英文:
please check my verification using email and password?
问题
I'll provide translations for the code you shared:
现在我正在尝试在我的类别控制器中检查用户是否已登录,如果已登录,则允许他发布类别,否则显示“您必须登录才能创建类别”,但不管用户是否已登录,类别都会被发布,这让我困扰了4个小时,因为我还是初学者。这是问题所在的地方,它绕过了:路由部分:routeCategory.post("/category", (req, res) => {if (!req.body || !req.body.category_id) {return res.status(400).send("类别丢失");}const id = req.body.category_id;const one = category.categoryData.find((Element) => Element.category_id === id);const email2 = req.params.email;const found = User.data.find((email) => email.email === email2);if (User.login(email2, req.body.password) == false) {return res.status(401).send("您未经授权");} else if (one) {return res.status(409).send("类别已存在");} else {const newCategory = {category_id: req.body.category_id,categoryName: req.body.categoryName,};category.createCategory(newCategory);return res.sendStatus(201);}});登录部分:static login = function (email, password) {// 检查数据数组中是否存在与输入的电子邮件和密码相同的用户// 如果是,则返回电子邮件const found = User.data.find((element) => {return element.email === email && element.password === password;});console.log(User.data);console.log(email, password);if (found) {return true;} else {return false;}};}
只提供了代码的翻译部分,没有其他内容。
英文:
now im trying to check in my category controller if user logged in let him post category otherwise show him "You must be logged in to create a category" but the category is posted wether user is logged in or not logged in it caused me frustration for 4 hours still beginner
this where the problem it bypass
routeCategory.post("/category", (req, res) => {if (!req.body || !req.body.category_id) {return res.status(400).send("category missing");}const id = req.body.category_id;const one = category.categoryData.find((Element) => Element.category_id === id);const email2 = req.params.email;const found = User.data.find((email) => email.email === email2);if (User.login(email2, req.body.password) == false) {return res.status(401).send("You are not authorized");} else if (one) {return res.status(409).send("Category already exists");} else {const newCategory = {category_id: req.body.category_id,categoryName: req.body.categoryName,};category.createCategory(newCategory);return res.sendStatus(201);}});
static login = function (email, password) {// checking if the email and password are in the data array// then the email and password must be the same as the user entered it// return email if it's right// const found = User.data.find(// (element) => element.email === email && element.password === password// );const found = User.data.find((element) => {return element.email === email && element.password === password;});console.log(User.data);console.log(email, password);if (found) {return true;} else {return false;}};}
答案1
得分: 0
控制访问应该通过单独的中间件来完成:
const checkAccess = (req, res, next) => {// 获取用户并检查要求if (/* 用户可以访问路由 */) {next()} else {next(new Error("无访问权限"))}}routeCategory.post("/category", checkAccess, (req, res) => {if (!req.body || !req.body.category_id) {....
此外,应该以一种无法使用 === 进行检查的方式存储密码,可以使用 bcrypt 或 argon2 进行密码哈希化。
英文:
Controlling access like this should be done via a separate middleware:
const checkAccess = (req, res, next) => {// fetch user and check requirementsif (/* user can access route*/) {next()} else {next(new Error("No access"))}}routeCategory.post("/category", checkAccess, (req, res) => {if (!req.body || !req.body.category_id) {....
Also you should be storing the password in a way that checking it with === isn't possible, use bcrypt or argon2 for password hashing.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论