yapi/server/controllers/base.js

159 lines
4.8 KiB
JavaScript
Raw Normal View History

2017-07-27 14:12:43 +08:00
import yapi from '../yapi.js';
import projectModel from '../models/project.js';
import userModel from '../models/user.js';
2017-08-08 14:45:19 +08:00
import interfaceModel from '../models/interface.js'
import groupModel from '../models/group.js'
import _ from 'underscore'
2017-07-11 12:12:43 +08:00
const jwt = require('jsonwebtoken');
2017-07-27 14:12:43 +08:00
class baseController {
constructor(ctx) {
2017-07-12 17:01:27 +08:00
this.ctx = ctx;
2017-07-11 16:50:17 +08:00
//网站上线后role对象key是不能修改的value可以修改
this.roles = {
admin: 'Admin',
member: '网站会员'
2017-07-27 14:12:43 +08:00
};
2017-07-11 12:12:43 +08:00
}
2017-07-10 11:11:35 +08:00
2017-07-27 14:12:43 +08:00
async init(ctx) {
2017-07-11 12:12:43 +08:00
this.$user = null;
2017-07-12 17:01:27 +08:00
let ignoreRouter = [
2017-08-11 11:42:52 +08:00
'/api/user/login_by_token',
'/api/user/login',
'/api/user/reg',
'/api/user/status',
'/api/user/logout'
2017-07-27 14:12:43 +08:00
];
2017-08-10 21:20:57 +08:00
if (ignoreRouter.indexOf(ctx.path) > -1) {
2017-07-11 12:12:43 +08:00
this.$auth = true;
2017-07-27 14:12:43 +08:00
} else {
await this.checkLogin(ctx);
2017-07-11 12:12:43 +08:00
}
2017-07-27 14:12:43 +08:00
2017-07-11 12:12:43 +08:00
}
2017-07-10 11:11:35 +08:00
2017-07-27 14:12:43 +08:00
getUid() {
return parseInt(this.$uid, 10);
2017-07-05 17:47:51 +08:00
}
2017-07-27 14:12:43 +08:00
async checkLogin(ctx) {
2017-07-11 12:12:43 +08:00
let token = ctx.cookies.get('_yapi_token');
2017-07-27 14:12:43 +08:00
let uid = ctx.cookies.get('_yapi_uid');
try {
if (!token || !uid) return false;
2017-07-11 12:12:43 +08:00
let userInst = yapi.getInst(userModel); //创建user实体
let result = await userInst.findById(uid);
2017-07-27 14:12:43 +08:00
let decoded = jwt.verify(token, result.passsalt);
if (decoded.uid == uid) {
2017-07-11 12:12:43 +08:00
this.$uid = uid;
this.$auth = true;
2017-07-27 14:12:43 +08:00
this.$user = result;
2017-07-11 12:12:43 +08:00
return true;
}
2017-07-27 14:12:43 +08:00
2017-07-11 12:12:43 +08:00
return false;
2017-07-27 14:12:43 +08:00
} catch (e) {
2017-07-11 12:12:43 +08:00
return false;
}
2017-07-05 17:47:51 +08:00
}
2017-08-10 21:20:57 +08:00
/**
*
* @param {*} ctx
*/
2017-07-05 17:47:51 +08:00
2017-07-27 14:12:43 +08:00
async getLoginStatus(ctx) {
if (await this.checkLogin(ctx) === true) {
2017-08-10 21:20:57 +08:00
let result = yapi.commons.fieldSelect(this.$user, ['_id', 'username', 'email', 'up_time', 'add_time', 'role', 'type']);
2017-07-27 18:00:43 +08:00
result.server_ip = yapi.WEBCONFIG.server_ip;
return ctx.body = yapi.commons.resReturn(result);
2017-07-11 12:12:43 +08:00
}
2017-07-27 14:12:43 +08:00
return ctx.body = yapi.commons.resReturn(null, 300, 'Please login.');
2017-07-05 17:47:51 +08:00
}
2017-07-06 19:21:54 +08:00
2017-07-27 14:12:43 +08:00
getRole() {
2017-07-11 16:50:17 +08:00
return this.$user.role;
2017-07-06 19:21:54 +08:00
}
2017-07-10 11:56:53 +08:00
2017-08-11 17:49:47 +08:00
getUsername() {
return this.$user.username;
}
2017-08-08 14:45:19 +08:00
/**
*
* @param {*} id type对应的id
* @param {*} type enum[interface, project, group]
* @param {*} action enum[ danger , edit ] danger只有owner或管理员才能操作,edit只要是dev或以上就能执行
*/
async checkAuth(id, type, action) {
let result = {};
try {
if (this.getRole() === 'admin') {
return true;
}
if (type === 'interface') {
let interfaceInst = yapi.getInst(interfaceModel);
let interfaceData = await interfaceInst.get(id)
result.interfaceData = interfaceData;
if (interfaceData.uid === this.getUid()) {
return true;
}
type = 'project';
id = interfaceData.project_id;
}
2017-07-10 11:56:53 +08:00
2017-08-08 14:45:19 +08:00
if (type === 'project') {
let projectInst = yapi.getInst(projectModel);
let projectData = await projectInst.get(id);
if(projectData.uid === this.getUid()){
return true;
}
let memberData = _.find(projectData.members, (m) => {
if (m.uid === this.getUid()) {
return true;
}
})
if (memberData && memberData.role) {
if(action === 'danger' && memberData.role === 'owner'){
return true;
}
if(action === 'edit'){
return true;
}
}
type = 'group';
id = projectData.group_id
}
2017-07-27 14:12:43 +08:00
2017-08-08 14:45:19 +08:00
if (type === 'group') {
let groupInst = yapi.getInst(groupModel);
let groupData = await groupInst.get(id);
let groupMemberData = _.find(groupData.members, (m) => {
if (m.uid === this.getUid()) {
return true;
}
})
if (groupMemberData && groupMemberData.role) {
if(action === 'danger' && groupMemberData.role === 'owner'){
return true;
}
if(action === 'edit'){
return true;
}
}
}
2017-07-27 14:12:43 +08:00
return false;
}
2017-08-08 14:45:19 +08:00
catch (e) {
yapi.commons.log(e.message, 'error')
return false;
2017-07-10 11:56:53 +08:00
}
}
2017-07-05 17:47:51 +08:00
}
2017-07-27 14:12:43 +08:00
module.exports = baseController;