new: 有货授权登录访中间件添加

@@ -6,6 +6,7 @@
 'use strict';
 const _ = require('lodash');
 const UserModel = require('../models/user');
+const authYoho = require('../../../utils/authYoho');
 
 const INVALID_SESSION = '用户SESSION信息缺失, 请重新验证';
 const GET_USER_INFO_SUCCESS = '获取用户信息成功';
@@ -77,6 +78,27 @@ const userController = {
                 }
             })
             .catch(next);
+    },
+
+    /**
+     * YOHO授权登录
+     * @param req
+     * @param res
+     */
+    yohoAuth(req, res) {
+        const refer = req.session.auth_refer;
+        const yh_sign = req.query.yh_sign.toLowerCase();
+        const lastSign = authYoho.sign(req.query).toLowerCase();
+
+        if (yh_sign !== lastSign) {
+            return res.json({
+                code: 401,
+                message: 'yh_sign签名验证错误'
+            });
+        }
+
+        _.set(req.session, 'yh_auth_id', req.query.yh_uid);
+        res.redirect(refer);
     }
 };
 

@@ -12,5 +12,6 @@ const router = express.Router(); // eslint-disable-line
 // SMS 短信
 router.post('/sms/sendCode', sms.beforeSend, sms.sendCode);
 router.post('/sms/checkCode', sms.checkCode, user.userInfo);
+router.get('/yohoAuth', user.yohoAuth);
 
 module.exports = router;

@@ -21,7 +21,9 @@ module.exports = {
         singleApi: 'http://api-test3.yohops.com:9999/'
     },
     corsAllowOrigin: [
+        'http://localhost:7000',
         'http://localhost:8081',
+        'http://feature.yoho.cn',
         'http://localhost:63342'
     ],
     useCache: false,

+{
+    "yh_auth_login": {
+        "clientSecret": "3bd815162342d9733f06ab6811082c64"
+    }
+}

+/**
+ * 登录判断
+ * @author: lq
+ * @date: 2017/9/1
+ */
+'use strict';
+const _ = require('lodash');
+const moment = require('moment');
+const authYoho = require('../../utils/authYoho');
+const queryString = require('queryString');
+
+module.exports = (req, res, next) => {
+    const refer = req.get('Referer') || '';
+    const yhAuthId = _.get(req.session, 'yh_auth_id', 0);
+
+    if (!yhAuthId) {
+        let params = {
+            yh_backurl: 'http://action.yoho.cn/passport/yohoAuth',
+            yh_type: 'activity',
+            yh_time: moment(new Date()).format('YYYY-MM-DD HH:mm:ss')
+        };
+
+        params.yh_sign = authYoho.sign(params);
+        _.set(req.session, 'auth_refer', refer);
+        return res.json({
+            code: 401,
+            message: '抱歉，您暂未登录！',
+            redirect: `//m.yohobuy.com/signin.html?${queryString.stringify(params)}`
+        });
+    }
+
+    next();
+};

+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>Title</title>
+</head>
+<body>
+ 明星海报地址页
+
+<script src="https://cdn.bootcss.com/jquery/2.2.2/jquery.js"></script>
+<script>
+    $.ajax({
+        method: 'post',
+        url: 'http://action.yoho.cn/article/test',
+        headers: {
+            'X-Requested-With': 'XMLHttpRequest'
+        },
+        xhrFields: {
+            withCredentials: true
+        }
+    })
+    .then(function(res) {
+        if (res.code === 401 && res.redirect) {
+            location.href = res.redirect;
+        }
+    });
+</script>
+</body>
+</html>

+/**
+ * YOHO授权登录签名
+ * @author: leo
+ * @date: 2017/9/4
+ */
+const _ = require('lodash');
+const md5 = require('yoho-md5');
+const signData = require('../doraemon/data/sign.json');
+
+
+module.exports = {
+    sign(params, clientSecret) {
+        let secretParams = {};
+
+        clientSecret = clientSecret || signData.yh_auth_login.clientSecret;
+
+        for (const k of Object.keys(params).sort()) {
+            if (k === 'yh_sign') {
+                continue;
+            }
+            secretParams[k] = params[k];
+        }
+
+        let secretStr = _.join(_.map(secretParams, (v, k) => {
+            return `${k}=${v}`;
+        }), '&');
+
+        return md5(secretStr + clientSecret);
+    }
+};
+