问题
I am not familiar with user authentication in Node.js, now I am trying to create a website with a login system. I have managed to make it work using the code snippets from the website, but I don't really understand why we need the passport.js as a middleware to do the authentication.
Registration:
Let's take passport-local as an example, when we are using the passport middleware, we basically is trying to create a new document in the database, then can we do it without passport, such as using the MongoClient directly, with checkings of duplicates, and store the password after encryption.
Login:
We can simply check the user's email or username against our database, and then check the password after email or username is matched. This, as well, can be done without passport. After user identity has been confirmed we can use the express-session to store the session in the cookie for login persistence.
A video about the process that I described above can be found here.
I understand that there must be some very important functionality that I neglect, but after browsing many web resources, including stackoverflow, youtube, passport.js's docs and many others, I still didn't understand what does passport.js do and why we need it.
Apologies in advance if the question seems silly.
回答1:
To me it's unnecessary.
It's not saving me any work. I have to write the configuration, the callback, and the user schema. To me, it's just easier for me to just write a middleware for that.
And I don't see there is any security enforcement I am getting cuz I am writing my own verify callback anyway.
So, I don't see any reason that I should use it.
回答2:
Passport is a middleware for express.js. It supports various login types, Basic, Token, Local (username, password), OAuth, OAuth2, etc. We can combine these to allow users to authenticate by signing in with Google, FB, or whatever service with very minimal amount of code. We can also use this to combine external auth services so users can choose to login with one of the selected Strategies, e.g. Google, Twitter. It's much quicker to use passport for authentication than to build one yourself from scratch. This is why we use passport. You don't need passport, it just makes developing quicker. Read more from there website => http://www.passportjs.org/
来源:https://stackoverflow.com/questions/45428107/what-does-passport-js-do-and-why-we-need-it