bjx-auth 1.0.0

package/src/strategy/handle.js

@@ -0,0 +1,56 @@
+const {
+  setConfig,
+  getToken: getTokenApi,
+  getUserInfo: getUserInfoApi,
+} = require('../request')
+
+async function getToken(cookies, isRefresh, { headers, ctx }) {
+  return getTokenApi(
+    {
+      __isRefresh__: isRefresh,
+      headers: {
+        Cookie: Object.entries(cookies)
+          .map((v) => v.join('='))
+          .join('; '),
+        ...headers,
+      },
+    },
+    {
+      ctx,
+    },
+  ).then(({ data }) => {
+    if (data.isError === false) {
+      return {
+        bjx_token_flag: cookies['idsrv.session'],
+        token_type: '',
+        access_token: data.data.authToken,
+        expires_at: data.data.expiresAt || (Date.now() / 1000 + 4 * 3600) | 0, // 4小时过期
+      }
+    }
+  })
+}
+
+async function getUserInfo(token, type, { headers, ctx }) {
+  return getUserInfoApi(
+    {
+      __type__: type,
+      headers: {
+        AuthToken: token,
+        ...headers,
+      },
+    },
+    {
+      ctx,
+    },
+  ).then(({ data }) => {
+    if (data.IsError === false) {
+      return data.Data
+    }
+  })
+}
+
+module.exports = {
+  setConfig,
+  getToken,
+  getUserInfo,
+}

package/src/strategy/handleDemo.js

@@ -0,0 +1,49 @@
+async function setConfig(obj) {
+  console.log('设置配置方法', obj)
+}
+
+async function getToken(cookie, { headers }) {
+  console.log('令牌方法', cookie, headers)
+  return {
+    is_bjx_token: true,
+    token_type: '',
+    access_token:
+      'xn4d9DmczNYqDDHt1kHA95l923HSjqNbaYUNVzDNw9FTkxZGg7tsZutqFgfg0gTXoxH9LCxs5uuQ_sBBi54WWg01gESgzSMQV7a1f2utaBr90QPSCy-oLu5YUdHzCPDszfx2P8M4xm4LRMNehjXl8cG0Xph80FdJ7-OntP_ZdGE8ERWAppZATpSZML1oOMj2AKg_Z8YReHTqdp6BuFJqpk2qdCtsFyrqsCbh87pRcghj93eDB4sbSXmKOoc-96LO',
+    expires_at: 1756375244,
+  }
+}
+
+async function getUserInfo(token, type, { headers }) {
+  console.log('用户信息方法', token, type, headers)
+  return {
+    ts: new Date().toLocaleString('sv-SE'),
+    Id: '4316B40F-DBB6-4AA5-8242-5425C7D36DFB',
+    UId: 1100000010,
+    UserName: 'bjxadmin',
+    NickName: '徐薇',
+    Email: 'caoce5158@qq.com',
+    EmailIsCheck: true,
+    RegionCode: '+86',
+    Phone: '13911112222',
+    PhoneIsCheck: true,
+    HeadUrl:
+      'https://static.bjx.com.cn/EnterpriseNew/SeekerImg/1100000010/2023050813520237_74810.jpeg',
+    BackImage:
+      'http://img01.mybjx.net/webupload/image/20231109/3e06d701bc00002.png',
+    BriefIntro: '',
+    Industry: 1300,
+    Source: 9,
+    ShowName: '徐薇',
+    HeadIsDef: false,
+    Nick: '',
+    NickShowName: '星友2222',
+    RegDate: '2016-05-09T17:14:56.473',
+    PwdIsSet: false,
+  }
+}
+
+module.exports = {
+  setConfig,
+  getToken,
+  getUserInfo,
+}

package/src/strategy/index.js

@@ -0,0 +1,9 @@
+const { setConfig, getConfig } = require('../config')
+const strategy = require('./strategy')
+const utils = require('./utils')
+
+exports = module.exports = Object.assign(
+  { setConfig, getConfig },
+  strategy,
+  utils,
+)

package/src/strategy/strategy.js

@@ -0,0 +1,186 @@
+const { Strategy } = require('passport')
+const { setConfig, getToken, getUserInfo } = require('./handle')
+const { errorLogger, debugLogger } = require('../logger')
+
+class BjxStrategy extends Strategy {
+  constructor(options = {}, verify) {
+    super()
+
+    // 策略名称
+    this.name = 'bjx'
+
+    // 配置选项
+    this.loadUserInfo = options.loadUserInfo || false
+    this.userInfoDuration = this.normalizeDuration(options.loadUserInfo)
+    this.userInfoType = options.userInfoType || ''
+    this.authConfig = options.authConfig || {}
+    this.verify = verify || ((user, done) => done(null, user))
+
+    // 设置配置缓存
+    setConfig(this.authConfig)
+  }
+
+  normalizeDuration(val) {
+    // loadUserInfo参数 单位为分钟 但是这里返回毫秒 减少比较时的计算
+    if (typeof val === 'number' && val > 0) {
+      return val * 60 * 1000
+    }
+    return 30 * 60 * 1000
+  }
+
+  authenticate(req, options) {
+    // 检查必要的cookie
+    const hasRequiredCookies =
+      req.cookies &&
+      req.cookies.get('idsrv.session') &&
+      req.cookies.get('.AspNetCore.Identity.Application')
+
+    // 假如不存在 则认证失败
+    if (!hasRequiredCookies) {
+      return this.fail(new Error('Missing required cookies'))
+    }
+
+    // 否则 执行认证流程
+    this.executeAuthentication(req)
+      .then((user) =>
+        // 创建策略时 可传入回调函数 已追加认证逻辑
+        this.verify(user, (err, verifiedUser) => {
+          if (err) return this.error(err)
+          this.success(verifiedUser)
+        }),
+      )
+      .catch((err) => {
+        if (err.message === '__goto_next__') {
+          this.pass()
+        } else {
+          this.error(err)
+        }
+      })
+  }
+
+  async executeAuthentication(req) {
+    // 获取请求头信息
+    const headers = this.extractHeaders(req)
+
+    // 获取cookie
+    const cookies = {
+      'idsrv.session': req.cookies.get('idsrv.session'),
+      '.AspNetCore.Identity.Application': req.cookies.get(
+        '.AspNetCore.Identity.Application',
+      ),
+    }
+
+    // 获取令牌 不存在时直接抛出错误
+    const tokenData = await this.getTokenWithRefresh(cookies, req, headers)
+    if (!tokenData) throw new Error('Get token failed')
+
+    // 获取用户信息 假如配置中为false 则不获取
+    let userInfo
+    if (this.loadUserInfo) {
+      const token = tokenData.access_token
+      userInfo = await this.getUserInfoWithRefresh(token, req, headers)
+    }
+
+    return {
+      token: tokenData,
+      info: userInfo,
+    }
+  }
+
+  extractHeaders(req) {
+    return {
+      'X-Forwarded-For': req.headers['x-forwarded-for'],
+      'X-Forwarded-Host': req.headers['x-forwarded-host'],
+      'User-Agent': req.headers['user-agent'],
+      Referer: req.headers['referer'],
+    }
+  }
+
+  async getTokenWithRefresh(cookies, req, headers) {
+    const su = req?.session?.passport?.user || {}
+    const now = Date.now()
+
+    // 判断token的标识和cookie中的标识是否一致
+    if (su.token?.bjx_token_flag !== cookies['idsrv.session']) {
+      su.token = undefined
+      su.info = undefined
+      debugLogger('令牌标识和cookie内的不一致')
+    }
+
+    // 检查passport中的令牌 是否需要刷新
+    if (su.token && su.token.expires_at * 1000 > now) {
+      throw new Error('__goto_next__')
+    }
+
+    // 假如存在token 还到这一步 说明是刷新token
+    const isRefresh = !!su.token
+    if (isRefresh) {
+      debugLogger('更新令牌')
+    }
+
+    // 获取新token
+    const newToken = await getToken(cookies, isRefresh, {
+      ctx: req.ctx,
+      headers,
+    })
+
+    debugLogger('获取“新”令牌', cookies, isRefresh, newToken || '无')
+    return newToken
+  }
+
+  async getUserInfoWithRefresh(token, req, headers) {
+    const su = req?.session?.passport?.user || {}
+    const now = Date.now()
+
+    // 检查passport中的用户信息 是否需要刷新
+    if (su.info && su.info.__expires_at__ > now) {
+      throw new Error('__goto_next__')
+    }
+
+    // 获取新用户信息
+    const newUserInfo = await getUserInfo(token, this.userInfoType, {
+      ctx: req.ctx,
+      headers,
+    })
+
+    // 设置用户信息的过期时间 这里用毫秒
+    if (newUserInfo) {
+      newUserInfo.__expires_at__ = now + this.userInfoDuration
+    }
+
+    debugLogger('获取“新”用户信息', token, newUserInfo || '无')
+    return newUserInfo
+  }
+}
+
+// Koa中间件
+function createBjxAuthMiddleware(passport) {
+  return async (ctx, next) => {
+    await new Promise((resolve) => {
+      passport.authenticate('bjx', (err, user, info, status) => {
+        if (err) {
+          // this.error()
+          errorLogger(err)
+          ctx.logout()
+        } else if (user) {
+          // this.success()
+          ctx.login(user)
+        } else {
+          // this.fail()
+          ctx.logout()
+        }
+        resolve()
+      })(ctx, () => {
+        // this.pass()
+        resolve()
+      })
+    })
+
+    await next()
+  }
+}
+
+module.exports = {
+  BjxStrategy,
+  createBjxAuthMiddleware,
+}

package/src/strategy/utils.js

@@ -0,0 +1,265 @@
+const config = require('../config')
+
+function objToQs(obj) {
+  if (!obj || Object.keys(obj).length === 0) return ''
+  const params = []
+  for (const key in obj) {
+    if (obj[key]) {
+      params.push(`${key}=${encodeURIComponent(obj[key])}`)
+    }
+  }
+  return params.join('&')
+}
+
+function hostToSite(host) {
+  const map = {
+    hr: 30000,
+
+    dljob: 30100,
+    hdjob: 30101,
+    fdjob: 30102,
+    sdjob: 30103,
+    hedjob: 30104,
+    gfjob: 30105,
+    zhnyfwjob: 30106,
+    shdjob: 30107,
+    tanjob: 30108,
+    qnjob: 30109,
+
+    dqjob: 30200,
+    cnjob: 30201,
+    spdjob: 30202,
+    zdhjob: 30203,
+    xxhjob: 30204,
+
+    hbjob: 30300,
+    scljob: 30301,
+    gfcljob: 30302,
+    dqzljob: 30303,
+    jchpjob: 30304,
+    hbfdjob: 30305,
+    hbgcjob: 30306,
+    hbsbjob: 30307,
+    hjxfjob: 30308,
+    jnjob: 30309,
+
+    gcjob: 30400,
+    dlgcjob: 30401,
+    jzjob: 30402,
+    szlqjob: 30403,
+    gdjob: 30404,
+    jdjob: 30406,
+    sjjob: 30407,
+    jljob: 30408,
+    gczjjob: 30409,
+
+    dcjob: 30500,
+    dcscjob: 30501,
+    dcyyjob: 30502,
+    dccljob: 30503,
+    dchsjob: 30504,
+    dcjsjob: 30507,
+
+    spdsbjob: 30601,
+    pdywjob: 30602,
+    pwpdgcjob: 30603,
+    znwdwjob: 30604,
+    zlpdwjob: 30605,
+    xndcjob: 30606,
+
+    dlscjob: 30700,
+
+    mhr: 40000,
+
+    mdljob: 40100,
+    mhdjob: 40101,
+    mfdjob: 40102,
+    msdjob: 40103,
+    mhedjob: 40104,
+    mgfjob: 40105,
+    mzhnyfwjob: 40106,
+    mshdjob: 40107,
+    mtanjob: 40108,
+    mqnjob: 40109,
+
+    mdqjob: 40200,
+    mcnjob: 40201,
+    mspdjob: 40202,
+    mzdhjob: 40203,
+    mxxhjob: 40204,
+
+    mhbjob: 40300,
+    mscljob: 40301,
+    mgfcljob: 40302,
+    mdqzljob: 40303,
+    mjchpjob: 40304,
+    mhbfdjob: 40305,
+    mhbgcjob: 40306,
+    mhbsbjob: 40307,
+    mhjxfjob: 40308,
+    mjnjob: 40309,
+
+    mgcjob: 40400,
+    mdlgcjob: 40401,
+    mjzjob: 40402,
+    mszlqjob: 40403,
+    mgdjob: 40404,
+    mjdjob: 40406,
+    msjjob: 40407,
+    mjljob: 40408,
+    mgczjjob: 40409,
+
+    mdcjob: 40500,
+    mdcscjob: 40501,
+    mdcyyjob: 40502,
+    mdccljob: 40503,
+    mdchsjob: 40504,
+    mdcjsjob: 40507,
+
+    mspdsbjob: 40601,
+    mpdywjob: 40602,
+    mpwpdgcjob: 40603,
+    mznwdwjob: 40604,
+    mzlpdwjob: 40605,
+    mxndcjob: 40606,
+
+    mdlscjob: 40700,
+
+    yun: 3099,
+    yun: 30991,
+    yun: 30992,
+    yun: 30993,
+    yun: 30994,
+    yun: 30995,
+    yun: 30996,
+    sxh: 3094,
+    msxh: 3093,
+    xiaoyuan: 3091,
+    mxiaoyuan: 4091,
+    xxsxh: 3090,
+    mxxsxh: 4090,
+  }
+
+  for (const k in map) {
+    if (host.includes(k)) return k + '.bjx.com.cn'
+    if (host.includes(map[k])) return k + '.bjx.com.cn'
+  }
+
+  return 'hr.bjx.com.cn'
+}
+function handleCtx(ctx, needSite) {
+  let f = ctx.query.f || ''
+  const origin = ctx.origin
+  const originReg = new RegExp('^' + origin)
+  const rootReg = /^\//
+  if (rootReg.test(f)) {
+    f = origin + f
+  } else if (f && !originReg.test(f)) {
+    f = origin
+  } else if (!f) {
+    const referer = ctx.headers['referer']
+    if (originReg.test(referer) && referer !== ctx.href) {
+      f = referer
+    } else {
+      f = origin
+    }
+  }
+
+  const obj = {
+    returnUrl: f,
+  }
+  if (needSite) {
+    const fHost = f.replace(/^https?:\/\//, '').replace(/\/.*/, '')
+    obj.site = hostToSite(fHost)
+  }
+  return obj
+}
+
+function getLoginCenterUrl(opts, type = '') {
+  const {
+    ctx,
+    site = '',
+    returnUrl = '',
+    BA = '',
+    BP = '',
+    OS = '',
+    EQP = '',
+    ...otherQueryParams
+  } = opts || {}
+  if (!site && !ctx) throw new Error('site is required')
+  if (!returnUrl && !ctx) throw new Error('returnUrl is required')
+  const { clientId, login: loginCenter } = config
+  const pp = objToQs({
+    BA: BA || ctx?.query?.ba || config.ba || '',
+    BP: BP || ctx?.query?.bp || config.bp || '',
+    OS: OS || config.os || 1,
+    EQP: EQP || config.eqp || '',
+  })
+  let sr
+  if (ctx && (!site || !returnUrl)) {
+    sr = handleCtx(ctx, !site)
+  }
+
+  const qs = {
+    site: site ? site : sr.site,
+    clientId,
+    pp,
+    ...otherQueryParams,
+    returnUrl: returnUrl ? returnUrl : sr.returnUrl,
+  }
+
+  const qsStr = objToQs(qs)
+  const login = `/Account/Login?${qsStr}`
+  const register = `/Account/Register?${qsStr}`
+  const logout = `/Account/Logout?${qsStr}`
+  const bind = `/External/UserBind?${qsStr}`
+  const logout2 = `/Account/Logout?${
+    qsStr.replace('returnUrl=.+$', '') + encodeURIComponent(login)
+  }`
+  const paths = {
+    login,
+    register,
+    logout,
+    bind,
+    logout2,
+  }
+  const urls = {
+    login: `${loginCenter}${paths.login}`,
+    register: `${loginCenter}${paths.register}`,
+    logout: `${loginCenter}${paths.logout}`,
+    bind: `${loginCenter}${paths.bind}`,
+    logout2: `${loginCenter}${paths.logout2}`,
+    returnUrl: sr.returnUrl,
+  }
+  if (!type) {
+    return urls
+  } else {
+    let typeArr = []
+    if (Array.isArray(type)) {
+      typeArr = type
+    } else if (typeof type === 'string') {
+      typeArr = type.split(',').map((v) => v.trim())
+    }
+    if (!typeArr.length) {
+      return urls
+    }
+    const obj = {}
+    typeArr.forEach((item) => {
+      const url = urls[item]
+      if (url) {
+        obj[item] = url
+      }
+    })
+    if (Object.keys(obj).length === 1) {
+      return Object.values(obj)[0]
+    } else if (Object.keys(obj).length) {
+      return obj
+    } else {
+      return urls
+    }
+  }
+}
+
+module.exports = {
+  getLoginCenterUrl,
+}