Home > Article > Web Front-end > How to implement login in nodejs
Node.js is a very popular server-side JavaScript programming language, which plays an important role in web development applications. Implementing a complete Web application requires the use of a variety of technologies and tools, one of which is a very critical function is the user login system.
In this article, we will introduce how Node.js implements the login function. We will elaborate on the following aspects: how to build a user login form page, how to verify the information entered by the user, how to create a user session and how to use user sessions in web applications.
1. Build a user login form
First, in order to allow users to log in to our web application, we need to build a user login form first. Here we can use HTML and CSS to build a simple and beautiful login form page. The code is as follows:
<!DOCTYPE html> <html> <head> <title>用户登录</title> <style> body { font-family: Arial, sans-serif; } label { display: block; margin-bottom: 10px; } input { border: 1px solid #ccc; padding: 5px; } button { background-color: #4CAF50; color: white; border: none; cursor: pointer; padding: 10px 20px; margin-top: 10px; } </style> </head> <body> <h1>用户登录</h1> <form method="POST" action="/login"> <div> <label for="username">用户名</label> <input type="text" id="username" name="username" placeholder="请输入用户名"> </div> <div> <label for="password">密码</label> <input type="password" id="password" name="password" placeholder="请输入密码"> </div> <button type="submit">登录</button> </form> </body> </html>
This code uses some basic HTML and CSS styles to create a simple login form, including username and Two input boxes for passwords, and a "Login" button added at the bottom of the form.
2. Verify the information entered by the user
After the user submits the login form, we need to verify whether the user name and password entered by the user are correct. Here we can use the Express framework of Node.js to obtain and verify form data. The following is a simple Express routing processing function, which receives the POST request from the login form and verifies the submitted username and password:
const express = require('express'); const bodyParser = require('body-parser'); const app = express(); app.use(bodyParser.urlencoded({ extended: false })); app.post('/login', (req, res) => { const username = req.body.username; const password = req.body.password; // 进行验证 if (username === 'admin' && password === '123456') { // 登录成功,创建会话 req.session.user = username; res.redirect('/dashboard'); } else { // 登录失败,显示错误信息 res.render('login', { error: '用户名或密码错误' }); } });
This code uses the Express middleware body-parser to parse Form data, and obtain the submitted username and password through the req.body object. Next, we verify the username and password. If the verification is passed, a user session can be created (that is, the way to save user information on the server side, which will be described in detail later), and the user will be redirected to the main page of the application.
If the verification fails, we can use the template engine in Express to render an error message page and pass the error message to the template. The code is as follows:
app.set('view engine', 'ejs'); app.get('/login', (req, res) => { res.render('login', { error: null }); }); app.post('/login', (req, res) => { const username = req.body.username; const password = req.body.password; // 进行验证 if (username === 'admin' && password === '123456') { // 登录成功,创建会话 req.session.user = username; res.redirect('/dashboard'); } else { // 登录失败,显示错误信息 res.render('login', { error: '用户名或密码错误' }); } });
Here we use Express Use the ejs template engine in the page to render the login page and error message page. Note that the error message must be passed to the template when rendering the page.
3. Create user session
In the above code, we mentioned creating a user session (that is, how to save user information). In Node.js, we can use express-session module to create and manage user sessions. Installing and using the express-session module is very simple, just add the following code to your application:
const session = require('express-session'); app.use(session({ secret: 'my-secret-key', resave: false, saveUninitialized: false }));
This code uses the express-session module to create a session middleware and set a key (secret) to encrypt session data. This module also provides some other options, such as the resave and saveUninitialized options for configuring the persistence settings of the session. Here we set them both to false to use the default settings.
After the user successfully logs in, create a session on the server side and save the user information in the session. The code is as follows:
req.session.user = username;
In this way, when the user logs in successfully, the session data will be It will be saved on the server side, and the user can use this session to perform operations in the next web application.
4. Using user sessions in web applications
After creating a user session, we need to use it in web applications to implement user authentication and operation authorization and other functions. Express provides the req.session object for accessing session data, and we can use this object to implement related functions.
For example, when a user accesses a page that requires login, we can determine whether the user is already logged in by checking whether the current user has a session. If not, redirect to the login page. The code is as follows:
app.get('/dashboard', (req, res) => { if (!req.session.user) { res.redirect('/login'); return; } // 用户已登录,渲染页面 res.render('dashboard'); });
Here we check whether there is user information in the req.session object. If there is, the dashboard page will be rendered. If not, it will be redirected to the login page.
In addition, we can also use user sessions to authorize operations that require user authentication, for example:
app.post('/delete', (req, res) => { if (!req.session.user) { res.sendStatus(401); return; } // 检查用户权限 if (req.session.user !== 'admin') { res.sendStatus(403); return; } // 执行删除操作 res.send('删除成功'); });
In this code, we check whether the current session contains user information, If not, a 401 status code is returned; then we check the permissions of the current user, and if the user is not an administrator, a 403 status code is returned; finally we perform the delete operation and return a successful response.
Conclusion
Through the introduction of this article, you have already understood how Node.js implements the user login function. You have learned how to build login forms, validate user information, create user sessions, and use user sessions in web applications to implement authentication and authorization functions. Of course, implementing the user login function also involves many other details and technologies, which we provide for reference only. If you have a better way to implement it, please share it.
The above is the detailed content of How to implement login in nodejs. For more information, please follow other related articles on the PHP Chinese website!