/** * 管理员判断 * @author: leo <qi.li@yoho.cn> * @date: 2017/7/6 */ 'use strict'; const _ = require('lodash'); module.exports = (req, res, next) => { const path = req.path; const isAdmin = _.get(req.session, 'user.isAdmin'); // 无需验证的路径 const excludedPath = [ '/login', '/api/login' ]; if (excludedPath.indexOf(path) > -1) { return next(); } if (!isAdmin) { if (req.xhr) { return res.json({ code: 401, message: '抱歉,您没有管理员权限' }); } return res.render('error/403', { layout: false }); } next(); };