Merge branch 'gray'

ccbikai(👎🏻🍜)
Commit 17b76c285cc408ef53e150d90c040f2ace314f8a 2 parents 7d77bf2e 315e73d4
Showing 6 changed files with 51 additions and 6 deletions
apps/passport/controllers/login.js
apps/passport/controllers/reg.js
apps/passport/controllers/sms.js
package.json
public/js/common/chose-panel.js
utils/index.js
--- a/apps/passport/controllers/login.js
View file @17b76c2
+++ b/apps/passport/controllers/login.js
View file @17b76c2
@@ -14,6 +14,7 @@ const cookie = global.yoho.cookie;
 const helpers = global.yoho.helpers;
 const log = global.yoho.logger;
 const config = global.yoho.config;
+ const utils = require(global.utils);
 const RegService = require('../models/reg-service');
 const AuthHelper = require('../models/auth-helper');
 
@@ -32,6 +33,9 @@ function doPassportCallback(openId, nickname, sourceType, req, res) {
     if (/signin|login/.test(refer)) {
         refer = `${config.siteUrl}/home`;
     }
+ 
+     refer = utils.refererLimit(refer);
+ 
     if (openId && nickname) {
         return AuthHelper.signinByOpenID(nickname, openId, sourceType, shoppingKey).then((result) => {
             if (result.code !== 200) {
@@ -64,6 +68,8 @@ const common = {
             refer = req.get('Referer');
         }
 
+         refer = utils.refererLimit(refer);
+ 
 
         refer && !/signin|login|passport/.test(refer) && res.cookie('refer', encodeURI(refer), {
             domain: 'yohobuy.com'
@@ -112,7 +118,7 @@ const local = {
         });
     },
     international: (req, res) => {
-          // 先清除cookie
+         // 先清除cookie
         // res.clearCookie('LE' + md5('_LOGIN_EXPIRE'), {
         //     domain: 'yohobuy.com'
         // });
@@ -161,6 +167,9 @@ const local = {
                 if (/sign|login/.test(refer)) {
                     refer = `${config.siteUrl}/home`;
                 }
+ 
+                 refer = utils.refererLimit(refer);
+ 
                 user.session = refer;
                 user.href = refer;
                 AuthHelper.syncUserSession(user.uid, req, res, user.session_key).then(() => {
@@ -184,6 +193,8 @@ const local = {
         res.clearCookie('_SPK');
         let refer = req.get('Referer') || config.siteUrl;
 
+         refer = utils.refererLimit(refer);
+ 
         res.redirect(refer);
     }
 };
--- a/apps/passport/controllers/reg.js
View file @17b76c2
+++ b/apps/passport/controllers/reg.js
View file @17b76c2
@@ -8,6 +8,7 @@
 'use strict';
 
 const _ = require('lodash');
+ const utils = require(global.utils);
 const helpers = global.yoho.helpers;
 const sign = global.yoho.sign;
 const cookie = global.yoho.cookie;
@@ -61,6 +62,8 @@ let index = (req, res) => {
     // req.session.REG_EXPIRE = Date.now() + 1800000;
     let refer = req.query.refer;
 
+     refer = utils.refererLimit(refer);
+ 
     refer && res.cookie('refer', encodeURI(refer), {
         domain: 'yohobuy.com'
     });
@@ -402,6 +405,8 @@ let setPassword = (req, res, next) => {
             refer = '/home';
         }
 
+         refer = utils.refererLimit(refer);
+ 
         delete req.session.phoneNum;
 
         return res.json({
--- a/apps/passport/controllers/sms.js
View file @17b76c2
+++ b/apps/passport/controllers/sms.js
View file @17b76c2
@@ -3,6 +3,7 @@
 const _ = require('lodash');
 const helpers = global.yoho.helpers;
 const cookie = global.yoho.cookie;
+ const utils = require(global.utils);
 const RegService = require('../models/reg-service');
 const PhoneService = require('../models/phone-service');
 const AuthHelper = require('../models/auth-helper');
@@ -24,8 +25,10 @@ exports.beforeIn = (req, res, next) => {
         Expires: 0
     });
 
+     let refer = utils.refererLimit(req.cookies.refer);
+ 
     if (!req.xhr && req.user.uid) {
-         return res.redirect(req.cookies.refer || '/');
+         return res.redirect(refer);
     }
 
     next();
@@ -300,7 +303,7 @@ exports.check = (req, res, next) => {
                     res.json({
                         code: 200,
                         message: LOGIN_SUCCSS,
-                         redirect: req.cookies.refer
+                         redirect: utils.refererLimit(req.cookies.refer)
                     });
 
                     delete req.session.smsLogin;
@@ -363,7 +366,7 @@ exports.password = (req, res, next) => {
         res.json({
             code: 200,
             message: LOGIN_SUCCSS,
-             redirect: req.cookies.refer || '/'
+             redirect: utils.refererLimit(req.cookies.refer)
         });
         delete req.session.smsLogin;
     }).catch(next);
--- a/package.json
View file @17b76c2
+++ b/package.json
View file @17b76c2
 {
   "name": "m-yohobuy-node",
-   "version": "5.2.4",
+   "version": "5.2.5",
   "private": true,
   "description": "A New Yohobuy Project With Express",
   "repository": {
--- a/public/js/common/chose-panel.js
View file @17b76c2
+++ b/public/js/common/chose-panel.js
View file @17b76c2
@@ -68,7 +68,7 @@ function render(data) {
         var cartInfo = data.cartInfo;
         var thumbClone = $chosePanel.find('.thumb').remove();
 
-         for (var i = 0; i < cartInfo.thumbs.length; i++) {
+         for (var i = cartInfo.thumbs.length - 1; i >= 0; i--) {
             var thumbEle = thumbClone.clone();
 
             thumbEle.attr('src', cartInfo.thumbs[i].img);
--- a/utils/index.js 0 → 100644
View file @17b76c2
+++ b/utils/index.js 0 → 100644
View file @17b76c2
+ 'use strict';
+ 
+ const url = require('url');
+ 
+ /**
+  *   refer限制
+  *  @param referer string
+  *  @param blacklist [array|function] refer黑名单  TODO: 未实现
+  *      1. array: ['/login', '/signin'] 如果referer 在array中，将返回 /home
+  *      2. function: 如果返回true, 返回/home
+  *  @return referer
+  */
+ exports.refererLimit = (referer, blacklist) => {  // eslint-disable-line
+     let result = decodeURIComponent(referer || '/home');
+ 
+     let urlObj = url.parse(result, false, true);
+ 
+ 
+     if (urlObj.hostname && !/(?:yohobuy\.com$)|(?:yoho\.cn$)/.test(urlObj.hostname)) {
+         result = '/home';
+     }
+ 
+     // TODO: blacklist;
+ 
+     return result;
+ };