我有一个名为authorized的全局变量,最初设置为false。然后在isAuth(..)函数中将其设置为true。
但最初向用户展示的是form,他应该在其中键入用户名,密码和pin,正如您在form中看到的那样(这里显示的是if(req.url == "/"))。然后form有一个调用TwoFA的动作。问题就在这里。我检查if((req.url == "/TwoFA" && !authorized) {,此时authorized应该设置为true,因为它是在isAuth(...)函数中设置的。当用户按下提交按钮时,它将url更改为"/TwoFA",然后首先将authorized变量更改为true。
我该怎么做呢?我希望它在执行/TwoFA函数之前运行检查isAuth(...)。这是我的代码
var authorized = false;
function isAuth(name, pass, pin) {
if(name === nameOK && pass === passOK && pin === pinOK) {
authorized = true;
return true;
} else {
return false;
}
}
var server = http.createServer(function(req, resp) {
if(req.method == "POST") {
collectRequestData(req, result => {
let uName = result.uName;
let pwd = result.pwd;
let pin = result.pin;
let tlf = result.tlf;
if(isAuth(uName, pwd, pin)) {
sendMail(token);
} else {
print("Wrong credentials");
return;
}
});
if(req.url == "/") {
resp.writeHead(200, { 'Content-Type': 'text/html'});
var html = "<!DOCTYPE html>n<html>"+
"<head>"+
"<title>Webproj</title>"+
"</head>"+
"<body>" +
"<div id='cDiv'>"+
"<h2> Welcome.</h2>"+
"<form action='TwoFA' method='post'>"+
"<p>Username <input type='text' id='uName' name='uName' /></p>"+
"<p>Password<input type='password' id='pwd' name='pwd' /></p>"+
"<p>Pin code<input type='password' pattern='[0-9]*' inputmode='numeric' id='pin' name='pin' /></p>"+
"<p>Your phone number (for the token)</p><p><input type='number' id='tlf' name='tlf' /></p>"+
"<p><input type='submit' value='Login'>"+
"</form>"+
"</div>"+
"</body>"+
"</html>";
resp.write(html);
return;
}
if((req.url == "/TwoFA" && !authorized) {
resp.writeHead(200, { 'Content-Type': 'text/html'});
resp.write('<html><body><p>You are not authorized to see this page</p></html>');
return;
}
});
function TwoFA(user, pwd) {
var html = "<!DOCTYPE html>n<html>"+
"<head>"+
"<title>Webproj</title>"+
"</head>"+
"<body>" +
"<div id='cDiv'>"+
"<h2> Enter token.</h2>"+
"<form action='finalPage' method='post'>"+
"<p>Username <input type='text' id='uName' name='uName' value='"+user+"' /></p>"+
"<p>Password<input type='password' id='pwd' name='pwd' value='"+pwd+"' /></p>"+
"<div id='token' style='visibility: visible;'>Token<input type='number' name='token' /></div>"+
"<p><input type='submit' value='Login'>"+
"</form>"+
"</div>"+
"</body>"+
"</html>";
return html;
}
server.listen(1110);
我找到了一个题目,几乎有类似的问题,但我没有找到解决方案在任何操作之前执行代码
我没有其他认证检查函数,所以我不得不使用虚拟函数进行测试,这并不能使其非常可靠。然而,我认为你想要的结果是可以通过在req.url == "/TwoFa"中包装你的req.method == POST来实现的,如下所示:
if (req.url == "/TwoFA") {
if (req.method == "POST") {
collectRequestData(req, result => {
let uName = result.uName;
let pwd = result.pwd;
let pin = result.pin;
let tlf = result.tlf;
if (isAuth(uName, pwd, pin)) {
sendMail(token);
} else {
print("Wrong credentials");
return;
}
});
}
if (!authorized) {
resp.writeHead(200, { 'Content-Type': 'text/html' });
resp.write('<html><body><p>You are not authorized to see this page</p></html>');
resp.end();
}
}
isAuth()在之前运行。在此之前,您的req.url在req.method之前被检查。
还有,这里和那里有一些拼写错误和不匹配的括号,你的if((req.url == "/TwoFA" && !authorized)就是一个例子。
让我知道这是否适合你!