bjx-auth 1.2.0 → 1.4.0

package/src/strategy/strategy.js

@@ -1,261 +0,0 @@
-const { Strategy } = require('passport')
-const { setConfig, getConfig, getToken, getUserInfo } = require('./handle')
-const { errorLogger, debugLogger } = require('../logger')
-
-class BjxStrategy extends Strategy {
-  constructor(options = {}, verify) {
-    super()
-
-    // 策略名称
-    this.name = 'bjx'
-
-    // 配置选项
-    this.loadUserInfo = options.loadUserInfo || false
-    this.userInfoDuration = this.normalizeDuration(options.loadUserInfo)
-    this.userInfoType = options.userInfoType || ''
-    this.handleHeadrToken = options.handleHeadrToken || false
-    this.verify = verify || ((user, done) => done(null, user))
-
-    // 设置配置缓存
-    setConfig(options.authConfig)
-    if (options.authConfig.debug) {
-      debugLogger('配置项', getConfig())
-    }
-  }
-
-  normalizeDuration(val) {
-    // loadUserInfo参数 单位为分钟 但是这里返回毫秒 减少比较时的计算
-    if (typeof val === 'number' && val > 0) {
-      return val * 60 * 1000
-    }
-    return 30 * 60 * 1000
-  }
-
-  authenticate(req, options) {
-    // 检查必要的cookie
-    const hasRequiredCookies =
-      req.cookies &&
-      req.cookies.get('idsrv.session') &&
-      req.cookies.get('.AspNetCore.Identity.Application')
-
-    // 检查必要的header
-    const hasRequiredHeaders =
-      req.headers && (req.headers.authtoken || req.headers.authorization)
-
-    // 假如不存在 则认证失败
-    if (!hasRequiredCookies && !(this.handleHeadrToken && hasRequiredHeaders)) {
-      return this.fail(new Error('Missing required cookies or headers'))
-    }
-
-    if (this.handleHeadrToken && hasRequiredHeaders) {
-      this.executeCosplayAuthentication(req)
-        .then((user) => {
-          this.success(user)
-        })
-        .catch((err) => {
-          if (err.message === '__goto_next__') {
-            this.pass()
-          } else {
-            this.error(err)
-          }
-        })
-    } else if (hasRequiredCookies) {
-      // 否则 执行认证流程
-      this.executeAuthentication(req)
-        .then((user) =>
-          // 创建策略时 可传入回调函数 已追加认证逻辑
-          this.verify(user, (err, verifiedUser) => {
-            if (err) return this.error(err)
-            this.success(verifiedUser)
-          }),
-        )
-        .catch((err) => {
-          if (err.message === '__goto_next__') {
-            this.pass()
-          } else {
-            this.error(err)
-          }
-        })
-    } else {
-      this.pass()
-    }
-  }
-
-  async executeCosplayAuthentication(req) {
-    // 以Bearer开始的 为Authorization头 否则为Authtoken头
-    let token = ''
-    let isAuthorization = false
-    if (req.headers?.authtoken) {
-      token = req.headers.authtoken
-    } else if (req.headers?.authorization) {
-      token = req.headers.authorization.replace('Bearer ', '')
-      isAuthorization = true
-    }
-
-    const su = req?.session?.passport?.user || {}
-    if (su.token?.access_token === token) {
-      throw new Error('__goto_next__')
-    }
-
-    // 假如session里面没有不是该token说明换了 需要重新获取
-    su.info = null
-    const userInfo = await this.getUserInfoWithRefresh(
-      (isAuthorization ? 'Bearer ' : '') + token,
-      req,
-      {},
-    )
-    if (userInfo) {
-      debugLogger(
-        `通过${isAuthorization ? 'Authorization' : 'Authtoken'}头信息登录系统`,
-      )
-      if (isAuthorization) {
-        return {
-          token: {
-            token_type: 'Bearer',
-            access_token: token,
-            expires_at: (Date.now() / 1000 + 4 * 600) | 0,
-          },
-          info: userInfo,
-        }
-      } else {
-        return {
-          token: {
-            bjx_token_flag: 'This token from authtoken/authorization header',
-            token_type: '',
-            access_token: token,
-            expires_at: (Date.now() / 1000 + 4 * 600) | 0,
-          },
-          info: userInfo,
-        }
-      }
-    } else {
-      throw new Error('Invalid headers token')
-    }
-  }
-
-  async executeAuthentication(req) {
-    // 获取请求头信息
-    const headers = this.extractHeaders(req)
-
-    // 获取cookie
-    const cookies = {
-      'idsrv.session': req.cookies.get('idsrv.session'),
-      '.AspNetCore.Identity.Application': req.cookies.get(
-        '.AspNetCore.Identity.Application',
-      ),
-    }
-
-    // 获取令牌 不存在时直接抛出错误
-    const tokenData = await this.getTokenWithRefresh(cookies, req, headers)
-    if (!tokenData) throw new Error('Get token failed')
-
-    // 获取用户信息 假如配置中为false 则不获取
-    let userInfo
-    if (this.loadUserInfo) {
-      const token = tokenData.access_token
-      userInfo = await this.getUserInfoWithRefresh(token, req, headers)
-    }
-
-    return {
-      token: tokenData,
-      info: userInfo,
-    }
-  }
-
-  extractHeaders(req) {
-    return {
-      'X-Forwarded-For': req.headers['x-forwarded-for'],
-      'X-Forwarded-Host': req.headers['x-forwarded-host'],
-      'User-Agent': req.headers['user-agent'],
-      Referer: req.headers['referer'],
-    }
-  }
-
-  async getTokenWithRefresh(cookies, req, headers) {
-    const su = req?.session?.passport?.user || {}
-    const now = Date.now()
-
-    // 判断token的标识和cookie中的标识是否一致
-    if (su.token?.bjx_token_flag !== cookies['idsrv.session']) {
-      su.token = undefined
-      su.info = undefined
-      debugLogger('令牌标识和cookie内的不一致')
-    }
-
-    // 检查passport中的令牌 是否需要刷新
-    if (su.token && su.token.expires_at * 1000 > now) {
-      throw new Error('__goto_next__')
-    }
-
-    // 假如存在token 还到这一步 说明是刷新token
-    const isRefresh = !!su.token
-    if (isRefresh) {
-      debugLogger('更新令牌')
-    }
-
-    // 获取新token
-    const newToken = await getToken(cookies, isRefresh, {
-      ctx: req.ctx,
-      headers,
-    })
-
-    debugLogger('获取“新”令牌', cookies, isRefresh, newToken || '无')
-    return newToken
-  }
-
-  async getUserInfoWithRefresh(token, req, headers) {
-    const su = req?.session?.passport?.user || {}
-    const now = Date.now()
-
-    // 检查passport中的用户信息 是否需要刷新
-    if (su.info && su.info.__expires_at__ > now) {
-      throw new Error('__goto_next__')
-    }
-
-    // 获取新用户信息
-    const newUserInfo = await getUserInfo(token, this.userInfoType, {
-      ctx: req.ctx,
-      headers,
-    })
-
-    // 设置用户信息的过期时间 这里用毫秒
-    if (newUserInfo) {
-      newUserInfo.__expires_at__ = now + this.userInfoDuration
-    }
-
-    debugLogger('获取“新”用户信息', token, newUserInfo || '无')
-    return newUserInfo
-  }
-}
-
-// Koa中间件
-function createBjxAuthMiddleware(passport) {
-  return async (ctx, next) => {
-    await new Promise((resolve) => {
-      passport.authenticate('bjx', (err, user, info, status) => {
-        if (err) {
-          // this.error()
-          errorLogger(err)
-          ctx.logout()
-        } else if (user) {
-          // this.success()
-          ctx.login(user)
-        } else {
-          // this.fail()
-          ctx.logout()
-        }
-        resolve()
-      })(ctx, () => {
-        // this.pass()
-        resolve()
-      })
-    })
-
-    await next()
-  }
-}
-
-module.exports = {
-  BjxStrategy,
-  createBjxAuthMiddleware,
-}

package/src/strategy/utils.js

@@ -1,268 +0,0 @@
-const config = require('../config')
-
-function objToQs(obj) {
-  if (!obj || Object.keys(obj).length === 0) return ''
-  const params = []
-  for (const key in obj) {
-    if (obj[key]) {
-      params.push(`${key}=${encodeURIComponent(obj[key])}`)
-    }
-  }
-  return params.join('&')
-}
-
-function hostToSite(host) {
-  const map = {
-    hr: 30000,
-
-    dljob: 30100,
-    hdjob: 30101,
-    fdjob: 30102,
-    sdjob: 30103,
-    hedjob: 30104,
-    gfjob: 30105,
-    zhnyfwjob: 30106,
-    shdjob: 30107,
-    tanjob: 30108,
-    qnjob: 30109,
-
-    dqjob: 30200,
-    cnjob: 30201,
-    spdjob: 30202,
-    zdhjob: 30203,
-    xxhjob: 30204,
-
-    hbjob: 30300,
-    scljob: 30301,
-    gfcljob: 30302,
-    dqzljob: 30303,
-    jchpjob: 30304,
-    hbfdjob: 30305,
-    hbgcjob: 30306,
-    hbsbjob: 30307,
-    hjxfjob: 30308,
-    jnjob: 30309,
-
-    gcjob: 30400,
-    dlgcjob: 30401,
-    jzjob: 30402,
-    szlqjob: 30403,
-    gdjob: 30404,
-    jdjob: 30406,
-    sjjob: 30407,
-    jljob: 30408,
-    gczjjob: 30409,
-
-    dcjob: 30500,
-    dcscjob: 30501,
-    dcyyjob: 30502,
-    dccljob: 30503,
-    dchsjob: 30504,
-    dcjsjob: 30507,
-
-    spdsbjob: 30601,
-    pdywjob: 30602,
-    pwpdgcjob: 30603,
-    znwdwjob: 30604,
-    zlpdwjob: 30605,
-    xndcjob: 30606,
-
-    dlscjob: 30700,
-
-    mhr: 40000,
-
-    mdljob: 40100,
-    mhdjob: 40101,
-    mfdjob: 40102,
-    msdjob: 40103,
-    mhedjob: 40104,
-    mgfjob: 40105,
-    mzhnyfwjob: 40106,
-    mshdjob: 40107,
-    mtanjob: 40108,
-    mqnjob: 40109,
-
-    mdqjob: 40200,
-    mcnjob: 40201,
-    mspdjob: 40202,
-    mzdhjob: 40203,
-    mxxhjob: 40204,
-
-    mhbjob: 40300,
-    mscljob: 40301,
-    mgfcljob: 40302,
-    mdqzljob: 40303,
-    mjchpjob: 40304,
-    mhbfdjob: 40305,
-    mhbgcjob: 40306,
-    mhbsbjob: 40307,
-    mhjxfjob: 40308,
-    mjnjob: 40309,
-
-    mgcjob: 40400,
-    mdlgcjob: 40401,
-    mjzjob: 40402,
-    mszlqjob: 40403,
-    mgdjob: 40404,
-    mjdjob: 40406,
-    msjjob: 40407,
-    mjljob: 40408,
-    mgczjjob: 40409,
-
-    mdcjob: 40500,
-    mdcscjob: 40501,
-    mdcyyjob: 40502,
-    mdccljob: 40503,
-    mdchsjob: 40504,
-    mdcjsjob: 40507,
-
-    mspdsbjob: 40601,
-    mpdywjob: 40602,
-    mpwpdgcjob: 40603,
-    mznwdwjob: 40604,
-    mzlpdwjob: 40605,
-    mxndcjob: 40606,
-
-    mdlscjob: 40700,
-
-    yun: 3099,
-    yun: 30991,
-    yun: 30992,
-    yun: 30993,
-    yun: 30994,
-    yun: 30995,
-    yun: 30996,
-    sxh: 3094,
-    msxh: 3093,
-    xiaoyuan: 3091,
-    mxiaoyuan: 4091,
-    xxsxh: 3090,
-    mxxsxh: 4090,
-  }
-
-  for (const k in map) {
-    if (host.includes(k)) return k + '.bjx.com.cn'
-    if (host.includes(map[k])) return k + '.bjx.com.cn'
-  }
-
-  return 'hr.bjx.com.cn'
-}
-function handleCtx(ctx, needSite) {
-  let f = ctx.query.f || ''
-  const origin = ctx.origin
-  const originReg = new RegExp('^' + origin)
-  const rootReg = /^\//
-  if (rootReg.test(f)) {
-    f = origin + f
-  } else if (f && !originReg.test(f)) {
-    f = origin
-  } else if (!f) {
-    const referer = ctx.headers['referer']
-    if (originReg.test(referer) && referer !== ctx.href) {
-      f = referer
-    } else {
-      f = origin
-    }
-  }
-
-  const obj = {
-    returnUrl: f,
-  }
-  if (needSite) {
-    const fHost = f.replace(/^https?:\/\//, '').replace(/\/.*/, '')
-    obj.site = hostToSite(fHost)
-  }
-  return obj
-}
-
-function getLoginCenterUrl(opts, type = '') {
-  const {
-    ctx,
-    site = '',
-    returnUrl = '',
-    BA = '',
-    BP = '',
-    OS = '',
-    EQP = '',
-    ...otherQueryParams
-  } = opts || {}
-  if (!site && !ctx) throw new Error('site is required')
-  if (!returnUrl && !ctx) throw new Error('returnUrl is required')
-
-  const { clientId, login: loginCenter } = config
-
-  const pp = objToQs({
-    BA: BA || ctx?.query?.ba || config.ba || '',
-    BP: BP || ctx?.query?.bp || config.bp || '',
-    OS: OS || config.os || 1,
-    EQP: EQP || config.eqp || '',
-  })
-
-  let sr
-  if (ctx && (!site || !returnUrl)) {
-    sr = handleCtx(ctx, !site)
-  }
-
-  const qs = {
-    site: site ? site : sr.site,
-    clientId,
-    pp,
-    ...otherQueryParams,
-    returnUrl: returnUrl ? returnUrl : sr.returnUrl,
-  }
-
-  const qsStr = objToQs(qs)
-  const login = `/Account/Login?${qsStr}`
-  const register = `/Account/Register?${qsStr}`
-  const logout = `/Account/Logout?${qsStr}`
-  const bind = `/External/UserBind?${qsStr}`
-  const logout2 = `/Account/Logout?${
-    qsStr.replace('returnUrl=.+$', '') + encodeURIComponent(login)
-  }`
-  const paths = {
-    login,
-    register,
-    logout,
-    bind,
-    logout2,
-  }
-  const urls = {
-    login: `${loginCenter}${paths.login}`,
-    register: `${loginCenter}${paths.register}`,
-    logout: `${loginCenter}${paths.logout}`,
-    bind: `${loginCenter}${paths.bind}`,
-    logout2: `${loginCenter}${paths.logout2}`,
-    returnUrl: sr.returnUrl,
-  }
-  if (!type) {
-    return urls
-  } else {
-    let typeArr = []
-    if (Array.isArray(type)) {
-      typeArr = type
-    } else if (typeof type === 'string') {
-      typeArr = type.split(',').map((v) => v.trim())
-    }
-    if (!typeArr.length) {
-      return urls
-    }
-    const obj = {}
-    typeArr.forEach((item) => {
-      const url = urls[item]
-      if (url) {
-        obj[item] = url
-      }
-    })
-    if (Object.keys(obj).length === 1) {
-      return Object.values(obj)[0]
-    } else if (Object.keys(obj).length) {
-      return obj
-    } else {
-      return urls
-    }
-  }
-}
-
-module.exports = {
-  getLoginCenterUrl,
-}