diff --git a/server-api/app.js b/server-api/app.js index bd2066c..e2b342f 100644 --- a/server-api/app.js +++ b/server-api/app.js @@ -45,7 +45,7 @@ const router = new Router(); app.keys = ['44b4fa5cb8a394294361']; // enable logger -app.use(logger('combined')); +app.use(logger('dev')); // enable body parser // app.use(koaBody({ // multipart: true, diff --git a/server-api/libs/mongo_model.js b/server-api/libs/mongo_model.js index af9720c..c93db6d 100644 --- a/server-api/libs/mongo_model.js +++ b/server-api/libs/mongo_model.js @@ -7,13 +7,31 @@ const tokenSchema = mongoose.Schema({ default: Date.now } }); -tokenSchema.statics.clearExpire = function(cb) { +tokenSchema.statics.clearExpire = function (cb) { console.log(Date.now()) return this.remove({ expire: { $lte: Date.now() } }, cb); } -tokenSchema.statics.renewToken = function(id, expire, cb) { +tokenSchema.statics.renewToken = function (id, expire, cb) { return this.update({ _id: mongoose.Schema.Types.ObjectId(id) }, { $set: { expire: Date.now() + 86400000 } }, cb); } +tokenSchema.statics.checkToken = async function (str) { + let self = this; + return new Promise((resolve, reject) => { + self.findOne({ _id: str, expire: { $gte: Date.now() } }, (err, row) => { + if (err || !row) return resolve(false); + return resolve(true); + }); + }) +} +tokenSchema.statics.getToken = async function (str) { + let self = this; + return new Promise((resolve, reject) => { + self.findOne({ _id: str, expire: { $gte: Date.now() } }, (err, row) => { + if (err) return reject(err); + return resolve(row); + }) + }) +} const token = mongoose.model('token', tokenSchema, 'token'); diff --git a/server-api/route/api/errorManager/language/zh.js b/server-api/route/api/errorManager/language/zh.js index 2dfa285..676ea23 100644 --- a/server-api/route/api/errorManager/language/zh.js +++ b/server-api/route/api/errorManager/language/zh.js @@ -4,6 +4,12 @@ module.exports = { CE0001: '請輸入帳號', CE0002: '請輸入密碼', CE0003: '使用者帳號或密碼錯誤', + CE0004: '請輸入使用者名稱', + CE0005: '請輸入Email', + CE0006: '使用者帳號重複', + + CE1000: 'Token驗證失敗', + CE2000: '使用者權限不足', // server error SE0000: '資料查詢失敗', diff --git a/server-api/route/api/index.js b/server-api/route/api/index.js index f130b5d..9bfba0d 100644 --- a/server-api/route/api/index.js +++ b/server-api/route/api/index.js @@ -29,6 +29,8 @@ router.use(async (c, n) => { } }) } + c.token = c.headers['x-auth-token'] || ''; + // console.log(c.headers['accept-language']) try { await n(); diff --git a/server-api/route/api/user.js b/server-api/route/api/user.js index eb44b2a..18f1b97 100644 --- a/server-api/route/api/user.js +++ b/server-api/route/api/user.js @@ -7,7 +7,101 @@ const so = require('../../libs/storeObject'); const mongo = require('../../libs/mongo_model.js'); router - .post('/login', async(c, n) => { + .post('/', async (c, n) => { + let arr = c.request.body; + if (!arr.data) throw 'CE0000'; + if (!arr.data.account) throw 'CE0001'; + if (!arr.data.password) throw 'CE00002'; + if (!arr.data.name) throw 'CE0004'; + if (!arr.data.email) throw 'CE0005'; + + try { + let query = "select count(*) as c from ??.?? where `account` = ?"; + let param = ['lora', 'user', arr.data.account]; + let count = await c.syncQuery(query, param); + if (count.length == 0) throw 'SE0000'; + if (count[0].c > 0) throw 'CE0006'; + } catch (err) { + if (typeof err == 'string') throw err; + c.serr = err; + throw 'SE0000'; + } + + let uid = 0; + try { + let query = "insert into ??.?? (`account`, `password`, `name`, `email`) values (?, ?, ?, ?)"; + let param = ['lora', 'user', arr.data.account, arr.data.password, arr.data.name, arr.data.email]; + let indata = await c.syncQuery(query, param); + uid = indata.insertId; + } catch (err) { + if (typeof err == 'string') throw err; + c.serr = err; + throw 'SE0001'; + } + + c.body = { + record: [{ uid }] + } + }) + .get('/:uid', async (c, n) => { + if (!await mongo.token.checkToken(c.token)) throw 'CE1000'; + try { + let t = await mongo.token.getToken(c.token); + if (t.object.uid != c.params.uid) throw 'CE2000'; + } catch (err) { + if (typeof err == 'string') throw err; + c.serr = err; + throw 'SE0000'; + } + + try { + let user = await c.syncQuery('select `uid`,`account`,`name`,`email` from ??.?? where `uid` = ?', ['lora', 'user', c.params.uid]); + + c.body = { + record: user + } + } catch (err) { + if (typeof err == 'string') throw err; + c.serr = err; + throw 'SE0000'; + } + }) + .put('/:uid', async (c, n) => { + if (!await mongo.token.checkToken(c.token)) throw 'CE1000'; + let arr = c.request.body; + if (!arr.data) throw 'CE0000'; + if (!arr.data.name) throw 'CE0004'; + if (!arr.data.email) throw 'CE0005'; + try { + let t = await mongo.token.getToken(c.token); + if (t.object.uid != c.params.uid) throw 'CE2000'; + } catch (err) { + if (typeof err == 'string') throw err; + c.serr = err; + throw 'SE0000'; + } + + try { + let query = "update ??.?? set \ + `name` = ?, \ + `email` = ?"+ (arr.data.password ? ',' : '') + " \ + " + (arr.data.password ? "`password` = ?, " : '') + " \ + where \ + `uid` = ?"; + let param = ['lora', 'user', arr.data.name, arr.data.email]; + if (arr.data.password) param.push(crypto.genPassHash(arr.data.password)); + param.push(c.params.uid); + + let updata = await c.syncQuery(query, param); + } catch (err) { + if (typeof err == 'string') throw err; + c.serr = err; + throw 'SE0002'; + } + + c.body = { record: [] }; + }) + .post('/login', async (c, n) => { let arr = c.request.body; if (!arr.data) throw 'CE0000'; if (!arr.data.account) throw 'CE0001'; @@ -25,7 +119,7 @@ router record: user } } catch (err) { - if(typeof err == 'string') throw err; + if (typeof err == 'string') throw err; c.serr = err; throw 'SE0000'; } @@ -40,4 +134,5 @@ router } }) + module.exports = router; \ No newline at end of file