在研究改进别人的一个nodejs的在线聊天室的demo，关于登陆问题的疑惑，因为联系不到作者，求各位大大解释？

Question

我发现这个demo的登陆有点问题就是登陆验证部分不起作用，这个demo运用了vue框架，以下是部分源码：

views/login.html:

<!DOCTYPE html>
<html>
<head>
  <meta charset="utf-8">
  <meta http-equiv="X-UA-Compatible" content="IE=edge">
  <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
  <title>登录页</title>
  <link rel="stylesheet" type="text/css" href="/public/css/bootstrap.css">
   <!--[if lt IE 9]>
      <script src="/public/js/html5shiv.min.js"></script>
      <script src="/public/js/respond.min.js"></script>
    <![endif]-->
    <style type="text/css">
    #loginDiv{
     
    }
    #loginDivFooter{
      text-align: right;
    }
    </style>
</head>
<body>
<div class="container" >
  <div class="panel panel-success" id="loginDiv">
    <div class="panel-heading">登录</div>
    <div class="panel-body">
      <div class="form-group">
        <label for="userName">用户名：</label>
        <input class="form-control" id="userName" v-on:keyup.enter="login" v-model="username">
      </div>
      <div class="form-group">
        <label for="userPwd">密码:</label>
        <input class="form-control" type="password" id="userPwd"  v-on:keyup.enter="login" v-model="password"/>
      </div>
    </div>
    <div class="panel-footer" id="loginDivFooter">
      <button class="btn btn-primary" id="btnSubmit" v-on:click="login">登录</button>
      <label><a href="/user/register">注册</a></label>
    </div>
  </div>
</div>
</body>
<script src="/public/js/jquery-1.11.1.min.js"></script>
<script src="/public/js/bootstrap.js"></script>
<script src="/public/js/vue.min.js"></script>
<script>
new Vue({
  el:'#loginDiv',
  data:{
    username:'tom',
    password:'1'
  },
  methods:{
    login:function(){
      if(!this.username||!this.password){
        alert('用户名或密码不能为空');
        return;
      }
      $.post('/login',{userName:this.username,userPwd:this.password},function(json){
        if(json.error){
          alert(json.error);
          return;
        }
       window.location.assign('/');
      });
    }
  }
});
</script>
</html>

routes/login.js:

var express = require('express');
var User = require('../src/db/models/user');
var result = require('../src/utils/result');
var router = express.Router();
router.get('/',function(req,res,next){
  res.render('login.html');
});
router.post('/',function(req,res,next){
    var r = result();
    if(!req.body.userName || !req.body.userPwd){
        r.error = '用户名或密码不能为空';
        return res.json(r);
    }
    var u = new User({
        name:req.body.userName,
        pwd:req.body.userPwd
    });
    User.find(u,function(err,doc){
        if(err){
            r.error = '用户名或密码不正确';
            return;
        }
        req.session.userid = u.name;
        res.json(r);
    });
});
module.exports = router;

我所疑惑的是，User.find函数似乎没有起到作用？我随便输入什么用户名和密码都能进去主页。
demo的链接地址在这，另外除了npm install和打开数据库服务之外还需要npm install express-session才行：https://github.com/hhqqnu/Sec...
感激不尽！

Answer 1

我是题主，是因为User.find函数弄错了，而且不能直接定义u为new User，route/login.js的正确代码如下：

var express = require('express');
var router = express.Router();
var User = require('../src/db/models/user');
var result = require('../src/utils/result');

router.get('/',function(req,res,next){
  res.render('login.html');
});
router.post('/',function(req,res,next){
    var r = result();
    if(!req.body.userName || !req.body.userPwd){
        r.error = '用户名或密码不能为空';
        return res.json(r);
    }
    var u = new User({
        name:req.body.userName,
        pwd:req.body.userPwd
    });
    User.find({
        name:req.body.userName,
        pwd:req.body.userPwd
    },function(err,doc){
        if(err){
            r.error=err;
            return;
        }
        if(doc){
            console.log('success');
        }else{
            console.log('fail');
            return;
        }
        req.session.userid = u.name;
        res.json(r);
    });
});
module.exports = router;