free-be-account 0.0.23 → 0.0.24
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +12 -12
- package/package.json +1 -1
package/index.js
CHANGED
|
@@ -466,10 +466,8 @@ module.exports = (app) => ({
|
|
|
466
466
|
let user;
|
|
467
467
|
|
|
468
468
|
// 用来做第三方集成身份认证的字段
|
|
469
|
-
let userid = req.body.UserId || req.header('UserId');
|
|
470
469
|
let appid = req.body.AppId || req.header('AppId');
|
|
471
470
|
let ts = req.body.Timestamp || req.header('Timestamp');
|
|
472
|
-
// md5(JSON.stringify({Timestamp:xxx, UserId: xxx, UserSecret:xxx }))
|
|
473
471
|
let sign = req.body.Sign || req.header('Sign');
|
|
474
472
|
|
|
475
473
|
if (cacheData.type === 'wx') {
|
|
@@ -478,22 +476,25 @@ module.exports = (app) => ({
|
|
|
478
476
|
} else if (cacheData.type === 'pwd') {
|
|
479
477
|
// login with username/email/phone and password
|
|
480
478
|
user = await req.app.models['account'].findOne({ id, Enabled: true, Deleted: false });
|
|
481
|
-
} else if (
|
|
479
|
+
} else if (appid && sign && ts) {
|
|
482
480
|
// 第三方系统集成
|
|
483
|
-
const tmpUser = await req.app.models['account'].findOne({ id:
|
|
481
|
+
const tmpUser = await req.app.models['account'].findOne({ id: appid, Enabled: true, Deleted: false });
|
|
484
482
|
|
|
485
483
|
if (!tmpUser) {
|
|
486
484
|
return false;
|
|
487
485
|
}
|
|
488
486
|
|
|
489
|
-
const tmpSign = crypto.MD5(
|
|
490
|
-
Timestamp: ts,
|
|
491
|
-
UserId: userid,
|
|
492
|
-
UserSecret: tmpUser.Secret
|
|
493
|
-
}));
|
|
487
|
+
const tmpSign = crypto.MD5(`${appid}${ts}${tmpUser.Secret}`);
|
|
494
488
|
|
|
495
489
|
if (tmpSign !== sign) {
|
|
496
|
-
req.app.logger.debug('user: ' +
|
|
490
|
+
req.app.logger.debug('user: ' + appid + ',sign: ' + sign + ',ts:' + ts + ',realSign: ' + tmpSign);
|
|
491
|
+
return false;
|
|
492
|
+
}
|
|
493
|
+
|
|
494
|
+
// 请求时间不能超过5分钟,且不能比当前时间大于10秒钟
|
|
495
|
+
const now = Date.now();
|
|
496
|
+
if (((now - ts) > 5 * 60 * 1000 )|| ((ts - now) > 10 * 1000)) {
|
|
497
|
+
req.app.logger.debug('user: ' + appid + ',sign: ' + sign + ',ts:' + ts + ',now: ' + now);
|
|
497
498
|
return false;
|
|
498
499
|
}
|
|
499
500
|
|
|
@@ -510,8 +511,7 @@ module.exports = (app) => ({
|
|
|
510
511
|
// 更新时间戳
|
|
511
512
|
tmpUser.LastCallTimestamp = ts;
|
|
512
513
|
await tmpUser.save();
|
|
513
|
-
}
|
|
514
|
-
else {
|
|
514
|
+
} else {
|
|
515
515
|
return false;
|
|
516
516
|
}
|
|
517
517
|
|