session change

htoooth
Commit 5d622dc9a963da0e26058f1d193f03bdead97bf4 1 parent e76604c3
Showing 1 changed file with 12 additions and 5 deletions
apps/passport/models/login-service.js
--- a/apps/passport/models/login-service.js
View file @5d622dc
+++ b/apps/passport/models/login-service.js
View file @5d622dc
@@ -3,6 +3,7 @@
 const md5 = require('md5');
 const uuid = require('uuid');
 const _ = require('lodash');
+ const Fn = require('lodash/fp');
 
 const aes = require('./aes-pwd');
 const cache = global.yoho.cache;
@@ -35,13 +36,18 @@ const syncUserSession = (uid, req, res, sessionKey) => {
     }
 
     return Promise.all([userService.profile(uid), cartService.goodsCount(uid)]).spread((userInfo, count) => {
-         let token = sign.makeToken(uid);
+         let salt = Fn.pipe(Fn.take(8), Fn.join(''))(uuid.v4());
+         let saltedUid = uid + salt;
+ 
+         let saltedToken = sign.makeToken(saltedUid);
+         let publicToken = saltedToken + salt;
+ 
         let data = userInfo.data;
         let encryptionUid = aes.encryptionUid(data.uid);
 
         if (data) {
             let uidCookie =
-                 `${encodeURIComponent(data.profile_name)}::${encryptionUid}::${data.vip_info.title}::${token}`;
+                 `${encodeURIComponent(data.profile_name)}::${encryptionUid}::${data.vip_info.title}::${saltedToken}`;
             let isStudent = data.vip_info.is_student || 0;
 
             res.cookie('_UID', uidCookie, {
@@ -62,11 +68,12 @@ const syncUserSession = (uid, req, res, sessionKey) => {
             });
         }
 
-         req.session.TOKEN_ = token;
+         req.session.TOKEN_ = publicToken;
         req.session.LOGIN_UID_ = uid;
 
-         res.cookie('_TOKEN', token, {
-             domain: config.cookieDomain
+         res.cookie('_TOKEN', publicToken, {
+             domain: config.cookieDomain,
+             httpOnly: true
         });
 
     }).catch(console.log);