sessionkey修改为authcode加密解密

陈峰
Commit 51cd36167376f691a917775196b45f39f10e29b1 1 parent c94b0124
Showing 2 changed files with 15 additions and 14 deletions
apps/passport/models/auth-helper.js
doraemon/middleware/user.js
--- a/apps/passport/models/auth-helper.js
View file @51cd361
+++ b/apps/passport/models/auth-helper.js
View file @51cd361
 'use strict';
 const _ = require('lodash');
 const aes = require('./aes-pwd');
+ const authcode = require('../../../utils/authcode');
 const sign = global.yoho.sign;
 const api = global.yoho.API;
 const uuid = require('uuid');
@@ -75,7 +76,7 @@ class Auth {
             //     global.yoho.logger.error('write session key fail');
             // });
             req.session.SESSION_KEY = sessionKey;
-             res.cookie('_SESSION_KEY', aes.encryptionUid(sessionKey), {
+             res.cookie('_SESSION_KEY', authcode(sessionKey, '_SESSION_KEY', 2592000000, 'encode'), {
                 domain: 'yohobuy.com',
                 expires: new Date(Date.now() + 2592000000) // 有效期一年
             });
--- a/doraemon/middleware/user.js
View file @51cd361
+++ b/doraemon/middleware/user.js
View file @51cd361
@@ -3,29 +3,29 @@
 const _ = require('lodash');
 const cookie = global.yoho.cookie;
 const crypto = global.yoho.crypto;
+ const authcode = require('../../utils/authcode');
 
 module.exports = () => {
     return (req, res, next) => {
         // 从 SESSION 中获取到当前登录用户的 UID
-         if (req.session && _.isNumber(req.session.LOGIN_UID)) {
-             // 不要使用 === 判断uid的值，如果需要判断使用 ==
-             req.user.uid = {
-                 toString: () => {
-                     return req.session.LOGIN_UID;
-                 },
-                 sessionKey: req.session.SESSION_KEY
-             };
-             let userData = _.get(req.session, 'USER', {});
+         // if (req.session && _.isNumber(req.session.LOGIN_UID)) {
+         //     // 不要使用 === 判断uid的值，如果需要判断使用 ==
+         //     req.user.uid = {
+         //         toString: () => {
+         //             return req.session.LOGIN_UID;
+         //         },
+         //         sessionKey: req.session.SESSION_KEY
+         //     };
+         //     let userData = _.get(req.session, 'USER', {});
 
-             _.merge(req.user, userData);
-         }
+         //     _.merge(req.user, userData);
+         // }
 
         // session 没有读取到的时候，从 cookie 读取 UID
         if (!req.user.uid && req.cookies._UID) {
             // 不要使用 === 判断uid的值，如果需要判断使用 ==
-             let sessionKey = req.cookies._SESSION_KEY && crypto.decrypt('yoho9646abcdefgh', req.cookies._SESSION_KEY);
+             let sessionKey = req.cookies._SESSION_KEY && authcode(req.cookies._SESSION_KEY, '_SESSION_KEY', 2592000000);
 
-             sessionKey = sessionKey.replace(/[^\w:-]/g, '');
             req.user.uid = {
                 toString: () => {
                     return cookie.getUid(req);