大佬教程收集整理的这篇文章主要介绍了node.js – 在用户注销后,如何防止浏览器的后退按钮访问受限信息?,大佬教程大佬觉得挺不错的,现在分享给大家,也给大家做个参考。
var express = require('express'),passport = require('passport'),LocalStrategy = require('passport-local').Strategy,mongodb = require('mongodb'),mongoose = require('mongoose'),bcrypt = require('bcrypt'),SALT_WORK_FACTOR = 10; mongoose.connect('localhost','test'); var db = mongoose.connection; db.on('error',console.error.bind(console,'connection error:')); db.once('open',function callBACk() { console.log('Connected to DB'); }); // User scheR_445_11845@a var userscheR_445_11845@a = mongoose.scheR_445_11845@a({ username: { type: String,required: true,unique: true },email: { type: String,password: { type: String,required: truE},accessToken: { type: String } // Used for Remember Me }); // Bcrypt middleware userscheR_445_11845@a.pre('save',function(next) { var user = this; if(!user.isModified('password')) return next(); bcrypt.genSalt(SALT_WORK_FACTOR,function(err,salt) { if(err) return next(err); bcrypt.hash(user.password,salt,hash) { if(err) return next(err); user.password = hash; next(); }); }); }); // password verification userscheR_445_11845@a.methods.comparepassword = function(candidatepassword,cb) { bcrypt.compare(candidatepassword,this.password,ismatch) { if(err) return cb(err); cb(null,ismatch); }); }; // Remember Me implementation Helper method userscheR_445_11845@a.methods.generateRandomToken = function () { var user = this,chars = "_!abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRstuVWXYZ1234567890",token = new Date().getTime() + '_'; for ( var x = 0; x < 16; x++ ) { var i = Math.floor( Math.random() * 62 ); token += chars.charAt( i ); } return token; }; // Seed a user var User = mongoose.model('User',userscheR_445_11845@a); // var usr = new User({ username: 'bob',email: 'bob@example.com',password: 'secret' }); // usr.save(function(err) { // if(err) { // console.log(err); // } else { // console.log('user: ' + usr.username + " saved."); // } // }); // Passport session setup. // To support persistent login sessions,Passport needs to be able to // serialize users into and deserialize users out of the session. Typically,// this will be as simple as storing the user ID when serializing,and finding // the user by ID when deserializing. // // Both serializer and deserializer edited for Remember Me functionality passport.serializeUser(function(user,donE) { var createAccessToken = function () { var token = user.generateRandomToken(); User.findOne( { accessToken: token },function (err,exisTingUser) { if (err) { return done( err ); } if (exisTingUser) { createAccessToken(); // Run the function again - the token has to be unique! } else { user.set('accessToken',token); user.save( function (err) { if (err) return done(err); return done(null,user.get('accessToken')); }) } }); }; if ( user._id ) { createAccessToken(); } }); passport.deserializeUser(function(token,donE) { User.findOne( {accessToken: token },user) { done(err,user); }); }); // Use the LocalStrategy within Passport. // Strategies in passport require a `verify` function,which accept // credentials (in this case,a username and password),and invoke a callBACk // with a user object. In the real world,this would query a database; // however,in this example we are using a baked-in set of users. passport.use(new LocalStrategy(function(username,password,donE) { User.findOne({ username: username },user) { if (err) { return done(err); } if (!user) { return done(null,false,{ message: 'UnkNown user ' + username }); } user.comparepassword(password,ismatch) { if (err) return done(err); if(ismatch) { return done(null,user); } else { return done(null,{ message: 'Invalid password' }); } }); }); })); var app = express(); // configure Express app.configure(function() { app.set('views',__dirname + '/views'); app.set('view ENGIne','ejs'); app.ENGIne('ejs',require('ejs-locals')); app.use(express.logger()); app.use(express.cookieParser()); app.use(express.bodyParser()); app.use(express.methodOverride()); app.use(express.session({ secret: 'keyboard cat' })); // CHANGE THIS SECRET! // Remember Me middleware app.use( function (req,res,next) { if ( req.method == 'POST' && req.url == '/login' ) { if ( req.body.rememberme ) { req.session.cookie.maxAge = 2592000000; // 30*24*60*60*1000 Rememeber 'me' for 30 days } else { req.session.cookie.expires = false; } } next(); }); // Initialize Passport! Also use passport.session() middleware,to support // persistent login sessions (recommended). app.use(passport.initialize()); app.use(passport.session()); app.use(app.router); app.use(express.static(__dirname + '/../../public')); }); app.get('/users',function(req,res) { var users = User.find(); console.log(users); res.send(users); }); app.get('/',res){ res.render('index',{ user: req.user }); }); app.get('/account',ensureAuthenticated,res){ res.render('account',{ user: req.user }); }); app.get('/login',res){ res.render('login',{ user: req.user,message: req.session.messages }); }); // POST /login // Use passport.authenticate() as route middleware to authenticate the // request. If authentication fails,the user will be redirected BACk to the // login page. Otherwise,the priMary route function function will be called,// which,in this example,will redirect the user to the home page. // // curl -v -d "username=bob&password=secret" http://127.0.0.1:3000/login // /***** This version has a problem with flash messages app.post('/login',passport.authenticate('local',{ failureRedirect: '/login',failureFlash: true }),res) { res.redirect('/'); }); */ // POST /login // This is an alternative implementation that uses a custom callBACk to // acheive the same functionality. app.post('/login',next) { passport.authenticate('local',user,info) { if (err) { return next(err) } if (!user) { req.session.messages = [info.message]; return res.redirect('/login') } req.logIn(user,function(err) { if (err) { return next(err); } return res.redirect('/'); }); })(req,next); }); app.get('/logout',res){ req.logout(); res.redirect('/'); }); app.listen(3000,function() { console.log('Express server listening on port 3000'); }); // Simple route middleware to ensure user is authenticated. // Use this route middleware on any resource that needs to be protected. If // the request is authenticated (typically via a persistent login session),// the request will proceed. Otherwise,the user will be redirected to the // login page. function ensureAuthenticated(req,next) { if (req.isAuthenticated()) { return next(); } res.redirect('/login') }
编辑
我想我可能会做些什么,但却无法让它发挥作用.做了一些研究后,
似乎我需要做的是阻止本地缓存.我正在尝试从我的app.configure函数中执行此操作:
app.configure(function() { app.use(function(req,next) { res.header('Cache-Control','no-cache,private,no-store,must-revalidate,max-stale=0,post-check=0,pre-check=0'); next(); }); });
但是,这似乎并没有影响我的标题.
以上是大佬教程为你收集整理的node.js – 在用户注销后,如何防止浏览器的后退按钮访问受限信息?全部内容,希望文章能够帮你解决node.js – 在用户注销后,如何防止浏览器的后退按钮访问受限信息?所遇到的程序开发问题。
如果觉得大佬教程网站内容还不错,欢迎将大佬教程推荐给程序员好友。
本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ:384754419,请注明来意。