参数黑名单过滤

徐炜
Commit d60215a8a187cbb4a12641056a2d1df68a0798ca 1 parent 22533a5c
Showing 2 changed files with 23 additions and 0 deletions
app.js
doraemon/middleware/req-params-filter.js
--- a/app.js
View file @d60215a
+++ b/app.js
View file @d60215a
@@ -99,6 +99,7 @@ app.use((req, res, next) => {
 // dispatcher
 try {
     const user = require('./doraemon/middleware/user');
+     const reqParamsFilter = require('./doraemon/middleware/req-params-filter');
     const subDomain = require('./doraemon/middleware/sub-domain');
     const itemNameHandler = require('./doraemon/middleware/item-name-handler');
     const setYohoData = require('./doraemon/middleware/set-yoho-data');
@@ -110,6 +111,7 @@ try {
     const pageCache = require('./doraemon/middleware/page-cache');
 
     // YOHO 前置中间件
+     app.use(reqParamsFilter());
     app.use(subDomain());
     app.use(itemNameHandler);
     app.use(setYohoData());
--- a/doraemon/middleware/req-params-filter.js 0 → 100644
View file @d60215a
+++ b/doraemon/middleware/req-params-filter.js 0 → 100644
View file @d60215a
+ const _ = require('lodash');
+ 
+ // 黑名单参数
+ const BLACK_LIST = [
+     'client_secret',
+     'method'
+ ];
+ 
+ module.exports = () => {
+     return (req, res, next) => {
+         if (req.query) {
+             _.forEach(BLACK_LIST, (key) => {
+                 if (req.query[key]) {
+                     delete req.query[key];
+                 }
+             });
+         }
+ 
+         next();
+     };
+ };