user api ok

2017-06-04 21:38:14 +08:00 · 2017-06-04 21:38:14 +08:00 · 5f81ba7309
commit 5f81ba7309
parent 9423428b72
5 changed files with 126 additions and 5 deletions
--- a/server-api/app.js
+++ b/server-api/app.js
@ -45,7 +45,7 @@ const router = new Router();
 app.keys = ['44b4fa5cb8a394294361'];

 // enable logger
-app.use(logger('combined'));
+app.use(logger('dev'));
 // enable body parser
 // app.use(koaBody({
 //     multipart: true,
--- a/server-api/libs/mongo_model.js
+++ b/server-api/libs/mongo_model.js
@ -14,6 +14,24 @@ tokenSchema.statics.clearExpire = function(cb) {
 tokenSchema.statics.renewToken = function (id, expire, cb) {
    return this.update({ _id: mongoose.Schema.Types.ObjectId(id) }, { $set: { expire: Date.now() + 86400000 } }, cb);
 }
+tokenSchema.statics.checkToken = async function (str) {
+    let self = this;
+    return new Promise((resolve, reject) => {
+        self.findOne({ _id: str, expire: { $gte: Date.now() } }, (err, row) => {
+            if (err || !row) return resolve(false);
+            return resolve(true);
+        });
+    })
+}
+tokenSchema.statics.getToken = async function (str) {
+    let self = this;
+    return new Promise((resolve, reject) => {
+        self.findOne({ _id: str, expire: { $gte: Date.now() } }, (err, row) => {
+            if (err) return reject(err);
+            return resolve(row);
+        })
+    })
+}

 const token = mongoose.model('token', tokenSchema, 'token');

--- a/server-api/route/api/errorManager/language/zh.js
+++ b/server-api/route/api/errorManager/language/zh.js
@ -4,6 +4,12 @@ module.exports = {
    CE0001: '請輸入帳號',
    CE0002: '請輸入密碼',
    CE0003: '使用者帳號或密碼錯誤',
+    CE0004: '請輸入使用者名稱',
+    CE0005: '請輸入Email',
+    CE0006: '使用者帳號重複',
+
+    CE1000: 'Token驗證失敗',
+    CE2000: '使用者權限不足',

    // server error
    SE0000: '資料查詢失敗',
--- a/server-api/route/api/index.js
+++ b/server-api/route/api/index.js
@ -29,6 +29,8 @@ router.use(async (c, n) => {
            }
        })
    }
+    c.token = c.headers['x-auth-token'] || '';
+    
    // console.log(c.headers['accept-language'])
    try {
        await n();
--- a/server-api/route/api/user.js
+++ b/server-api/route/api/user.js
@ -7,6 +7,100 @@ const so = require('../../libs/storeObject');
 const mongo = require('../../libs/mongo_model.js');

 router
+    .post('/', async (c, n) => {
+        let arr = c.request.body;
+        if (!arr.data) throw 'CE0000';
+        if (!arr.data.account) throw 'CE0001';
+        if (!arr.data.password) throw 'CE00002';
+        if (!arr.data.name) throw 'CE0004';
+        if (!arr.data.email) throw 'CE0005';
+
+        try {
+            let query = "select count(*) as c from ??.?? where `account` = ?";
+            let param = ['lora', 'user', arr.data.account];
+            let count = await c.syncQuery(query, param);
+            if (count.length == 0) throw 'SE0000';
+            if (count[0].c > 0) throw 'CE0006';
+        } catch (err) {
+            if (typeof err == 'string') throw err;
+            c.serr = err;
+            throw 'SE0000';
+        }
+
+        let uid = 0;
+        try {
+            let query = "insert into ??.?? (`account`, `password`, `name`, `email`) values (?, ?, ?, ?)";
+            let param = ['lora', 'user', arr.data.account, arr.data.password, arr.data.name, arr.data.email];
+            let indata = await c.syncQuery(query, param);
+            uid = indata.insertId;
+        } catch (err) {
+            if (typeof err == 'string') throw err;
+            c.serr = err;
+            throw 'SE0001';
+        }
+
+        c.body = {
+            record: [{ uid }]
+        }
+    })
+    .get('/:uid', async (c, n) => {
+        if (!await mongo.token.checkToken(c.token)) throw 'CE1000';
+        try {
+            let t = await mongo.token.getToken(c.token);
+            if (t.object.uid != c.params.uid) throw 'CE2000';
+        } catch (err) {
+            if (typeof err == 'string') throw err;
+            c.serr = err;
+            throw 'SE0000';
+        }
+
+        try {
+            let user = await c.syncQuery('select `uid`,`account`,`name`,`email` from ??.?? where `uid` = ?', ['lora', 'user', c.params.uid]);
+
+            c.body = {
+                record: user
+            }
+        } catch (err) {
+            if (typeof err == 'string') throw err;
+            c.serr = err;
+            throw 'SE0000';
+        }
+    })
+    .put('/:uid', async (c, n) => {
+        if (!await mongo.token.checkToken(c.token)) throw 'CE1000';
+        let arr = c.request.body;
+        if (!arr.data) throw 'CE0000';
+        if (!arr.data.name) throw 'CE0004';
+        if (!arr.data.email) throw 'CE0005';
+        try {
+            let t = await mongo.token.getToken(c.token);
+            if (t.object.uid != c.params.uid) throw 'CE2000';
+        } catch (err) {
+            if (typeof err == 'string') throw err;
+            c.serr = err;
+            throw 'SE0000';
+        }
+
+        try {
+            let query = "update ??.?? set \
+                `name` = ?, \
+                `email` = ?"+ (arr.data.password ? ',' : '') + " \
+                " + (arr.data.password ? "`password` = ?, " : '') + " \
+                where \
+                `uid` = ?";
+            let param = ['lora', 'user', arr.data.name, arr.data.email];
+            if (arr.data.password) param.push(crypto.genPassHash(arr.data.password));
+            param.push(c.params.uid);
+
+            let updata = await c.syncQuery(query, param);
+        } catch (err) {
+            if (typeof err == 'string') throw err;
+            c.serr = err;
+            throw 'SE0002';
+        }
+
+        c.body = { record: [] };
+    })
    .post('/login', async (c, n) => {
        let arr = c.request.body;
        if (!arr.data) throw 'CE0000';
@ -40,4 +134,5 @@ router
        }
    })

+
 module.exports = router;