How to set up passport-vkontakte correctly?

K

kr_ilya2019-07-30 17:55:44

API

kr_ilya, 2019-07-30 17:55:44

Good afternoon!
I do authorization on the site using VK, using passport-vkontakte , on the one hand, everything is according to the instructions, on the other, something does not work out.
(Yes, and the examples in the documentation are, to put it mildly, so-so. I didn’t see anything intelligible in them, so if there are ready-made implementations, please send links, I will assemble this constructor by example)
This is what I have now reached:

var passport = require('passport');
var AuthVKStrategy = require('passport-vkontakte').Strategy;
app.use(require('express-session')({secret:'keyboard cat', resave: true, saveUninitialized: true}));
app.use(passport.initialize());
app.use(passport.session());

passport.use(new AuthVKStrategy(
  {
    clientID:     vk_app_id, // VK.com docs call it 'API ID', 'app_id', 'api_id', 'client_id' or 'apiId'
    clientSecret: vk_app_secret,
    callbackURL:  "http://localhost:3000/auth/vkontakte/callback"
  },
  function(accessToken, refreshToken, params, profile, done) {
      // User.findOrCreate({ vkontakteId: profile.id }, function (err, user) {
      //   return done(err, user);
      // });

      return done(null, profile);
  }
));

passport.serializeUser(function(user, done) {
  // console.log(user.id);
  console.log(user);
  done(null, user.id);
});

passport.deserializeUser(function(id, done) {
  User.findById(id, function(err, user) {
    done(err, user);
  });
});

app.get('/auth/vkontakte',
  passport.authenticate('vkontakte', {
    scope: ['status', 'email', 'friends', 'notify'],
    profileFields: ['email', 'city', 'bdate']
  }),
  function(req, res){
    // The request will be redirected to vk.com for authentication, with
    // extended permissions.
  });

app.get('/auth/vkontakte/callback',
  passport.authenticate('vkontakte', {
    successRedirect: 'http://localhost:3000/vk',
    failureRedirect: 'http://localhost:3000/fail' 
  })
);

app.get('/vk', function(req, res) {
    //Here you have an access to req.user
    res.send('ok')
    // res.json(req.user)
    console.log(req.user);
});

app.get('/logout', function (req, res) {
  req.logout();
  res.redirect(`http://localhost:3002`);
});

Based on the foregoing, I have several questions:
1. What do they do passport.serializeUserand passport.deserializeUserwhether they are needed at all. + when executing the code, an error occurs ReferenceError: User is not defined
2. How to save the session? By cookies? I want to use MongoDB, what should I write to it? accessToken?
3. It’s just that when you go to the address localhost:3000/auth/vkontakte everything works fine, but if you call this address via axios using the button on the frontend at http://localhost:3002, then CORS does not allow you to make a request to the VK API and outputs to the console this
Access to XMLHttpRequest at ' https://oauth.vk.com/authorize?response_type=code&... ' (redirected from ' 127.0.0.1:3000/auth/vkontakte') from origin 'null' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Although at the very beginning of the file there is

var cors = require('cors')
app.use(cors());