fe / ufo-app-web · Files

Go to a project
ssr-api.js 2.87 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 
const serviceApi = global.yoho.ServiceAPI;
const ufoAPI = global.yoho.UfoAPI;
const logger = global.yoho.logger;
const _ = require('lodash');
const md5 = require('yoho-md5');
const checkParams = require('../../utils/check-params');
const apiMaps = require('../../config/api-map');

function checkSign(params, sign) {
  delete params.s;
  const sortKeys = Object.keys(params).sort();
  const str = sortKeys.map(key => {
    return `${key}:${encodeURIComponent(params[key])}`;
  }).join('_');

  const signDiff = md5(`${str}_${str.length}`);

  if (sign === signDiff) {
    return true;
  }
  logger.error(`验签不匹配: 提交sign: ${sign}, 服务端sign: ${signDiff}, params: ${JSON.stringify(params)}`);
  return false;
}

module.exports = async(req, res, next) => {
  const apiInfo = apiMaps[req.path];

  if (!apiInfo) {
    return next();
  }
  let baseParams;
  let reqParams = Object.assign({}, req.query, req.body);

  res.set({
    'Cache-Control': 'no-cache',
    Pragma: 'no-cache',
    Expires: (new Date(1900, 0, 1, 0, 0, 0, 0)).toUTCString()
  });

  if (apiInfo.checkSign) {
    if (!checkSign(Object.assign({}, reqParams), reqParams.s)) {
      logger.error(`验签失败!uid: ${_.get(req, 'user.uid', '').toString()}, params: ${JSON.stringify(reqParams)}, ip: ${req.yoho.clientIp}`);
      return res.json({
        code: 400,
        message: '验签失败'
      });
    }
  }

  delete reqParams.s;
  delete reqParams.ts;

  if (!apiInfo.service) {
    baseParams = {
      uid: (req.user && req.user.uid) ? {
        toString: () => {
          return req.user.uid || 0;
        },
        sessionKey: req.user.sessionKey,
        appSessionType: req.user.appSessionType
      } : 1,
      method: apiInfo.api
    };
  }

  try {
    const mergeParams = Object.assign(reqParams, baseParams);
    const params = checkParams.getParams(mergeParams, apiInfo);
    const cache = req.method.toLowerCase() !== 'get' ? false : apiInfo.cache;
    let method = req.method.toLowerCase() === 'post' ? 'post' : 'get';

    let result;

    let apiCtx = req.ctx(global.yoho.BaseModel);

    if (apiInfo.service) {
      result = await apiCtx.get({
        api: serviceApi,
        url: apiInfo.api,
        data: params,
        param: {
          cache: cache,
        }
      });
    } else if (apiInfo.ufo) {
      result = await apiCtx[method]({
        api: ufoAPI,
        url: apiInfo.path || '',
        data: params,
        param: {
          cache: cache
        }
      });
    } else {
      result = await apiCtx[method]({
        data: params,
        url: apiInfo.path || '',
        param: {
          cache: cache
        }
      });
    }
    if (result) {
      return res.json(result);
    }
    return res.json({
      code: 400
    });
  } catch (error) {
    logger.error(error);
    return res.json({
      code: error.code || 500,
      message: error.message || '服务器错误'
    });
  }
};