fe / yohobuywap-node · Commits

Go to a project

Authored by 陈峰
Commit 51cd36167376f691a917775196b45f39f10e29b1 1 parent c94b0124

sessionkey修改为authcode加密解密

Inline Side-by-side
Showing 2 changed files with 15 additions and 14 deletions
1 'use strict'; 1 'use strict';
2 const _ = require('lodash'); 2 const _ = require('lodash');
3 const aes = require('./aes-pwd'); 3 const aes = require('./aes-pwd');
  4 +const authcode = require('../../../utils/authcode');
4 const sign = global.yoho.sign; 5 const sign = global.yoho.sign;
5 const api = global.yoho.API; 6 const api = global.yoho.API;
6 const uuid = require('uuid'); 7 const uuid = require('uuid');
@@ -75,7 +76,7 @@ class Auth { @@ -75,7 +76,7 @@ class Auth {
75 // global.yoho.logger.error('write session key fail'); 76 // global.yoho.logger.error('write session key fail');
76 // }); 77 // });
77 req.session.SESSION_KEY = sessionKey; 78 req.session.SESSION_KEY = sessionKey;
78 - res.cookie('_SESSION_KEY', aes.encryptionUid(sessionKey), { 79 + res.cookie('_SESSION_KEY', authcode(sessionKey, '_SESSION_KEY', 2592000000, 'encode'), {
79 domain: 'yohobuy.com', 80 domain: 'yohobuy.com',
80 expires: new Date(Date.now() + 2592000000) // 有效期一年 81 expires: new Date(Date.now() + 2592000000) // 有效期一年
81 }); 82 });
@@ -3,29 +3,29 @@ @@ -3,29 +3,29 @@
3 const _ = require('lodash'); 3 const _ = require('lodash');
4 const cookie = global.yoho.cookie; 4 const cookie = global.yoho.cookie;
5 const crypto = global.yoho.crypto; 5 const crypto = global.yoho.crypto;
  6 +const authcode = require('../../utils/authcode');
6 7
7 module.exports = () => { 8 module.exports = () => {
8 return (req, res, next) => { 9 return (req, res, next) => {
9 // 从 SESSION 中获取到当前登录用户的 UID 10 // 从 SESSION 中获取到当前登录用户的 UID
10 - if (req.session && _.isNumber(req.session.LOGIN_UID)) {  
11 - // 不要使用 === 判断uid的值,如果需要判断使用 ==  
12 - req.user.uid = {  
13 - toString: () => {  
14 - return req.session.LOGIN_UID;  
15 - },  
16 - sessionKey: req.session.SESSION_KEY  
17 - };  
18 - let userData = _.get(req.session, 'USER', {}); 11 + // if (req.session && _.isNumber(req.session.LOGIN_UID)) {
  12 + // // 不要使用 === 判断uid的值,如果需要判断使用 ==
  13 + // req.user.uid = {
  14 + // toString: () => {
  15 + // return req.session.LOGIN_UID;
  16 + // },
  17 + // sessionKey: req.session.SESSION_KEY
  18 + // };
  19 + // let userData = _.get(req.session, 'USER', {});
19 20
20 - _.merge(req.user, userData);  
21 - } 21 + // _.merge(req.user, userData);
  22 + // }
22 23
23 // session 没有读取到的时候,从 cookie 读取 UID 24 // session 没有读取到的时候,从 cookie 读取 UID
24 if (!req.user.uid && req.cookies._UID) { 25 if (!req.user.uid && req.cookies._UID) {
25 // 不要使用 === 判断uid的值,如果需要判断使用 == 26 // 不要使用 === 判断uid的值,如果需要判断使用 ==
26 - let sessionKey = req.cookies._SESSION_KEY && crypto.decrypt('yoho9646abcdefgh', req.cookies._SESSION_KEY); 27 + let sessionKey = req.cookies._SESSION_KEY && authcode(req.cookies._SESSION_KEY, '_SESSION_KEY', 2592000000);
27 28
28 - sessionKey = sessionKey.replace(/[^\w:-]/g, '');  
29 req.user.uid = { 29 req.user.uid = {
30 toString: () => { 30 toString: () => {
31 return cookie.getUid(req); 31 return cookie.getUid(req);