์ฟ ํค
- ์ฟ ํค์ ๋ํ BLOG : https://nesoy.github.io/articles/2017-03/Session-Cookie
Server โ Client
- Message-Head : Set-Cookie Field
HTTP/1.0 200 OK
content-type:text/html
Set-Cookie:name=value;
Client โ Server
GET /spec.html HTTP/1.1
host:www.nelp.kr
Cookie:name=value;
HTTP Module
res.setHeader('Set-Cookie','name=value');
: writereq.headers.cookie // 'name=value'
: read
Express Module
npm install cookie-parser
res.cookie(name,value,option)
: writereq.cookies
: readres.clearCookie(name,option)
- Option
domain
: ์ฟ ํค๊ฐ ์ ์ฉ๋๋ ์๋ฒpath
: ์ฟ ํค๊ฐ ์ ์ฉ๋๋ ๊ฒฝ๋กexpire
: ์ฟ ํค ์ ํจ ๋ ์ง์ ์๊ฐmaxAge
: ์ฟ ํค ์ ํจ๊ธฐ๊ฐ(ms)httpOnly
: HTTP ํ๋กํ ์ฝ์์๋ง ์ฌ์ฉsecure
: HTTPS์์๋ง ์ฌ์ฉ ์ฌ๋ถ, Booleansigned
: ์๋ช ์ฌ๋ถ. Boolean
cookieParser ์ค์
var express = require('express');
var cookieParser = require('cookie-parser');
var app = express();
app.use(cookieParser());
-
์ฟ ํค ๊ธฐ๋กํ๊ธฐ
-
res.cookie('last','2015.8.5');
-
res.cookie('visit','2');
-
์ฟ ํค ์ฝ๊ธฐ
-
var visit = req.cookies.visit;
-
var last = req.cookies.last
์๋ช ์ฟ ํค(signed Cookie)
app.use(cookieParser('SECRET_KEY'))
res.cookie('signed','OriginalValue',(signed:true))
: writereq.signedCookies.signed
: read
์ธ์ (Session)
npm install express-session
express-session
var express = require('express');
var session = require('express-session');
- Option
name
: ์ธ์ ID ํค๋ฆฌ์resave
: ๋ณ๊ฒฝ์ด ์์ด๋ ์ ์ฅsecret
: ์ธ์ ID ์๋ชsaveUninitialized
: ์ธ์ ์ด๊ธฐํ ์ ์๋ ์ ์ฅstore
: ์ธ์ ์ ์ฅ์cookie
: ์ฟ ํค ํ์ ์ต์ . ์ฟ ํค ํ์ ์์ด ์ฌ์ฉ ๊ฐ๋ฅ
session read/write
req.session
var sessionID = req.sessionID;
req.session.visit='123';
: ์ฐ๊ธฐvar visit = req.session.visit
: ์ฝ๊ธฐ
connect-mongo
npm install connect-mongo
var sessionStoreOptions = {
url:'mongodb//localhost:27017/session'
};
app.use(session({
store: new MongoStore(sessionStoreOptions);
}));
์ธ์ฆ
- LocalAuth : ์๋น์ค ๋ด ์ง์ ์ธ์ฆ ๊ธฐ๋ฅ ์์ฑ
- OAuth : 3์ ์ธ์ฆ ๊ธฐ๋ฅ ์ฌ์ฉ
- OpenID
Local Authentication
- ํ์๊ฐ์ ๊ธฐ๋ฅ
- ๋ก๊ทธ์ธ ๊ธฐ๋ฅ
- ์ ๋ณด ๊ด๋ฆฌ ๊ธฐ๋ฅ
- ์๋ฒ์ ID/PW ์ ์ฅ
- ์ฌ์ฉ์ ์ ๋ณด ์ํธํ
- HTTPS
OAuth
- ๋ค๋ฅธ ์๋น์ค์ ๋ฑ๋ก๋ ์ฌ์ฉ์์ ์ธ์ฆ ์ ๋ณด ์ฌ์ฉ
- ๊ฐ์ /๋ก๊ทธ์ธ ์ ์ฐจ๊ฐ ์์
- Token์ ์ป์ด ์งํํ๋ ๋ฐฉ์
Passport
npm install Passport
Passport Process
- Module Loading๊ณผ ์ด๊ธฐํ
- Strategy ์ค์
- ์ธ์ฆ
- ์ธ์ ๊ธฐ๋ก๊ณผ ์ฝ๊ธฐ
- ์ฌ์ฉ์ ์ ๋ณด
Passport
var passport = require('passport');
app.use(passport.initialize());
- Strategy ์ธ์ฆ ๋ฐฉ๋ฒ
- facebook, twitter, google, kakaotalk
var Strategy = require('passport-strategy').Strategy;
passport.use(new Strategy(function username, password, done){});
-
์ธ์ฆ ์์ฒญ
-
passport.authenticate('local');
-
์ธ์ ๊ธฐ๋ก
passport.serializeUser(function(user, done) {
console.log('์ธ์
์ ๊ธฐ๋กํ๊ธฐ');
done(null, user);
});
- ์ธ์ ์ฝ๊ธฐ
passport.deserializeUser(function(user, done) {
console.log('์ธ์
์์ ์ฌ์ฉ์ ์ ๋ณด ์ฝ๊ธฐ');
done(null, user);
});
Local Authentication
npm install passport-local
var LocalStrategy = require('passport-local').Strategy
var Strategy = new LocalStrategy(Option, function(username,password,done){});
done(null, userinfo);
: ์ฑ๊ณตdone(null, false, '๋ก๊ทธ์ธ ์คํจ');
: ์คํจ
Ex
- Web-Browser :
app.post('/login',passport.authenticate('local',{successRedirect:'SuccessAddress',failureRedirect:'failureAddress'}))
- Mobile :
app.post('/login',passport.authenticate('local'),function(req,res){res.end('login Success');})
Facebook OAuth
npm install passport-facebook
- ํ์ด์ค๋ถ์ ์๋น์ค(์ฑ) ๋ฑ๋ก
- Redirect ์ฃผ์ ํ์
passport.use(new FacebookStrategy({
clientID: FACEBOOK_APP_ID,
clientSecret: FACEBOOK_APP_SECRET,
callbackURL: "http://localhost:3000/auth/facebook/callback"
},
function(accessToken, refreshToken, profile, cb) {
User.findOrCreate({ facebookId: profile.id }, function (err, user) {
return cb(err, user);
});
}
));
Login ์์ฒญ
<a href="/auth/facebook">FB ๋ก๊ทธ์ธ </a>
app.get('/auth/facebook',passport.authenticate('facebook',{scope:'email'}));