์ฟ ํ‚ค

Server โ†’ Client

  • Message-Head : Set-Cookie Field
HTTP/1.0 200 OK
content-type:text/html
Set-Cookie:name=value;

Client โ†’ Server

GET /spec.html HTTP/1.1
host:www.nelp.kr
Cookie:name=value;

HTTP Module

  • res.setHeader('Set-Cookie','name=value'); : write
  • req.headers.cookie // 'name=value' : read

Express Module

  • npm install cookie-parser
  • res.cookie(name,value,option) : write
  • req.cookies : read
  • res.clearCookie(name,option)
  • Option
  • domain : ์ฟ ํ‚ค๊ฐ€ ์ ์šฉ๋˜๋Š” ์„œ๋ฒ„
  • path : ์ฟ ํ‚ค๊ฐ€ ์ ์šฉ๋˜๋Š” ๊ฒฝ๋กœ
  • expire : ์ฟ ํ‚ค ์œ ํšจ ๋‚ ์งœ์™€ ์‹œ๊ฐ„
  • maxAge : ์ฟ ํ‚ค ์œ ํšจ๊ธฐ๊ฐ„(ms)
  • httpOnly : HTTP ํ”„๋กœํ† ์ฝœ์—์„œ๋งŒ ์‚ฌ์šฉ
  • secure : HTTPS์—์„œ๋งŒ ์‚ฌ์šฉ ์—ฌ๋ถ€, Boolean
  • signed : ์„œ๋ช… ์—ฌ๋ถ€. Boolean

cookieParser ์„ค์ •

var express = require('express');
var cookieParser = require('cookie-parser');
 
var app = express();
app.use(cookieParser());
  • ์ฟ ํ‚ค ๊ธฐ๋กํ•˜๊ธฐ

  • res.cookie('last','2015.8.5');

  • res.cookie('visit','2');

  • ์ฟ ํ‚ค ์ฝ๊ธฐ

  • var visit = req.cookies.visit;

  • var last = req.cookies.last

  • app.use(cookieParser('SECRET_KEY'))
  • res.cookie('signed','OriginalValue',(signed:true)) : write
  • req.signedCookies.signed : read

์„ธ์…˜(Session)

  • npm install express-session

express-session

  • var express = require('express');
  • var session = require('express-session');
  • Option
  • name : ์„ธ์…˜ ID ํ‚ค๋ฆฌ์Œ
  • resave : ๋ณ€๊ฒฝ์ด ์—†์–ด๋„ ์ €์žฅ
  • secret : ์„ธ์…˜ ID ์„œ๋ช…
  • saveUninitialized : ์„ธ์…˜ ์ดˆ๊ธฐํ™” ์ „์—๋„ ์ €์žฅ
  • store : ์„ธ์…˜ ์ €์žฅ์†Œ
  • cookie : ์ฟ ํ‚ค ํŒŒ์„œ ์˜ต์…˜. ์ฟ ํ‚ค ํŒŒ์„œ ์—†์ด ์‚ฌ์šฉ ๊ฐ€๋Šฅ

session read/write

  • req.session
  • var sessionID = req.sessionID;
  • req.session.visit='123'; : ์“ฐ๊ธฐ
  • var visit = req.session.visit : ์ฝ๊ธฐ

connect-mongo

  • npm install connect-mongo
var sessionStoreOptions = {
  url:'mongodb//localhost:27017/session'
};
app.use(session({
  store: new MongoStore(sessionStoreOptions);
}));

์ธ์ฆ

  • LocalAuth : ์„œ๋น„์Šค ๋‚ด ์ง์ ‘ ์ธ์ฆ ๊ธฐ๋Šฅ ์ž‘์„ฑ
  • OAuth : 3์ž ์ธ์ฆ ๊ธฐ๋Šฅ ์‚ฌ์šฉ
  • OpenID

Local Authentication

  • ํšŒ์›๊ฐ€์ž… ๊ธฐ๋Šฅ
  • ๋กœ๊ทธ์ธ ๊ธฐ๋Šฅ
  • ์ •๋ณด ๊ด€๋ฆฌ ๊ธฐ๋Šฅ
  • ์„œ๋ฒ„์— ID/PW ์ €์žฅ
  • ์‚ฌ์šฉ์ž ์ •๋ณด ์•”ํ˜ธํ™”
  • HTTPS

OAuth

  • ๋‹ค๋ฅธ ์„œ๋น„์Šค์— ๋“ฑ๋ก๋œ ์‚ฌ์šฉ์ž์˜ ์ธ์ฆ ์ •๋ณด ์‚ฌ์šฉ
  • ๊ฐ€์ž…/๋กœ๊ทธ์ธ ์ ˆ์ฐจ๊ฐ€ ์—†์Œ
  • Token์„ ์–ป์–ด ์ง„ํ–‰ํ•˜๋Š” ๋ฐฉ์‹

Passport

  • npm install Passport

Passport Process

  • Module Loading๊ณผ ์ดˆ๊ธฐํ™”
  • Strategy ์„ค์ •
  • ์ธ์ฆ
  • ์„ธ์…˜ ๊ธฐ๋ก๊ณผ ์ฝ๊ธฐ
  • ์‚ฌ์šฉ์ž ์ •๋ณด

Passport

var passport = require('passport');
app.use(passport.initialize());
  • Strategy ์ธ์ฆ ๋ฐฉ๋ฒ•
  • facebook, twitter, google, kakaotalk
var Strategy = require('passport-strategy').Strategy;
passport.use(new Strategy(function username, password, done){});
  • ์ธ์ฆ ์š”์ฒญ

  • passport.authenticate('local');

  • ์„ธ์…˜ ๊ธฐ๋ก

passport.serializeUser(function(user, done) {
    console.log('์„ธ์…˜์— ๊ธฐ๋กํ•˜๊ธฐ');
   done(null, user);
});
  • ์„ธ์…˜ ์ฝ๊ธฐ
passport.deserializeUser(function(user, done) {
    console.log('์„ธ์…˜์—์„œ ์‚ฌ์šฉ์ž ์ •๋ณด ์ฝ๊ธฐ');
    done(null, user);
});

Local Authentication

  • npm install passport-local
  • var LocalStrategy = require('passport-local').Strategy
  • var Strategy = new LocalStrategy(Option, function(username,password,done){});
  • done(null, userinfo); : ์„ฑ๊ณต
  • done(null, false, '๋กœ๊ทธ์ธ ์‹คํŒจ'); : ์‹คํŒจ

Ex

  • Web-Browser : app.post('/login',passport.authenticate('local',{successRedirect:'SuccessAddress',failureRedirect:'failureAddress'}))
  • Mobile : app.post('/login',passport.authenticate('local'),function(req,res){res.end('login Success');})

Facebook OAuth

  • npm install passport-facebook
  • ํŽ˜์ด์Šค๋ถ์— ์„œ๋น„์Šค(์•ฑ) ๋“ฑ๋ก
  • Redirect ์ฃผ์†Œ ํ•„์š”
passport.use(new FacebookStrategy({
    clientID: FACEBOOK_APP_ID,
    clientSecret: FACEBOOK_APP_SECRET,
    callbackURL: "http://localhost:3000/auth/facebook/callback"
  },
  function(accessToken, refreshToken, profile, cb) {
    User.findOrCreate({ facebookId: profile.id }, function (err, user) {
      return cb(err, user);
    });
  }
));

Login ์š”์ฒญ

  • <a href="/auth/facebook">FB ๋กœ๊ทธ์ธ </a>
  • app.get('/auth/facebook',passport.authenticate('facebook',{scope:'email'}));