外部登录

app/controller/response.js

@@ -7,7 +7,7 @@ class ResponseController extends Controller {
   // 内部授权注册
   async internalAuth() {
     // https://b.jianbing.com/51business/api/response/internal/auth?target_url=https://b.jianbing.com/webserve/51estate/index&channel_id=fc_gjjfc1
-    const { ctx } = this;
+    const { ctx, app } = this;
     const header = ctx.request.header;
     const input_params = ctx.query;
     let target_url = input_params.target_url;
@@ -16,8 +16,22 @@ class ResponseController extends Controller {
       channel_id: { type: 'string', required: true },
       auth_token: { type: 'string', required: false },
       user_sid: { type: 'string', required: false },
+      user_token: { type: 'string', required: false },
     };
     ctx.validate(rule, input_params);
+    if (input_params.user_token) {
+      const rule = {
+        auth_token: { type: 'string' },
+        user_sid: { type: 'string' },
+      };
+      ctx.validate(rule, input_params);
+      const user_token = await app.memcache.get(`${app.name}/${app.config.env}/${input_params.user_sid}`);
+      if (user_token !== input_params.user_token) {
+        ctx.failed('user_token 已失效');
+      }
+      // token回收
+      await app.memcache.set(`${app.name}/${app.config.env}/${input_params.user_sid}`, '', 60);
+    }
 
     const channel_alias = input_params.channel_id;
     if (target_url.indexOf('?') !== -1) {
@@ -39,8 +53,14 @@ class ResponseController extends Controller {
 
 
     let user_sid = ctx.cookies.get('jianbing_customer_id', { signed: false });
-    if (!user_sid && input_params.user_sid) {
-      user_sid = input_params.user_sid;
+    let auth_token = ctx.cookies.get('auth_token', { signed: false });
+    if (input_params.user_token) {
+      if (!user_sid) {
+        user_sid = input_params.user_sid;
+      }
+      if (!auth_token) {
+        auth_token = input_params.auth_token;
+      }
     }
     // 判断user_sid 和 app_user_id
 
@@ -56,10 +76,6 @@ class ResponseController extends Controller {
       }
     }
 
-    let auth_token = ctx.cookies.get('auth_token', { signed: false });
-    if (!auth_token && input_params.auth_token) {
-      auth_token = input_params.auth_token;
-    }
     ctx.logger.info('target_user--' + new Date().getTime() + JSON.stringify({ target_old_user: { auth_token, user_sid } }));
     const phone_info = await ctx.service.user.get_phone_by_user_sid({ user_sid, token: auth_token });// 获取用户手机号码
     ctx.logger.info('phone_info: ' + JSON.stringify(phone_info));
@@ -137,6 +153,18 @@ class ResponseController extends Controller {
     return;
   }
 
+  async token() {
+    const { ctx, app } = this;
+    const input_params = ctx.query;
+    const rule = {
+      user_sid: { type: 'string' },
+    };
+    ctx.validate(rule, input_params);
+
+    const token = ctx.helper.getUuid();
+    await app.memcache.set(`${app.name}/${app.config.env}/${input_params.user_sid}`, token, 60);
+    ctx.success(token);
+  }
 
 }
 

app/extend/helper.js

 'use strict';
 const XML2JS = require('xml2js');
 const crypto = require('crypto');
+const v4 = require('uuid/v4');
 
 module.exports = {
 
@@ -64,6 +65,10 @@ module.exports = {
     return ret.digest('hex');
   },
 
+  getUuid() {
+    return v4();
+  },
+
   // 发送请求 注意params和options都为对象
   async send_request(url, params, input_options) {
     const { ctx } = this;

app/router/response.js

 'use strict';
 
 module.exports = app => {
-    const router = app.router.namespace(app.config.projectRootPath + '/response');
+  const router = app.router.namespace(app.config.projectRootPath + '/response');
 
-    router.get('avoid_auth', '/internal/auth', 'response.internalAuth');//购房计划地图点位
+  router.get('avoid_auth', '/internal/auth', 'response.internalAuth');// 购房计划地图点位
+  router.get('avoid_auth', '/internal/token', 'response.token');
 
 };