update
This commit is contained in:
@@ -3,9 +3,10 @@ const util = require('util')
|
||||
const url = require('url')
|
||||
const sso = require('src/utils/sso/index.js')
|
||||
const { get: getCacheInstance } = require('src/utils/cache.js')
|
||||
const { codeMessage, APIError } = require('src/utils/response/index.js')
|
||||
const { resp, codeMessage, APIError } = require('src/utils/response/index.js')
|
||||
const config = require('src/config/index.js')
|
||||
const { jwt } = require('src/utils/pkgs.js')
|
||||
const acl = require('src/utils/acl.js')
|
||||
const { copyObject } = require('src/utils/index.js')
|
||||
|
||||
const controller = {}
|
||||
module.exports = controller
|
||||
@@ -34,6 +35,12 @@ controller.verifyCode = () => async (ctx) => {
|
||||
try {
|
||||
const token = await sso.getToken(code, sessionState)
|
||||
|
||||
if (!acl.checkAllow(token.groups)) {
|
||||
const copy = copyObject(resp.Forbidden)
|
||||
copy.object = codeMessage.CodeAccountNoPermission
|
||||
throw new APIError('account no permission', copy)
|
||||
}
|
||||
|
||||
// set accessToken/refreshToken cache
|
||||
cache.set(token.access_token, token.refresh_token, false)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user