Press n or j to go to the next uncovered block, b, p or k for the previous block.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 | 3x 3x 3x 3x 3x 3x 51x 5x 5x 5x 51x 1x 1x 4x 4x 4x 4x 21x 21x 3x 3x 3x 3x 3x | 'use strict'
const horseJwt = require('express-jwt');
const jwt = require('jsonwebtoken')
const compose = require('composable-middleware')
const { User } = require('../app/model')
const config = require('../config/env')
function signToken(id, role) {
return jwt.sign({ _id: id, role }, config.session.secret, {
expiresIn: config.session.cookie.maxAge / 1000, // 可以直接写 '30d' 或者 '1y'
})
}
function setTokenCookie(req, res) {
if (!req.user) {
return res.status(404).send('It looks like you aren\'t logged in, please try again.');
}
var token = signToken(req.user._id, req.user.role);
res.cookie('token', token);
res.redirect('/');
}
function authToken(credentialsRequired) {
return compose()
.use(function (req, res, next) {
// allow access_token to be passed through query parameter as well
Iif (req.query && req.query.hasOwnProperty('access_token')) {
req.headers.authorization = `Bearer ${req.query.access_token}`;
}
// IE11 forgets to set Authorization header sometimes. Pull from cookie instead.
Iif (req.query && typeof req.headers.authorization === 'undefined') {
req.headers.authorization = `Bearer ${req.cookies.token}`;
}
next();
})
.use(horseJwt({
secret: config.session.secret,
credentialsRequired: credentialsRequired, // 是否抛出错误
}))
}
function isAuthenticated() {
return compose()
.use(authToken(true))
.use(function (err, req, res, next) {
Eif (err.name === 'UnauthorizedError') {
return res.status(401).send();
}
next();
})
.use(function (req, res, next) {
User.findById(req.user._id).exec()
.then(user => {
Iif (!user) {
return res.status(401).end();
}
req.user = user;
next();
})
.catch(err => next(err));
});
}
function hasRole(roleRequired) {
Iif (!roleRequired) { throw new Error('Required role needs to be set') }
return compose()
.use(isAuthenticated())
.use(function meetsRequirements(req, res, next) {
if (config.userRoles.indexOf(req.user.role) >= config.userRoles.indexOf(roleRequired)) {
return next()
} else {
return res.status(403).send('Forbidden')
}
})
}
function snsPassport() {
return compose()
.use(authToken(false))
.use(function (req, res, next) {
req.session.passport = {
redirectUrl: req.query.redirectUrl || '/',
}
if (req.user) {
req.session.passport.userId = req.user._id
}
next()
})
}
exports.signToken = signToken
exports.setTokenCookie = setTokenCookie
exports.isAuthenticated = isAuthenticated
exports.hasRole = hasRole
exports.snsPassport = snsPassport |