Merge branch 'gray'

@@ -65,11 +65,6 @@ app.use((req, res, next) => {
 // 添加请求上下文
 app.use(global.yoho.httpCtx());
 
-// 请求限制中间件
-if (!app.locals.devEnv) {
-    app.use(require('./doraemon/middleware/limiter'));
-}
-
 // 指定libray目录
 global.utils = path.resolve('./utils');
 
@@ -162,6 +157,11 @@ try {
     app.use(seo());
     app.use(setPageInfo());
 
+    // 请求限制中间件
+    if (!app.locals.devEnv) {
+        app.use(require('./doraemon/middleware/limiter'));
+    }
+
     if (app.locals.devEnv) {
         app.use(devtools());
     }

@@ -146,7 +146,8 @@ class AuthModel extends global.yoho.BaseModel {
             req.session.SESSION_KEY = sessionKey;
             res.cookie('_SESSION_KEY', authcode(sessionKey, '_SESSION_KEY', 2592000000, 'encode'), {
                 domain: 'yohobuy.com',
-                expires: new Date(Date.now() + 2592000000) // 有效期一年
+                expires: new Date(Date.now() + 2592000000), // 有效期一年
+                httpOnly: true
             });
             userId.sessionKey = sessionKey;
         }

@@ -18,7 +18,8 @@ const IP_WHITE_LIST = [
     '106.39.86.227',
     '218.94.75.58',
     '218.94.75.50',
-    '218.94.77.166'
+    '218.94.77.166',
+    '222.73.196.18' // B站合作方单击次数快加白名单
 ];
 
 const PATH_WHITE_LIST = [

@@ -2,16 +2,16 @@
 
 const cache = global.yoho.cache.master;
 const _ = require('lodash');
-const config = global.yoho.config;
 const logger = global.yoho.logger;
 
 module.exports = (limiter, policy) => {
-    const key = `${config.app}:limiter:${limiter.remoteIp}`;
+    // 和pc共用
+    const key = `pc:limiter:${limiter.remoteIp}`;
 
     return cache.getAsync(key).then((result) => {
         logger.debug(key, result);
 
-        if (result && _.isNumber(result)) {
+        if (result && _.isNumber(result) && result !== -1) {
             return Promise.resolve(policy);
         } else {
             return Promise.resolve(true);

@@ -44,7 +44,7 @@ module.exports = (limiter, policy) => {
             } else if (+results[key] > +val) {
 
                 // ip限制1小时
-                operation.push(cache.setAsync(`${config.app}:limiter:${limiter.remoteIp}`, 1, limiterIpTime));
+                operation.push(cache.setAsync(`pc:limiter:${limiter.remoteIp}`, 1, limiterIpTime));
                 return Promise.resolve(policy);
             } else {
                 operation.push(cache.incrAsync(cacheKey, 1));

@@ -6,8 +6,8 @@ const logger = global.yoho.logger;
 
 
 module.exports = (limiter, policy) => {
-    const blackKey = 'wap:limiter:ua:black',
-        whiteKey = 'wap:limiter:ua:white';
+    const blackKey = 'pc:limiter:ua:black',
+        whiteKey = 'pc:limiter:ua:white';
 
     const ua = limiter.req.header('User-Agent');
 

@@ -29,7 +29,7 @@ function yohoSession(opts) {
             req.session = new memcachedSession.Session(req, req[opts.backSession].sessionBack);
             req.session.cookie = new memcachedSession.Cookie({
                 domain: 'yohobuy.com',
-                httpOnly: false
+                httpOnly: true
             });
         }
 
@@ -63,7 +63,7 @@ module.exports = (app) => {
         },
         cookie: {
             domain: 'yohobuy.com',
-            httpOnly: false
+            httpOnly: true
         },
         store: new MemcachedStore({
             hosts: config.memcache.session,
@@ -80,7 +80,8 @@ module.exports = (app) => {
         secret: '82dd7e724f2c6870472c89dfa43cf48d',
         cookie: {
             domain: 'yohobuy.com',
-            ephemeral: true
+            ephemeral: true,
+            httpOnly: true
         }
     }));