fe / yohobuy-node · Commits

Go to a project

Authored by 陈峰
Commit 959d4ee6beaeba9a925eb85364c0f9f0a81dce0d 2 parents a54aea7f 974235b7

Merge branch 'release/0704' into 'gray' 

Release/0704



See merge request !320
Inline Side-by-side
Showing 30 changed files with 217 additions and 84 deletions
... ... @@ -49,9 +49,9 @@ global.utils = path.resolve('./utils');
global.appRoot = path.resolve(__dirname);
// 向模板注入变量
app.locals.devEnv = app.get('env') === 'development';
app.locals.isProduction = app.get('env') === 'production';
app.locals.version = pkg.version;
global.devEnv = app.locals.devEnv = app.get('env') === 'development';
global.isProduction = app.locals.isProduction = app.get('env') === 'production';
global.version = app.locals.version = pkg.version;
// zookeeper
if (config.zookeeperServer) {
... ...
... ... @@ -6,6 +6,7 @@
'use strict';
const address = require('../models/address');
const cleanHtml = require(`${global.utils}/cleanHtml`);
const getArea = (req, res, next) => {
let id = req.query.id || 0;
... ... @@ -54,6 +55,8 @@ const saveAddress = (req, res, next) => {
let uid = req.user.uid;
let params = req.body;
params.consignee = cleanHtml.htmlEncode(params.consignee);
if (!uid) {
return next();
}
... ...
... ... @@ -8,7 +8,7 @@
const router = require('express').Router(); // eslint-disable-line
const cRoot = './controllers';
const csrf = require(`${global.middleware}/csrf`);
const auth = require(`${global.middleware}/auth`);
const cart = require(`${cRoot}/cart`);
... ... @@ -24,16 +24,16 @@ router.get('/coupon/list', cart.getCoupons); // 优惠券列表
router.get('/address/list', address.getList); // 省市区列表信息
router.get('/address/area', address.getArea); // 省市区列表信息
router.post('/address/delete', address.delAddress); // 删除地址
router.post('/address/save', address.saveAddress); // 新增地址/更新地址
router.post('/address/setdefault', address.setDefault); // 设置默认地址
router.post('/address/delete', csrf, address.delAddress); // 删除地址
router.post('/address/save', csrf, address.saveAddress); // 新增地址/更新地址
router.post('/address/setdefault', csrf, address.setDefault); // 设置默认地址
router.get('/ensure', auth, ensure.index); // 限购商品快捷结算页
router.get('/ensure', auth, csrf, ensure.index); // 限购商品快捷结算页
router.get('/ensure/coupons', auth, ensure.getCoupons); // 结算优惠券列表
router.get('/ensure/giftcards', auth, ensure.getGiftCards); // 结算礼品卡列表
router.get('/ensure/couponcode', auth, ensure.convertCoupons); // 优惠码兑换券
router.post('/ensure/compute', auth, ensure.compute); // 价格重新计算
router.post('/ensure/submit', auth, ensure.submitCheck, ensure.submit); // 订单提交
router.post('/ensure/submit', auth, csrf, ensure.submitCheck, ensure.submit); // 订单提交
router.post('/property/checksms', ensure.sendCheckSms); // 虚拟资产使用校验
router.get('/easypay', auth, easypay.index); // 限购商品快捷结算页
... ...
<div class="order-ensure yoho-page {{pageClass}}">
{{# content}}
<input id="page-error-tip" type="hidden" value="{{pageErrorTip}}"></input>
<input type="hidden" name="_csrf" value="{{../csrfToken}}">
<div class="order-ensure-title">
{{> shopping-step}}
</div>
... ... @@ -11,11 +12,11 @@
{{# deliveryAddress}}
<div class="addr-item{{#isY is_default}} addr-default{{/isY}}{{#if selected}} addr-select{{/if}}" data-id="{{id}}" data-consignee="{{consignee}}" data-mobile="{{mobile}}" data-phone="{{phone}}" data-area="{{area}}" data-code="{{area_code}}" data-address="{{address}}"{{#isY is_default}} data-default="1"{{/isY}}{{#isY is_delivery}} data-delivery="1"{{/isY}}{{#isY is_cash_delivery}} data-cashdelivery="1"{{/isY}}>
<p class="name">
{{consignee}}
{{{consignee}}}
<span class="right">{{mobile}}</span>
</p>
<p class="area">{{area}}</p>
<p class="street fw300">{{address}}</p>
<p class="street fw300">{{{address}}}</p>
<p class="option">
<label class="set-default">设为默认</label>
<label class="default-tip">默认地址</label>
... ...
... ... @@ -4,7 +4,7 @@
<ul class="info-wrap">
<li>
<span class="left-rd"><i class="red">*</i>收<i class="mg">货</i>人:</span>
<input type="text" name="consignee" value="\{{info.consignee}}" placeholder="请输入您的姓名">
<input type="text" name="consignee" value="\{{{info.consignee}}}" placeholder="请输入您的姓名">
<p class="caveat-tip"></p>
</li>
<li>
... ... @@ -37,7 +37,7 @@
</li>
<li>
<span class="left-rd"><i class="red">*</i>详细地址:</span>
<input type="text" name="address" value="\{{info.address}}" placeholder="街道名称或小区名称">
<input type="text" name="address" value="\{{{info.address}}}" placeholder="街道名称或小区名称">
<p class="caveat-tip"></p>
</li>
<li>
... ...
... ... @@ -70,8 +70,8 @@
\{{#each address}}
<li class="address-item\{{#if default}} focus default\{{/if}}"
data-id="\{{id}}"
data-consignee="\{{consignee}}"
data-address="\{{address}}"
data-consignee="\{{{consignee}}}"
data-address="\{{{address}}}"
data-areaname="\{{area}}"
data-area="\{{area_code}}"
data-mobile="\{{mobile}}"
... ...
... ... @@ -7,6 +7,7 @@
const mRoot = '../models';
const addressModel = require(`${mRoot}/address-service`); // user model
const cleanHtml = require(`${global.utils}/cleanHtml`);
/**
* 地址管理列表
... ... @@ -23,6 +24,7 @@ exports.index = (req, res, next) => {
req.ctx(addressModel).getAddressInfo(uid).then(result => {
responseData.meAddressPage = true;
responseData.address = result.address;
res.render('home/address/address', responseData);
}).catch(next);
};
... ... @@ -39,6 +41,9 @@ exports.editAddress = (req, res, next) => {
// 真实数据输出
req.ctx(addressModel).editAddress(req.body, uid).then(result => {
result.data.address = cleanHtml.htmlDecode(result.data.address);
result.data.consignee = cleanHtml.htmlDecode(result.data.consignee);
res.json(result);
}).catch(next);
};
... ... @@ -49,6 +54,8 @@ exports.editAddress = (req, res, next) => {
exports.saveAddress = (req, res, next) => {
let uid = req.user.uid;
req.body.addressName = cleanHtml.htmlEncode(req.body.addressName);
// 真实数据输出
req.ctx(addressModel).saveAddress(req.body, uid).then(result => {
res.json(result);
... ...
... ... @@ -2,6 +2,7 @@
const _ = require('lodash');
const ordersService = require('../models/orders-service');
const cleanHtml = require(`${global.utils}/cleanHtml`);
const index = (req, res, next) => {
let ordersModel = req.ctx(ordersService);
... ... @@ -74,6 +75,8 @@ const modifyAddress = (req, res, next) => {
}());
let udid = req.yoho.udid;
userName = cleanHtml.htmlEncode(userName);
if (!orderId || !userName || !areaCode || !address) {
return res.json({
code: 400,
... ...
... ... @@ -14,6 +14,14 @@ const crypto = global.yoho.crypto;
const AccountApi = require('./account-api');
const CaptchaImgService = require('../../passport/models/captcha-img-service');
const _privacyProtection = (str, start = 0, end = 0) => {
if (!str || !(end - start > 0)) {
return '';
}
return `${str.slice(0, 3)}****${str.slice(7)}`;
}
module.exports = class extends global.yoho.BaseModel {
constructor(ctx) {
super(ctx);
... ... @@ -104,11 +112,12 @@ module.exports = class extends global.yoho.BaseModel {
name: 'password'
}
];
let formData2 = [
{// 只验证手机号
inputTxt: '已验证的手机号',
isVerify: true,
verifyAccount: data.mobile.slice(0, 3) + '****' + data.mobile.slice(7),
verifyAccount: _privacyProtection(data.mobile, 3, 7),
realAccount: data.mobile
}
];
... ... @@ -117,7 +126,7 @@ module.exports = class extends global.yoho.BaseModel {
{// 只验证邮箱
inputTxt: '已验证邮箱',
isVerify: true,
verifyAccount: data.email.slice(0, 2) + '****' + data.email.slice(6),
verifyAccount: _privacyProtection(data.email, 2, 6),
realAccount: data.email
}
];
... ... @@ -351,7 +360,7 @@ module.exports = class extends global.yoho.BaseModel {
resq[1].icon = verifyData.mobileVerify === 'N' ? 'warning' : 'ok';
resq[1].isValid = verifyData.mobileVerify === 'N' ? false : true;
resq[1].tip = verifyData.mobileVerify === 'N' ? '验证后,可用于找回登录密码。' :
'您验证的手机:' + verifyData.mobile.slice(0, 3) + '****' + verifyData.mobile.slice(7);
'您验证的手机:' + _privacyProtection(verifyData.mobile, 3, 7);
}
return resq;
... ... @@ -661,7 +670,7 @@ module.exports = class extends global.yoho.BaseModel {
],
returnInfo: true,
sendEmail: {
emailInfo: email.slice(0, 2) + '****' + email.slice(6),
emailInfo: _privacyProtection(email, 2, 6),
emailUrl: emailDomain
}
};
... ...
... ... @@ -12,6 +12,7 @@ const UserApi = require('./user-api');
const helpers = global.yoho.helpers;
const Images = require('../../../utils/images');
const cleanHtml = require('../../../utils/cleanHtml');
const configData = {
gender: [{
... ... @@ -344,13 +345,13 @@ module.exports = class extends global.yoho.BaseModel {
name: [
{
labelText: '昵称:',
value: userInfo.nickname,
value: cleanHtml.htmlDecode(userInfo.nickname),
key: 'nickname',
tips: '与Yoho!业务或商家品牌冲突的昵称,Yoho!将有可能收回'
},
{
labelText: '真实姓名:',
value: userInfo.username,
value: cleanHtml.htmlDecode(userInfo.username),
key: 'username',
tips: '' // 4.8去掉该提示
}
... ... @@ -363,7 +364,7 @@ module.exports = class extends global.yoho.BaseModel {
birthday: {
labelText: '生日:',
key: 'birthday',
tips: '生日信息仅可修改一次,如需修改,请至最新版app进行修改。',
tips: '生日信息仅可修改一次如需修改,请至最新版app进行修改。',
value: birthday
},
profession: {
... ... @@ -585,8 +586,8 @@ module.exports = class extends global.yoho.BaseModel {
let respData,
userInfo = {
uid: uid,
nickname: _.trim(req.body.nickname),
username: _.trim(req.body.username),
nickname: cleanHtml.htmlEncode(_.trim(req.body.nickname)),
username: cleanHtml.htmlEncode(_.trim(req.body.username)),
gender: req.body.gender || 3,
profession: req.body.profession || 0,
income: req.body.income || 0
... ...
... ... @@ -9,8 +9,7 @@ const express = require('express');
const router = express.Router(); // eslint-disable-line
const cRoot = './controllers';
const captcha = require('../passport/controllers/captcha');
const csrf = require('../../doraemon/middleware/csrf')();
const csrf = require('../../doraemon/middleware/csrf');
const newUserController = require(`${cRoot}/new-user`);
... ... @@ -52,7 +51,7 @@ const meGiftController = require(`${cRoot}/me-gift`);
// 首页
router.get(['/index', '/'], tabsMiddleware.getCommonHeaderNew, indexController.index);
router.get(['/index', '/'], csrf, tabsMiddleware.getCommonHeaderNew, indexController.index);
router.get('/index/newsAvatar', indexController.newsAvatar);
router.get('/index/async', indexController.asyncData);
... ... @@ -142,25 +141,25 @@ router.get('/favorite/cancel', favoriteController.cancel);
/** ******************************* 我的收藏结束 *****************************************/
/** ******************************* 我的订单开始 *****************************************/
router.get('/orders', tabsMiddleware.getCommonHeader, ordersController.index);
router.get('/orders', csrf, tabsMiddleware.getCommonHeader, ordersController.index);
// 重新加入购物车
router.post('/orders/readd', ordersController.reBuy);
// 删除订单
router.post('/orders/delorder', ordersController.del);
router.post('/orders/delorder', csrf, ordersController.del);
// 修改地址
router.post('/orders/modifyAddress', ordersController.modifyAddress);
router.post('/orders/modifyAddress', csrf, ordersController.modifyAddress);
// 确认订单
router.post('/orders/confirmOrder', ordersController.confirm);
// 取消订单
router.post('/orders/cancelOrder', ordersController.cancel);
router.post('/orders/cancelOrder', csrf, ordersController.cancel);
// 订单详情
router.get('/orders/detail', tabsMiddleware.getCommonHeader, ordersController.detail);
router.get('/orders/detail', csrf, tabsMiddleware.getCommonHeader, ordersController.detail);
// 物流信息
router.get('/orders/express', ordersController.express);
... ... @@ -177,15 +176,15 @@ router.get('/orders/refundreason', ordersController.refundReason);
// router.get('/coupons', CouponsController.index);
router.get('/user', csrf, tabsMiddleware.getCommonHeader, UserController.index);
router.post('/user/edituserinfo', UserController.editUserInfo);
router.post('/user/edituserinfo', csrf, UserController.editUserInfo);
router.post('/user/editusercontactinfo', UserController.editUserContactInfo);
router.post('/user/editusercontactinfo', csrf, UserController.editUserContactInfo);
router.post('/user/edituserhabitsinfo', UserController.editUserHabitsInfo);
router.post('/user/edituserhabitsinfo', csrf, UserController.editUserHabitsInfo);
router.post('/user/edituserlikebrand', UserController.editUserLikeBrand);
router.post('/user/edituserlikebrand', csrf, UserController.editUserLikeBrand);
router.post('/user/isbrandname', UserController.isBrandName);
router.post('/user/isbrandname', csrf, UserController.isBrandName);
// 二维码登录
// router.post('/passport/login/qrcode/refresh', bindController.local.qrcode.refresh); // 刷新二维码
... ... @@ -256,17 +255,17 @@ router.post('/account/mobilecheck', AccountController.newBindCheck);
// 地址管理
router.get('/address', tabsMiddleware.getCommonHeader, AddressController.index);
router.get('/address', csrf, tabsMiddleware.getCommonHeader, AddressController.index);
router.get('/address/area', UserController.getProviceList);
router.post('/address/editAddress', AddressController.editAddress);
router.post('/address/saveAddress', AddressController.saveAddress);
router.post('/address/saveAddress', csrf, AddressController.saveAddress);
router.get('/address/delAddress', AddressController.delAddress);
router.get('/address/delAddress', csrf, AddressController.delAddress);
router.post('/address/defaultAddress', AddressController.defaultAddress);
router.post('/address/defaultAddress', csrf, AddressController.defaultAddress);
// 兑换礼品卡
... ...
... ... @@ -11,12 +11,12 @@
<div class="main">
<div class="address-tip"><p>为提高配送时效,请您尽量准确填写四级地址</p></div>
<ul class="address-list">
{{#each addressList}}
{{#each addressList}}
<li class="address-content {{#if isPreferred}}preferred{{/if}}" addressId={{id}}>
<div class="address-detail">
<strong>收货人:{{addressee}}</strong>
<strong>收货人:{{{addressee}}}</strong>
<br>
收货地址:{{address}}
收货地址:{{{address}}}
<br>
联系电话:{{phone}}
<br>
... ... @@ -79,6 +79,7 @@
</div>
<div class="dzgl-form-submit">
<input type="hidden" name="addrId" id="addrId" value="">
<input type="hidden" name="_csrf" value="{{../csrfToken}}" />
<input type="button" value="提交信息" class="btn-b1" id="{{submitId}}">
<input type="button" value="重置" class="btn-b1" id="btn-reset" style="display:none">
</div>
... ...
... ... @@ -4,6 +4,7 @@
{{# meOrderDetail}}
<div class="me-main">
<input type="hidden" name="_csrf" value="{{@root.csrfToken}}">
<div class="order-detail block" data-id="{{orderNum}}">
<h2 class="title"></h2>
... ... @@ -102,14 +103,14 @@
</p>
<div class="content">
{{#if normal}}
<p>收货人:{{receiver}}</p>
<p>收货地址:{{address}}</p>
<p>收货人:{{{receiver}}}</p>
<p>收货地址:{{{address}}}</p>
<p>联系电话:{{phone}}</p>
{{/if}}
{{#if offlineByExpress}}
<p>收货人:{{receiver}}</p>
<p>收货地址:{{address}}</p>
<p>收货人:{{{receiver}}}</p>
<p>收货地址:{{{address}}}</p>
<p>联系电话:{{phone}}</p>
<p>下单门店:{{offlineStore}}</p>
... ...
... ... @@ -3,6 +3,7 @@
{{> navigation}}
{{# meOrders}}
<input type="hidden" name="_csrf" value="{{../csrfToken}}">
<div class="me-main">
<div class="orders block">
<h2 class="title">
... ...
... ... @@ -17,6 +17,8 @@
</p>
{{/if}}
<input type="hidden" name="_csrf" value="{{@root.csrfToken}}">
{{# latestOrders}}
<div class="latest-orders block">
<h2 class="title">
... ...
... ... @@ -135,7 +135,7 @@
<dt>1.收货人信息</dt>
<dd>
<label><span class="red-icon">*</span>收货人姓名:</label>
<input type="text" value="{{name}}" name="name">
<input type="text" value="{{{name}}}" name="name">
</dd>
<dd>
<label><span class="red-icon">*</span>收货地址:</label>
... ... @@ -152,7 +152,7 @@
<select id="streets">
<option value="0">请选择乡镇/街道</option>
</select>
<input type="text" value="{{address}}" name="address">
<input type="text" value="{{{address}}}" name="address">
</dd>
<dd>
<label><span class="red-icon">*</span>手机号码:</label>
... ...
... ... @@ -3,7 +3,7 @@
<ul class="edit-order-info">
<li>
<label><i class="form-required">*</i>收 货 人:</label>
<input type="text" class="inp" name="name" value="{{editInfo.userName}}" placeholder="请输入您的姓名">
<input type="text" class="inp" name="name" value="{{{editInfo.userName}}}" placeholder="请输入您的姓名">
<span class="error"><i class="order-icon icon-error"></i><b>请输入您的姓名</b></span>
</li>
<li>
... ... @@ -20,7 +20,7 @@
</li>
<li>
<label><i class="form-required">*</i>详细地址:</label>
<input type="text" class="inp" placeholder="街道名称或小区名称" name="address" value="{{editInfo.address}}">
<input type="text" class="inp" placeholder="街道名称或小区名称" name="address" value="{{{editInfo.address}}}">
<span class="error"><i class="order-icon icon-error"></i><b>请填写详细地址</b></span>
</li>
<li>
... ...
... ... @@ -37,12 +37,12 @@ const generate = (req, res, next) => {
if (result.code === 200) {
request({
url: result.data.url,
headers: {
headers: Object.assign({
'X-request-ID': req.reqID || '',
'X-YOHO-IP': req.yoho.clientIp || '',
'X-Forwarded-For': req.yoho.clientIp || '',
'User-Agent': 'yoho/nodejs'
}
}, result.headers || {})
}).pipe(res);
}
... ...
... ... @@ -17,19 +17,30 @@ module.exports = class extends global.yoho.BaseModel {
gen(id) {
if (id) {
let qsstr = qs.stringify({
let params = {
udid: id,
fromPage: PAGE,
client_type: config.app,
app_version: config.appVersion
});
};
const headers = {};
if (!global.isProduction && config.yohoVerifyUdid) {
params.udid = global.yoho.verify.udid;
params = global.yoho.sign.apiSign(params);
const verifySign = global.yoho.verify ? global.yoho.verify.sign(params) : '';
return Promise.resolve({
headers['x-yoho-verify'] = verifySign;
}
const result = {
code: 200,
data: {
url: `${apiUrl}passport/img-check?${qsstr}`
}
});
url: `${apiUrl}passport/img-check?${qs.stringify(params)}`
},
headers
};
return Promise.resolve(result);
} else {
return Promise.reject({
code: 400,
... ...
... ... @@ -13,7 +13,7 @@
<h2>您的订单已成功,现在就去付款吧~</h2>
<h3>您的订单号:<strong class="order-num">{{order_code}}</strong> 应付金额:<strong>{{payment_amount}}</strong>&nbsp; &nbsp;
支付方式:在线支付 &nbsp; &nbsp; &nbsp; 送货时间:{{deliveryTimes}}</h3>
<h4>{{../username}},如果2小时内您无法完成付款,系统会将您的订单取消。</h4>
<h4>{{{../username}}},如果2小时内您无法完成付款,系统会将您的订单取消。</h4>
</div>
{{/order}}
... ...
... ... @@ -19,6 +19,8 @@ module.exports = {
port: 6002,
siteUrl: 'http://www.yohobuy.com',
cookieDomain: '.yohobuy.com',
// yohoVerifyUdid: '0de0250d-eb4c-4d52-9aaf-0c3816d53cf2',
domains: {
// test3
singleApi: 'http://api-test3.dev.yohocorp.com/',
... ...
... ... @@ -2,11 +2,11 @@
const csrf = require('csurf');
const csrfInit = csrf();
const csrfToken = (req, res, next) => {
res.locals.csrfToken = req.csrfToken();
next();
};
module.exports = () => {
return [csrfInit, csrfToken];
module.exports = (req, res, next) => {
return csrfInit(req, res, (e) => {
res.locals.csrfToken = req.csrfToken();
return next(e);
});
};
... ...
... ... @@ -201,7 +201,7 @@
</div>
<div id="hide-template">
<script type="text/html" id="header-login-info-tpl">
<span>Hi~ <a href="\{{usercenter}}" class="nick-name">\{{nickname}}</a></span>
<span>Hi~ <a href="\{{usercenter}}" class="nick-name">\{{{nickname}}}</a></span>
&nbsp;[ <a href="\{{signout}}">退出</a> ]
</script>
<script type="text/html" id="simple-account-info-tpl">
... ... @@ -212,7 +212,7 @@
\{{/if}}
</div>
<div class="user-name">
<a href="//www.yohobuy.com/home?t=\{{random}}">\{{profileName}}</a>
<a href="//www.yohobuy.com/home?t=\{{random}}">\{{{profileName}}}</a>
</div>
<h4 class="user-level"><span>\{{curTitle}}</span></h4>
</div>
... ...
{
"name": "yohobuy-node",
"version": "6.6.6",
"version": "6.6.7",
"private": true,
"description": "A New Yohobuy Project With Express",
"repository": {
... ...
... ... @@ -12,6 +12,7 @@ var Hbs = require('yoho-handlebars'),
var $balanceDetail = $('#balance-detail'),
$orderPrice = $('#order-price');
var csrfToken = $('input[name=_csrf]').val();
var order = {
printPrice: 'Y'
... ... @@ -984,6 +985,8 @@ function sendCkeckSms() {
}
function submitOrder(reqData) {
reqData._csrf = csrfToken;
$.ajax({
type: 'POST',
url: '/cart/ensure/submit',
... ...
... ... @@ -20,6 +20,7 @@ var $addrWrap = $('#addr-list'),
// $payType2 = $('#pay-type2'),
$supportWay2 = $('#support-way2');
var csrfToken = $('input[name=_csrf]').val();
var addressTpl = hbs.compile($('#address-tpl').html()),
addressItemTpl = hbs.compile($('#address-item-tpl').html());
... ... @@ -108,7 +109,8 @@ function validateAddress(data) {
consignee: /^([\u4e00-\u9fa5\w*]{1,20})$/,
areaCode: /^[0-9]{6,9}$/,
mobile: /^\d{3}(\d{4}|\*{4})\d{4}$/, // 手机号11位校验 by 新飞 2017.7.11
phone: /^(\(\d{3,4}\)|\d{3,4}-|\s)?\d{7,14}$/
phone: /^(\(\d{3,4}\)|\d{3,4}-|\s)?\d{7,14}$/,
address: /^[a-zA-Z0-9-#()()\u4e00-\u9fa5]+$/
},
pass = true,
i;
... ... @@ -152,6 +154,11 @@ function bindOperateEvent($el) {
if (!val) {
tip = '详细地址不能为空';
}
if (!validateAddress({address: val})) {
tip = '只能包含数字、字母、汉字、#、-、()及其组合';
}
$this.siblings('.caveat-tip').text(tip);
tip = '';
... ... @@ -311,6 +318,8 @@ function newEditAddress(title, info, $el) {
data.id = info.id;
}
data._csrf = csrfToken;
$.ajax({
url: '/cart/address/save',
type: 'POST',
... ... @@ -409,7 +418,8 @@ $addrWrap.on('click', '.addr-item', function() {
type: 'POST',
url: '/cart/address/delete',
data: {
id: id
id: id,
_csrf: csrfToken
}
}).then(function(data) {
if (data.code === 200) {
... ...
... ... @@ -18,7 +18,8 @@ var active;
var $del = $('.address-del'),
$edit = $('.address-modify'),
$input = $('.input-1'),
saveFlag = true;
saveFlag = true,
csrfToken = $('input[name=_csrf]').val();
var address = {
... ... @@ -84,7 +85,7 @@ var address = {
// 删除地址
delAddr: function(addrId) {
$.getJSON('/home/address/delAddress?id=' + addrId, function(jsonData) {
$.getJSON('/home/address/delAddress?id=' + addrId + '&_csrf=' + csrfToken, function(jsonData) {
if (jsonData.code === 200) {
$('.address-list').find('li[addressId="' + addrId + '"]').remove();
if (addrId === $('#addrId').val()) {
... ... @@ -106,7 +107,10 @@ var address = {
$.ajax({
url: '/home/address/defaultAddress',
type: 'POST',
data: {id: addrId},
data: {
id: addrId,
_csrf: csrfToken
},
}).done(function(jsonData) {
if (jsonData.code === 200) {
oldBtn.attr('class', 'btn-c3 set-default-btn');
... ... @@ -202,11 +206,19 @@ function blurAction(opt) {
}
if (opt.inputName === 'address') {
regular = /^[a-zA-Z0-9-#()()\u4e00-\u9fa5]+$/;
if (opt.len < 2) {
msg = '请填写详细地址';
res = false;
domClass = 'form-info form-error';
}
if (!regular.test(opt.val)) {
msg = '只能包含数字、字母、汉字、#、-、()及其组合';
res = false;
domClass = 'form-info form-error';
}
}
if (opt.inputName === 'zipCode') {
... ...
... ... @@ -10,6 +10,7 @@ var ordersApi = require('./orders-api');
var dialog = require('../../common/dialog');
var stringHandle = require('../../common/stringHandle');
var csrfToken = $('input[name=_csrf]').val();
var Dialog = dialog.Dialog;
var Confirm = dialog.Confirm;
... ... @@ -49,7 +50,8 @@ function cancelFactory(id) {
url: '/home/orders/cancelorder',
data: {
orderCode: id,
reason: $checked.val()
reason: $checked.val(),
_csrf: csrfToken
}
}).then(function(data) {
if (data.code === 200) {
... ... @@ -187,7 +189,8 @@ function deleteOrder(id, obj) {
url: '/home/orders/delOrder',
data: {
orderCode: id,
isFullyDelete: isFullyDelete
isFullyDelete: isFullyDelete,
_csrf: csrfToken
}
}).then(function(data) {
if (data.code === 200) {
... ... @@ -437,6 +440,8 @@ function saveAddress(id) {
delete postData.mobile;
}
postData._csrf = csrfToken;
$.ajax({
type: 'post',
url: '/home/orders/modifyAddress',
... ...
... ... @@ -12,7 +12,8 @@ var address = require('../common/common-address');
var Alert = require('../common/dialog').Alert;
var $brands = $('#brand-box li'),
$province = $('#province').val();
$province = $('#province').val(),
csrfToken = $('input[name=_csrf]').val();
var date = {
init: function() {
... ... @@ -95,12 +96,15 @@ $('.userinfo-edit h2').on('click', function() {
});
function checkBaseForm() {
var nicknameLength = $('#nickname').val().length,
usernameLength = $('#username').val().length,
var nickname = $('#nickname').val(),
username = $('#username').val(),
nicknameLength = nickname.length,
usernameLength = username.length,
$gender = $('input[name="gender"]'),
$year = $('#year'),
$month = $('#month'),
$day = $('#day');
$day = $('#day'),
regular = /^[a-zA-Z0-9-#()()\u4e00-\u9fa5]+$/;
if (nicknameLength === 0) {
new Alert('请输入昵称').show();
... ... @@ -117,6 +121,15 @@ function checkBaseForm() {
return false;
}
if (!regular.test(nickname)) {
new Alert('昵称只能包含数字、字母、汉字、#、-、()及其组合').show();
return false;
}
if (!regular.test(username)) {
new Alert('用户名只能包含数字、字母、汉字、#、-、()及其组合').show();
return false;
}
if (!$gender.is(':checked')) {
new Alert('请选择性别').show();
... ... @@ -226,7 +239,8 @@ function addBrand(domObj, brandId, brandName) {
function checkBrand() {
var postData = {
brandName: $('#keywords').val()
brandName: $('#keywords').val(),
_csrf: csrfToken
};
$.post('/home/user/isbrandname', postData, function(data) {
... ... @@ -247,8 +261,13 @@ function checkBrand() {
function save(postUrl, btnId) {
var $form = $('#' + btnId).closest('form');
var params = $form.serialize();
if (params) {
params += '&_csrf=' + csrfToken;
}
$.post(postUrl, $form.serialize(), function(data) {
$.post(postUrl, params, function(data) {
if (data.code === 200) {
new Alert(data.message).show();
setTimeout(function() {
... ... @@ -287,7 +306,8 @@ $('#favorite-brand').on('click', function() {
type: 'post',
datatype: 'json',
data: {
brand: $('#likebrand').val()
brand: $('#likebrand').val(),
_csrf: csrfToken
},
success: function(data) {
if (data.code === 200) {
... ...
'use strict';
const re = /(\r\n)|["\'<>]/g;
const htmlEntity = {
'&amp;': '\u0026',
'&quot;': '\u0022',
'&apos;': '\u0027',
'&lt;': '\u003c',
'&gt;': '\u003e'
};
exports.htmlDecode = function(txt) {
txt = txt || '';
return txt.replace(/((&(([a-z][a-z0-9]*)|(#[0-9]+)|(#x[0-9a-f]+));)|["'<>&])/gi, function(s) {
s = s || '';
const s1 = htmlEntity[s.toLowerCase()];
if (s1) {
s = s1;
}
return s;
});
};
exports.htmlEncode = function(str) {
str = str || '';
return str.replace(re, function(s) {
switch (s) {
case '"':
return '&quot;';
case '\'':
return '&apos;';
case '<':
return '&lt;';
case '>':
return '&gt;';
default:
return s;
}
});
};
... ...