ssr-api.js
3.08 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
const serviceApi = global.yoho.ServiceAPI;
const ufoAPI = global.yoho.UfoAPI;
const logger = global.yoho.logger;
const _ = require('lodash');
const md5 = require('yoho-md5');
const checkParams = require('../../utils/check-params');
const apiMaps = require('../../config/api-map');
function checkSign(params, sign) {
delete params.s;
const sortKeys = Object.keys(params).sort();
const str = sortKeys.map(key => {
return `${key}:${encodeURIComponent(params[key])}`;
}).join('_');
const signDiff = md5(`${str}_${str.length}`);
if (sign === signDiff) {
return true;
}
logger.error(`验签不匹配: 提交sign: ${sign}, 服务端sign: ${signDiff}, params: ${JSON.stringify(params)}`);
return false;
}
module.exports = async(req, res, next) => {
const apiInfo = apiMaps[req.path];
if (!apiInfo) {
return next();
}
let baseParams;
let reqParams = Object.assign({}, req.query, req.body);
req.route = {
path: req.path
};
res.set({
'Cache-Control': 'no-cache',
Pragma: 'no-cache',
Expires: (new Date(1900, 0, 1, 0, 0, 0, 0)).toUTCString()
});
if (apiInfo.accessLog) {
logger.info(`[request access log] ${req.yoho.clientIp} | ${req.url} | uid:${req.user.uid} | User-Agent:${req.get('User-Agent')} | ${new Date()}`);
}
if (apiInfo.checkSign) {
if (!checkSign(Object.assign({}, reqParams), reqParams.s)) {
logger.error(`验签失败!uid: ${_.get(req, 'user.uid', '').toString()}, params: ${JSON.stringify(reqParams)}, ip: ${req.yoho.clientIp}`);
return res.json({
code: 400,
message: '验签失败'
});
}
}
delete reqParams.s;
delete reqParams.ts;
if (!apiInfo.service) {
baseParams = {
uid: (req.user && req.user.uid) ? {
toString: () => {
return req.user.uid || 0;
},
sessionKey: req.user.sessionKey,
appSessionType: req.user.appSessionType
} : 1,
method: apiInfo.api
};
}
try {
const mergeParams = Object.assign(reqParams, baseParams);
const params = checkParams.getParams(mergeParams, apiInfo);
const cache = req.method.toLowerCase() !== 'get' ? false : apiInfo.cache;
let method = req.method.toLowerCase() === 'post' ? 'post' : 'get';
let result;
let apiCtx = req.ctx(global.yoho.BaseModel);
if (apiInfo.service) {
result = await apiCtx.get({
api: serviceApi,
url: apiInfo.api,
data: params,
param: {
cache: cache,
}
});
} else if (apiInfo.ufo) {
result = await apiCtx[method]({
api: ufoAPI,
url: apiInfo.path || '',
data: params,
param: {
cache: cache
}
});
} else {
result = await apiCtx[method]({
data: params,
url: apiInfo.path || '',
param: {
cache: cache
}
});
}
if (result) {
return res.json(result);
}
return res.json({
code: 400
});
} catch (error) {
logger.error(error);
return res.json({
code: error.code || 500,
message: error.message || '服务器错误'
});
}
};