open-source/qinglong
1
0
Fork 0
mirror of https://github.com/whyour/qinglong.git synced 2025-05-23 23:06:06 +08:00
Code Issues Packages Projects Releases Wiki Activity

修复token唯一性验证

Browse Source
This commit is contained in:
hanhh 2021-06-30 12:16:05 +08:00
parent b1bee910b2
commit e7aff6d1d6
4 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
back/api/auth.ts
View File

@ -4,7 +4,7 @@ import { Logger } from 'winston';
import * as fs from 'fs'; import * as fs from 'fs';
import config from '../config'; import config from '../config';
import jwt from 'jsonwebtoken'; import jwt from 'jsonwebtoken';
import { createPassword } from '../config/util'; import { createRandomString } from '../config/util';
import crypto from 'crypto'; import crypto from 'crypto';
const route = Router(); const route = Router();
@ -25,7 +25,7 @@ export default (app: Router) => {
authInfo.username === 'admin' && authInfo.username === 'admin' &&
authInfo.password === 'adminadmin' authInfo.password === 'adminadmin'
) { ) {
const newPassword = createPassword(16, 22); const newPassword = createRandomString(16, 22);
fs.writeFileSync( fs.writeFileSync(
config.authConfigFile, config.authConfigFile,
JSON.stringify({ JSON.stringify({
@ -42,7 +42,7 @@ export default (app: Router) => {
username == authInfo.username && username == authInfo.username &&
password == authInfo.password password == authInfo.password
) { ) {
const data = createPassword(50, 100); const data = createRandomString(50, 100);
let token = jwt.sign({ data }, config.secret as any, { let token = jwt.sign({ data }, config.secret as any, {
expiresIn: 60 * 60 * 24 * 3, expiresIn: 60 * 60 * 24 * 3,
algorithm: 'HS384', algorithm: 'HS384',

3
back/config/index.ts
View File

@ -1,5 +1,6 @@
import dotenv from 'dotenv'; import dotenv from 'dotenv';
import path from 'path'; import path from 'path';
import { createRandomString } from './util';
process.env.NODE_ENV = process.env.NODE_ENV || 'development'; process.env.NODE_ENV = process.env.NODE_ENV || 'development';
@ -34,7 +35,7 @@ if (configFound.error) {
export default { export default {
port: parseInt(process.env.PORT as string, 10), port: parseInt(process.env.PORT as string, 10),
cronPort: parseInt(process.env.CRON_PORT as string, 10), cronPort: parseInt(process.env.CRON_PORT as string, 10),
secret: process.env.SECRET, secret: process.env.SECRET || createRandomString(16, 32),
logs: { logs: {
level: process.env.LOG_LEVEL || 'silly', level: process.env.LOG_LEVEL || 'silly',
}, },

2
back/config/util.ts
View File

@ -27,7 +27,7 @@ export function getLastModifyFilePath(dir: string) {
return filePath; return filePath;
} }
export function createPassword(min: number, max: number): string { export function createRandomString(min: number, max: number): string {
const num = ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9']; const num = ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9'];
const english = [ const english = [
'a', 'a',

2
back/loaders/express.ts
View File

@ -18,7 +18,7 @@ export default ({ app }: { app: Application }) => {
}), }),
); );
app.use((req, res, next) => { app.use((req, res, next) => {
if (req.url && req.url.includes('/api/login')) { if (req.url && req.path.includes('/api/login')) {
return next(); return next();
} }
const data = fs.readFileSync(config.authConfigFile, 'utf8'); const data = fs.readFileSync(config.authConfigFile, 'utf8');