base_controller.js 5.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176
  1. /**
  2. * 控制器基类
  3. *
  4. * @author CaiAoLin
  5. * @date 2017/6/29
  6. * @version
  7. */
  8. import crypto from "crypto";
  9. import Url from "url";
  10. import Moment from 'moment-timezone';
  11. // import menuData from "../../../config/menu";
  12. class BaseController {
  13. /**
  14. * 页面title
  15. *
  16. * @var string
  17. */
  18. title = '';
  19. /**
  20. * 构造函数
  21. *
  22. * @return {void}
  23. */
  24. constructor() {
  25. /**
  26. * 使BaseController可以实例化,可作为中间件使用
  27. */
  28. /*if (new.target === BaseController) {
  29. throw new Error('BaseController不能实例化,只能继承使用。');
  30. }*/
  31. }
  32. /**
  33. * 初始化函数
  34. *
  35. * @param {object} request
  36. * @param {object} response
  37. * @param {function} next
  38. * @return {void}
  39. */
  40. init(request, response, next) {
  41. // 获取当前控制器和动作名称
  42. let urlInfo = Url.parse(request.originalUrl, true);
  43. let url = urlInfo.pathname.substr(1);
  44. let actionInfo = url.split('/');
  45. let controller = 'index';
  46. let action = 'index';
  47. switch (actionInfo.length) {
  48. case 1:
  49. controller = actionInfo[0];
  50. break;
  51. case 2:
  52. controller = actionInfo[0];
  53. action = actionInfo[1];
  54. break;
  55. default:
  56. controller = actionInfo[0];
  57. break;
  58. }
  59. try {
  60. console.log('enterINit');
  61. // 如果不适超级管理员则判断权限
  62. let sessionManager = request.session.managerData;
  63. let MenuPermission = sessionManager.menuData;
  64. if (sessionManager.superAdmin !== 1) {
  65. let currentPermission = sessionManager.toolPermission;
  66. // MenuPermission = sessionManager.menuData;
  67. // 校验权限 暂时只检测能否使用该controller名称的总权限,不细分
  68. currentPermission = currentPermission.split(',');
  69. let withoutPermission = ['login', 'dashboard'];
  70. // 工具
  71. let toolAllPermission = sessionManager.toolAllPermission;
  72. toolAllPermission = toolAllPermission.split(',');
  73. // let toolAllPermission = ['stdBillsmain', 'rationRepository', 'rpt_tpl', 'stdGljRepository',
  74. // 'billsGuidance', 'clearJunk', 'billsTemplate', 'mainTreeCol',
  75. // 'materialReplace', 'projectFeature', 'feeRate', 'calcProgram'];
  76. let hasToolPermission = true;
  77. if (toolAllPermission.indexOf(controller) >= 0 && currentPermission.indexOf(controller) < 0) {
  78. hasToolPermission = false;
  79. }
  80. let currentControllerPermission = '';
  81. // let currentActionPermission = true;
  82. if(withoutPermission.indexOf(controller) < 0) {
  83. if (MenuPermission.hasOwnProperty(controller)) {
  84. currentControllerPermission = MenuPermission[controller];
  85. }
  86. // if (currentControllerPermission !== '' && action !== 'index') {
  87. // if (currentControllerPermission.children.hasOwnProperty(action)) {
  88. // currentActionPermission = true;
  89. // }
  90. // } else if (action === 'index') {
  91. // currentActionPermission = true
  92. // }
  93. }
  94. if (withoutPermission.indexOf(controller) < 0 &&
  95. !(hasToolPermission || currentControllerPermission !== '')) {
  96. throw '没有权限';
  97. }
  98. }
  99. // 菜单数据
  100. response.locals.menu = MenuPermission;
  101. // 二级菜单数据
  102. response.locals.secondMenu = MenuPermission[controller] !== undefined && MenuPermission[controller].children !== undefined ?
  103. MenuPermission[controller].children : {};
  104. // url相关数据
  105. response.locals.urlQuery = JSON.stringify(urlInfo.query);
  106. response.locals.controller = controller;
  107. response.locals.action = action;
  108. // 用户session数据
  109. response.locals.manager = sessionManager;
  110. // moment工具
  111. response.locals.moment = Moment;
  112. } catch (error) {
  113. console.log('enterAURE');
  114. console.log(error);
  115. response.redirect('/dashboard');
  116. return;
  117. }
  118. next();
  119. }
  120. /**
  121. * 验证方法
  122. *
  123. * @param {object} request
  124. * @param {object} response
  125. * @param {function} next
  126. * @return {void}
  127. */
  128. auth(request, response, next) {
  129. // 判断session
  130. let mangerData = request.session.managerData;
  131. try {
  132. console.log('enterAuth');
  133. if (typeof mangerData !== 'object' || Object.keys(mangerData).length < 0) {
  134. throw 'err data';
  135. }
  136. if (mangerData.username === undefined || mangerData.loginTime === undefined) {
  137. throw 'username empty';
  138. }
  139. // 校验session
  140. let sessionToken = crypto.createHmac('sha1', mangerData.loginTime + '')
  141. .update(mangerData.username).digest().toString('base64');
  142. if (sessionToken !== mangerData.sessionToken) {
  143. throw 'session error';
  144. }
  145. } catch (error) {
  146. console.log('enterAURE');
  147. response.redirect('/login');
  148. return;
  149. }
  150. next();
  151. }
  152. }
  153. export default BaseController;