了解护照序列化反序列化

了解护照序列化反序列化

本文翻译自：Understanding passport serialize deserialize

How would you explain the workflow of Passport's serialize and deserialize methods to a layman. 您如何解释Passport序列化和反序列化方法的工作流程。

1. Where does user.id go after passport.serializeUser has been called? user.id在passport.serializeUser被调用之后去哪儿了？
   

2. We are calling passport.deserializeUser right after it where does it fit in the workflow? 我们正在调用passport.deserializeUser ，它在哪里适合工作流程？

    // used to serialize the user for the session passport.serializeUser(function(user, done) { done(null, user.id); // where is this user.id going? Are we supposed to access this anywhere? }); // used to deserialize the user passport.deserializeUser(function(id, done) { User.findById(id, function(err, user) { done(err, user); }); }); 

I'm still trying to wrap my head around it. 我仍然试图绕过它。 I have a complete working app and am not running into errors of any kind. 我有一个完整的工作应用程序，并没有遇到任何类型的错误。

I just wanted to understand what exactly is happening here? 我只是想了解这里到底发生了什么？

Any help is appreciated. 任何帮助表示赞赏。

#1楼

参考：

#2楼

1. Where does user.id go after passport.serializeUser has been called? user.id在passport.serializeUser被调用之后去哪儿了？

The user id (you provide as the second argument of the done function) is saved in the session and is later used to retrieve the whole object via the deserializeUser function. 用户id（作为done函数的第二个参数提供）保存在会话中，稍后用于通过deserializeUser函数检索整个对象。

serializeUser determines which data of the user object should be stored in the session. serializeUser确定应在会话中存储用户对象的哪些数据。 The result of the serializeUser method is attached to the session as req.session.passport.user = {} . serializeUser方法的结果作为req.session.passport.user = {}附加到会话。 Here for instance, it would be (as we provide the user id as the key) req.session.passport.user = {id: 'xyz'} 例如，它将（因为我们提供用户ID作为键） req.session.passport.user = {id: 'xyz'}

2. We are calling passport.deserializeUser right after it where does it fit in the workflow? 我们正在调用passport.deserializeUser ，它在哪里适合工作流程？

The first argument of deserializeUser corresponds to the key of the user object that was given to the done function (see 1.). deserializeUser的第一个参数对应于赋予done函数的用户对象的键（参见1.）。 So your whole object is retrieved with help of that key. 因此，您可以借助该密钥检索整个对象。 That key here is the user id (key can be any key of the user object ie name,email etc). 这里的密钥是用户id（密钥可以是用户对象的任何密钥，即名称，电子邮件等）。 In deserializeUser that key is matched with the in memory array / database or any data resource. 在deserializeUser ，密钥与内存数组/数据库或任何数据资源匹配。

The fetched object is attached to the request object as req.user 获取的对象作为req.user附加到请求对象

Visual Flow 视觉流程

passport.serializeUser(function(user, done) {done(null, user.id);
});              ││ │└─────────────────┬──→ saved to session│    req.session.passport.user = {id: '..'}│↓           
passport.deserializeUser(function(id, done) {┌───────────────┘│↓ User.findById(id, function(err, user) {done(err, user);});            └──────────────→ user object attaches to the request as req.user   
});

#3楼

For anyone using Koa and koa-passport : 对于任何使用Koa和koa护照的人 ：

Know that the key for the user set in the serializeUser method (often a unique id for that user) will be stored in: 知道在serializeUser方法中设置的用户密钥（通常是该用户的唯一ID）将存储在：

this.session.passport.user

When you set in done(null, user) in deserializeUser where 'user' is some user object from your database: 在deserializeUser中设置done(null, user)时，'user'是数据库中的某个用户对象：

OR this.passport.user 或this.passport.user

for some reason this.user Koa context never gets set when you call done(null, user) in your deserializeUser method. 由于某种原因，当你在this.user调用done（null，user）时， this.user Koa上下文永远不会被设置。

So you can write your own middleware after the call to app.use(passport.session()) to put it in this.user like so: 因此，您可以在调用app.use（passport.session（））之后编写自己的中间件，将其放入this.user中，如下所示：

app.use(function * setUserInContext (next) {this.user = q.useryield next
})

If you're unclear on how serializeUser and deserializeUser work, just hit me up on twitter. 如果你不清楚serializeUser和deserializeUser是如何工作的，那就在twitter上点击我吧。 @yvanscher @yvanscher