Calculation/app/middleware/session_auth.js

'use strict';

// 加密类
const crypto = require('crypto');
module.exports = options => {
    /**
     * session判断中间件
     *
     * @param {function} next - 中间件继续执行的方法
     * @return {void}
     */
    return function* sessionAuth(next) {
        try {
            // 判断session
            const managerSession = this.session.managerSession;
            if (managerSession === undefined) {
                throw '不存在session';
            }
            // 校验session
            if (managerSession.username === undefined || managerSession.loginTime === undefined) {
                throw '用户数据不完整';
            }
            // 校验session
            const sessionToken = crypto.createHmac('sha1', managerSession.loginTime + '')
                .update(managerSession.username).digest().toString('base64');
            if (sessionToken !== managerSession.sessionToken) {
                throw 'session数据错误';
            }
        } catch (error) {
            return this.redirect('/');
        }
        yield next;
    };
};