在 React/Express 中使用 PassportJS for Google OAuth 时出现 CORS 错误

Question

尽管寻找了几个小时，我还是找不到解决我的简单 cors 错误的方法。我在浏览器中收到以下信息：

访问 XMLHttpRequest 'https://accounts.google.com/o/oauth2/v2/auth?response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3001%2Fapi%2Fauth%2Fauth%2Fgoogle%2Fcallback&scope=profile%20email&client_id =*****.apps.googleusercontent.com'（从'http://localhost:3000/api/auth/auth/google'重定向）来自来源'http://localhost:3000'已被阻止CORS 策略：请求的资源上不存在“Access-Control-Allow-Origin”标头。

出于安全原因，我只是在这篇文章中替换了客户端 ID。 当我在 Postman/Thunder 客户端中进行此调用时，它会返回 200 响应，并且似乎工作正常

所以我尝试在express中使用cors NPM包app.use(cors());也尝试在server.js中使用这个函数app.all("/*", function (req, res, next) { res.header("Access-Control-Allow-Origin", "*"); next(); });我也尝试使用`

const proxy = require('http-proxy-middleware');

module.exports = function(app) {
    app.use(proxy("/api/auth/auth/google", {
          target: "https://localhost:3000/",
          changeOrigin: true
    }));
}

我刚刚完成了书中找到的所有解决方案，但到目前为止似乎没有一个可行。任何帮助将不胜感激这是我的代码：

客户端中的Package.json

{
  "name": "tasktracker",
  "proxy": "http://localhost:3001/",
  "version": "0.1.0",
  "private": true,
  "dependencies": {
    "@testing-library/jest-dom": "^5.13.0",
    "@testing-library/react": "^11.2.7",
    "@testing-library/user-event": "^12.8.3",
    "axios": "^0.21.1",
    "http-proxy-middleware": "^2.0.0",
    "react": "^17.0.2",
    "react-dom": "^17.0.2",
    "react-router-dom": "^5.2.0",
    "react-scripts": "4.0.3",
    "web-vitals": "^1.1.2"
  },
  "scripts": {
    "start": "react-scripts start",
    "build": "react-scripts build",
    "test": "react-scripts test",
    "eject": "react-scripts eject"
  },
  "eslintConfig": {
    "extends": [
      "react-app",
      "react-app/jest"
    ]
  },
  "browserslist": {
    "production": [
      ">0.2%",
      "not dead",
      "not op_mini all"
    ],
    "development": [
      "last 1 chrome version",
      "last 1 firefox version",
      "last 1 safari version"
    ]
  }
}

主页.js

import React from "react";
import API from "../components/utils/API";

export default function HomePage() {
  const handleLogin = () => {
    API.login();
  };
  const testing = () => {
    console.log("Hello world!");
    API.testing();
  };

  return (
    <div>
      <h1>Let's login with Google</h1>
      <button onClick={handleLogin}>Login</button>
      <button onClick={testing}>Testing</button>
    </div>
  );
}

API.js

import axios from "axios";
export default {
  login: function () {
    return axios.get("/api/auth/auth/google");
  },
  testing: function () {
    return axios.get("/api/auth/test");
  },
};

服务器.js

const express = require("express");
const passport = require("passport");
const routes = require("./routes");
const app = express();
const PORT = process.env.PORT || 3001;
const cors = require("cors");

app.use(cors());

// Define middleware here
app.use(express.urlencoded({ extended: true }));
app.use(express.json());
require("./config/passport");
app.use(passport.initialize());

// Add routes, both API and view
app.use(routes);


// Start the API server
app.listen(PORT, function () {
  console.log(`  ==> API Server now listening on PORT ${PORT}!`);
});

auth.js（身份验证路由）

const router = require("express").Router();
const passport = require("passport");
const cors = require("cors");
const CLIENT_HOME_PAGE_URL = "http://localhost:3000";

/Route is api/auth/test
router.get("/test", function (req, res) {
  res.send(console.log("Test to backend"));
});


//Route is api/auth/auth/google/callback
router.get(
  "/auth/google/callback",
  passport.authenticate("google", {
    successRedirect: CLIENT_HOME_PAGE_URL,
    failureRedirect: "/",
    session: false,
  }),
  function (req, res) {
    var token = req.user.token;
    res.redirect("http://localhost:3000?token=" + token);
  }
);


  //Route is api/auth/auth/google/
router.get(
  "/auth/google",

  passport.authenticate("google", { scope: ["profile", "email"] })
);

module.exports = router;

Passport.js

var passport = require("passport");
var GoogleStrategy = require("passport-google-oauth").OAuth2Strategy;

passport.serializeUser(function (user, done) {
  done(null, user);
});

passport.deserializeUser(function (user, done) {
  done(null, user);
});

passport.use(
  new GoogleStrategy(
    {
      clientID:
        "*****",
      clientSecret: "*****",
      callbackURL: "http://localhost:3001/api/auth/auth/google/callback",
    },
    function (accessToken, refreshToken, profile, done) {
      var userData = {
        email: profile.emails[0].value,
        name: profile.displayName,
        token: accessToken,
      };
      done(null, userData);
    }
  )
);

我知道这篇文章有点长，如果有人有任何想法或解决方案将对我有很大帮助。

Answer 1

我最近面临同样的问题。使用

window.location.href = "http://localhost:5000/api/auth/google" 

代替

axios.get("/api/auth/auth/google") 

解决了问题。

身份验证成功后，如果您想将用户重定向到用户发出登录请求的原始 url，您可以这样做...

const currentUrl = window.location.href
const encodedParam = encodeURI(`?redirectUrl=${currentUrl}`)
window.location.href = `http://localhost:5000/api/auth/google${encodedParam}`

将重定向值存储在会话中

req.session.redirectPath = req.query.redirectUrl

身份验证后，在回调路由中使用它