🎉 able to create article with token

songquanpeng · Apr 18, 2023 · eba27b9 · eba27b9
1 parent ffe1f60
commit eba27b9
Show file tree

Hide file tree

Showing 3 changed files with 70 additions and 3 deletions.
diff --git a/controllers/page.js b/controllers/page.js
@@ -6,7 +6,7 @@ const Stream = require('stream');
 const { loadNoticeContent } = require('../common/config');
 const { updateCache, loadAllPages } = require('../common/cache');
 const { getDate } = require('../common/util');
-const { PAGE_STATUS } = require('../common/constant');
+const { PAGE_STATUS, PAGE_TYPES } = require('../common/constant');
 
 async function search(req, res) {
   const type = Number(req.body.type);
@@ -77,6 +77,26 @@ async function create(req, res) {
   let upVote = 0;
   let downVote = 0;
 
+  if (req.session.authWithToken) {
+    let oldContent = content;
+    content = `---\ntitle: ${title}\ndescription: ${description}\ntags: \n`;
+    let tags = req.body.tags;
+    for (let i = 0; i < tags.length; i++) {
+      content += `- ${tags[i]}\n`;
+    }
+    content += `---\n\n${oldContent}`;
+    tag = tags.join(';');
+    if (pageStatus === undefined) {
+      pageStatus = PAGE_STATUS.PUBLISHED;
+    }
+    if (commentStatus === undefined) {
+      commentStatus = 1;
+    }
+    if (type === undefined) {
+      type = PAGE_TYPES.ARTICLE;
+    }
+  }
+
   let page;
   let message = 'ok';
   let status = false;

diff --git a/middlewares/api-auth.js b/middlewares/api-auth.js
@@ -1,6 +1,53 @@
+const { User } = require('../models');
+const { Op } = require('sequelize');
 const bannedMessage = '用户已被封禁';
 const deniedMessage = '访问被拒绝';
 
+exports.tokenAuth = async (req, res, next) => {
+  if (req.session.user) {
+    return next();
+  }
+  let accessToken = req.headers['Authorization'];
+  if (!accessToken) {
+    accessToken = req.headers['authorization'];
+  }
+  if (!accessToken) {
+    return res.json({
+      status: false,
+      message: '令牌为空'
+    });
+  }
+  try {
+    let user = await User.findOne({
+      where: {
+        [Op.and]: [{ accessToken }]
+      },
+      attributes: ['id', 'username', 'isBlocked'],
+      raw: true
+    });
+    if (!user) {
+      return res.json({
+        status: false,
+        message: '无效的令牌'
+      });
+    }
+    if (user.isBlocked) {
+      return res.json({
+        status: false,
+        message: bannedMessage
+      });
+    }
+    req.session.user = user;
+    req.session.authWithToken = true;
+    return next();
+  } catch (e) {
+    return res.json({
+      status: false,
+      message: e.message
+    })
+  }
+}
+
 exports.userRequired = (req, res, next) => {
   if (!req.session.user) {
     return res.json({

diff --git a/routes/api-router.v1.js b/routes/api-router.v1.js
@@ -1,6 +1,6 @@
 const express = require('express');
 const router = express.Router();
-const { userRequired, adminRequired } = require('../middlewares/api-auth');
+const { userRequired, adminRequired, tokenAuth } = require('../middlewares/api-auth');
 const { upload } = require('../middlewares/upload');
 
 const page = require('../controllers/page');
@@ -9,7 +9,7 @@ const option = require('../controllers/option');
 const file = require('../controllers/file');
 
 router.post('/page/search', userRequired, page.search);
-router.post('/page', userRequired, page.create);
+router.post('/page', tokenAuth, userRequired, page.create);
 router.get('/page', userRequired, page.getAll);
 router.get('/page/export/:id', userRequired, page.export_);
 router.get('/page/render/:id', page.getRenderedPage);