반응형
session을 이용한 로그인 인증 구현
로그인 기능을 구현하여 올바른 값을 입력하여 로그인이 되면 생성 및 수정을 할 수 있는 권한을 주었고 또 로그인을 하면 설정해둔 닉네임이 웹 화면상에 등장하도록 하였다.
로그인을 하지 않았다면 생성 및 수정을 할 수 없도록 제한을 걸어두는 간단한 로그인 기능들을 구현하였다.
main.js
var express = require('express');
var app = express();
var fs = require('fs');
var bodyParser = require('body-parser');
var compression = require('compression');
var helmet = require('helmet')
app.use(helmet());
var session = require('express-session')
var FileStore = require('session-file-store')(session)
app.use(express.static('public'));
app.use(bodyParser.urlencoded({ extended: false }));
app.use(compression());
app.use(session({
secret: 'asadlfkj!@#!@#dfgasdg',
resave: false,
saveUninitialized: true,
store:new FileStore()
}))
app.get('*', function(request, response, next){
fs.readdir('./data', function(error, filelist){
request.list = filelist;
next();
});
});
var indexRouter = require('./routes/index');
var topicRouter = require('./routes/topic');
var authRouter = require('./routes/auth');
app.use('/', indexRouter);
app.use('/topic', topicRouter);
app.use('/auth', authRouter);
app.use(function(req, res, next) {
res.status(404).send('Sorry cant find that!');
});
app.use(function (err, req, res, next) {
console.error(err.stack)
res.status(500).send('Something broke!')
});
app.listen(3000, function() {
console.log('Example app listening on port 3000!')
});
routes/auth.js
var express = require('express');
var router = express.Router();
var path = require('path');
var fs = require('fs');
var sanitizeHtml = require('sanitize-html');
var template = require('../lib/template.js');
var authData = {
email: 'k0502s@naver.com',
password: '061599',
nickname:'jin seok'
}
router.get('/login', function(request, response){
var title = 'WEB - login';
var list = template.list(request.list);
var html = template.HTML(title, list, `
<form action="/auth/login_process" method="post">
<p><input type="text" name="email" placeholder="email"></p>
<p><input type="password" name="pwd" placeholder="password"></p>
<p>
<input type="submit" value="login">
</p>
</form>
`, '');
response.send(html);
});
router.post('/login_process', function(request, response){
var post = request.body;
var email = post.email;
var password = post.pwd;
if(email === authData.email && password === authData.password){
request.session.is_logined = true;
request.session.nickname = authData.nickname;
request.session.save(function(){
response.redirect(`/`);
});
}
else{
response.send('who?');
}
});
router.get('/logout', function (request, response) {
request.session.destroy(function(err){
response.redirect('/');
});
});
module.exports = router;
routes/index.js
var express = require('express');
var router = express.Router();
var template = require('../lib/template.js');
var auth = require('../lib/auth');
router.get('/', function(request, response) {
var title = 'Welcome';
var description = 'Hello, Node.js';
var list = template.list(request.list);
var html = template.HTML(title, list,
`
<h2>${title}</h2>${description}
<img src="/images/BR.jpg" style="width:300px; display:block; margin-top:10px;">
`,
`<a href="/topic/create">create</a>`,
auth.statusUI(request, response)
);
response.send(html);
});
module.exports = router;
routes/topic.js
var express = require('express');
var router = express.Router();
var path = require('path');
var fs = require('fs');
var sanitizeHtml = require('sanitize-html');
var template = require('../lib/template.js');
var auth = require('../lib/auth');
router.get('/create', function(request, response){
if (!auth.isOwner(request, response)) {
response.redirect('/');
return false;
}
var title = 'WEB - create';
var list = template.list(request.list);
var html = template.HTML(title, list, `
<form action="/topic/create_process" method="post">
<p><input type="text" name="title" placeholder="title"></p>
<p>
<textarea name="description" placeholder="description"></textarea>
</p>
<p>
<input type="submit">
</p>
</form>
`, '', auth.statusUI(request, response));
response.send(html);
});
router.post('/create_process', function(request, response){
if (!auth.isOwner(request, response)) {
response.redirect('/');
return false;
}
var post = request.body;
var title = post.title;
var description = post.description;
fs.writeFile(`data/${title}`, description, 'utf8', function(err){
response.redirect(`/topic/${title}`);
});
});
router.get('/update/:pageId', function(request, response){
if (!auth.isOwner(request, response)) {
response.redirect('/');
return false;
}
var filteredId = path.parse(request.params.pageId).base;
fs.readFile(`data/${filteredId}`, 'utf8', function(err, description){
var title = request.params.pageId;
var list = template.list(request.list);
var html = template.HTML(title, list,
`
<form action="/topic/update_process" method="post">
<input type="hidden" name="id" value="${title}">
<p><input type="text" name="title" placeholder="title" value="${title}"></p>
<p>
<textarea name="description" placeholder="description">${description}</textarea>
</p>
<p>
<input type="submit">
</p>
</form>
`,
`<a href="/topic/create">create</a> <a href="/topic/update/${title}">update</a>`,
auth.statusUI(request, response)
);
response.send(html);
});
});
router.post('/update_process', function(request, response){
if (!auth.isOwner(request, response)) {
response.redirect('/');
return false;
}
var post = request.body;
var id = post.id;
var title = post.title;
var description = post.description;
fs.rename(`data/${id}`, `data/${title}`, function(error){
fs.writeFile(`data/${title}`, description, 'utf8', function(err){
response.redirect(`/topic/${title}`);
})
});
});
router.post('/delete_process', function(request, response){
if (!auth.isOwner(request, response)) {
response.redirect('/');
return false;
}
var post = request.body;
var id = post.id;
var filteredId = path.parse(id).base;
fs.unlink(`data/${filteredId}`, function(error){
response.redirect('/');
});
});
router.get('/:pageId', function(request, response, next) {
var filteredId = path.parse(request.params.pageId).base;
fs.readFile(`data/${filteredId}`, 'utf8', function(err, description){
if(err){
next(err);
} else {
var title = request.params.pageId;
var sanitizedTitle = sanitizeHtml(title);
var sanitizedDescription = sanitizeHtml(description, {
allowedTags:['h1']
});
var list = template.list(request.list);
var html = template.HTML(sanitizedTitle, list,
`<h2>${sanitizedTitle}</h2>${sanitizedDescription}`,
` <a href="/topic/create">create</a>
<a href="/topic/update/${sanitizedTitle}">update</a>
<form action="/topic/delete_process" method="post">
<input type="hidden" name="id" value="${sanitizedTitle}">
<input type="submit" value="delete">
</form>`,
auth.statusUI(request, response)
);
response.send(html);
}
});
});
module.exports = router;
lib/template.js
module.exports = {
HTML:function(title, list, body, control, authStatusUI = '<a href="/auth/login">login</a>'){
return `
<!doctype html>
<html>
<head>
<title>WEB1 - ${title}</title>
<meta charset="utf-8">
</head>
<body>
${authStatusUI}
<h1><a href="/">WEB</a></h1>
${list}
${control}
${body}
</body>
</html>
`;
},list:function(filelist){
var list = '<ul>';
var i = 0;
while(i < filelist.length){
list = list + `<li><a href="/topic/${filelist[i]}">${filelist[i]}</a></li>`;
i = i + 1;
}
list = list+'</ul>';
return list;
}
}
lib/auth.js
module.exports = {
isOwner: function(request, response){
if(request.session.is_logined){
return true;
} else{
return false;
}
}, statusUI: function(request, response){
var authStatusUI = '<a href="/auth/login">login</a>'
if(this.isOwner(request, response)){
authStatusUI = `${request.session.nickname} | <a href="/auth/logout">logout</a>`;
}
return authStatusUI;
}
}
반응형
'프로그래밍 개발 > Express' 카테고리의 다른 글
| Express - passport.js로 로그인 기능 적용하기 (0) | 2021.01.18 |
|---|---|
| Express -passport.js 설치하기 (0) | 2021.01.18 |
| Express - express-session의 기본 개념 (0) | 2021.01.16 |
| Express - 쿠키를 이용한 인증 기능 구현하기 (0) | 2021.01.15 |
| Express - 쿠키의 옵션 (0) | 2021.01.15 |
댓글