Merge branch 'feature/apiRisk' into 'release/6.8.7'

api risk See merge request !14

Merge branch 'feature/apiRisk' into 'release/6.8.7'
api risk See merge request !14
陈峰
Commit 99ff3a43dc4a5fb213252fb4688a70fb1a2cd492 2 parents 2081168a d4dd7f23
Showing 3 changed files with 46 additions and 8 deletions
apps/common/create-api-client.js
doraemon/middleware/error-handler.js
doraemon/middleware/ssr-api.js
--- a/apps/common/create-api-client.js
View file @99ff3a4
+++ b/apps/common/create-api-client.js
View file @99ff3a4
 import axios from 'axios';
 import config from 'config';
+ import {get} from 'lodash';
 
 axios.defaults.baseURL = config.axiosBaseUrl;
 axios.defaults.responseType = config.axiosResponseType;
@@ -8,12 +9,22 @@ axios.defaults.headers = {
 };
 
 const errHandle = (error) => {
+   let res = error.response;
+ 
   console.log(error);
+ 
+   if (+res.status === 510) {
+     if (get(res, 'data.data.refer')) {
+       return window.location.href = get(res, 'data.data.refer');
+     }
+   }
+ 
   return Promise.reject({
     code: 500,
     message: '服务器开小差了~'
   });
 };
+ 
 const request = (options, store) => {
   return axios(options).then((res) => {
     if (res.data.code === 401) {
--- a/doraemon/middleware/error-handler.js
View file @99ff3a4
+++ b/doraemon/middleware/error-handler.js
View file @99ff3a4
+ const _ = require('lodash');
 const logger = global.yoho.logger;
+ const cache = global.yoho.cache.master;
+ const helpers = global.yoho.helpers;
+ 
+ const appName = 'h5'; // 与H5共用
+ const LIMITER_IP_TIME = 3600; // 超出访问限制ip限制访问1小时
+ 
+ const replaceKey = '__refer__';
+ const checkRefer = helpers.urlFormat('/3party/check', {refer: replaceKey});
 
 /**
  * 服务器错误
  * @return {[type]}
  */
- exports.serverError = (err, req, res, next) => { // eslint-disable-line
+ exports.serverError = (err = {}, req, res, next) => { // eslint-disable-line
   logger.error(`error at path: ${req.url}`);
   logger.error(`${req.url},${typeof err === 'object' ? JSON.stringify(err) : err}`);
 
+   if (err.apiRisk) { // 接口风控
+     let remoteIp = req.yoho.clientIp;
+ 
+     if (_.get(req.app.locals, 'wap.open.apmrisk', false)) {
+       cache.setAsync(`${appName}:limit2:${remoteIp}`, 1, LIMITER_IP_TIME);
+     } else {
+       cache.setAsync(`${appName}:limiter:${remoteIp}`, 1, LIMITER_IP_TIME);
+     }
+ 
+     req.session.apiRiskValidate = true;
+ 
+     if (req.xhr) {
+       return res.status(510).json({
+         code: err.code,
+         data: {refer: checkRefer.replace(replaceKey, req.get('Referer') || '')}
+       });
+     }
+ 
+     return res.redirect(checkRefer.replace(replaceKey, req.protocol + '://' + req.get('host') + req.originalUrl));
+   }
+ 
   res.status(err.code || 500);
 
   if (req.xhr) {
     return res.json({
-       code: 500,
-       message: '服务器错误！'
+       code: err.code || 500,
+       message: err.message || '服务器错误'
     });
   }
 
--- a/doraemon/middleware/ssr-api.js
View file @99ff3a4
+++ b/doraemon/middleware/ssr-api.js
View file @99ff3a4
@@ -3,6 +3,7 @@ const ufoAPI = global.yoho.UfoAPI;
 const logger = global.yoho.logger;
 const checkParams = require('../../utils/check-params');
 const apiMaps = require('../../config/api-map');
+ const errorHandler = require('./error-handler');
 
 module.exports = async(req, res, next) => {
   res.set({
@@ -76,10 +77,6 @@ module.exports = async(req, res, next) => {
       code: 400
     });
   } catch (error) {
-     logger.error(error);
-     return res.json({
-       code: error.code || 500,
-       message: error.message || '服务器错误'
-     });
+     return errorHandler.serverError(error, req, res, next);
   }
 };