Nodejs autologin passport and socket.io

lubodrinka · April 20, 2019, 9:37pm

First I had idea save to db below IP all social net.
when site loaded , it s triggered AJAXand lok in db if there is by req.ip some socialID and If is pick last one and send to frontend to img and login name.
it work good until I integrate socket.Io for Chat, after close site the socket need reinitialized in serialize or call passport somehowe in other routes.

I try also this after looking in db as
social is twitter,facbbok, github

//this has no efect
 req.session.user_id = docs[0].user[findOneSignout].socialId;

if (req.isAuthenticated()) {
   res.send(docs[0].user[findOnei]);
}else{
 
 
res.location('/login/'+docs[0].user[findOnei].social);
}

but than I get
Access to XMLHttpRequest at 'https://www.facebook.com/v3.2/dialog/oauth?response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Foauth%2Ffacebook%2Fcallback&client_id=447392036000649' (redirected from 'http://localhost:3000/autologin') from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. [http://localhost:3000/#_=_]

I had idea make global variable in other routes, but I don’t’ see express could call this way.

GeorgeCrisan · April 21, 2019, 12:37am

When you do a CRUD operation the browser will send a preflight OPTIONS request to make sure that the request will match the server.

For example, a client might be asking a server if it would allow a DELETE request, before sending a DELETE request, by using a preflight request:

OPTIONS /resource/foo 
Access-Control-Request-Method: DELETE 
Access-Control-Request-Headers: origin, x-requested-with
Origin: https://foo.bar.org

If the server allows it, then it will respond to the preflight request with an Access-Control-Allow-Methods response header, which lists DELETE :

HTTP/1.1 204 No Content
Connection: keep-alive
Access-Control-Allow-Origin: https://foo.bar.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE
Access-Control-Max-Age: 86400

lubodrinka · April 21, 2019, 7:54am

sure, but when have a link /login/twitter it work normally, but when redirect it’s blocked. I google it and the res.redirect don’t have a headers.
I than find, but I do not know if with that, but I notice in twitter app, there is also refreshing token

GeorgeCrisan · April 21, 2019, 9:06am

Try this

npm i cors then

const cors = require('cors');

app.options('*', cors()); // add this before your routes

lubodrinka · April 21, 2019, 9:52am

It doesn’t work because on redirect can’t be set a headers.
even this

 res.header("Access-Control-Allow-Origin", "*");
  res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");

res.redirect('/login/'+docs[0].user[findOneSignout].social);

there must be way with refreshing token.

lubodrinka · April 21, 2019, 10:08am

HA I just figured out from front end it’s allowed
backend

 res.send({data:docs[0].user[findOneSignout], relogin:false});
}else{

  res.send({data:docs[0].user[findOneSignout]  , relogin:true});

frontend
some get Ajax

 success: function (data) {
if(data.relogin){
  window.location.href= window.location.href+'login/'+data.data.social;
}else{
    data=data.data;
}

GeorgeCrisan · April 21, 2019, 2:03pm

nice one, so what was what you where doing wrong?

lubodrinka · April 21, 2019, 4:10pm

The frontend redirect location.href had headers and the res.redirect not.
Now I know why they using new window to login on background, without refresh page you are.