test

9d791f1b · denisfan · bb7675fd · 9d791f1b · 9d791f1b · bb7675fd
Commit 9d791f1b authored 7 years ago by denisfan
Hide whitespace changes
Inline Side-by-side

Showing

with 85 additions and 59 deletions
+85 -59
--- a/app/dao/db/db_tars_web_models/t_server_user.js
+++ b/app/dao/db/db_tars_web_models/t_server_user.js
+/* jshint indent: 1 */
+
+module.exports = function(sequelize, DataTypes) {
+	return sequelize.define('t_server_user', {
+		id: {
+			type: DataTypes.INTEGER(11),
+			allowNull: false,
+			primaryKey: true,
+			autoIncrement: true
+		},
+		application: {
+			type: DataTypes.STRING(128),
+			allowNull: false
+		},
+		server_name: {
+			type: DataTypes.STRING(128),
+			allowNull: false
+		},
+		read_role: {
+			type: DataTypes.TEXT,
+			allowNull: true
+		},
+		write_role: {
+			type: DataTypes.TEXT,
+			allowNull: true
+		}
+	}, {
+		tableName: 't_server_user',
+		timestamps: false
+	});
+};
--- a/app/midware/loginMidware.js
+++ b/app/midware/loginMidware.js
 //第三方登录相关

-var authConf = require('../../config/authConf').authConf;
-var request = require('request-promise-any');
-var _ = require('lodash');
-var logger = require('../logger');
-var ignoreList = _.concat([], authConf.ignore || [], ['/api/auth', '/auth', '/favicon.ico']);  //讲登入登出校验接口放到忽略登录校验列表中，兼容本地登录情况
+let loginConf = require('../../config/loginConf');
+let request = require('request-promise-any');
+let _ = require('lodash');
+let logger = require('../logger');
+let ignoreList = _.concat([], loginConf.ignore || [], ['/api/auth', '/auth', '/favicon.ico']);  //讲登入登出校验接口放到忽略登录校验列表中，兼容本地登录情况

-var userSessionMap = {}; //内存中保存用户的登录信息
-var cookieConfig = {
+let userSessionMap = {}; //内存中保存用户的登录信息
+let cookieConfig = {
    maxAge: 365 * 24 * 60 * 60 * 1000  //用户cookie过期时间为1年
 };

@@ -17,19 +17,19 @@ module.exports = async(ctx, next) => {
    if (checkInIgnoreList(ctx)) {  //跳过用户配置的不需要验证的url
        await next();
    } else {
-        var ticket, user;
-        if (ticket = ctx.query[authConf.ticketParamName || 'ticket']) {
+        let ticket, user;
+        if (ticket = ctx.query[loginConf.ticketParamName || 'ticket']) {
            user = await getUserInfo(ticket);
            if (user) {
-                await ctx.cookies.set('ticket', ticket, cookieConfig);
-                await ctx.cookies.set('user', user, cookieConfig);
+                await ctx.cookies.set(loginConf.ticketCookieName || 'ticket', ticket, cookieConfig);
+                await ctx.cookies.set(loginConf.userInfoCookieName || 'user', user, cookieConfig);
            }
        }
        if(!user){
-            user = ctx.cookies.get('user');
+            user = ctx.cookies.get(loginConf.userInfoCookieName || 'user');
        }
        if(!ticket){
-            ticket = ctx.cookies.get('ticket');
+            ticket = ctx.cookies.get(loginConf.ticketCookieName || 'ticket');
        }
        if (await checkIsLogin(user, ticket)) {
            ctx.userName = user;
@@ -42,8 +42,8 @@ module.exports = async(ctx, next) => {

 //检测是否在ignore列表中
 function checkInIgnoreList(ctx) {
-    var pathname = ctx.request.path;
-    var index = _.findIndex(ignoreList, function (rule) {
+    let pathname = ctx.request.path;
+    let index = _.findIndex(ignoreList, function (rule) {
        if (!rule) {
            return false;
        } else if (typeof rule === 'string') {
@@ -57,8 +57,8 @@ function checkInIgnoreList(ctx) {

 //检测是否登录
 async function checkIsLogin(user, ticket) {
-    // var user = ctx.cookies && ctx.cookies.get('user');
-    // var ticket = ctx.cookies && ctx.cookies.get('ticket');
+    // let user = ctx.cookies && ctx.cookies.get('user');
+    // let ticket = ctx.cookies && ctx.cookies.get('ticket');
    if (user !== undefined && ticket !== undefined) {
        if (await validate(user, ticket)) {
            return true;
@@ -72,16 +72,16 @@ async function checkIsLogin(user, ticket) {

 //控制跳转到登录页面
 async function toLoginPage(ctx) {
-    var loginUrl = authConf.loginUrl;
-    var redirectUrlParamName = authConf.redirectUrlParamName;
+    let loginUrl = loginConf.loginUrl;
+    let redirectUrlParamName = loginConf.redirectUrlParamName;
    ctx.redirect(loginUrl + '?' + redirectUrlParamName + '=' + encodeURIComponent(ctx.protocol + '://' + ctx.host + ctx.request.url));
 }

 // 通过ticket获取用户信息
 async function getUserInfo(ticket) {
    try {
-        if (!!authConf.getUserInfoByTicket) {
-            var userInfo = await request.get(authConf.loginUrlPrefix + authConf.getUserInfoByTicket + '?' + authConf.getUserInfoTicketParamName + '=' + ticket);
+        if (!!loginConf.getUserInfoByTicket) {
+            let userInfo = await request.get(loginConf.loginUrlPrefix + loginConf.getUserInfoByTicket + '?' + loginConf.getUserInfoTicketParamName + '=' + ticket);
            try{
                userInfo = JSON.parse(userInfo);
            }catch(e){
@@ -89,7 +89,7 @@ async function getUserInfo(ticket) {
                userInfo = false;
            }
            if(!userInfo)return false;
-            return _.result(userInfo, authConf.userInfoKey) || false;
+            return _.result(userInfo, loginConf.userInfoKey) || false;
        } else {
            return false;
        }
@@ -102,9 +102,9 @@ async function getUserInfo(ticket) {
 //判断是否ticket和user是否有效
 async function validate(user, ticket) {
    try {
-        var rst = false;
-        if (authConf.enableLocalCache && userSessionMap[user] && userSessionMap[user].ticket === ticket) {
-            if (userSessionMap[user].updateTime && (new Date()).getTime() - userSessionMap[user].updateTime < authConf.maxAge) {
+        let rst = false;
+        if (loginConf.enableLocalCache && userSessionMap[user] && userSessionMap[user].ticket === ticket) {
+            if (userSessionMap[user].updateTime && (new Date()).getTime() - userSessionMap[user].updateTime < loginConf.maxAge) {
                rst = true;
            } else {          //如果本地缓存过期，则检测第三方缓存
                rst = await casServerValidate(ticket, user);
@@ -133,8 +133,8 @@ async function validate(user, ticket) {
 //通过ticket和用户名调用CAS服务，确认是否登录
 async function casServerValidate(ticket, user) {
    try {
-        if (authConf.validateUrl) {   //如果没有配置校验接口，则表示此用户名直接有效直到过期
-            var validateRet = await request.get(authConf.loginUrlPrefix + authConf.validateUrl + '?' + authConf.validateTicketParamName + '=' + ticket + '&' + authConf.validateUserParamName + '=' + user);
+        if (loginConf.validateUrl) {   //如果没有配置校验接口，则表示此用户名直接有效直到过期
+            let validateRet = await request.get(loginConf.loginUrlPrefix + loginConf.validateUrl + '?' + loginConf.validateTicketParamName + '=' + ticket + '&' + loginConf.validateUserParamName + '=' + user);
            try{
                validateRet = JSON.parse(validateRet);
            }catch(e){
@@ -142,8 +142,8 @@ async function casServerValidate(ticket, user) {
                validateRet = false;
            }
            if(!validateRet)return false;
-            var validateMatch = authConf.validateMatch;
-            for (var i = 0; i < validateMatch.length; i++) {
+            let validateMatch = loginConf.validateMatch;
+            for (let i = 0; i < validateMatch.length; i++) {
                if (_.result(validateRet, validateMatch[i][0]) != validateMatch[i][1]) {
                    return false;
                }

--- a/config/authConf.js
+++ b/config/authConf.js
-var path = require('path');
-
-//用户体系配置
-
-module.exports = {
-    authConf: {
-        loginUrlPrefix: 'http://localhost:3000', //登录检验服务前缀host
-        loginUrl: '/auth/login.html',           //登录跳转url
-        redirectUrlParamName: 'service',        //跳转到登录url的时带的原url参数名，如：***/login?service=***，默认是service
-        logoutUrl: '/api/auth/logout',          //登出url
-        ticketParamName: 'ticket',              //第三方登录服务回调时候，url中表示st的参数名
-        getUserInfoByTicket: '',                //通过ticket从cas服务端校验和获取用户基本信息的url
-        getUserInfoTicketParamName: 'ticket',   //调用获取用户信息接口时候st的参数名
-        userInfoKey: 'data.user_name',          //结果JSON里面取出用户名的位置，取到该用户名才认为成功,可以多层
-        validateUrl: '',                        //通过token和用户名到cas服务端校验key和用户名是否匹配url
-        validateTicketParamName: 'ticket',      //校验接口传入st参数名
-        validateUserParamName: 'user',          //校验接口传入用户参数名
-        validateMatch: [
-            ['data.isLogin', true]
-        ],                                      //校验通过匹配条件，可以从多层结果，多个情况
-
-        ignore: ['/css', '/js', '/img'],        //不需要登录校验的规则
-
-        enableLocalCache: true,                //是否开启本地登录缓存
-        maxAge: 7 * 24 * 60 * 60 * 1000,        //本地登录缓存时间，默认7天
-
-        admin: ['root'],                       //超级管理员，依据用户体系的用户唯一ID而定
-    }
-
-};
\ No newline at end of file
--- a/config/loginConf.js
+++ b/config/loginConf.js
+var path = require('path');
+
+//用户体系配置
+
+module.exports = {
+    loginUrlPrefix: 'http://localhost:3000', //登录检验服务前缀host
+    loginUrl: '/auth/login.html',           //登录跳转url
+    redirectUrlParamName: 'service',        //跳转到登录url的时带的原url参数名，如：***/login?service=***，默认是service
+    logoutUrl: '/api/auth/logout',          //登出url
+    ticketCookieName: '',                   //cookie中保存ticket信息的cookie名
+    userInfoCookieName: '',                 //cookie中保存用户信息的cookie名
+    ticketParamName: 'ticket',              //第三方登录服务回调时候，url中表示st的参数名
+    getUserInfoByTicket: '',                //通过ticket从cas服务端校验和获取用户基本信息的url
+    getUserInfoTicketParamName: 'ticket',   //调用获取用户信息接口时候st的参数名
+    userInfoKey: 'data.user_name',          //结果JSON里面取出用户名的位置，取到该用户名才认为成功,可以多层
+    validateUrl: '',                        //通过token和用户名到cas服务端校验key和用户名是否匹配url
+    validateTicketParamName: 'ticket',      //校验接口传入st参数名
+    validateUserParamName: 'user',          //校验接口传入用户参数名
+    validateMatch: [
+        ['data.isLogin', true]
+    ],                                      //校验通过匹配条件，可以从多层结果，多个情况
+    ignore: ['/css', '/js', '/img'],        //不需要登录校验的规则
+    enableLocalCache: true,                //是否开启本地登录缓存
+    maxAge: 7 * 24 * 60 * 60 * 1000        //本地登录缓存时间，默认7天
+};
\ No newline at end of file