mirror/yapi
2
0
Fork 0
mirror of https://github.com/YMFE/yapi.git synced 2024-11-21 01:13:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: 优化token,增加用户信息

Browse Source
This commit is contained in:
suwenxiong 2019-01-30 10:13:43 +08:00
parent c8833371c0
commit 480d96828d
6 changed files with 115 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.eslintrc.js
View File

@ -24,7 +24,8 @@ module.exports = {
"comma-dangle": ["error", "never"],
"no-console": ["off"],
"import/no-unresolved": ["off"],
"react/no-find-dom-node": ["off"]
"react/no-find-dom-node": ["off"],
"no-empty": ["off"]
// "react/no-unescaped-entities": 0
}
};

1
client/containers/Project/Interface/InterfaceCol/InterfaceColMenu.scss
View File

@ -149,6 +149,7 @@
.autoTestsModal {
.autoTestUrl {
overflow: auto;
background-color: #f5f5f5;
border: 1px solid #f1f1f1ce;
padding: 16px;

54
server/controllers/base.js
View File

@ -6,7 +6,7 @@ const groupModel = require('../models/group.js');
const tokenModel = require('../models/token.js');
const _ = require('underscore');
const jwt = require('jsonwebtoken');
const OPENAPI_USER = 99999999;
const {parseToken} = require('../utils/token')
class baseController {
constructor(ctx) {
@ -54,26 +54,51 @@ class baseController {
let token = params.token;
if (token && openApiRouter.indexOf(ctx.path) > -1) {
if (this.$auth) {
ctx.params.project_id = await this.getProjectIdByToken(token);
let tokens = parseToken(token)
if (!ctx.params.project_id) {
return (this.$tokenAuth = false);
}
return (this.$tokenAuth = true);
const oldTokenUid = '999999'
let tokenUid = oldTokenUid;
if(!tokens){
let checkId = await this.getProjectIdByToken(token);
if(!checkId)return;
}else{
token = tokens.projectToken;
tokenUid = tokens.uid;
}
// if (this.$auth) {
// ctx.params.project_id = await this.getProjectIdByToken(token);
// if (!ctx.params.project_id) {
// return (this.$tokenAuth = false);
// }
// return (this.$tokenAuth = true);
// }
let checkId = await this.getProjectIdByToken(token);
if(!checkId){
ctx.body = yapi.commons.resReturn(null, 42014, 'token 无效');
}
let projectData = await this.projectModel.get(checkId);
if (projectData) {
ctx.params.project_id = checkId;
this.$tokenAuth = true;
this.$uid = OPENAPI_USER;
this.$user = {
_id: this.$uid,
role: 'member',
username: 'system'
};
this.$uid = tokenUid;
let result;
if(tokenUid === oldTokenUid){
result = {
_id: tokenUid,
role: 'member',
username: 'system'
}
}else{
let userInst = yapi.getInst(userModel); //创建user实体
result = await userInst.findById(tokenUid);
}
this.$user = result;
this.$auth = true;
}
}
@ -263,9 +288,6 @@ class baseController {
*/
async checkAuth(id, type, action) {
let role = await this.getProjectRole(id, type);
if(this.getUid() === OPENAPI_USER){
role = 'dev'
}
if (action === 'danger') {
if (role === 'admin' || role === 'owner') {

6
server/controllers/project.js
View File

@ -13,7 +13,7 @@ const logModel = require('../models/log.js');
const followModel = require('../models/follow.js');
const tokenModel = require('../models/token.js');
const url = require('url');
const {getToken} = require('../utils/token')
const sha = require('sha.js');
class projectController extends baseController {
@ -1004,11 +1004,14 @@ class projectController extends baseController {
.update(passsalt)
.digest('hex')
.substr(0, 20);
await this.tokenModel.save({ project_id, token });
} else {
token = data.token;
}
token = getToken(token, this.getUid())
ctx.body = yapi.commons.resReturn(token);
} catch (err) {
ctx.body = yapi.commons.resReturn(null, 402, err.message);
@ -1037,6 +1040,7 @@ class projectController extends baseController {
.digest('hex')
.substr(0, 20);
result = await this.tokenModel.up(project_id, token);
token = getToken(token);
result.token = token;
} else {
ctx.body = yapi.commons.resReturn(null, 402, '没有查到token信息');

2
server/utils/commons.js
View File

@ -14,6 +14,8 @@ const _ = require('underscore');
const Ajv = require('ajv');
const Mock = require('mockjs');
const ejs = require('easy-json-schema');
const jsf = require('json-schema-faker');

67
server/utils/token.js Normal file
View File

@ -0,0 +1,67 @@
const yapi = require('../yapi')
const crypto = require('crypto');
/*
下面是使用加密算法
*/
// 创建加密算法
const aseEncode = function(data, password) {
// 如下方法使用指定的算法与密码来创建cipher对象
const cipher = crypto.createCipher('aes192', password);
// 使用该对象的update方法来指定需要被加密的数据
let crypted = cipher.update(data, 'utf-8', 'hex');
crypted += cipher.final('hex');
return crypted;
};
// 创建解密算法
const aseDecode = function(data, password) {
/*
该方法使用指定的算法与密码来创建 decipher对象, 第一个算法必须与加密数据时所使用的算法保持一致;
第二个参数用于指定解密时所使用的密码其参数值为一个二进制格式的字符串或一个Buffer对象该密码同样必须与加密该数据时所使用的密码保持一致
*/
const decipher = crypto.createDecipher('aes192', password);
/*
第一个参数为一个Buffer对象或一个字符串用于指定需要被解密的数据
第二个参数用于指定被解密数据所使用的编码格式可指定的参数值为 'hex', 'binary', 'base64'
第三个参数用于指定输出解密数据时使用的编码格式可选参数值为 'utf-8', 'ascii' 'binary';
*/
let decrypted = decipher.update(data, 'hex', 'utf-8');
decrypted += decipher.final('utf-8');
return decrypted;
};
const defaultSalt = 'abcde';
exports.getToken = function getToken(token, uid){
if(!token)throw new Error('token 不能为空')
yapi.WEBCONFIG.passsalt = yapi.WEBCONFIG.passsalt || defaultSalt;
return aseEncode(uid + '|' + token, yapi.WEBCONFIG.passsalt)
}
exports.parseToken = function parseToken(token){
if(!token)throw new Error('token 不能为空')
yapi.WEBCONFIG.passsalt = yapi.WEBCONFIG.passsalt || defaultSalt;
let tokens;
try{
tokens = aseDecode(token, yapi.WEBCONFIG.passsalt)
}catch(e){}
if(tokens && typeof tokens === 'string' && tokens.indexOf('|') > 0){
tokens = tokens.split('|')
return {
uid: tokens[0],
projectToken: tokens[1]
}
}
return false;
}