Nodejs autologin passport and socket.io

Nodejs autologin passport and socket.io
0
#1

First I had idea save to db below IP all social net.
when site loaded , it s triggered AJAXand lok in db if there is by req.ip some socialID and If is pick last one and send to frontend to img and login name.
it work good until I integrate socket.Io for Chat, after close site the socket need reinitialized in serialize or call passport somehowe in other routes.

I try also this after looking in db as
social is twitter,facbbok, github

//this has no efect
 req.session.user_id = docs[0].user[findOneSignout].socialId;

if (req.isAuthenticated()) {
   res.send(docs[0].user[findOnei]);
}else{
 
 
res.location('/login/'+docs[0].user[findOnei].social);
}

but than I get
Access to XMLHttpRequest at 'https://www.facebook.com/v3.2/dialog/oauth?response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Foauth%2Ffacebook%2Fcallback&client_id=447392036000649' (redirected from 'http://localhost:3000/autologin') from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. [http://localhost:3000/#_=_]

I had idea make global variable in other routes, but I don’t’ see express could call this way.

#2

When you do a CRUD operation the browser will send a preflight OPTIONS request to make sure that the request will match the server.

For example, a client might be asking a server if it would allow a DELETE request, before sending a DELETE request, by using a preflight request:

OPTIONS /resource/foo 
Access-Control-Request-Method: DELETE 
Access-Control-Request-Headers: origin, x-requested-with
Origin: https://foo.bar.org

If the server allows it, then it will respond to the preflight request with an Access-Control-Allow-Methods response header, which lists DELETE :

HTTP/1.1 204 No Content
Connection: keep-alive
Access-Control-Allow-Origin: https://foo.bar.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE
Access-Control-Max-Age: 86400
#3

sure, but when have a link /login/twitter it work normally, but when redirect it’s blocked. I google it and the res.redirect don’t have a headers.
I than find, but I do not know if with that, but I notice in twitter app, there is also refreshing token

#4

Try this

npm i cors then

const cors = require('cors');

app.options('*', cors()); // add this before your routes
#5

It doesn’t work because on redirect can’t be set a headers.
even this

 res.header("Access-Control-Allow-Origin", "*");
  res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");

res.redirect('/login/'+docs[0].user[findOneSignout].social);

there must be way with refreshing token.

#6

HA I just figured out from front end it’s allowed
backend

 res.send({data:docs[0].user[findOneSignout], relogin:false});
}else{

  res.send({data:docs[0].user[findOneSignout]  , relogin:true});

frontend
some get Ajax

 success: function (data) {
if(data.relogin){
  window.location.href= window.location.href+'login/'+data.data.social;
}else{
    data=data.data;
}
#7

nice one, so what was what you where doing wrong?

#8

The frontend redirect location.href had headers and the res.redirect not.
Now I know why they using new window to login on background, without refresh page you are.

1 Like