fe / yohobuywap-node · Commits

Go to a project

Authored by 陈峰
Commit 43a9b79cd9b3f282ec2028693c903793571c5414 1 parent b812f599

sessionkey解密时移除乱码

Inline Side-by-side
Showing 1 changed file with 12 additions and 12 deletions
@@ -7,25 +7,25 @@ const crypto = global.yoho.crypto; @@ -7,25 +7,25 @@ const crypto = global.yoho.crypto;
7 module.exports = () => { 7 module.exports = () => {
8 return (req, res, next) => { 8 return (req, res, next) => {
9 // 从 SESSION 中获取到当前登录用户的 UID 9 // 从 SESSION 中获取到当前登录用户的 UID
10 - if (req.session && _.isNumber(req.session.LOGIN_UID)) {  
11 - // 不要使用 === 判断uid的值,如果需要判断使用 ==  
12 - req.user.uid = {  
13 - toString: () => {  
14 - return req.session.LOGIN_UID;  
15 - },  
16 - sessionKey: req.session.SESSION_KEY  
17 - };  
18 - let userData = _.get(req.session, 'USER', {}); 10 + // if (req.session && _.isNumber(req.session.LOGIN_UID)) {
  11 + // // 不要使用 === 判断uid的值,如果需要判断使用 ==
  12 + // req.user.uid = {
  13 + // toString: () => {
  14 + // return req.session.LOGIN_UID;
  15 + // },
  16 + // sessionKey: req.session.SESSION_KEY
  17 + // };
  18 + // let userData = _.get(req.session, 'USER', {});
19 19
20 - _.merge(req.user, userData);  
21 - } 20 + // _.merge(req.user, userData);
  21 + // }
22 22
23 // session 没有读取到的时候,从 cookie 读取 UID 23 // session 没有读取到的时候,从 cookie 读取 UID
24 if (!req.user.uid && req.cookies._UID) { 24 if (!req.user.uid && req.cookies._UID) {
25 // 不要使用 === 判断uid的值,如果需要判断使用 == 25 // 不要使用 === 判断uid的值,如果需要判断使用 ==
26 let sessionKey = req.cookies._SESSION_KEY && crypto.decrypt('yoho9646abcdefgh', req.cookies._SESSION_KEY); 26 let sessionKey = req.cookies._SESSION_KEY && crypto.decrypt('yoho9646abcdefgh', req.cookies._SESSION_KEY);
27 27
28 - sessionKey = sessionKey.replace(/\W/g, ''); 28 + sessionKey = sessionKey.replace(/[^\w:-]/g, '');
29 req.user.uid = { 29 req.user.uid = {
30 toString: () => { 30 toString: () => {
31 return cookie.getUid(req); 31 return cookie.getUid(req);