mirror of
https://github.com/MCSManager/MCSManager.git
synced 2025-03-19 16:40:22 +08:00
修改 - 大幅度更改 token 机制
This commit is contained in:
suwings
parent
33b1be1a3a
commit
4895337862
6
app.js
6
app.js
@ -38,7 +38,7 @@ const {
|
||||
const counter = require('./core/counter');
|
||||
const DataModel = require('./core/DataModel');
|
||||
const ftpServerInterface = require('./ftpd/ftpserver');
|
||||
const VarCenter = require('./model/VarCenter');
|
||||
const tokenManger = require('./helper/TokenManager');
|
||||
|
||||
//控制台颜色
|
||||
const colors = require('colors');
|
||||
@ -142,8 +142,8 @@ if (MCSERVER.localProperty.is_gzip)
|
||||
app.use(compression());
|
||||
|
||||
//初始化令牌管理器
|
||||
VarCenter.set('user_token', {});
|
||||
VarCenter.set('express_app', app);
|
||||
// VarCenter.set('user_token', {});
|
||||
// VarCenter.set('express_app', app);
|
||||
|
||||
//基础根目录
|
||||
app.use('/public', express.static('./public'));
|
||||
|
||||
@ -4,4 +4,20 @@ const baseManagerModel = require('../model/baseManagerModel');
|
||||
let onlyTokenManager = new baseManagerModel.ModelManager();
|
||||
|
||||
|
||||
module.exports.TokenManager = onlyTokenManager;
|
||||
module.exports.addToken = (key, value) => {
|
||||
if (onlyTokenManager.len > 100) {
|
||||
onlyTokenManager.clear();
|
||||
}
|
||||
onlyTokenManager.add(key, value);
|
||||
}
|
||||
|
||||
|
||||
module.exports.delToken = (key, value) => {
|
||||
onlyTokenManager.del(key, value);
|
||||
}
|
||||
|
||||
|
||||
|
||||
module.exports.getToken = (key) => {
|
||||
return onlyTokenManager.get(key);
|
||||
}
|
||||
@ -2,20 +2,24 @@ class ModelManager {
|
||||
constructor() {
|
||||
this._mineself = {};
|
||||
this.name = null;
|
||||
this.len = 0;
|
||||
}
|
||||
|
||||
add(key, value) {
|
||||
if (key && value)
|
||||
this._mineself[username] = userdata;
|
||||
else
|
||||
throw new Error("key or value is Null");
|
||||
if (key && value) {
|
||||
this._mineself[key] = value;
|
||||
this.len++;
|
||||
}
|
||||
console.log("MINE:" + this.len)
|
||||
}
|
||||
del(key) {
|
||||
if (key) {
|
||||
if (!this._mineself.hasOwnProperty(key)) return;
|
||||
this._mineself[key] = undefined;
|
||||
delete this._mineself[key];
|
||||
} else
|
||||
throw new Error("key is Null");
|
||||
this.len--;
|
||||
}
|
||||
console.log("MINE:" + this.len)
|
||||
}
|
||||
|
||||
get(key) {
|
||||
@ -25,6 +29,14 @@ class ModelManager {
|
||||
return null;
|
||||
}
|
||||
|
||||
clear() {
|
||||
this._mineself = {};
|
||||
}
|
||||
|
||||
returnObj() {
|
||||
return this._mineself
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
module.exports.ModelManager = ModelManager;
|
||||
@ -2,7 +2,7 @@
|
||||
const router = require('express')();
|
||||
const response = require('../helper/Response');
|
||||
const permssion = require('../helper/Permission');
|
||||
const VarCenter = require('../model/VarCenter');
|
||||
const TokenManager = require('../helper/TokenManager');
|
||||
const counter = require('../core/counter');
|
||||
const UUID = require('uuid');
|
||||
const loginedContainer = require('../helper/LoginedContainer');
|
||||
@ -15,12 +15,11 @@ function getRandToken() {
|
||||
router.get('/', function (req, res) {
|
||||
let username = req.session['username'] || undefined;
|
||||
//ajax 会受到浏览器跨域限制,姑不能对其进行csrf攻击获取token,尽管它可伪造。
|
||||
if (req.xhr) {
|
||||
if (!req.session['token']) {
|
||||
MCSERVER.log('[ Token ]', '用户 ', username, ' 请求更新令牌');
|
||||
//强化 token
|
||||
req.session['token'] = getRandToken();
|
||||
}
|
||||
if (req.xhr || true) {
|
||||
MCSERVER.log('[ Token ]', '用户 ', username, ' 请求更新令牌');
|
||||
// if (!req.session['token']) {
|
||||
// req.session['token'] = getRandToken();
|
||||
// }
|
||||
if (!username || !loginedContainer.isLogined(req.sessionID)) {
|
||||
//用户未登录,返回一个随机的 token 给它,并且这个 token 与正常的 token 几乎一模一样
|
||||
response.returnMsg(res, 'token', {
|
||||
@ -29,15 +28,26 @@ router.get('/', function (req, res) {
|
||||
});
|
||||
return;
|
||||
}
|
||||
let maybeUsername = VarCenter.get('user_token')[req.session['token']];
|
||||
if (maybeUsername) {
|
||||
MCSERVER.log('令牌已经存在不能继续使用 | 已经重新生成 ' + username + ' 令牌值: ' + req.session['token']);
|
||||
req.session['token'] = getRandToken();
|
||||
// return;
|
||||
}
|
||||
// let tmpToken = req.session['token']; //上一次此 Session 得到的令牌
|
||||
// let tokens = VarCenter.get('user_token');
|
||||
//禁止重复使用
|
||||
// let maybeUsername = TokenManager.getToken(tmpToken);
|
||||
// if (maybeUsername) {
|
||||
// MCSERVER.log('令牌已经存在不能继续使用 | 已经重新生成 ' + username + ' 令牌值: ' + req.session['token']);
|
||||
// //删除这个 Session 下的,以防内存泄露
|
||||
// TokenManager.delToken(tmpToken);
|
||||
// req.session['token'] = getRandToken();
|
||||
// }
|
||||
|
||||
VarCenter.get('user_token')[req.session['token']] = username;
|
||||
//删除原先可能存在的
|
||||
TokenManager.delToken(req.session['token'] || '');
|
||||
|
||||
//永远生产一个新的
|
||||
let newtoken = getRandToken();
|
||||
TokenManager.addToken(newtoken, username);
|
||||
req.session['token'] = newtoken;
|
||||
req.session.save();
|
||||
|
||||
response.returnMsg(res, 'token', {
|
||||
token: req.session['token'],
|
||||
username: username,
|
||||
|
||||
@ -10,7 +10,7 @@ const response = require('../helper/Response');
|
||||
const permssion = require('../helper/Permission');
|
||||
const loginedContainer = require('../helper/LoginedContainer');
|
||||
const tools = require('../core/tools');
|
||||
const VarCenter = require('../model/VarCenter');
|
||||
const TokenManager = require('../helper/TokenManager');
|
||||
const userManager = userCenter();
|
||||
|
||||
|
||||
@ -20,8 +20,10 @@ router.post('/loginout', function (req, res) {
|
||||
MCSERVER.log('[loginout] 用户:' + req.session['username'] + '退出');
|
||||
//删除一些辅助管理器的值
|
||||
if (req.session['username']) loginedContainer.delLogined(req.sessionID);
|
||||
VarCenter.get('user_token')[req.session['token']] = undefined;
|
||||
delete VarCenter.get('user_token')[req.session['token']];
|
||||
|
||||
// VarCenter.get('user_token')[req.session['token']] = undefined;
|
||||
// delete VarCenter.get('user_token')[req.session['token']];
|
||||
TokenManager.delToken(req.session['token']);
|
||||
|
||||
req.session['login'] = false;
|
||||
req.session['username'] = undefined;
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
const router = require('express')();
|
||||
const fs = require('fs');
|
||||
|
||||
const varCenter = require('../model/VarCenter');
|
||||
const TokenManager = require('../helper/TokenManager');
|
||||
const {
|
||||
WebSocketObserver
|
||||
} = require('../model/WebSocketModel');
|
||||
@ -70,8 +70,15 @@ router.ws('/ws', function (ws, req) {
|
||||
MCSERVER.log('[ WS CREATE ] 新的 Ws 创建 SESSION_ID:' + session_id);
|
||||
|
||||
//从令牌管理器中 获取对应的用户
|
||||
var tokens = varCenter.get('user_token');
|
||||
username = tokens[token] || null;
|
||||
// var tokens = varCenter.get('user_token');
|
||||
username = TokenManager.getToken(token);
|
||||
TokenManager.delToken(token);
|
||||
delete req.session['token'];
|
||||
|
||||
//从 Token 管理器中删除它,因为 token 都是一次性的
|
||||
//BUG 这个必须写在断开处,因为 Token 需要利用它辨别是否有重复
|
||||
|
||||
//req.session['token'] = undefined;
|
||||
|
||||
//用户名检查
|
||||
if (!username || typeof username != "string" || username.trim() == "") {
|
||||
@ -83,7 +90,7 @@ router.ws('/ws', function (ws, req) {
|
||||
|
||||
//唯一性检查
|
||||
if (isWsOnline(token)) {
|
||||
MCSERVER.warning('此令牌正在使用 | 阻止重复使用', '用户值:' + username + ' 令牌值: ' + token);
|
||||
MCSERVER.warning('此令牌正在使用 | 阻止重复使用 | isWsOnline', '用户值:' + username + ' 令牌值: ' + token);
|
||||
ws.close();
|
||||
return;
|
||||
}
|
||||
@ -174,11 +181,12 @@ router.ws('/ws', function (ws, req) {
|
||||
|
||||
status = false;
|
||||
|
||||
//释放一些数据
|
||||
delete varCenter.get('user_token')[token];
|
||||
req.session['token'] = undefined;
|
||||
req.session.save();
|
||||
//再删一次,保险
|
||||
// delete tokens[token];
|
||||
TokenManager.delToken(token);
|
||||
delete req.session['token'];
|
||||
delete WsSession;
|
||||
req.session.save();
|
||||
|
||||
//释放全局变量
|
||||
if (MCSERVER.onlineUser[username]) {
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user