fe / yohobuywap-node · Commits

Go to a project

Authored by 毕凯
Commit 03c36feb47a090e04b4d9079905f1ec94676ef8d 2 parents 0b0c6506 ab27d12c

Merge branch 'feature/cusService-vulnerablity' into 'gray' 

Feature/cus service vulnerablity



See merge request !392
Inline Side-by-side
Showing 7 changed files with 50 additions and 94 deletions
... ... @@ -39,10 +39,9 @@ exports.page = (req, res, next) => {
pageStyle: 'service-chat',
width750: true,
localCss: true,
imServer: global.yoho.config.domains.imServer,
imCs: global.yoho.config.domains.imCs,
imSocket: global.yoho.config.domains.imSocket,
userData: {
uid: uid,
encrypteduid: crypto.encryption(null, uid + ''),
avatar: helpers.image(userinfo.head_ico, 100, 100),
uname: userinfo.profile_name
... ... @@ -80,15 +79,10 @@ exports.getOrders = (req, res, next) => {
*
*/
exports.fetchHistory = (req, res) => {
let uid = req.user.uid;
if (!uid) {
uid = req.query.uid;
}
const encryptedUid = req.body.encryptedUid;
const endTime = req.body.endTime;
const endTime = req.query.endTime;
imApi.fetchImHistory(uid, endTime).then(result => {
imApi.fetchImHistory(encryptedUid, endTime).then(result => {
res.json(result);
});
};
... ... @@ -115,16 +109,11 @@ exports.msghistory = (req, res) => {
* content 留言内容
*/
exports.saveMSG = (req, res) => {
let uid = req.user.uid;
if (!uid) {
uid = req.body.uid;
}
let encryptedUid = req.body.encryptedUid;
const conversationId = req.body.conversationId;
const content = req.body.content;
imApi.saveMessage(uid, conversationId, content)
imApi.saveMessage(encryptedUid, conversationId, content)
.then(result => {
res.json(result);
});
... ... @@ -139,14 +128,9 @@ exports.saveMSG = (req, res) => {
* 2. 失败情况
*/
exports.fetchOrders = (req, res) => {
let uid = req.user.uid;
if (!uid) {
uid = req.query.uid;
}
let encryptedUid = req.body.encryptedUid;
imApi.fetchOrderList(uid)
imApi.fetchOrderList(encryptedUid)
.then(result => {
imModel.handleOrderList(result.data, 128, 170);
res.json(result);
... ... @@ -159,19 +143,13 @@ exports.fetchOrders = (req, res) => {
};
exports.saveEvalute = (req, res) => {
let uid = req.user.uid;
if (!uid) {
uid = req.body.uid;
}
const encryptedUid = req.body.encryptedUid;
const conversationId = req.body.conversationId;
const promoter = req.body.promoter;
const stars = req.body.stars;
const reasonMsg = req.body.reasonMsg || '';
imApi.saveEvalute(uid, conversationId, promoter, stars, reasonMsg)
imApi.saveEvalute(encryptedUid, conversationId, promoter, stars, reasonMsg)
.then(result => {
return res.json(result);
}).catch(() => {
... ... @@ -184,12 +162,7 @@ exports.saveEvalute = (req, res) => {
exports.queryGlobalOrder = (req, res) => {
let uid = req.user.uid;
if (!uid) {
uid = req.query.uid;
}
let encryptedUid = req.body.encryptedUid;
let emptyOrder = {
code: 200,
... ... @@ -197,7 +170,7 @@ exports.queryGlobalOrder = (req, res) => {
message: '获取失败'
};
imApi.queryGlobalOrder(uid)
imApi.queryGlobalOrder(encryptedUid)
.then(result=> {
imModel.handleOrderList(result.data, 128, 170);
res.json(result);
... ... @@ -213,13 +186,7 @@ exports.queryGlobalOrder = (req, res) => {
* cvId 会话id
*/
exports.queryReasons = (req, res) => {
let uid = req.user.uid;
if (!uid) {
uid = req.body.uid;
}
const cvId = req.query.conversationId;
const cvId = req.body.conversationId;
imApi.queryReasons(cvId)
.then(result=> {
... ...
... ... @@ -16,16 +16,15 @@ const encryptedUid = uid => crypto.encryption(null, uid + '');
* 新建留言信息
* path: {host}/leavemessage/saveLeavemessage
*
* @param {int} uid 用户id
* @param {int} encryptedUid 加密用户id
* @param {int} conversationId 会话id
* @param {str} content 留言内容
*/
exports.saveMessage = (uid, conversationId, content) => {
exports.saveMessage = (encryptedUid, conversationId, content) => {
let params = {
uid,
conversationId,
content,
encryptedUid: encryptedUid(uid)
encryptedUid
};
... ... @@ -36,25 +35,24 @@ exports.saveMessage = (uid, conversationId, content) => {
/**
* 查询用户聊天记录
* @param {int} uid 用户uid
* @param {string} encryptedUid 加密用户uid
* @param [int] pageSize 每次加载的聊天记录
* @param [int] startTime
* @param [int] endTime
*/
exports.fetchImHistory = (uid, endTime, pageSize, startTime) => {
exports.fetchImHistory = (encryptedUid, endTime, pageSize, startTime) => {
pageSize = pageSize || 10;
let params = {
uid,
pageSize,
encryptedUid: encryptedUid(uid)
encryptedUid
};
_.forEach({startTime, endTime}, (val, key) => {
val && (params[key] = val);
});
return ImService.get('/api/conversationMessage/pageList', params)
return ImService.post('/api/conversationMessage/pageList', params)
.then(result => {
return result;
}, () => {
... ... @@ -69,13 +67,12 @@ exports.fetchImHistory = (uid, endTime, pageSize, startTime) => {
/**
* 获取用户订单, 默认最近10笔
* @param {int} uid 用户uid
* @param {string} encryptedUid 用户加密uid
* @param {init} createTimeBegin 开始时间
*/
exports.fetchOrderList = (uid, createTimeBegin) => {
exports.fetchOrderList = (encryptedUid, createTimeBegin) => {
let params = {
uid,
encryptedUid: encryptedUid(uid),
encryptedUid,
imgSize: '90x120',
};
... ... @@ -83,7 +80,7 @@ exports.fetchOrderList = (uid, createTimeBegin) => {
val && (params[key] = val);
});
return ImService.get('/api/order/queryLastTenOrder', params);
return ImService.post('/api/order/queryLastTenOrder', params);
};
... ... @@ -97,7 +94,7 @@ exports.fetchOrderList = (uid, createTimeBegin) => {
```
### 请求参数说明
| 名称 | 类型 | 是否必须 | 描述 |
| -------------- | ------ | ---- | --------------- |
| -------------- | ------ | ---- | --------------- |
| conversationId | long | Y | 会话id |
| uid | int | Y | 用户ID |
|encryptedUid | String |Y |加密的用户标识 |
... ... @@ -108,11 +105,10 @@ exports.fetchOrderList = (uid, createTimeBegin) => {
| reasonMsg | string | N | 其他原因 |
*/
exports.saveEvalute = (uid, conversationId, promoter, stars, reasonMsg) => {
exports.saveEvalute = (encryptedUid, conversationId, promoter, stars, reasonMsg) => {
let params = {
conversationId,
uid,
encryptedUid: encryptedUid(uid),
encryptedUid,
promoter,
stars,
reasonMsg
... ... @@ -126,12 +122,12 @@ exports.saveEvalute = (uid, conversationId, promoter, stars, reasonMsg) => {
* 获取全球购的订单
*/
exports.queryGlobalOrder = uid => {
exports.queryGlobalOrder = encryptedUid => {
let params = {
uId: uid
encryptedUid
};
return ImService.get('/api/order/queryGlobalOrder', params);
return ImService.post('/api/order/queryGlobalOrder', params);
};
/**
... ... @@ -143,5 +139,5 @@ exports.queryReasons = cvId => {
conversationId: cvId
};
return ImService.get('/api/evalute/queryReasonByConversationId', params);
return ImService.post('/api/evalute/queryReasonByConversationId', params);
};
... ...
... ... @@ -20,11 +20,11 @@ const disableBFCache = require('../../doraemon/middleware/disable-BFCache');
// Your controller here
router.get('/im', disableBFCache, chat.appAdapter, authGuard, chat.page);
router.get('/im/fetchHistory', chat.fetchHistory);
router.post('/im/fetchHistory', chat.fetchHistory);
router.get('/getOrders', chat.getOrders);
router.get('/im/global-list', chat.queryGlobalOrder);
router.get('/im/order-list', chat.fetchOrders);
router.get('/im/queryReasons', chat.queryReasons);
router.post('/im/global-list', chat.queryGlobalOrder);
router.post('/im/order-list', chat.fetchOrders);
router.post('/im/queryReasons', chat.queryReasons);
router.post('/leavemsg/save.json', chat.saveMSG);
router.post('/im/saveEvalute', chat.saveEvalute);
... ...
... ... @@ -60,9 +60,8 @@
{{> chat/leave-msg}}
{{> chat/order-list}}
<input type="hidden" id="js-im" name="im-server" value="{{imServer}}">
<input type="hidden" id="js-im" name="im-server" value="{{imCs}}">
{{#with userData}}
<input type="hidden" id="js-uid" value="{{uid}}">
<input type="hidden" id="js-eid" value="{{encrypteduid}}">
<input type="hidden" id="js-avatar" value="{{avatar}}">
<input type="hidden" id="js-uname" value="{{uname}}">
... ... @@ -70,6 +69,6 @@
<script>
var gDomains = {
imSocket: "{{imSocket}}",
imServer: "{{imServer}}",
imCs: "{{imCs}}",
};
</script>
\ No newline at end of file
... ...
... ... @@ -21,8 +21,7 @@ const domains = {
// singleApi: 'http://single.yoho.cn/',
imSocket: 'ws://socket.yohobuy.com:10240',
imCs: 'https://im.yohobuy.com/api',
imServer: 'https://im.yohobuy.com/server'
imCs: 'http://im.yohobuy.com/api'
};
module.exports = {
... ... @@ -120,8 +119,7 @@ if (isProduction) {
liveApi: 'http://api.live.yoho.cn/',
singleApi: 'http://single.yoho.cn/',
imSocket: 'wss://imsocket.yohobuy.com:443',
imCs: 'https://imhttp.yohobuy.com/api',
imServer: 'https://imhttp.yohobuy.com/server'
imCs: 'https://imhttp.yohobuy.com/api'
},
memcache: {
master: ['memcache1.yohoops.org:12111', 'memcache2.yohoops.org:12111', 'memcache3.yohoops.org:12111'],
... ... @@ -169,8 +167,7 @@ if (isProduction) {
liveApi: process.env.TEST_LIVE || 'http://testapi.live.yohops.com:9999/',
singleApi: process.env.TEST_SINGLE || 'http://api-test1.yohops.com:9999/',
imSocket: process.env.TEST_IM_SOCKET || 'ws://socket.yohobuy.com:10240',
imCs: process.env.TEST_IM_CS || 'http://im.yohobuy.com/api',
imServer: process.env.TEST_IM_SERVER || 'http://im.yohobuy.com/server'
imCs: process.env.TEST_IM_CS || 'http://im.yohobuy.com/api'
},
memcache: {
master: ['127.0.0.1:12111'],
... ...
... ... @@ -39,7 +39,6 @@ const msgTypeMap = {
};
let userName = $('#js-uname').val();
let uid = $('#js-uid').val() || 0;
let encryptedUid = cmEntity.encryptedUid = $('#js-eid').val() || 0;
let userAvatar = cmEntity.userHead = socketConf.defaultUserHead;
... ... @@ -267,7 +266,6 @@ var chat = {
this.$ratingView.on('click', '.submit', function() {
self.ratingView.post({
uid,
encryptedUid,
conversationId: cmEntity.conversationId,
});
... ... @@ -616,7 +614,7 @@ var chat = {
break;
case allTypes.IN_QUNEUE:
this._sysInfo(chatMessage.content);
break;
break;
case allTypes.CS_CHANGE_STATE:
if (msgType === 5) { // 重复登陆
this._sysInfo(chatMessage.content);
... ... @@ -762,7 +760,7 @@ var chat = {
return $.Deferred().resolve(false); // eslint-disable-line
}
return api.msghistory(uid, encryptedUid, msgHistory.endTime)
return api.msghistory(encryptedUid, msgHistory.endTime)
.done(function(result) {
if (!result || result.code !== 200 || !result.data) {
return false;
... ... @@ -932,7 +930,7 @@ $upload.on('change', function() {
$elem.removeClass('send-fail').addClass('send-loading');
$.ajax({
type: 'POST',
url: `${gDomains.imServer}/fileManage/uploadFile`,
url: `${gDomains.imCs}/fileManage/uploadFile`,
data: formData,
processData: false, // 告诉jQuery不要去处理发送的数据
contentType: false
... ...
... ... @@ -5,7 +5,7 @@ const socketConf = require('./socket-config');
const conversation = socketConf.conversationMessage;
const slice = Array.prototype.slice;
let uid = $('#js-uid').val();
let encryptedUid = $('#js-eid').val();
// EventEmitter
//--------------------------------------------------------
... ... @@ -55,7 +55,7 @@ let api = {
return $.post('/service/leavemsg/save.json', {
conversationId: conversation.conversationId,
content,
uid
encryptedUid
});
},
... ... @@ -67,30 +67,29 @@ let api = {
fetchOrders: function(type) {
let url = `/service/im/${type}-list`;
return $.get(url, {uid});
return $.post(url, {encryptedUid});
},
// 获取10条历史记录
msghistory: function(uid, encryptedUid, endTime) {
msghistory: function(encryptedUid, endTime) {
let url = '/service/im/fetchHistory';
let data = {
uid,
encryptedUid
};
endTime && (data.endTime = endTime);
return $.get(url, data);
return $.post(url, data);
},
saveEvalute: function(data) {
data.uid = uid;
data.encryptedUid = encryptedUid;
return $.post('/service/im/saveEvalute', data);
},
// 获取评价原因
queryReasons: function(data) {
return $.get('/service/im/queryReasons', data);
return $.post('/service/im/queryReasons', data);
}
};
... ...