using uftrace to profile the C++ program? -

i trying uftrace profile following simple c++ program: #include <iostream> class { public: a() {std::cout << "a created" << std::endl;} ~a() {std::cout << "a destroyed" << std::endl;} }; int main() { a; return 0; } the profile result this: # uftrace a.out created destroyed # duration tid function 2.026 [ 4828] | __cxa_atexit(); [ 4828] | main() { [ 4828] | __static_initialization_and_destruction_0() { 89.397 [ 4828] | std::ios_base::init::init(); 0.768 [ 4828] | __cxa_atexit(); 93.029 [ 4828] | } /* __static_initialization_and_destruction_0 */ 94.425 [ 4828] | } /* main */ [ 4828] | main() { [ 4828] | a::a() { 11.104 [ 4828] | std::operator <<(); 10.825 [ 4828] | std::basic_ostream::operator <<(); 24.514 [ 4828] | } /* a::a */ [ 4828] | a::~a() { 0.978 [ 4828] | ...
Read more

How to put a lock and transaction on table using spring 4 or above using jdbcTemplate and annotations like @Transactional? -

i trying put lock on table while writing on table , if happened in between roll-back . trying convert below code lock table test_g1 read; lock table test_g write; -- begin; start transaction; insert test_g1 values(143); insert test_g values(145); select * test_g1; select * test_g; rollback; select * test_g; unlock tables; how convert above code @transactional spring jdbctemplate code? @transactional(rollbackfor={dataaccessexception.class}) public void test(){ jdbctemplate.execute("insert test1 (id, nam) values (4, 'a')"); throw new dataaccessexception("error") { }; } here trying throw error, insert statement should rollback it's not happening . thanks edit-1 attaching code , doing in jdbcdaoimpl.java , mentioned problem comment above test() . app.java package com.cgiri.javabrains.spring4; import org.springframework.beans.factory.annotation.autowired; import org.springframework.context.applic...
Read more