fix token

@@ -2,6 +2,7 @@
 const aes = require('./aes-pwd');
 const sign = global.yoho.sign;
 const api = global.yoho.API;
+const uuid= require('uuid');
 
 class Auth {
 
@@ -67,23 +68,30 @@ class Auth {
             });
         }
         return Auth.profile(uid).then((userInfo) => {
-            let token = sign.makeToken(uid);
+            let salt = uuid.v4().substring(0, 8);
+            let saltedUid = uid + salt;
+
+            let saltedToken = sign.makeToken(saltedUid);
+            let publicToken = saltedToken + salt;
+
             let data = userInfo.data;
             let encryptionUid = aes.encryptionUid(uid);
 
             if (data) {
                 data.profile_name = (data.profile_name || '').replace(/::/g, '');
 
-                let uidCookie = `${data.profile_name}::${encryptionUid}::${data.vip_info && data.vip_info.title}::${token}`;
+                let uidCookie =
+                    `${data.profile_name}::${encryptionUid}::${data.vip_info && data.vip_info.title}::${saltedToken}`;
 
                 res.cookie('_UID', uidCookie, {
                     domain: 'yohobuy.com',
                     expires: new Date(Date.now() + 2592000000) // 有效期一年
                 });
             }
-            req.session.TOKEN = token;
+
+            req.session.TOKEN = publicToken;
             req.session.LOGIN_UID = uid;
-            res.cookie('_TOKEN', token, {
+            res.cookie('_TOKEN', publicToken, {
                 domain: 'yohobuy.com',
                 expires: new Date(Date.now() + 2592000000) // 有效期一年
             });