authAdmin.js
736 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
/**
* 管理员判断
* @author: leo <qi.li@yoho.cn>
* @date: 2017/7/6
*/
'use strict';
const _ = require('lodash');
module.exports = (req, res, next) => {
const path = req.path;
const isAdmin = _.get(req.session, 'user.isAdmin');
// 无需验证的路径
const excludedPath = [
'/login',
'/api/login'
];
if (excludedPath.indexOf(path) > -1) {
return next();
}
if (!isAdmin) {
if (req.xhr) {
return res.json({
code: 401,
message: '抱歉,您没有管理员权限'
});
}
return res.render('error/403', {
layout: false
});
}
req.isAdmin = true;
next();
};