ReactRouter and Flux(altjs)

本文关键字：altjs Flux and ReactRouter 更新时间：2023-09-26

为什么在刷新时，我的用户不再经过身份验证或返回false?似乎我的用户存储中的数据正在被重置或丢弃。例如，下面是我的actions:

class UserActions {
  manuallogin(data) {
    this.dispatch();
    UserWebAPIUtils.manuallogin(data)
      .then((response, textStatus) => {
        if (textStatus === 'success') {
          this.actions.loginsuccess(data.email);
        }
      }, () => {
      });
  }
  loginsuccess(email) {
    this.dispatch(email);
  }

  logout() {
    this.dispatch();
    UserWebAPIUtils.logout()
      .then((response, textStatus) => {
        if (textStatus === 'success') {
          this.actions.logoutsuccess();
        }
      }, () => {
      });
  }
  logoutsuccess() {
    this.dispatch();
  }
}
export default alt.createActions(UserActions);

和我的商店是这个…

class UserStore {

  constructor() {
    this.user = Immutable.Map({});
    this.on('init', this.bootstrap);
    this.on('bootstrap', this.bootstrap);
    this.bindListeners({
      handleLoginAttempt: UserActions.MANUALLOGIN,
      handleLoginSuccess: UserActions.LOGINSUCCESS,
      handleLogoutAttempt: UserActions.LOGOUT,
      handleLogoutSuccess: UserActions.LOGOUTSUCCESS
    });
  }
  bootstrap() {
    if (!Immutable.Map.isMap(this.user)) {
      this.user = Immutable.fromJS(this.user);
    }
  }
  handleLoginAttempt() {
    this.user = this.user.set('isWaiting', true);
    this.emitChange();
  }
  handleLoginSuccess() {
    this.user = this.user.merge({ isWaiting: false, authenticated: true });
    this.emitChange();
  }
  handleLogoutAttempt() {
    this.user = this.user.set('isWaiting', true);
    this.emitChange();
  }
  handleLogoutSuccess() {
    this.user = this.user.merge({ isWaiting: false, authenticated: false });
    this.emitChange();
  }
}
// Export our newly created Store
export default alt.createStore(UserStore, 'UserStore');

我检查我的用户是否通过简单地执行user. getstate ().user.get(authenticated)进行了身份验证，登录后它返回true，但是如果我手动输入任何url或刷新页面，它随后返回false。我也在使用react-router，我认为这就是它的问题所在。

<Route>
 <Route name ="dash" path="/dashboard" handler={App}>
    <Route name ="dashboard" path="/dashboard" handler={Dashboard}/>
    <Route name ="reports" path="/reports" handler={Report} />
    <Route name ="employees" path="/employees" handler={Employees}/>
      <Route name ="MyEmployees" path="/MEmployees" handler={MyEmployees}/>
      <Route name ="AllEmployees" path="/AEmployees" handler={AllEmployees}/>
      <Route name ="Profile" path="/profile" handler={Profile}/>
      <Route name ="reportstocomplete" path="/reportsc" handler={ReportsToComplete}/>
    <Route name ="addReport" path="/addReport" handler={AddReports}/>
    <Route name ="readme" path="/readme" handler={Readme}/>
    <Route name ="statistics" path="/statistics" handler={Stats}/>
    <Route name ="signup" path="/signup" handler={Signup} />
 <Route name ="login" path="/" handler={Login} />
 </Route>
</Route>

登录后，如果成功，它会呈现屏幕并允许用户前往仪表板，一旦我在那里，用户仍然是"认证"的，我可以通过点击网页上的按钮或导航栏上的按钮导航到任何路线(通过react-router)。但是，如果我刷新、单击链接或手动输入/dashboard或/posts，它将显示用户的状态未在控制台中进行身份验证。我是否将用户信息存储在本地存储器中?我正在使用mongo来保存用户数据，它工作得很好，但是当你不知道为什么有些东西甚至像这样工作时，它非常令人沮丧。

我知道问题是什么了。在服务器上，我使用cookieparser将会话保存到一个cookie中，并将安全选项设置为true。因此，它不会通过https以外的任何东西创建cookie。Localhost没有在https上运行，这就是为什么它会继续忘记我商店中的用户。

app.use(cookieParser());
  // Create a session middleware with the given options
  // Note session data is not saved in the cookie itself, just the session ID. Session data is stored server-side.
  // Options: resave: forces the session to be saved back to the session store, even if the session was never
  //                  modified during the request. Depending on your store this may be necessary, but it can also
  //                  create race conditions where a client has two parallel requests to your server and changes made
  //                  to the session in one request may get overwritten when the other request ends, even if it made no
  //                  changes(this behavior also depends on what store you're using).
  //          saveUnitialized: Forces a session that is uninitialized to be saved to the store. A session is uninitialized when
  //                  it is new but not modified. Choosing false is useful for implementing login sessions, reducing server storage
  //                  usage, or complying with laws that require permission before setting a cookie. Choosing false will also help with
  //                  race conditions where a client makes multiple parallel requests without a session
  //          secret: This is the secret used to sign the session ID cookie.
  //          name: The name of the session ID cookie to set in the response (and read from in the request).
  //          cookie: Please note that secure: true is a recommended option.
  //                  However, it requires an https-enabled website, i.e., HTTPS is necessary for secure cookies.
  //                  If secure is set, and you access your site over HTTP, the cookie will not be set.
  app.use(session({
    resave: true,
    saveUninitialized: true,
    // Use generic cookie name for security purposes
    key: 'sessionId',
    secret: secrets.sessionSecret,
    // Add HTTPOnly, Secure attributes on Session Cookie
    cookie: {
      httpOnly: true,
      secure: true
    },
    store: new MongoStore({ url: secrets.db, autoReconnect: true})
  }));
  app.use(passport.initialize());
  app.use(passport.session());
  app.use(flash());

刚刚摆脱了httpOnly和cookie的安全部分，因为它只在https上运行