forked from mirror/MCSManager
修改 - 添加随机 token 值
This commit is contained in:
suwings
parent
d4903bbc14
commit
3806c2ffdc
@ -26,7 +26,7 @@ function defaultFalseCallBack(req, res, ResponseKey, ResponseValue, notAjaxRedir
|
||||
module.exports.randomString = randomString;
|
||||
|
||||
module.exports.needLogin = (req, res, trueCallBack, falseCallBack) => {
|
||||
let username = req.session['usernam'];
|
||||
let username = req.session['username'];
|
||||
if (req.session['login'] && loginedContainer.isLogined(username)) {
|
||||
if (req.session['login'] === true && username) {
|
||||
trueCallBack && trueCallBack();
|
||||
|
||||
@ -10,7 +10,7 @@ const response = require('../helper/Response');
|
||||
const permssion = require('../helper/Permission');
|
||||
const loginedContainer = require('../helper/LoginedContainer');
|
||||
const tools = require('../core/tools');
|
||||
|
||||
const VarCenter = require('../model/VarCenter');
|
||||
const userManager = userCenter();
|
||||
|
||||
|
||||
@ -18,11 +18,14 @@ const userManager = userCenter();
|
||||
router.post('/loginout', function (req, res) {
|
||||
|
||||
MCSERVER.log('[loginout] 用户:' + req.session['username'] + '退出');
|
||||
//删除一些辅助管理器的值
|
||||
if (req.session['username']) loginedContainer.delLogined(req.session['username']);
|
||||
// BUG Note: Ws—close 与 Loginout 时 Session 可能不一定及时同步
|
||||
// 导致我们暂时无法用一种很简单的方式来实现动态的更换 token
|
||||
VarCenter.get('user_token')[req.session['token']] = undefined;
|
||||
delete VarCenter.get('user_token')[req.session['token']];
|
||||
|
||||
req.session['login'] = false;
|
||||
req.session['username'] = undefined;
|
||||
req.session['token'] = undefined;
|
||||
req.session.destroy();
|
||||
response.returnMsg(res, 'user/logout', 'loginOut');
|
||||
});
|
||||
@ -67,7 +70,7 @@ router.post('/login', function (req, res) {
|
||||
req.session['login_md5key'] = undefined;
|
||||
req.session.save();
|
||||
delete MCSERVER.login[ip];
|
||||
//添加到 login 容器
|
||||
//添加到 login 容器 注意,全部代码只能有这一个地方使用这个函数
|
||||
loginedContainer.addLogined(username, loginUser.dataModel);
|
||||
response.returnMsg(res, 'login/check', true);
|
||||
}, () => {
|
||||
|
||||
@ -28,6 +28,10 @@ class WebsocketSession {
|
||||
if (data)
|
||||
response.wsSend(data.ws, data.resK, data.resV, data.body);
|
||||
}
|
||||
|
||||
getWebsocket() {
|
||||
return this.ws || null;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -48,6 +52,7 @@ router.ws('/ws', function (ws, req) {
|
||||
|
||||
//临时的会话id 一般只用于内部验证是否是这个tcp链接
|
||||
let uid = "__" + permssion.randomString(12) + Date.parse(new Date()).toString() + "__";
|
||||
let session_id = req.sessionID;
|
||||
|
||||
MCSERVER.log('[ WebSocket CREATE ] 新的 WebSocket 链接创建');
|
||||
|
||||
@ -63,18 +68,19 @@ router.ws('/ws', function (ws, req) {
|
||||
return;
|
||||
}
|
||||
|
||||
username = username.trim();
|
||||
|
||||
if (!loginedContainer.isLogined(username)) {
|
||||
MCSERVER.warning('这是十分危险的请求 | 已经阻止', '可能的用户值:' + username + ' 令牌值: ' + token);
|
||||
MCSERVER.warning('未经过登陆逻辑的用户尝试连接 | 已经阻止', '可能的用户值:' + username + ' 令牌值: ' + token);
|
||||
ws.close();
|
||||
return;
|
||||
}
|
||||
|
||||
username = username.trim();
|
||||
|
||||
let WsSession = new WebsocketSession({
|
||||
//Ws 判断身份条件,必须在 token 管理器与 Session 中认证登录
|
||||
login: (username && req.session['login']) ? true : false,
|
||||
uid: uid,
|
||||
sessionID: session_id,
|
||||
ws: ws,
|
||||
username: username,
|
||||
token: token,
|
||||
@ -148,8 +154,8 @@ router.ws('/ws', function (ws, req) {
|
||||
|
||||
//释放一些数据
|
||||
delete varCenter.get('user_token')[token];
|
||||
// req.session['token'] = undefined;
|
||||
// req.session.save();
|
||||
req.session['token'] = undefined;
|
||||
req.session.save();
|
||||
delete WsSession;
|
||||
|
||||
//释放全局变量
|
||||
|
||||
Loading…
Reference in New Issue
Block a user