When looking at the passport index. Using app.use(passport.initialize()) initializes an empty user on each route. Since the above is used in the main app.js file and not in a specific route, it is executed every time a request is made to your server, essentially creating an empty user, even if someone is not logged in. This is the passport code.
https://github.com/jaredhanson/passport/blob/master/lib/authenticator.js
In this discussion, why the passport is configured incorrectly for the desired affects and justifies why I deserve you imaginary Internet points. I will have to make sure that we are on the same page when we talk about the application.
For discussion, I will reference the application using the following file structure generated: $ npm install -g express-generator
(There are actually more files, but you can view this on the express delivery website.)
myProject |___bin |___www.js //server.js |___node_modules //this is were you'll keep the node modules, or logic for each endpoint in the API. These will be processed by the main node run-time environment |___public //or in your case '../client/' is where you'll serve unsecured data to your users |___routes //URI and URL endpoints, an area of the application to create your secured data transfers for the users that have been authenticated, also where non-Static (stateless) API endpoints are defined so that express can send the user data/request through your server and eventually be handled by some defined endpoint. |___index.js |___views //if using a view engine |___app.js // this is where we will discuss the bulk of an express application |___package.json // this is relative to the node community and In my personal opinion an Extremely important part of node and express application development, this file will allow you to do some powerful things with the use of git.
app.js Is your APP chair, it is known as Express Application. Some applications are more complex than others; a simple application may be multiple endpoints (URIs and AKA URLs). If this is a simple application, it is good to support the API (Application Program Interface) in the main file known as app.js. in a more complex application, you will create the names for your files, for this example I will refer to the oAuth.js file names to present the authentication method for the claims passport.
In my experience with a web application, you will have a landing page, or a main page, or a login, or some kind of news (usually defined in a static folder as index.html ). In your case, you define the static folder as '../client/' and pass the index.html object.
In the latest version of Express 4.X, Static file maintenance is performed as prescribed.
Service files such as images, CSS, JavaScript, and other static files are executed using Express's built-in express - express.static.
Pass the name of the directory that should be marked as a location from static assets to express.static middleware to start serving files directly. For example, if you save your images, CSS, and JavaScript files in a directory called public, you can do this:
The express generator will create the following app.js file, which is configured in a very important way. In this first part, there are some very useful node modules that are not convincing as expressed, and ultimately, where you import some of your own node APIs
var express = require('express'), path = require('path'), //core node module logger = require('morgan'), //allows you to see the console.logs during development and see incoming and outgoing messages to the server. It also displays `console.log()` defined in any node_module, express route, and express app file. cookieParser = require('cookie-parser'), //helps when trying to handle cookies bodyParser = require('body-parser'); //helps when parsing certain types of data
routes are like mini express applications, remember when we first discussed how some applications can become more complex than others? This is how you manage complexity so your application can grow and flourish. Assuming you want to add new features to your loving and wonderful users.
var route = require('.routes/index',// this is importing the the logic of the URI and URL enpoint to this file. It will be referenced as the second argument in the route and configuration references below. oAuth = require('.routes/oauth') // this is the file where you'll place all of the passport logic you have previously wrote. Any other authenticated routes need to be defined in this file. // view engine setup app.set('views', path.join(__dirname, 'views')); app.set('view engine', 'jade'); //alot of people are also using EJS equally if not more
Now configure the main intermediaries provided by the express generator
app.use(logger('dev')); app.use(bodyParser.urlencoded({ extended: true })); app.use(bodyParser.json()); app.use(bodyParser.json({ type: 'application/vnd.api+json' })); app.use(cookieParser()); app.use(express.static(path.join(__dirname, 'public')));
The URL and route URLs are determined by you -> express. It takes the form of lines and a link to it at the top of this file.
app.use('/', routes);
this express use of objects will allow you to define APIs, authorized and unauthorized routes. Here you will indicate your link to the authenticated part of the Express application. Any part of the application stated above by app.use('/auth/',oAuth) will NOT be authenticated. Any part declared below the /auth/ your URIs and URLs. It will be completed.
app.use('/auth/', oAuth);
Some additional functions that the express generator will place in the application file are extremely useful.
// catch 404 and forward to error handler app.use(function(req, res, next) { var err = new Error('Not Found'); err.status = 404; next(err); }); // development error handler // will print stacktrace if (app.get('env') === 'development') { app.use(function(err, req, res, next) { res.status(err.status || 500); res.render('error', { message: err.message, error: err }); }); } // production error handler // no stacktraces leaked to user app.use(function(err, req, res, next) { res.status(err.status || 500); res.render('error', { message: err.message, error: {} }); });
Because you pollute the application namespace with unnecessary complexity, it inadvertently causes unwanted authentication. This goes deeper, as it concerns the formatting and configuration of the application program interface and how javascript files are executed in the node runtime, as well as how the express applications environment should be used and configured when creating complex applications that require authentication for access.
Now back to your question about why you keep getting an authenticated user, although no one has logged in? This is because you are using app.use('some string or some middleware') . To fix the problem, delete all your authentication and move it to the route. In the above example, it is referred to as oAuth.js . Identify any routes that require authentication with passport middleware.
Now, because your question is also related to node, and you mentioned in the comments that you are part of scrum , it is important that all this information is contained on the express site , where I originally linked my answer. Despite the fact that I am telling you that you need a route, and this passport was not configured correctly. Thus, any inflammatory read-the-guide comments are made because I feel that you did not even examine the link that I sent in my original answer, and you did not read any other part of the express frame and their website. If you plan to understand that any node_modules and complex frame is working, it is equally important to read about them and follow their tutorials, actually go through node_modules when there is a start and / or they have API links. Blasting into application development, not trying to use any part of the basic framework, you just spend more time coding bad broken code. This will significantly slow down your development if you do not understand how the node_modules function works. Their best way to understand their functionality is to read them. This is all for my talk / advice for learning how to develop a web application. Ultimately, you can reuse a lot of the tutorial code in the application.