fe / yohobuywap-node · Commits

Go to a project

Authored by 王水玲
Commit bd1110b81bc183197484dcb3713894818dc94a1d 1 parent 15386d61

性能安全

Inline Side-by-side
Showing 23 changed files with 104 additions and 37 deletions
... ... @@ -10,6 +10,7 @@ const router = require('express').Router(); //eslint-disable-line
const cRoot = './controllers';
const authMW = require('../../doraemon/middleware/auth');
const disableBFCache = require('../../doraemon/middleware/disable-BFCache');
const csrf = require('../../doraemon/middleware/csrf');
const seckill = require(cRoot + '/seckill');
const order = require(cRoot + '/order');
const countController = require(`${cRoot}/count`);
... ... @@ -41,7 +42,7 @@ router.post('/index/new/orderSub', authMW, order.orderSub); // 订单提交
router.get('/index/new/selectCoupon', authMW, order.selectCouponsPage); // 选择优惠券 页面 New!
router.post('/index/new/couponList', order.couponList); // [ajax]获取优惠券列表
router.post('/index/new/useCouponCode', order.useCouponCode); // [ajax]购物车输入优惠券码使用优惠券
router.get('/index/new/selectAddress', authMW, order.selectAddress); // 选择地址
router.get('/index/new/selectAddress', authMW, csrf, order.selectAddress); // 选择地址
router.get('/index/new/invoiceInfo', authMW, order.invoiceInfo); // 发票信息
router.get('/index/new/jitDetail', authMW, order.jitDetail); // JIT 拆单配送信息
router.get('/index/new/selectGiftcard', authMW, order.selectGiftcard); // 选择礼品卡页面
... ...
... ... @@ -9,9 +9,9 @@
{{#if addressInfo}}
<div class="address block address-wrap {{#if @root.pageChannel.boys}} boys{{/if}}{{#if @root.pageChannel.girls}} girls{{/if}}{{#if @root.pageChannel.kids}} kids{{/if}}{{#if @root.pageChannel.lifeStyle}} life-style{{/if}}" data-id ="{{addressId}}">
<div class="info">
<span class="info-name">{{name}}</span>
<span class="info-name">{{{name}}}</span>
<span class="info-phone">{{phoneNum}}</span>
<a href="{{selectAddressUrl}}"><span class="info-address">{{addressInfo}}</span></a>
<a href="{{selectAddressUrl}}"><span class="info-address">{{{addressInfo}}}</span></a>
<i class="iconfont">&#xe637;</i>
</div>
<a class="rest" href="{{selectAddressUrl}}">其他地址<span class="iconfont">&#xe614;</span></a>
... ... @@ -177,7 +177,7 @@
{{#if addressInfo}}
<div class="address-bottom">
<div class="back"></div>
<span>送至:{{addressInfo}}</span>
<span>送至:{{{addressInfo}}}</span>
</div>
{{/if}}
<div class="bill">
... ...
... ... @@ -2,9 +2,9 @@
<div class="page-wrap clearfix">
{{# address}}
<div class="address-item" data-address-id="{{address_id}}" data-is-support="{{is_support}}" data-href="{{../moreUrl}}">
<span class="name">{{consignee}}</span>
<span class="name">{{{consignee}}}</span>
<span class="tel">{{mobile}}</span>
<p class="address-info">{{area}} {{address}}</p>
<p class="address-info">{{area}} {{{address}}}</p>
<div class="action iconfont">
<span class="edit" data-href="/home/addressAct?id={{address_id}}&refer=buynow&product_sku={{../product_sku}}&buy_number={{../buy_number}}">&#xe61e;</span>
<span class="del" data-id="{{address_id}}">&#xe621;</span>
... ...
... ... @@ -9,9 +9,9 @@
{{#if addressInfo}}
<div class="address block address-wrap {{#if @root.pageChannel.boys}} boys{{/if}}{{#if @root.pageChannel.girls}} girls{{/if}}{{#if @root.pageChannel.kids}} kids{{/if}}{{#if @root.pageChannel.lifeStyle}} life-style{{/if}}" data-id ="{{addressId}}">
<div class="info">
<span class="info-name">{{name}}</span>
<span class="info-name">{{{name}}}</span>
<span class="info-phone">{{phoneNum}}</span>
<a href="/cart/index/new/selectAddress"><span class="info-address">{{addressInfo}}</span></a>
<a href="/cart/index/new/selectAddress"><span class="info-address">{{{addressInfo}}}</span></a>
<i class="iconfont">&#xe637;</i>
</div>
<a class="rest" href="/cart/index/new/selectAddress">其他地址<span class="iconfont">&#xe614;</span></a>
... ... @@ -182,7 +182,7 @@
{{#if addressInfo}}
<div class="address-bottom">
<div class="back"></div>
<span>送至:{{addressInfo}}</span>
<span>送至:{{{addressInfo}}}</span>
</div>
{{/if}}
<div class="bill">
... ...
<div class="my-address-page select-address-page yoho-page">
<div class="page-wrap clearfix">
{{# address}}
<input type="hidden" name="_csrf" value="{{@root.csrfToken}}"/>
<div class="address-item" data-address-id="{{address_id}}" data-is-support="{{is_support}}" data-href="{{../moreUrl}}">
<span class="name">{{consignee}}</span>
<span class="name">{{{consignee}}}</span>
<span class="tel">{{mobile}}</span>
<p class="address-info">{{area}} {{address}}</p>
<p class="address-info">{{area}} {{{address}}}</p>
<div class="action iconfont">
<span class="edit" data-href="/home/addressAct?id={{address_id}}&refer=shopping">&#xe61e;</span>
<span class="del" data-id="{{address_id}}">&#xe621;</span>
... ...
... ... @@ -11,6 +11,7 @@ const express = require('express');
const router = express.Router(); // eslint-disable-line
const auth = require('../../doraemon/middleware/auth');
const disableBFCache = require('../../doraemon/middleware/disable-BFCache');
const csrf = require('../../doraemon/middleware/csrf');
const cRoot = './controllers';
const installment = require(cRoot + '/installment');
... ... @@ -49,12 +50,12 @@ router.get('/QRcode/:id', personalController.QRcode);
router.get('/user/qrcode', auth, newQrcode.index);
/* 个人中心地址管理相关路由 */
router.get('/address', auth, addressController.address); // 地址管理页面
router.get('/addressAct', auth, addressController.addressAct); // 地址添加页面
router.get('/addressAct/:id', auth, addressController.addressAct); // 地址添加修改页面
router.post('/saveAddress', addressController.saveAddress); // 新增或者保存地址
router.get('/address', auth, csrf, addressController.address); // 地址管理页面
router.get('/addressAct', auth, csrf, addressController.addressAct); // 地址添加页面
router.get('/addressAct/:id', auth, csrf, addressController.addressAct); // 地址添加修改页面
router.post('/saveAddress', csrf, addressController.saveAddress); // 新增或者保存地址
router.post('/defaultAddress', addressController.defaultAddress); // 设置默认地址
router.post('/delAddress', addressController.delAddress); // 删除地址
router.post('/delAddress', csrf, addressController.delAddress); // 删除地址
router.get('/locationList', auth, addressController.locationList); // 异步获取三级地址数据
router.get('/addressModify', auth, addressController.addressModify); // 订单详情地址列表
router.get('/chooseAddress', auth, addressController.chooseAddress); // 订单详情地址修改
... ...
... ... @@ -2,10 +2,11 @@
<div class="tip">为提高配送时效,请您尽量准确填写四级地址。</div>
<div class="my-edit-address-page page-wrap">
<form class="edit-address">
<input type="hidden" name="_csrf" value="{{@root.csrfToken}}" />
<input type="hidden" name="id" value="{{address.addressId}}">
<label class="username">
收 货 人 :
<input type="text" name="consignee" maxlength="21" value="{{address.consignee}}">
<input type="text" name="consignee" maxlength="21" value="{{{address.consignee}}}">
</label>
<label class="mobile">
联系电话:
... ... @@ -19,7 +20,7 @@
</label>
<label class="address">
详细地址:
<textarea name="address" maxlength="255">{{address.address}}</textarea>
<textarea name="address" maxlength="255">{{{address.address}}}</textarea>
</label>
</form>
<div class="submit">
... ...
... ... @@ -2,9 +2,9 @@
<div class="page-wrap clearfix modifyAdd" data-rel="{{relation}}" data-order-code="{{orderCode}}">
{{# address}}
<div class="address-item" data-address-id="{{addressId}}" >
<span class="name">{{consignee}}</span>
<span class="name">{{{consignee}}}</span>
<span class="tel">{{mobile}}</span>
<p class="address-info">{{area}} {{address}}</p>
<p class="address-info">{{area}} {{{address}}}</p>
</div>
{{/ address}}
... ...
<div class="my-address-page yoho-page">
<div class="page-wrap">
{{# address}}
<input type="hidden" name="_csrf" value="{{@root.csrfToken}}"/>
<div class="address-item">
<span class="name">{{consignee}}</span>
<span class="name">{{{consignee}}}</span>
<span class="tel">{{mobile}}</span>
<p class="address-info">{{area}} {{address}}</p>
<p class="address-info">{{area}} {{{address}}}</p>
<div class="action iconfont">
<a class="edit" href="/home/addressAct?id={{addressId}}">&#xe61e;</a>
<span class="del" data-id="{{addressId}}">&#xe621;</span>
... ...
... ... @@ -8,7 +8,7 @@
<div class="person-detail">
<a href='{{userInfoLink}}' class="user-avatar" data-avatar="{{image head_ico 80 80}}"></a>
<div class="basic-info">
<span class="user-name">{{nickname}}</span>
<span class="user-name">{{{nickname}}}</span>
<span class="gender {{#isEqualOr gender 1}}boy{{/isEqualOr}}{{#isEqualOr gender 2}}girl{{/isEqualOr}}"></span>
</div>
<div class="info">
... ...
... ... @@ -8,7 +8,7 @@
<div class="level level-{{vip_info/cur_level}}"></div>
</div>
<div class="right">
<div class="name eps">{{nickname}}</div>
<div class="name eps">{{{nickname}}}</div>
<div class="trend-code-c">
<div class="dot">#&nbsp;</div>
<div class="scroll-c go-scroll">
... ...
<div class="personal-details yoho-page">
<ul>
<li><span>头像</span><span><i class="head-portrait user-avatar" data-avatar="{{image head_ico 128 128}}"></i></span></li>
<li><span>昵称</span><span>{{ nickname }}</span></li>
<li><span>昵称</span><span>{{{ nickname }}}</span></li>
<li><span>性别</span><span>{{ gender }}</span></li>
<li><span>生日</span><span>{{ birthday }}</span></li>
</ul>
... ...
{{#if vip3}}
<p>
<span class="user-name">{{name}}</span>
<span class="user-name">{{{name}}}</span>
<span class="vip-icon vip-3"></span>
</p>
<p class="grade-desc">
... ... @@ -20,7 +20,7 @@
{{#if vip2}}
<p>
<span class="user-name">{{name}}</span>
<span class="user-name">{{{name}}}</span>
<span class="vip-icon vip-2"></span>
</p>
<p class="grade-desc">
... ... @@ -43,7 +43,7 @@
{{#if vip1}}
<p>
<span class="user-name">{{name}}</span>
<span class="user-name">{{{name}}}</span>
<span class="vip-icon vip-1"></span>
</p>
<p class="grade-desc">
... ... @@ -66,7 +66,7 @@
{{#if vip0}}
<p>
<span class="user-name">{{name}}</span>
<span class="user-name">{{{name}}}</span>
<span>普通会员</span>
</p>
<p class="grade-desc">
... ...
... ... @@ -71,7 +71,7 @@ const newGoods = (req, res, next) => {
});
// 唤起 APP 的路径
res.locals.appPath = `yohobuy://yohobuy.com/goapp?openby:yohobuy={"action":"go.new","params":${JSON.stringify(appParams)}}`;
res.locals.appPath = `yohobuy://yohobuy.com/goapp?openby:yohobuy={"action":"go.new","params":${encodeURIComponent(JSON.stringify(appParams))}}`;
let seoTitle = '【潮流新品】_引领潮流_2018时尚潮流新品-YOHO!BUY 有货';
... ... @@ -144,7 +144,7 @@ const _newGoods = (req, res, next) => {
});
// 唤起 APP 的路径
res.locals.appPath = `yohobuy://yohobuy.com/goapp?openby:yohobuy={"action":"go.new","params":${JSON.stringify(appParams)}}`;
res.locals.appPath = `yohobuy://yohobuy.com/goapp?openby:yohobuy={"action":"go.new","params":${encodeURIComponent(JSON.stringify(appParams))}}`;
req.ctx(newModel).indexData(uid, channel).then(result => {
let shopList = _.get(result, 'shop_list', []);
... ...
... ... @@ -3,7 +3,7 @@
{{# comments}}
<div class="comment-item clearfix">
<div class="user-info clearfix">
<span class="user-name">{{userName}}</span>
<span class="user-name">{{{userName}}}</span>
<span class="goods-spec">
购买了<b>{{color}}</b>
</span>
... ...
... ... @@ -12,11 +12,11 @@
<div class="comment-content-main content-main clearfix">
{{# comments}}
<span class="user-name">
{{userName}}
{{{userName}}}
</span>
<p class="goods-spec">
购买了{{desc}}
</>
</p>
<p class="detail-content">
{{content}}
</p>
... ...
'use strict';
const csrf = require('csurf');
const csrfInit = csrf();
module.exports = (req, res, next) => {
return csrfInit(req, res, (e) => {
res.locals.csrfToken = req.csrfToken();
return next(e);
});
};
... ...
... ... @@ -62,6 +62,7 @@
"connect-redis": "^3.3.3",
"cookie-parser": "^1.4.3",
"cssnano": "^3.10.0",
"csurf": "^1.9.0",
"express": "^4.16.3",
"feed": "^1.1.0",
"geetest": "^4.1.2",
... ...
... ... @@ -13,7 +13,7 @@
<div class="user-info clearfix">
{{# comments}}
<span class="user-name">
{{userName}}
{{{userName}}}
</span>
<span class="goods-spec">
购买了<b>{{color}}</b>
... ...
... ... @@ -40,7 +40,8 @@ $confim.on('touchend', '.cancel', function() {
method: 'POST',
url: '/home/delAddress',
data: {
id: deleteId
id: deleteId,
_csrf: $('input[name=_csrf]').val()
}
}).then(function(res) {
if ($.type(res) !== 'object') {
... ...
... ... @@ -26,6 +26,10 @@ function cookie(name) {
var re = new RegExp(name + '=([^;$]*)', 'i'),
matchPattern = '$1';
if (name === '_UID') {
return decodeURIComponent(re.test(document.cookie) ? RegExp[matchPattern] : '');
}
try {
return re.test(decodeURIComponent(document.cookie)) ? RegExp[matchPattern] : '';
} catch (e) {
... ...
... ... @@ -40,7 +40,8 @@ $confim.on('touchend', '.cancel', function() {
method: 'POST',
url: '/home/delAddress',
data: {
id: deleteId
id: deleteId,
_csrf: $('input[name=_csrf]').val()
}
}).then(function(res) {
if ($.type(res) !== 'object') {
... ...
... ... @@ -2240,6 +2240,14 @@ crypto-random-string@^1.0.0:
version "1.0.0"
resolved "http://npm.yohops.com/crypto-random-string/-/crypto-random-string-1.0.0.tgz#a230f64f568310e1498009940790ec99545bca7e"
csrf@~3.0.3:
version "3.0.6"
resolved "http://npm.yohops.com/csrf/-/csrf-3.0.6.tgz#b61120ddceeafc91e76ed5313bb5c0b2667b710a"
dependencies:
rndm "1.2.0"
tsscmp "1.0.5"
uid-safe "2.1.4"
css-color-function@~1.3.3:
version "1.3.3"
resolved "http://npm.yohops.com/css-color-function/-/css-color-function-1.3.3.tgz#8ed24c2c0205073339fafa004bc8c141fccb282e"
... ... @@ -2402,6 +2410,15 @@ cssom@^0.3.2:
version "0.3.2"
resolved "http://npm.yohops.com/cssom/-/cssom-0.3.2.tgz#b8036170c79f07a90ff2f16e22284027a243848b"
csurf@^1.9.0:
version "1.9.0"
resolved "http://npm.yohops.com/csurf/-/csurf-1.9.0.tgz#49d2c6925ffcec7b7de559597c153fa533364133"
dependencies:
cookie "0.3.1"
cookie-signature "1.0.6"
csrf "~3.0.3"
http-errors "~1.5.0"
currently-unhandled@^0.4.1:
version "0.4.1"
resolved "http://npm.yohops.com/currently-unhandled/-/currently-unhandled-0.4.1.tgz#988df33feab191ef799a61369dd76c17adf957ea"
... ... @@ -4042,6 +4059,14 @@ http-errors@1.6.3, http-errors@~1.6.2, http-errors@~1.6.3:
setprototypeof "1.1.0"
statuses ">= 1.4.0 < 2"
http-errors@~1.5.0:
version "1.5.1"
resolved "http://npm.yohops.com/http-errors/-/http-errors-1.5.1.tgz#788c0d2c1de2c81b9e6e8c01843b6b97eb920750"
dependencies:
inherits "2.0.3"
setprototypeof "1.0.2"
statuses ">= 1.3.1 < 2"
http-parser-js@>=0.4.0:
version "0.4.13"
resolved "http://npm.yohops.com/http-parser-js/-/http-parser-js-0.4.13.tgz#3bd6d6fde6e3172c9334c3b33b6c193d80fe1137"
... ... @@ -7828,6 +7853,10 @@ ripemd160@^2.0.0, ripemd160@^2.0.1:
hash-base "^3.0.0"
inherits "^2.0.1"
rndm@1.2.0:
version "1.2.0"
resolved "http://npm.yohops.com/rndm/-/rndm-1.2.0.tgz#f33fe9cfb52bbfd520aa18323bc65db110a1b76c"
run-async@^2.0.0, run-async@^2.2.0:
version "2.3.0"
resolved "http://npm.yohops.com/run-async/-/run-async-2.3.0.tgz#0371ab4ae0bdd720d4166d7dfda64ff7a445a6c0"
... ... @@ -8008,6 +8037,10 @@ setimmediate@^1.0.4:
version "1.0.5"
resolved "http://npm.yohops.com/setimmediate/-/setimmediate-1.0.5.tgz#290cbb232e306942d7d7ea9b83732ab7856f8285"
setprototypeof@1.0.2:
version "1.0.2"
resolved "http://npm.yohops.com/setprototypeof/-/setprototypeof-1.0.2.tgz#81a552141ec104b88e89ce383103ad5c66564d08"
setprototypeof@1.0.3:
version "1.0.3"
resolved "http://npm.yohops.com/setprototypeof/-/setprototypeof-1.0.3.tgz#66567e37043eeb4f04d91bd658c0cbefb55b8e04"
... ... @@ -8864,6 +8897,10 @@ tslib@^1.9.0:
version "1.9.2"
resolved "http://npm.yohops.com/tslib/-/tslib-1.9.2.tgz#8be0cc9a1f6dc7727c38deb16c2ebd1a2892988e"
tsscmp@1.0.5:
version "1.0.5"
resolved "http://npm.yohops.com/tsscmp/-/tsscmp-1.0.5.tgz#7dc4a33af71581ab4337da91d85ca5427ebd9a97"
tty-browserify@0.0.0:
version "0.0.0"
resolved "http://npm.yohops.com/tty-browserify/-/tty-browserify-0.0.0.tgz#a157ba402da24e9bf957f9aa69d524eed42901a6"
... ... @@ -8928,6 +8965,12 @@ uglifyjs-webpack-plugin@^1.2.4:
webpack-sources "^1.1.0"
worker-farm "^1.5.2"
uid-safe@2.1.4:
version "2.1.4"
resolved "http://npm.yohops.com/uid-safe/-/uid-safe-2.1.4.tgz#3ad6f38368c6d4c8c75ec17623fb79aa1d071d81"
dependencies:
random-bytes "~1.0.0"
uid-safe@~2.1.2:
version "2.1.5"
resolved "http://npm.yohops.com/uid-safe/-/uid-safe-2.1.5.tgz#2b3d5c7240e8fc2e58f8aa269e5ee49c0857bd3a"
... ...