diff --git a/app.js b/app.js
index 3c931841..1cf93b74 100644
--- a/app.js
+++ b/app.js
@@ -38,7 +38,7 @@ const {
const counter = require('./core/counter');
const DataModel = require('./core/DataModel');
const ftpServerInterface = require('./ftpd/ftpserver');
-const VarCenter = require('./model/VarCenter');
+const tokenManger = require('./helper/TokenManager');
//控制台颜色
const colors = require('colors');
@@ -142,8 +142,8 @@ if (MCSERVER.localProperty.is_gzip)
app.use(compression());
//初始化令牌管理器
-VarCenter.set('user_token', {});
-VarCenter.set('express_app', app);
+// VarCenter.set('user_token', {});
+// VarCenter.set('express_app', app);
//基础根目录
app.use('/public', express.static('./public'));
diff --git a/helper/TokenManager.js b/helper/TokenManager.js
index 57f28282..7a1ecde0 100644
--- a/helper/TokenManager.js
+++ b/helper/TokenManager.js
@@ -4,4 +4,20 @@ const baseManagerModel = require('../model/baseManagerModel');
let onlyTokenManager = new baseManagerModel.ModelManager();
-module.exports.TokenManager = onlyTokenManager;
\ No newline at end of file
+module.exports.addToken = (key, value) => {
+ if (onlyTokenManager.len > 100) {
+ onlyTokenManager.clear();
+ }
+ onlyTokenManager.add(key, value);
+}
+
+
+module.exports.delToken = (key, value) => {
+ onlyTokenManager.del(key, value);
+}
+
+
+
+module.exports.getToken = (key) => {
+ return onlyTokenManager.get(key);
+}
\ No newline at end of file
diff --git a/model/VarCenter.js b/model/TokenManager.js
similarity index 100%
rename from model/VarCenter.js
rename to model/TokenManager.js
diff --git a/model/baseManagerModel.js b/model/baseManagerModel.js
index e4794641..e14bff1e 100644
--- a/model/baseManagerModel.js
+++ b/model/baseManagerModel.js
@@ -2,20 +2,24 @@ class ModelManager {
constructor() {
this._mineself = {};
this.name = null;
+ this.len = 0;
}
add(key, value) {
- if (key && value)
- this._mineself[username] = userdata;
- else
- throw new Error("key or value is Null");
+ if (key && value) {
+ this._mineself[key] = value;
+ this.len++;
+ }
+ console.log("MINE:" + this.len)
}
del(key) {
if (key) {
+ if (!this._mineself.hasOwnProperty(key)) return;
this._mineself[key] = undefined;
delete this._mineself[key];
- } else
- throw new Error("key is Null");
+ this.len--;
+ }
+ console.log("MINE:" + this.len)
}
get(key) {
@@ -25,6 +29,14 @@ class ModelManager {
return null;
}
+ clear() {
+ this._mineself = {};
+ }
+
+ returnObj() {
+ return this._mineself
+ }
+
}
module.exports.ModelManager = ModelManager;
\ No newline at end of file
diff --git a/route/token.js b/route/token.js
index 3c213398..47072963 100644
--- a/route/token.js
+++ b/route/token.js
@@ -2,7 +2,7 @@
const router = require('express')();
const response = require('../helper/Response');
const permssion = require('../helper/Permission');
-const VarCenter = require('../model/VarCenter');
+const TokenManager = require('../helper/TokenManager');
const counter = require('../core/counter');
const UUID = require('uuid');
const loginedContainer = require('../helper/LoginedContainer');
@@ -15,12 +15,11 @@ function getRandToken() {
router.get('/', function (req, res) {
let username = req.session['username'] || undefined;
//ajax 会受到浏览器跨域限制,姑不能对其进行csrf攻击获取token,尽管它可伪造。
- if (req.xhr) {
- if (!req.session['token']) {
- MCSERVER.log('[ Token ]', '用户 ', username, ' 请求更新令牌');
- //强化 token
- req.session['token'] = getRandToken();
- }
+ if (req.xhr || true) {
+ MCSERVER.log('[ Token ]', '用户 ', username, ' 请求更新令牌');
+ // if (!req.session['token']) {
+ // req.session['token'] = getRandToken();
+ // }
if (!username || !loginedContainer.isLogined(req.sessionID)) {
//用户未登录,返回一个随机的 token 给它,并且这个 token 与正常的 token 几乎一模一样
response.returnMsg(res, 'token', {
@@ -29,15 +28,26 @@ router.get('/', function (req, res) {
});
return;
}
- let maybeUsername = VarCenter.get('user_token')[req.session['token']];
- if (maybeUsername) {
- MCSERVER.log('令牌已经存在不能继续使用 | 已经重新生成 ' + username + ' 令牌值: ' + req.session['token']);
- req.session['token'] = getRandToken();
- // return;
- }
+ // let tmpToken = req.session['token']; //上一次此 Session 得到的令牌
+ // let tokens = VarCenter.get('user_token');
+ //禁止重复使用
+ // let maybeUsername = TokenManager.getToken(tmpToken);
+ // if (maybeUsername) {
+ // MCSERVER.log('令牌已经存在不能继续使用 | 已经重新生成 ' + username + ' 令牌值: ' + req.session['token']);
+ // //删除这个 Session 下的,以防内存泄露
+ // TokenManager.delToken(tmpToken);
+ // req.session['token'] = getRandToken();
+ // }
- VarCenter.get('user_token')[req.session['token']] = username;
+ //删除原先可能存在的
+ TokenManager.delToken(req.session['token'] || '');
+
+ //永远生产一个新的
+ let newtoken = getRandToken();
+ TokenManager.addToken(newtoken, username);
+ req.session['token'] = newtoken;
req.session.save();
+
response.returnMsg(res, 'token', {
token: req.session['token'],
username: username,
diff --git a/route/user.js b/route/user.js
index b50ba1f7..25896e63 100644
--- a/route/user.js
+++ b/route/user.js
@@ -10,7 +10,7 @@ const response = require('../helper/Response');
const permssion = require('../helper/Permission');
const loginedContainer = require('../helper/LoginedContainer');
const tools = require('../core/tools');
-const VarCenter = require('../model/VarCenter');
+const TokenManager = require('../helper/TokenManager');
const userManager = userCenter();
@@ -20,8 +20,10 @@ router.post('/loginout', function (req, res) {
MCSERVER.log('[loginout] 用户:' + req.session['username'] + '退出');
//删除一些辅助管理器的值
if (req.session['username']) loginedContainer.delLogined(req.sessionID);
- VarCenter.get('user_token')[req.session['token']] = undefined;
- delete VarCenter.get('user_token')[req.session['token']];
+
+ // VarCenter.get('user_token')[req.session['token']] = undefined;
+ // delete VarCenter.get('user_token')[req.session['token']];
+ TokenManager.delToken(req.session['token']);
req.session['login'] = false;
req.session['username'] = undefined;
diff --git a/route/websocket.js b/route/websocket.js
index ac47f8ac..b3a185a1 100644
--- a/route/websocket.js
+++ b/route/websocket.js
@@ -1,7 +1,7 @@
const router = require('express')();
const fs = require('fs');
-const varCenter = require('../model/VarCenter');
+const TokenManager = require('../helper/TokenManager');
const {
WebSocketObserver
} = require('../model/WebSocketModel');
@@ -70,8 +70,15 @@ router.ws('/ws', function (ws, req) {
MCSERVER.log('[ WS CREATE ] 新的 Ws 创建 SESSION_ID:' + session_id);
//从令牌管理器中 获取对应的用户
- var tokens = varCenter.get('user_token');
- username = tokens[token] || null;
+ // var tokens = varCenter.get('user_token');
+ username = TokenManager.getToken(token);
+ TokenManager.delToken(token);
+ delete req.session['token'];
+
+ //从 Token 管理器中删除它,因为 token 都是一次性的
+ //BUG 这个必须写在断开处,因为 Token 需要利用它辨别是否有重复
+
+ //req.session['token'] = undefined;
//用户名检查
if (!username || typeof username != "string" || username.trim() == "") {
@@ -83,7 +90,7 @@ router.ws('/ws', function (ws, req) {
//唯一性检查
if (isWsOnline(token)) {
- MCSERVER.warning('此令牌正在使用 | 阻止重复使用', '用户值:' + username + ' 令牌值: ' + token);
+ MCSERVER.warning('此令牌正在使用 | 阻止重复使用 | isWsOnline', '用户值:' + username + ' 令牌值: ' + token);
ws.close();
return;
}
@@ -174,11 +181,12 @@ router.ws('/ws', function (ws, req) {
status = false;
- //释放一些数据
- delete varCenter.get('user_token')[token];
- req.session['token'] = undefined;
- req.session.save();
+ //再删一次,保险
+ // delete tokens[token];
+ TokenManager.delToken(token);
+ delete req.session['token'];
delete WsSession;
+ req.session.save();
//释放全局变量
if (MCSERVER.onlineUser[username]) {