Commit 1aaf9a0a authored by Lorex's avatar Lorex

feat: 新增驗證機制

parent 4cf20499
module.exports = {
friendlyName: 'Auth',
description: 'Auth app.',
inputs: {
appId: {
type: 'string',
required: true
},
appSecret: {
type: 'string',
required: true
},
token: {
type: 'string',
required: true
}
},
exits: {
success: {
responseType: 'ok'
},
err: {
responseType: 'err'
}
},
fn: async function (inputs, exits) {
// 驗證 app 是否有效
const _getApp = await App.findOne({
and: [{
appId: inputs.appId
},
{
appSecret: inputs.appSecret
}
]});
if (!_getApp) {
return exits.err(901);
}
// app 有效,開始驗證 JWT
const jwt = await sails.helpers.verifyJwt(inputs.token);
if (jwt.hasOwnProperty('name') && jwt.name === 'JsonWebTokenError') {
return exits.err(902);
}
// All done.
return exits.success(jwt);
}
};
const jwt = require('jsonwebtoken');
module.exports = {
friendlyName: 'Verify jwt',
description: '',
inputs: {
token:{
type: 'string',
required: true
}
},
exits: {
success: {
description: 'All done.',
},
},
fn: async function (inputs, exits) {
try {
let decoded = await jwt.verify(inputs.token, sails.config.custom.jwtSecret);
return exits.success(decoded);
} catch (err) {
return exits.success(err);
}
}
};
......@@ -17,6 +17,14 @@ module.exports.errcode = {
900: {
msg: '操作失敗:尚未登入',
status: 401
}
},
901: {
msg: '操作失敗:無效的 AppId 或 AppSecret',
status: 401
},
902: {
msg: '操作失敗:無效的 JWT Token',
status: 401
},
}
};
......@@ -9,5 +9,6 @@
*/
module.exports.routes = {
'POST /user/login': 'user/login'
'POST /user/login': 'user/login',
'POST /app/auth': 'app/auth'
};
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment