koa-passport w/ passport-steam: ctx.isAuthenticated()总是假

Question

我正在使用koa-passport和passport-steam对SteamID用户进行身份验证。尽管通过Steam正确登录，但ctx.isAuthenticated()始终为false。我已经看了很多其他的SO问题、指南和google结果，这个问题很常见，但总是由于某人代码中的特殊错误而不适用于我的代码。显然，我的代码还有其他一些特殊的问题，但我找不到它。大多数与passport相关的代码实际上都是从教程/文档/示例中复制粘贴过来的。我的中间件有正确的顺序，据我所知，这不是会话配置问题。

const Koa = require("koa");
const session = require("koa-session");
const Router = require("@koa/router");
const views = require("koa-views");
const passport = require("koa-passport");
const SteamStrategy = require("passport-steam").Strategy;
const bodyparser = require("koa-bodyparser");

const root = "http://localhost:3000";
const app = new Koa();
const router = new Router();

passport.serializeUser((user, done) => {
    console.log("Serializing:", user);
  done(null, user);
});

passport.deserializeUser((obj, done) => {
    console.log("Deserializing:", obj);
  done(null, obj);
});

passport.use("steam", new SteamStrategy({
        returnURL: root + "/auth/steam/return",
        realm: root,
        apiKey: "---"
    },
    function(identifier, profile, done) {
        process.nextTick(function () {
            let identifie = identifier.match(/\/id\/(\d+)/)[1];
            profile.id = identifie
            console.log("Returned from Steam:", profile);
            return done(null, profile);
        });
    })
);

app.on("ready", () => {
    console.log('ready');
});

app.on("error", (err, ctx) => {
    console.log("ERR:", err);
});

const CONFIG = {
    key: 'koa.sess',
    maxAge: 10000,
    secure: true
} 
//I have tried tons of cookie settings including using default
//because a lot of people in the koa-passport issues seem to have solved
//their similar problem by changing session settings, but I've had no such luck
app.keys = ['session_secret'];
app.use(session(CONFIG, app));
app.use(bodyparser());
app.use(passport.initialize());
app.use(passport.session());

app.use(views("views", { 
            map: { 
                ejs: "ejs" 
            }
        })
);

//A shoddy attempt at middleware just to test. But ctx.isAuthenticated always returns false.
app.use(async (ctx, next) => {
    if (ctx.isAuthenticated()) {
        console.log("Hey! You're authenticated");
    }
    return next()
});

app.use(router.routes());


router.get("/", async (ctx, next) => {
    await ctx.render("howdy.ejs");
});

router.get("/auth/steam", async (ctx, next) => {
    console.log("Trying to auth");  
    return passport.authenticate('steam', { failureRedirect: "/fail" })(ctx);
});

router.get("/auth/steam/return", async (ctx, next) => {
    passport.authenticate('steam', { failureRedirect: "/fail", successRedirect: "/text" })(ctx);
    ctx.redirect("/text");
});

router.get("/fail", async (ctx, next) => {
    await ctx.render("fail.ejs");
});

router.get("/text", async (ctx, next) => {
    console.log(`
    Auth: ${ctx.isAuthenticated()},
    Unauth: ${ctx.isUnauthenticated()},
    User:
    `);
    console.log(ctx.state.user);
    console.log(ctx.req.user);
    if (ctx.state.user) {
        await ctx.render("success.ejs");
    } else {
        await ctx.render("fail.ejs");
    }
});


app.listen(3000);

让我们来看一个交互示例:单击索引上的一个按钮，转到/auth/steam。

在(我的)控制台中打印，您将被重定向至Steam。您登录(登录后，您将被重定向至/text)。

Trying to auth
   
    Auth: false,
    Unauth: true,
    User:
    
undefined //ctx.state.user, this is how koa-passport should expose the authenticated user.
undefined //ctx.req.user, as a test. I don't expect it to be defined but I see it mentioned in some docs.
Returned from Steam: {YOUR PROFILE!}
Serializing: {YOUR PROFILE!}

我的显示Auth/Unauth/User的信息的测试打印打印在配置文件之前，我假设这是因为某种异步竞争。可以肯定的是，您将重新加载页面(/text)以再次获取此类信息：

Auth: false,
    Unauth: true,
    User:
    
undefined
undefined

没有变化！

Answer 1

到目前为止，您可能已经对此有所了解，但是您的问题给了我让Steam身份验证在我的项目中工作所需的东西，所以我想我应该与您分享我的发现。

我没有直接运行您的代码示例，但我认为这是两个问题。

首先，需要更新/auth/steam/return端点。它应该看起来像这样：

router.get("/auth/steam/return", async (ctx, next) => {
    return passport.authenticate('steam', { failureRedirect: "/fail", successRedirect: "/text" })(ctx);
});

其次，我在会话配置方面遇到了问题。具体地说

因为我是在不安全的连接(http)上测试的，所以对我不起作用。可能存在localhost的例外，但如果不例外，请更改

对我很管用。我还更改了maxAge，因为它被设置为10秒或10,000毫秒。

const CONFIG = {
    key: 'koa.sess',
    maxAge: 86400000,
    secure: false
}