强化 UID 获取

ccbikai
Commit 295bffa811b07fb23126b9f07f5642de6e796d6d 1 parent 529265b1
Showing 2 changed files with 13 additions and 0 deletions
app.js
library/cookie.js
--- a/app.js
View file @295bffa
+++ b/app.js
View file @295bffa
@@ -23,6 +23,8 @@ const uuid = require('uuid');
 const _ = require('lodash');
 const pkg = require('./package.json');
 
+ const cookie = require('./library/cookie');
+ 
 const app = express();
 const MemcachedStore = memcached(session);
 
@@ -71,6 +73,11 @@ app.use((req, res, next) => {
     if (req.session && _.isNumber(req.session._LOGIN_UID)) {
         req.user.uid = req.session._LOGIN_UID;
     }
+ 
+     // session 没有读取到的时候，从 cookie 读取 UID
+     if (!req.user.uid && req.cookies._UID) {
+         req.user.uid = cookie.getUid(req);
+     }
     next();
 });
 
--- a/library/cookie.js
View file @295bffa
+++ b/library/cookie.js
View file @295bffa
@@ -4,6 +4,7 @@
  * @return {[string]}
  */
 'use strict';
+ const sign = require('./sign');
 
 exports.getUid = (req) => {
     const cookie = req.cookies._UID;
@@ -21,6 +22,11 @@ exports.getUid = (req) => {
         }
     }
 
+     // 校验 cookie 的 uid 有没有被修改
+     if (req.cookies._TOKEN !== sign.makeToken(_uid)) {
+         _uid = 0;
+     }
+ 
     return _uid;
 };