Merge remote-tracking branch 'origin/master' into release/5.7

@@ -17,6 +17,7 @@ const helpers = global.yoho.helpers;
 const _ = require('lodash');
 const co = require('bluebird').coroutine;
 const logger = global.yoho.logger;
+const stringProcess = require(`${global.utils}/string-process`);
 
 // 支付方式
 const payments = {
@@ -55,7 +56,7 @@ const _getOthersBuy2 = (param) => {
 
 // 订单信息
 const _getOtherDetail = (param) => {
-    if (!param.uid || !param.orderCode) {
+    if (!param.uid || !param.orderCode || !stringProcess.isNumeric(param.orderCode)) {
         return Promise.resolve({});
     }
 

@@ -8,12 +8,14 @@
 const installmentModel = require('../models/installment');
 const _ = require('lodash');
 const helpers = global.yoho.helpers;
+const logger = global.yoho.logger;
 
 // 服务器报错页面
 const _serverCrash = (res, params, err, next) => {
     if (err && err.code === 401) {
         return next(err);
     }
+    logger.error(err);
     params.title = params.title || '有货分期';
     res.render('installment/server-crash', params);
 };

@@ -12,6 +12,7 @@ const helpers = global.yoho.helpers;
 const api = global.yoho.API;
 const serviceAPI = global.yoho.ServiceAPI;
 const logger = global.yoho.logger;
+const stringProcess = require(`${global.utils}/string-process`);
 const API_TIMEOUT = 10000;
 const codeContent = {
     openN: '0876085ff46bed27f1a1eb6ee8b68987',
@@ -423,6 +424,10 @@ const getBankCards = (uid) => {
 const getInstallmentOrderDetail = (params) => {
     const method = 'app.SpaceOrders.installDetail';
 
+    if (!params.uid || !params.orderCode || !stringProcess.isNumeric(params.orderCode)) {
+        return Promise.resolve({});
+    }
+
     return api.get('', {
         method: method,
         uid: params.uid,

@@ -10,6 +10,7 @@ const _ = require('lodash');
 const helpers = global.yoho.helpers;
 const camelCase = global.yoho.camelCase;
 const logger = global.yoho.logger;
+const stringProcess = require(`${global.utils}/string-process`);
 
 const CODE_LOGISTIC_BANNER = '1fc9b2484fcd559049f2f7e0db313f20'; // 物流详情banner资源码
 
@@ -143,6 +144,10 @@ const _getOrderStatus = (order, showLogistics) => {
 
 const orderDetailData = (uid, orderCode) => {
 
+    if (!uid || !orderCode || !stringProcess.isNumeric(orderCode)) {
+        return Promise.resolve({});
+    }
+
     return api.get('', {
         method: 'app.SpaceOrders.detail',
         uid: uid,

@@ -237,6 +237,8 @@ const sendCodeToMobileAPI = (req, res, next) => {
                     _.set(req.session, 'backupCaptch.timeout', Date.now() + 5 * 60 * 1000);
                 }
 
+                req.session.backupCaptchStep2 = true; // 允许跳到第二步
+
                 return res.json({
                     code: 200,
                     data: helpers.urlFormat('/passport/back/mobilecode', {
@@ -286,14 +288,17 @@ const verifyCodeByMobileAPI = (req, res, next) => {
 
     service.validateMobileCodeAsync(phoneNum, code, areaCode)
         .then(result => {
-            if (result.code === 200) {
+            if (result.code === 200 && result.data) {
+                req.session.backcode = {
+                    phoneNum: phoneNum,
+                    token: result.data.token,
+                    areaCode: areaCode,
+                    code: code
+                };
+
                 res.json({
                     code: 200,
-                    data: helpers.urlFormat('/passport/back/backcode', {
-                        phoneNum: phoneNum,
-                        token: result.data.token,
-                        areaCode: areaCode
-                    })
+                    data: helpers.urlFormat('/passport/back/backcode')
                 });
             } else {
                 res.json({
@@ -309,16 +314,15 @@ const verifyCodeByMobileAPI = (req, res, next) => {
  * 找回密码页面，设置新密码页面-手机
  */
 const setNewPasswordByMobilePage = (req, res) => {
-    let phoneNum = req.query.phoneNum || '';
-    let token = req.query.token || '';
-    let areaCode = req.query.areaCode || '86';
-    let code = req.query.code || '';
+    let backcode = req.session.backcode;
 
-    if (!(code || (token && helpers.verifyMobile(phoneNum)))) {
+    if (!backcode || !(backcode.code || (backcode.token && helpers.verifyMobile(backcode.phoneNum)))) {
         res.redirect(400);
         return;
     }
 
+    req.session.backcode = null;
+
     res.render('back/new-password', Object.assign({
         module: 'passport',
         page: 'back-new-password',
@@ -328,10 +332,10 @@ const setNewPasswordByMobilePage = (req, res) => {
         headerText: '找回密码',
         isPassportPage: true,
         backNewPwd: true,
-        phoneNum: phoneNum,
-        token: token,
-        areaCode: areaCode,
-        code: code
+        phoneNum: backcode.phoneNum,
+        token: backcode.token,
+        areaCode: backcode.areaCode,
+        code: backcode.code
     }));
 };
 
@@ -361,6 +365,20 @@ const setNewPasswordByMobileAPI = (req, res, next) => {
         .catch(next);
 };
 
+/**
+ * 直接调用发短信接口的情况
+ */
+const verifySmsAllow = (req, res, next) => {
+    if (_.get(req, 'session.backupCaptch.verifyResult')) {
+        return next();
+    } else {
+        return res.json({
+            code: 400,
+            message: '非法请求'
+        });
+    }
+};
+
 module.exports = {
     indexEmailPage,
     sendCodeToEmailAPI,
@@ -373,5 +391,6 @@ module.exports = {
     verifyCodeByMobileAPI,
     setNewPasswordByMobilePage,
     setNewPasswordByMobileAPI,
-    generateCodeImg
+    generateCodeImg,
+    verifySmsAllow
 };

@@ -38,6 +38,7 @@ exports.imgCheck = (req, res, next) => {
             }, '');
 
             req.session.captcha = codeStr;
+            req.session.captchaTimeout = new Date().getTime() + 1000 * 60;
             req.session.captchaSrc = result.data.verifiedGraphicCode;
 
             return request(`${result.data.verifiedGraphicCode}?imageView2/0/format/jpg/q/70|watermark/2/text/${uuid.v4()}/fontsize/120/dissolve/10`).pipe(res); // eslint-disable-line
@@ -52,6 +53,18 @@ exports.imgCheck = (req, res, next) => {
 exports.validate = (req, res, next) => {
     let captchaInput = req.body.captcha;
     let captchaCode = _.get(req.session, 'captcha');
+    let captchaTimeout = _.get(req.session, 'captchaTimeout');
+
+    if (new Date().getTime() > captchaTimeout) {
+        _.set(req.session, 'captchaValidCount', 5);
+        req.session.captcha = null;
+        return res.json({
+            code: 400,
+            message: '验证码超时，请重试',
+            changeCaptcha: true,
+            captchaShow: true
+        });
+    }
 
     let errorCount = _.get(req.session, 'captchaValidCount'); // 初始1次 + 后续4次， 同一个验证码 共5次
 

@@ -2,7 +2,7 @@
  * @Author: Targaryen
  * @Date: 2017-04-13 10:21:07
  * @Last Modified by: Targaryen
- * @Last Modified time: 2017-04-20 18:33:48
+ * @Last Modified time: 2017-04-24 10:52:08
  */
 
 /* ********************
@@ -49,9 +49,9 @@ const passwordResetPage = (req, res) => {
  */
 const passwordReset = (req, res, next) => {
     let passwordWeakObj = req.session.passwordWeak;
-    let uid = req.user && req.user.uid || passwordWeakObj.uid;
+    let uid = (req.user && req.user.uid) || (passwordWeakObj && passwordWeakObj.uid);
 
-    if (!uid || !passwordWeakObj.token) {
+    if (!uid || !passwordWeakObj || !passwordWeakObj.token) {
         return res.json({
             code: 400,
             massage: '非法请求'

@@ -134,6 +134,7 @@ router.get('/passport/back/mobile', validateCode.load, back.indexMobilePage);//
 router.get('/passport/back/mobilecode', back.verifyCodeByMobilePage);// 输入手机验证码页面
 router.get('/passport/back/generatecodeimg.png', back.generateCodeImg);// 生成图片验证码
 router.post('/passport/back/sendcode', validateCode.check, back.sendCodeToMobileAPI);// 发送手机验证码
+router.post('/passport/back/sendcodeagain', back.verifySmsAllow, back.sendCodeToMobileAPI);// 重新发送手机验证码
 router.post('/passport/back/verifycode', back.verifyCodeByMobileAPI);// 校验手机验证码
 
 router.get('/passport/back/backcode', back.setNewPasswordByMobilePage);// 设置新密码页面

@@ -224,7 +224,7 @@ const shop = {
             }
 
             /* 红人店铺直接跳转 */
-            if (shopInfoResult.is_red_shop) {
+            if (shopInfoResult && shopInfoResult.is_red_shop) {
                 shop.redShop(req, res, next);
                 return false;
             }

@@ -7,11 +7,17 @@
 
 const newsaleModel = require('../models/newsale');
 const headerModel = require('../../../doraemon/models/header');
+
+let yhchannels = {
+    '1,3': 1,
+    '2,3': 2
+};
+
 let channels = {
-    boys: '1,3',
-    girl: '2,3',
-    kids: '1,2,3',
-    lifestyle: '1,2,3'
+    boys: 1,
+    girls: 2,
+    kids: 3,
+    lifestyle: 4
 };
 
 const index = (req, res, next) => {
@@ -56,10 +62,10 @@ const selectHotrank = (req, res, next) => {
     let limit = 50;
     let page = req.query.page || 1;
     let notab = req.query.notab || 0;
-    let yhChannel = req.query.yh_channel || 1;
-    let gender = req.query.gender || req.cookies._Channel && channels[req.cookies._Channel] || '1,3';
+    let yhChannel = (req.query.gender && yhchannels[req.query.gender]) ||
+                    (req.cookies._Channel && channels[req.cookies._Channel]) || 1;
 
-    newsaleModel.selectHotrank(yhChannel, gender, sort, tab_id, limit, page, notab).then((result) => {
+    newsaleModel.selectHotrank(yhChannel, sort, tab_id, limit, page, notab).then((result) => {
 
         res.render('newsale/hotlist', {
             layout: false,

@@ -11,6 +11,7 @@ const helpers = global.yoho.helpers;
 const api = global.yoho.API;
 const searchModel = require('./search');
 const productProcess = require(`${utils}/product-process`);
+const stringProcess = require(`${global.utils}/string-process`);
 
 /**
  * 频道
@@ -122,14 +123,22 @@ const _getShopDecorator = (shopId) => {
  * @return array
  */
 const _getShopInfo = (shopId, uid) => {
-    if (uid === 'undefined') {
-        uid = 0;
-    }
-    return api.get('', {
+    let finalParams = {
         method: 'app.shops.getIntro',
         shop_id: shopId,
-        uid: uid || 0
-    }, {code: 200}).then((result) => {
+    };
+
+    if (!shopId || !stringProcess.isNumeric(shopId)) {
+        return Promise.resolve({});
+    }
+
+    if (uid && uid !== 'undefined') {
+        Object.assign(finalParams, {
+            uid: uid
+        });
+    }
+
+    return api.get('', finalParams, {code: 200}).then((result) => {
         return result && result.data;
     });
 };
@@ -144,6 +153,10 @@ const getShopIntro = (shopId, uid) => {
         shop_id: shopId
     };
 
+    if (!shopId || !stringProcess.isNumeric(shopId)) {
+        return Promise.resolve({});
+    }
+
     if (uid && uid !== 'undefined') {
         params.uid = uid;
     }

@@ -40,10 +40,9 @@ const getHotRank = (codeKey) => {
     });
 };
 
-const selectHotrank = (yhChannel, gender, sort, tabId, limit, page, notab) => {
+const selectHotrank = (yhChannel, sort, tabId, limit, page, notab) => {
     let param = {
         method: 'app.search.top',
-        gender: gender,
         yh_channel: yhChannel,
         page: page,
         limit: limit

@@ -5,6 +5,7 @@
 
 const api = global.yoho.API;
 const singleAPI = global.yoho.SingleAPI;
+const stringProcess = require(`${global.utils}/string-process`);
 
 /**
  * 频道
@@ -41,6 +42,10 @@ exports.getIntro = shopId => {
         shop_id: shopId
     };
 
+    if (!shopId || !stringProcess.isNumeric(shopId)) {
+        return Promise.resolve({});
+    }
+
     return api.get('', params, {cache: true, code: 200});
 };
 

@@ -14,8 +14,8 @@ const domains = {
     liveApi: 'http://testapi.live.yohops.com:9999/',
     singleApi: 'http://api-test3.yohops.com:9999/',
 
-    api: 'http://api.yoho.cn/',
-    service: 'http://service.yoho.cn/',
+    api: 'http://api-test3.yohops.com:9999/',
+    service: 'http://service-test3.yohops.com:9999/',
     global: 'http://api-global.yohobuy.com',
 
     // liveApi: 'http://api.live.yoho.cn/',

 {
   "name": "m-yohobuy-node",
-  "version": "5.6.2",
+  "version": "5.6.3",
   "private": true,
   "description": "A New Yohobuy Project With Express",
   "repository": {

@@ -118,7 +118,7 @@ module.exports = function(useInRegister, useForBind, useForRelate) {
 
         $.ajax({
             type: 'POST',
-            url: (useForBind || useForRelate) ? '/passport/bind/sendBindMsg' : '/passport/' + urlMid + '/sendcode',
+            url: (useForBind || useForRelate) ? '/passport/bind/sendBindMsg' : '/passport/' + urlMid + '/sendcodeagain',
             data: {
                 phoneNum: phoneNum,
                 areaCode: areaCode

@@ -6,6 +6,9 @@
 let $ = require('yoho-jquery'),
     ImgCheck = require('plugin/img-check'),
     tip = require('plugin/tip');
+
+let loading = require('plugin/loading');
+
 const validType = {
     IMG_CHECK: 1,
     GEETEST: 2
@@ -94,7 +97,9 @@ class Validate {
             }
             return Promise.resolve({captcha});
         } else {
+            loading.showLoadingMask();
             return new Promise((resolve) => {
+                loading.hideLoadingMask();
                 this.$container.removeClass('hide');
                 this.captchaObj.onSuccess(() => {
                     resolve(this.captchaObj.getValidate());

 let $ = require('yoho-jquery'),
     Swiper = require('yoho-swiper'),
     lazyLoad = require('yoho-jquery-lazyload'),
-    loading = require('plugin/loading');
+    loading = require('plugin/loading'),
+    qs = require('yoho-qs');
 
 let page = 1,
     winH,
@@ -34,7 +35,8 @@ function hotrank(pageIndex, sortIndex, tabId, noTab) {
         data: {
             page: pageIndex,
             tab_id: tabId,
-            notab: noTab
+            notab: noTab,
+            gender: qs.gender
         },
         success: function(data) {
             if (data === ' ') {