fe / yohobuywap-node · Commits

Go to a project

Authored by 徐炜
Commit d60215a8a187cbb4a12641056a2d1df68a0798ca 1 parent 22533a5c

参数黑名单过滤

Inline Side-by-side
Showing 2 changed files with 23 additions and 0 deletions
@@ -99,6 +99,7 @@ app.use((req, res, next) => { @@ -99,6 +99,7 @@ app.use((req, res, next) => {
99 // dispatcher 99 // dispatcher
100 try { 100 try {
101 const user = require('./doraemon/middleware/user'); 101 const user = require('./doraemon/middleware/user');
  102 + const reqParamsFilter = require('./doraemon/middleware/req-params-filter');
102 const subDomain = require('./doraemon/middleware/sub-domain'); 103 const subDomain = require('./doraemon/middleware/sub-domain');
103 const itemNameHandler = require('./doraemon/middleware/item-name-handler'); 104 const itemNameHandler = require('./doraemon/middleware/item-name-handler');
104 const setYohoData = require('./doraemon/middleware/set-yoho-data'); 105 const setYohoData = require('./doraemon/middleware/set-yoho-data');
@@ -110,6 +111,7 @@ try { @@ -110,6 +111,7 @@ try {
110 const pageCache = require('./doraemon/middleware/page-cache'); 111 const pageCache = require('./doraemon/middleware/page-cache');
111 112
112 // YOHO 前置中间件 113 // YOHO 前置中间件
  114 + app.use(reqParamsFilter());
113 app.use(subDomain()); 115 app.use(subDomain());
114 app.use(itemNameHandler); 116 app.use(itemNameHandler);
115 app.use(setYohoData()); 117 app.use(setYohoData());
  1 +const _ = require('lodash');
  2 +
  3 +// 黑名单参数
  4 +const BLACK_LIST = [
  5 + 'client_secret',
  6 + 'method'
  7 +];
  8 +
  9 +module.exports = () => {
  10 + return (req, res, next) => {
  11 + if (req.query) {
  12 + _.forEach(BLACK_LIST, (key) => {
  13 + if (req.query[key]) {
  14 + delete req.query[key];
  15 + }
  16 + });
  17 + }
  18 +
  19 + next();
  20 + };
  21 +};