fe / yohobuy-portal-fe · Commits

Go to a project

Authored by 王钱钧
Commit bf10b88ef3177a47cab1cdaf42b4bc9e7a872055 1 parent 564ff58c

回退master分支登陆代码。

Inline Side-by-side
Showing 3 changed files with 74 additions and 150 deletions
@@ -8,9 +8,6 @@ var _= require('lodash'); @@ -8,9 +8,6 @@ var _= require('lodash');
8 var ipaddr = require('ipaddr.js'); 8 var ipaddr = require('ipaddr.js');
9 var options=require('../staticConfig.js').staticDir; 9 var options=require('../staticConfig.js').staticDir;
10 10
11 -var author=require("../stub/service/auth");  
12 -  
13 -  
14 /** 11 /**
15 * 不需要权限校验配置 12 * 不需要权限校验配置
16 */ 13 */
@@ -45,7 +42,14 @@ module.exports = function(req, res, next) { @@ -45,7 +42,14 @@ module.exports = function(req, res, next) {
45 //方法名称 42 //方法名称
46 var method = req.method; 43 var method = req.method;
47 44
48 - function nextRedirect(method,path){ 45 +
  46 + //访问路由路径
  47 + var path = req.route?req.route.path:'';
  48 + if(req.session.user&&!checkPath(req.path,req)) {
  49 + res.status(403);
  50 + res.render('error/error_nolayout',{message:NO_AUTH,layout:false,cssfile:CSS_FILE});
  51 + return;
  52 + }
49 //进行白名单验证和session验证 53 //进行白名单验证和session验证
50 if(guestAccessList[method+":"+path]||req.session.user) { 54 if(guestAccessList[method+":"+path]||req.session.user) {
51 //判断是否已存在appendData 55 //判断是否已存在appendData
@@ -69,38 +73,6 @@ module.exports = function(req, res, next) { @@ -69,38 +73,6 @@ module.exports = function(req, res, next) {
69 //如果是登陆界面不加载布局 73 //如果是登陆界面不加载布局
70 res.render('pages/login',{layout:false,cssfile:CSS_FILE}); 74 res.render('pages/login',{layout:false,cssfile:CSS_FILE});
71 } 75 }
72 - }  
73 -  
74 - function filterOriginalUrl(path){  
75 - if(!/\.\w+/.test(path)){  
76 - return path.replace(/\?.+/,'');  
77 - }  
78 - return "";  
79 - }  
80 - //访问路由路径  
81 - var path = req.route?req.route.path:filterOriginalUrl(req.originalUrl);  
82 - if(req.session.user) {  
83 - if(guestAccessList[method+":"+path]){  
84 - nextRedirect(method,path);  
85 - return;  
86 - }  
87 - /*判断权限*/  
88 - if(path&&req.session.user.allRight[path]){  
89 - author.validateAuthor(req.session.user.auth.pid,req.session.user.auth.role_id,path,function(data){  
90 - if(data.code!=200){  
91 - res.status(403);  
92 - res.render('error/error_nolayout',{message:NO_AUTH,layout:false,cssfile:CSS_FILE});  
93 - return;  
94 - }  
95 - nextRedirect(method,path);  
96 - });  
97 - }else{  
98 - nextRedirect(method,path);  
99 - }  
100 - }else{  
101 - nextRedirect(method,path);  
102 - }  
103 - // nextRedirect(method,path);  
104 } 76 }
105 77
106 /** 78 /**
@@ -138,6 +110,24 @@ function addActiveMenu(req,res) { @@ -138,6 +110,24 @@ function addActiveMenu(req,res) {
138 } 110 }
139 111
140 /** 112 /**
  113 + * 检查路径是否没有权限
  114 + * @param {String} path
  115 + * @param {Object} req
  116 + * @return {Boolean}
  117 + */
  118 +function checkPath(path,req) {
  119 + var right = req.session.user.noRight;
  120 + var ret = true;
  121 + _.forEach(right,function(v,k){
  122 + if(path.indexOf(k)>-1) {
  123 + ret = false;
  124 + return;
  125 + }
  126 + });
  127 + return ret;
  128 +}
  129 +
  130 +/**
141 * 附加管理员的信息 131 * 附加管理员的信息
142 * @param {Request} req 请求对象 132 * @param {Request} req 请求对象
143 * @param {Number} uid 用户ID 133 * @param {Number} uid 用户ID
@@ -6,7 +6,6 @@ var request = require('request'); @@ -6,7 +6,6 @@ var request = require('request');
6 6
7 var config = require('../config/gray'); 7 var config = require('../config/gray');
8 var _ = require('lodash'); 8 var _ = require('lodash');
9 -var fs = require('fs');  
10 9
11 /** 10 /**
12 * 灰度界面配置 11 * 灰度界面配置
@@ -33,6 +32,7 @@ module.exports = function(proxyRoute) { @@ -33,6 +32,7 @@ module.exports = function(proxyRoute) {
33 32
34 //如果新系统路由没有,代理到老平台 33 //如果新系统路由没有,代理到老平台
35 if(!proxyRoute.interfacesConfig[key]) { 34 if(!proxyRoute.interfacesConfig[key]) {
  35 +
36 //老系统调用地址 36 //老系统调用地址
37 var callUrl = config.url + req.originalUrl; 37 var callUrl = config.url + req.originalUrl;
38 var options = { 38 var options = {
@@ -45,7 +45,6 @@ module.exports = function(proxyRoute) { @@ -45,7 +45,6 @@ module.exports = function(proxyRoute) {
45 } 45 }
46 //删除提交内容长度,代理会改变长度 46 //删除提交内容长度,代理会改变长度
47 delete options.headers['content-length']; 47 delete options.headers['content-length'];
48 - delete options.headers["accept-encoding"];  
49 //设置代理host 48 //设置代理host
50 options.headers['host'] = config.url.replace('http://',''); 49 options.headers['host'] = config.url.replace('http://','');
51 if(!req.session.gray) { 50 if(!req.session.gray) {
@@ -53,23 +52,18 @@ module.exports = function(proxyRoute) { @@ -53,23 +52,18 @@ module.exports = function(proxyRoute) {
53 } else { 52 } else {
54 options.headers['cookie'] = req.session.gray; 53 options.headers['cookie'] = req.session.gray;
55 } 54 }
56 - if(req.files && _.keys(req.files).length>0) {  
57 - options.formData = addFiles(req);  
58 - delete options.form;  
59 - } 55 +
60 logger.log('info','grayroute: request options: %j',options,{}); 56 logger.log('info','grayroute: request options: %j',options,{});
61 57
62 //发起代理请求 58 //发起代理请求
63 - if(req.headers['accept'].indexOf('text/html')>-1||req.xhr) { 59 + if(req.is('html')) {
64 request(options,function(err,res,body) { 60 request(options,function(err,res,body) {
65 if(err) { 61 if(err) {
66 logger.log('error','grayroute: request error:',err); 62 logger.log('error','grayroute: request error:',err);
67 ress.status(500).send(''); 63 ress.status(500).send('');
68 - } else if(res&&res.statusCode === 302) {  
69 - //跳转  
70 - ress.redirect(res.caseless.get('location'));  
71 - }else {  
72 - request(options).pipe(ress); 64 + } else {
  65 + setGrayCookie(req,res);
  66 + ress.status(res.statusCode).send(body);
73 } 67 }
74 }); 68 });
75 } else { 69 } else {
@@ -93,15 +87,17 @@ module.exports = function(proxyRoute) { @@ -93,15 +87,17 @@ module.exports = function(proxyRoute) {
93 } 87 }
94 } 88 }
95 89
96 -/**  
97 - * 添加文件到body中  
98 - * @param {Object} req 请求对象 90 + /**
  91 + * 灰度cookie设置
  92 + * @param {Object} req express request
  93 + * @param {Object} res request的响应
99 */ 94 */
100 - function addFiles(req) {  
101 - var body = {};  
102 - _.forEach(req.files,function(v,k){  
103 - body[k] = fs.createReadStream(v.path);  
104 - });  
105 - _.merge(body,req.body);  
106 - return body; 95 + function setGrayCookie(req,res) {
  96 + //cookie透传到老系统
  97 + var cookie = res.caseless.get('set-cookie');
  98 + //如果没有设置到session
  99 + if(cookie && cookie.length>0 && !req.session.gray) {
  100 + req.session.gray = cookie[0];
  101 + }
  102 + return cookie;
107 } 103 }
@@ -25,7 +25,11 @@ var errorMessage = { @@ -25,7 +25,11 @@ var errorMessage = {
25 util.setLogger(res.app.logger); 25 util.setLogger(res.app.logger);
26 var options = { 26 var options = {
27 url:oldService.login, 27 url:oldService.login,
28 - form:'["'+user+'","'+password+'",'+WEBSITE+']'//'["zhiyuan","lzy111111",1]'// 28 + form:{
  29 + account:user,
  30 + password:password,
  31 + website:WEBSITE
  32 + }
29 } 33 }
30 34
31 //调用登陆 35 //调用登陆
@@ -34,9 +38,8 @@ var errorMessage = { @@ -34,9 +38,8 @@ var errorMessage = {
34 res.json(errorMessage); 38 res.json(errorMessage);
35 return; 39 return;
36 } else { 40 } else {
37 - console.log(ret);  
38 //调用菜单 41 //调用菜单
39 - _callGetMenu(ret.data.pid,ret.data.role_id,function(err,data){ 42 + _callGetMenu(ret.data.pid,function(err,data){
40 if(err) { 43 if(err) {
41 res.json(errorMessage); 44 res.json(errorMessage);
42 } else { 45 } else {
@@ -44,11 +47,10 @@ var errorMessage = { @@ -44,11 +47,10 @@ var errorMessage = {
44 var userInfo = { 47 var userInfo = {
45 auth:userData, 48 auth:userData,
46 menu:data.menu, 49 menu:data.menu,
47 - allRight:data.allRight 50 + noRight:data.noRight
48 } 51 }
49 userInfo.auth.uid = userData.pid; 52 userInfo.auth.uid = userData.pid;
50 userInfo.auth.name = userData.truename; 53 userInfo.auth.name = userData.truename;
51 -  
52 res.json({ 54 res.json({
53 code:20003, 55 code:20003,
54 data:userInfo 56 data:userInfo
@@ -64,23 +66,26 @@ var errorMessage = { @@ -64,23 +66,26 @@ var errorMessage = {
64 * @param {Number} pid 操作员ID 66 * @param {Number} pid 操作员ID
65 * @param {Function} callback 回调 67 * @param {Function} callback 回调
66 */ 68 */
67 -function _callGetMenu(pid,roleid,callback) { 69 +function _callGetMenu(pid,callback) {
68 var options = { 70 var options = {
69 url:oldService.getResourceByPid, 71 url:oldService.getResourceByPid,
70 - form:'['+pid+','+roleid+','+WEBSITE+']' 72 + form:{
  73 + pid:pid,
  74 + website:WEBSITE
  75 + }
71 } 76 }
72 -console.log(options); 77 +
73 util.httpCall(options,function(err,ret){ 78 util.httpCall(options,function(err,ret){
74 if(err) { 79 if(err) {
75 callback(err); 80 callback(err);
76 } else { 81 } else {
77 var menuData = {menu:[],right:{}}; 82 var menuData = {menu:[],right:{}};
78 - if(ret.data) { 83 + if(ret.data && ret.data.length>0) {
79 menuData = _makeMenu(ret.data); 84 menuData = _makeMenu(ret.data);
80 } 85 }
81 -  
82 - _getAllRight(function(ret){  
83 - menuData.allRight = ret; 86 + _getAllMenu(function(ret){
  87 + menuData.noRight = filterRight(ret,menuData);
  88 + delete menuData.right;
84 callback(null,menuData); 89 callback(null,menuData);
85 }); 90 });
86 91
@@ -97,17 +102,14 @@ console.log(options); @@ -97,17 +102,14 @@ console.log(options);
97 function filterRight(ret,menuData) { 102 function filterRight(ret,menuData) {
98 var noRight = {}; 103 var noRight = {};
99 //匹配没有权限 104 //匹配没有权限
100 - for(var key in ret){  
101 - var item=ret[key];  
102 - for(var i in item.sub){  
103 - var v=item.sub[i];  
104 - if(v.menu_url!=='') {  
105 - if(!menuData.right[v.menu_url]) {  
106 - noRight[v.menu_url] = true;  
107 - }  
108 - } 105 + _.forEach(ret,function(v,k){
  106 + if(v.module_url!=='') {
  107 + if(!menuData.right[v.module_url]) {
  108 + noRight[v.module_url] = true;
109 } 109 }
110 } 110 }
  111 + });
  112 +
111 return noRight; 113 return noRight;
112 } 114 }
113 115
@@ -118,7 +120,7 @@ function filterRight(ret,menuData) { @@ -118,7 +120,7 @@ function filterRight(ret,menuData) {
118 function _getAllMenu (callback) { 120 function _getAllMenu (callback) {
119 var options = { 121 var options = {
120 url:oldService.getAllResByWebsite+'?website='+WEBSITE+'&sort=', 122 url:oldService.getAllResByWebsite+'?website='+WEBSITE+'&sort=',
121 - form:'['+WEBSITE+']' 123 + method:'GET'
122 } 124 }
123 125
124 util.httpCall(options,function(err,ret){ 126 util.httpCall(options,function(err,ret){
@@ -138,94 +140,30 @@ function _getAllMenu (callback) { @@ -138,94 +140,30 @@ function _getAllMenu (callback) {
138 function _makeMenu (data) { 140 function _makeMenu (data) {
139 var menu = []; 141 var menu = [];
140 var right = {}; 142 var right = {};
141 - for(var key in data){  
142 -  
143 - var v=data[key]; 143 + _.forEach(data,function(v){
144 var item = { 144 var item = {
145 - title:v.menu_name, 145 + title:v.resource_name,
146 } 146 }
147 if(v.parent_id === "0") { 147 if(v.parent_id === "0") {
148 item.parent = 'menu-template'; 148 item.parent = 'menu-template';
149 var itemSubs = []; 149 var itemSubs = [];
150 _.forEach(v.sub,function(val) { 150 _.forEach(v.sub,function(val) {
151 var sub = { 151 var sub = {
152 - title:val.menu_name,  
153 - href:val.menu_url, 152 + title:val.resource_name,
  153 + href:val.module_url,
154 icon: 'list-alt' 154 icon: 'list-alt'
155 } 155 }
156 - right[val.menu_url] = true; 156 + right[val.module_url] = true;
157 itemSubs.push(sub); 157 itemSubs.push(sub);
158 }); 158 });
159 159
160 item.menu = itemSubs; 160 item.menu = itemSubs;
161 } 161 }
162 menu.push(item); 162 menu.push(item);
163 - }  
164 - // _.forEach(data,function(v){  
165 - // var item = {  
166 - // title:v.menu_name,  
167 - // }  
168 - // if(v.parent_id === "0") {  
169 - // item.parent = 'menu-template';  
170 - // var itemSubs = [];  
171 - // _.forEach(v.sub,function(val) {  
172 - // console.log(v.sub);  
173 - // var sub = {  
174 - // title:val.menu_name,  
175 - // href:val.menu_url,  
176 - // icon: 'list-alt'  
177 - // }  
178 - // right[val.menu_url] = true;  
179 - // itemSubs.push(sub);  
180 - // });  
181 -  
182 - // item.menu = itemSubs;  
183 - // }  
184 - // menu.push(item);  
185 - // }); 163 + });
186 164
187 return { 165 return {
188 menu:menu, 166 menu:menu,
189 right:right 167 right:right
190 }; 168 };
191 } 169 }
192 -  
193 -/**  
194 -* 验证权限  
195 -*/  
196 -exports.validateAuthor=function(pid,roleid,path,callback){  
197 - var options = {  
198 - url:oldService.isUsedMenuAuth,  
199 - form:'['+pid+','+roleid+', "'+path+'", "", "", '+WEBSITE+']'  
200 - }  
201 - util.httpCall(options,function(err,ret){  
202 - if(err) {  
203 - callback({});  
204 - } else {  
205 - callback(ret.data);  
206 - }  
207 - });  
208 -}  
209 -  
210 -function _getAllRight(callback){  
211 - var options = {  
212 - url:oldService.allRight,  
213 - form:'[false]'  
214 - }  
215 - console.log(options);  
216 - util.httpCall(options,function(err,ret){  
217 - if(err) {  
218 - callback({});  
219 - } else {  
220 - var map={};  
221 - ret.data.forEach(function(data){  
222 - console.log(data);  
223 - if(data.platform_id==WEBSITE){  
224 - map[data.path]=true;  
225 - }  
226 -  
227 - });  
228 - callback(map);  
229 - }  
230 - });  
231 -}