增加APP访问校验

@@ -20,8 +20,7 @@ var app = express(),
     RedisStore = connectRedis(session);
 
 var config = require('./config');
-
-// sign = require('./library/sign')
+var sign = require('./library/sign');
 
 // 向模板注入变量
 app.locals.devEnv = app.get('env') === 'development';
@@ -65,16 +64,16 @@ app.use(session({
     secret: config.sessionSecret
 }));
 
-// TODO:app 访问校验参数是否合法
-// app.use(function(req, res, next) {
-//     if (req.query.app_version && !sign.checkSign(req.query)) {
-//         return res.status(403).json({
-//             code: 403,
-//             message: '客户端请求参数非法'
-//         });
-//     }
-//     next();
-// });
+// app 访问校验参数是否合法
+app.use(function(req, res, next) {
+    if (req.query.app_version && !sign.checkSign(req.query)) {
+        return res.status(403).json({
+            code: 403,
+            message: '客户端请求参数非法'
+        });
+    }
+    next();
+});
 
 // 加载路由
 app.use('/', require('./router'));

@@ -74,10 +74,8 @@ exports.checkSign = function(params) {
     delete params.debug_data;
     delete params['/api'];
 
+    params.private_key = privateKey[params.client_type];
     sortedParams = packageSort(params);
-    sortedParams.private_key = privateKey[params.client_type];
-
-    // console.log(clientSecret, sortedParams, makeSign(sortedParams));
 
     return clientSecret === makeSign(sortedParams);
 };

-var crypto = require('crypto');
-
-// 生成字符串 MD5
-exports.md5 = function(data) {
-    return crypto.createHash('md5').update(data).digest('hex');
-};