update
This commit is contained in:
+27
-29
@@ -5,7 +5,9 @@ const joi = require('joi')
|
||||
const response = require('src/utils/response/index.js')
|
||||
const config = require('src/config/index.js')
|
||||
const { jwt } = require('src/utils/pkgs.js')
|
||||
const { copyObject, toNumber } = require('src/utils/index.js')
|
||||
const sso = require('src/utils/sso/index.js')
|
||||
const { copyObject } = require('src/utils/index.js')
|
||||
const { get: getCacheInstance } = require('src/utils/cache.js')
|
||||
|
||||
const { Success, InternalError, DataFormat, Forbidden, Unauthorized } = response.resp
|
||||
|
||||
@@ -107,7 +109,7 @@ controller.validate = schema => {
|
||||
* @param {boolean=} allowExpired
|
||||
* @return {import('koa').Middleware}
|
||||
*/
|
||||
controller.authorization = allowExpired => {
|
||||
controller.authorization = () => {
|
||||
return async (ctx, next) => {
|
||||
ctx.token = {}
|
||||
/** @type {string} */
|
||||
@@ -122,44 +124,40 @@ controller.authorization = allowExpired => {
|
||||
|
||||
[, ctx.token.origin] = strs
|
||||
|
||||
let decoded = {}
|
||||
let expired = false
|
||||
const decoded = {}
|
||||
|
||||
try {
|
||||
decoded = jwt.verify(strs[1], config.server.jwt_secret)
|
||||
// 可以考慮這邊做個cache 多久之內存取不會到keycloak驗證
|
||||
let userInfo = await sso.getUserInfo(ctx.token.origin)
|
||||
if (!userInfo) {
|
||||
// try refresh
|
||||
const cache = getCacheInstance()
|
||||
const refreshToken = cache.get(ctx.token.origin)
|
||||
if (!refreshToken) throw new Error('no cache data')
|
||||
const token = await sso.refreshToken(refreshToken)
|
||||
// set new cache
|
||||
cache.set(token.access_token, token.refresh_token, false)
|
||||
ctx.token.origin = token.access_token
|
||||
userInfo = await sso.getUserInfo(token.access_token)
|
||||
if (!userInfo) throw new Error('get user info fail')
|
||||
|
||||
await joi
|
||||
.object({
|
||||
user_id: joi.string().required()
|
||||
})
|
||||
.unknown()
|
||||
.validateAsync(decoded)
|
||||
} catch (err) {
|
||||
debug(`jwt token verify fail: ${util.inspect(err, false, null)}`)
|
||||
if (err instanceof jwt.TokenExpiredError) {
|
||||
decoded = jwt.decode(ctx.token.origin)
|
||||
expired = true
|
||||
} else {
|
||||
throw err
|
||||
ctx.set('x-new-token', ctx.token.origin)
|
||||
}
|
||||
|
||||
Object.assign(decoded, userInfo)
|
||||
} catch (err) {
|
||||
debug(`user info get fail ::: ${util.inspect(err, false, null)}`)
|
||||
ctx.err(Unauthorized)
|
||||
}
|
||||
|
||||
ctx.token.user_id = decoded.user_id
|
||||
ctx.token.sso = !!decoded.sso
|
||||
ctx.token.user_id = decoded.username
|
||||
ctx.token.sso = true
|
||||
|
||||
if (expired) ctx.err(Forbidden, response.codeMessage.CodeTokenExpired)
|
||||
ctx.token.info = decoded
|
||||
|
||||
ctx.verified = true
|
||||
} catch (err) {
|
||||
debug(`Token valid fail: ${util.inspect(err, false, null)}`)
|
||||
if (err instanceof response.APIError) {
|
||||
// 如果是過期的錯誤,判斷是否允許過期存取
|
||||
// @ts-ignore
|
||||
// eslint-disable-next-line
|
||||
if (err._object?.object?.code === response.codeMessage.CodeTokenExpired.code) {
|
||||
if (allowExpired) return next()
|
||||
}
|
||||
}
|
||||
throw err
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user