更新依赖项

2017-07-16 22:56:44 +08:00
parent 3df9391bc1
commit 6232645481
8 changed files with 127 additions and 43 deletions
--- a/src/app.js
+++ b/src/app.js
@ -1,34 +1,23 @@
 import Koa2 from 'koa'
 import KoaBody from 'koa-body'
-import KoaSession from 'koa-session2'
 import KoaStatic from 'koa-static2'
 import {
  System as SystemConfig
 } from './config'
 import path from 'path'
 import MainRoutes from './routes/main-routes'
+import ErrorRoutesCatch from './middleware/ErrorRoutesCatch'
 import ErrorRoutes from './routes/error-routes'
-import PluginLoader from './lib/PluginLoader'
+import jwt from 'koa-jwt'
+import fs from 'fs'
+// import PluginLoader from './lib/PluginLoader'

 const app = new Koa2()
 const env = process.env.NODE_ENV || 'development' // Current mode

+const publicKey = fs.readFileSync(path.join(__dirname, '../publicKey.pub'))
+
 app
-  .use(KoaBody({
-    multipart: true,
-    strict: false,
-    jsonLimit: '20mb',
-    formLimit: '10mb',
-    textLimit: '20mb',
-    formidable: {
-      uploadDir: path.join(__dirname, '../assets/uploads')
-    }
-  })) // Processing request
-  .use(KoaStatic('assets', path.resolve(__dirname, '../assets'))) // Static resource
-  .use(KoaSession({
-    key: SystemConfig.Session_Key
-  })) // Set Session
-  .use(PluginLoader(SystemConfig.System_plugin_path))
  .use((ctx, next) => {
    if (ctx.request.header.host.split(':')[0] === 'localhost' || ctx.request.header.host.split(':')[0] === '127.0.0.1') {
      ctx.set('Access-Control-Allow-Origin', '*')
@ -40,6 +29,20 @@ app
    ctx.set('Access-Control-Allow-Credentials', true) // 允许带上 cookie
    return next()
  })
+  .use(ErrorRoutesCatch())
+  .use(KoaStatic('assets', path.resolve(__dirname, '../assets'))) // Static resource
+  .use(jwt({ secret: publicKey }).unless({ path: [/^\/public|\/user\/login|\/assets/] }))
+  .use(KoaBody({
+    multipart: true,
+    strict: false,
+    formidable: {
+      uploadDir: path.join(__dirname, '../assets/uploads/tmp')
+    },
+    jsonLimit: '10mb',
+    formLimit: '10mb',
+    textLimit: '10mb'
+  })) // Processing request
+  // .use(PluginLoader(SystemConfig.System_plugin_path))
  .use(MainRoutes.routes())
  .use(MainRoutes.allowedMethods())
  .use(ErrorRoutes())
--- a/src/controllers/auth.js
+++ b/src/controllers/auth.js
@ -0,0 +1,49 @@
+import jwt from 'jsonwebtoken'
+import fs from 'fs'
+import path from 'path'
+
+const publicKey = fs.readFileSync(path.join(__dirname, '../../publicKey.pub'))
+
+// 用户登录的时候返回token
+// let token = jwt.sign({
+//   userInfo: userInfo // 你要保存到token的数据
+// }, publicKey, { expiresIn: '7d' })
+
+/**
+ * 检查授权是否合法
+ */
+export let CheckAuth = (ctx) => {
+  let token = ctx.request.header.authorization
+  try {
+    let decoded = jwt.verify(token.substr(7), publicKey)
+    if (decoded.userInfo) {
+      return {
+        status: 1,
+        result: decoded.userInfo
+      }
+    } else {
+      return {
+        status: 403,
+        result: {
+          errInfo: '没有授权'
+        }
+      }
+    }
+  } catch (err) {
+    return {
+      status: 503,
+      result: {
+        errInfo: '解密错误'
+      }
+    }
+  }
+}
+
+export let Post = (ctx) => {
+  switch (ctx.params.action) {
+    case 'check':
+      return CheckAuth(ctx).then(result => { ctx.body = result })
+    default:
+      return CheckAuth(ctx).then(result => { ctx.body = result })
+  }
+}
--- a/src/middleware/ErrorRoutesCatch.js
+++ b/src/middleware/ErrorRoutesCatch.js
@ -0,0 +1,20 @@
+module.exports = function () {
+  return function (ctx, next) {
+    return next().catch((err) => {
+      switch (err.status) {
+        case 401:
+          ctx.status = 200
+          ctx.body = {
+            status: 401,
+            result: {
+              err: 'Authentication Error',
+              errInfo: 'Protected resource, use Authorization header to get access.'
+            }
+          }
+          break
+        default:
+          throw err
+      }
+    })
+  }
+}
--- a/src/routes/main-routes.js
+++ b/src/routes/main-routes.js
@ -4,13 +4,14 @@ import controllers from '../controllers/index.js'
 const router = new KoaRouter()

 router
-  .get('/', function (ctx, next) {
+  .get('/public/get', function (ctx, next) {
    ctx.body = '禁止访问！'
-  }) // HOME 路由
+  }) // 以/public开头则不用经过权限认证
  .all('/upload', controllers.upload.default)
  .get('/api/:name', controllers.api.Get)
  .post('/api/:name', controllers.api.Post)
  .put('/api/:name', controllers.api.Put)
  .del('/api/:name', controllers.api.Delect)
+  .post('/auth/:action', controllers.auth.Post)

 module.exports = router