you have to define put the authenticate middleware of passport before your
router, so it validates the session token. look here
http://passportjs.org/guide/configure/ in the Middleware paragraph
Am Mittwoch, 16. April 2014 01:49:50 UTC+2 schrieb Alejandro Paciotti
Iacchelli:
>
> I’m developing an app with a api for serve data previous authentication.
>
> This app is in a server (port:3000) and the application is in another
> server (8080)
>
> The route that validates users on the server by post is:
>
>
>
> app.post('/API/login', passport.authenticate('local',{session: true}),
>
> *function*(req, res) {
>
> res.json({uncodigocualquiera: '24521046'});
>
> });
>
>
>
> And the route that serves the data is:
>
> app.get('/API/datos/:uncodigo', auth, *function*(req, res){
>
> codigocliente = req.params.uncodigo;
>
> /*
>
> ...
>
> ... go to the database…
>
> ...
>
> */
>
> res.json(rsDatosClientes);
>
> }
>
>
>
> Here is the code that validate whether the user is authenticated
>
> *var* auth = *function*(req, res, next){
>
> *if* (!req.isAuthenticated())
>
> res.send(401);
>
> *else*
>
> next();
>
> };
>
> And, if I write in the browser:
> *http://localhost:3000/api/login?username=admin&password=admin
> <http://localhost:3000/api/login?username=admin&password=admin>*
>
>
>
> I receipt correctly:
>
> { "uncodigocualquiera": "24521046" }
>
>
>
> And then, if I write in the browser:
>
>
>
> *http://localhost:3000/api/datos/29427604
> <http://localhost:3000/api/datos/29427604>*
>
>
>
> also receive a json perfectly.
>
>
>
> In the client side, with Angular, or from another domain, this work fine:
>
>
>
> *var* datos = {'username':'admin', 'password':'admin'};
>
> *var* futureResponse = $http.post('http://localhost:3000/API/login', datos
> )
>
>
>
> futureResponse.success(*function* (data, status, headers, config) {
>
> $scope.uncodigocualquiera = data.uncodigocualquiera;
>
> });
>
>
>
> futureResponse.error(*function* (data, status, headers, config) {
>
> *throw* *new* Error('Something went wrong...');
>
> });
>
>
>
> But with Angular, from another domain, even if I have already identified,
> I want to access the path that serves customer data and gives me error 401:
>
>
>
> *var* futureResponse = $http.get('http://localhost:3000/API/datos/' +$scope
> .codigocliente);
>
> futureResponse.success(*function* (data, status, headers, config) {
>
> $scope.razonsocial = data.razonsocial;
>
> });
>
>
>
> futureResponse.error(*function* (data, status, headers, config) {
>
> *throw* *new* Error('Something went wrong...');
>
> });
>
>
>
>
>
>
>
> Someone could explain me what I'm doing wrong?
>
>
>
> PD: Sorry for my English, I know it's not very good.
>
>
>
> [email protected] <javascript:>
>
--
--
Job Board: http://jobs.nodejs.org/
Posting guidelines:
https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en
---
You received this message because you are subscribed to the Google Groups
"nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
