refactor: admin inject & ut

Author: lqs469

app.js

@@ -80,4 +80,30 @@ module.exports = app => {
     }
     return existUser;
   });
+
+  app.passport.deserializeUser(async (ctx, user) => {
+    if (user) {
+      const auth_token = ctx.cookies.get(ctx.app.config.auth_cookie_name, {
+        signed: true,
+      });
+
+      if (!auth_token) {
+        return user;
+      }
+
+      const auth = auth_token.split('$$$$');
+      const user_id = auth[0];
+      user = await ctx.service.user.getUserById(user_id);
+
+      if (!user) {
+        return user;
+      }
+
+      if (ctx.app.config.admins.hasOwnProperty(user.loginname)) {
+        user.is_admin = true;
+      }
+    }
+
+    return user;
+  });
 };

app/controller/user.js

@@ -90,10 +90,7 @@ class UserController extends Controller {
     }
 
     const pages = Math.ceil(user.collect_topic_count / limit);
-    const opt = {
-      skip: (page - 1) * limit,
-      limit,
-    };
+    const opt = { skip: (page - 1) * limit, limit };
 
     const collects = await service.topicCollect.getTopicCollectsByUserId(user._id, opt);
     const ids = collects.map(function(doc) {
@@ -183,12 +180,6 @@ class UserController extends Controller {
     const id = ctx.user._id;
     const user = await service.user.getUserById(id);
 
-    if (!user) {
-      ctx.status = 404;
-      ctx.message = '发生错误';
-      return;
-    }
-
     if (ctx.request.query.save === 'success') {
       user.success = '保存成功。';
     }
@@ -263,11 +254,6 @@ class UserController extends Controller {
     const user_id = body.user_id;
     const user = await service.user.getUserById(user_id);
 
-    if (!user) {
-      ctx.status = 404;
-      ctx.message = 'user is not exists';
-      return;
-    }
     user.is_star = !user.is_star;
     await user.save();
 
@@ -278,13 +264,7 @@ class UserController extends Controller {
     const { ctx, ctx: { request: req }, service } = this;
     const { body: { action } } = req;
     const loginname = ctx.params.name;
-
     const user = await service.user.getUserByLoginName(loginname);
-    if (!user) {
-      ctx.status = 404;
-      ctx.message = 'user is not exists';
-      return;
-    }
 
     if (action === 'set_block') {
       user.is_block = true;
@@ -300,14 +280,7 @@ class UserController extends Controller {
   async deleteAll() {
     const { ctx, service } = this;
     const loginname = ctx.params.name;
-
-
     const user = await service.user.getUserByLoginName(loginname);
-    if (!user) {
-      ctx.status = 404;
-      ctx.message = 'user is not exists';
-      return;
-    }
 
     // 删除主题
     await ctx.model.Topic.update({ author_id: user._id }, { $set: { deleted: true } }, { multi: true });

app/middleware/admin_required.js

@@ -11,7 +11,7 @@ module.exports = () => {
       return;
     }
 
-    if (!ctx.session.is_admin) {
+    if (!ctx.user.is_admin) {
       await ctx.render('notify/notify', { error: '需要管理员权限。' });
       return;
     }

app/middleware/auth_user.js

@@ -5,43 +5,24 @@ module.exports = () => {
   return async function(ctx, next) {
     // Ensure current_user always has defined.
     ctx.locals.current_user = null;
-    if (ctx.app.config.debug && ctx.cookies.get('mock_user')) {
-      const mockUser = JSON.parse(ctx.cookies.get('mock_user'));
-      ctx.user = new ctx.model.User(mockUser);
-      if (mockUser.is_admin) {
-        ctx.user.is_admin = true;
-      }
-      return await next();
-    }
+    // if (ctx.app.config.debug && ctx.cookies.get('mock_user')) {
+    //   const mockUser = JSON.parse(ctx.cookies.get('mock_user'));
+    //   ctx.user = new ctx.model.User(mockUser);
+    //   if (mockUser.is_admin) {
+    //     ctx.user.is_admin = true;
+    //   }
+    //   return await next();
+    // }
 
-    let { user } = ctx;
-    if (user) {
-      const auth_token = ctx.cookies.get(ctx.app.config.auth_cookie_name, {
-        signed: true,
-      });
-
-      if (!auth_token) {
-        return await next();
-      }
-
-      const auth = auth_token.split('$$$$');
-      const user_id = auth[0];
-      user = await ctx.service.user.getUserById(user_id);
-    }
+    const { user } = ctx;
 
     if (!user) {
       return await next();
     }
 
-    if (ctx.app.config.admins.hasOwnProperty(user.loginname)) {
-      user.is_admin = true;
-    }
-
     const count = await ctx.service.message.getMessagesCount(user._id);
     user.messages_count = count;
     ctx.locals.current_user = user;
-    // 这里需要设置is_admin, 因为ctx.user为只读, 所以使用ctx.session.is_admin
-    ctx.session.is_admin = user.is_admin;
     await next();
   };
 };

app/middleware/user_required.js

@@ -1,10 +1,10 @@
 'use strict';
 
 module.exports = () => {
-
   /*
    * 需要登录
    */
+
   return async function(ctx, next) {
     if (!ctx.user || !ctx.user._id) {
       ctx.status = 403;

app/view/user/user.html

@@ -1,7 +1,7 @@
 <div class='user'>
   <div>
     <a href="/user/<%= user.loginname %>">
-      <img class='user_avatar' src="<%= proxy(user.avatar_url) %>" title="<%= user.loginname %>"/>
+      <img class='user_avatar' src="<%= helper.proxy(user.avatar_url) %>" title="<%= user.loginname %>"/>
     </a>
     <span class='user_name'><a class='dark' href="/user/<%= user.loginname %>"><%= user.loginname %></a></span>
     <div class='space'></div>

test/app/controller/user.test.js

@@ -11,17 +11,31 @@ describe('test/app/controller/user.test.js', () => {
 
   before(async function() {
     ctx = app.mockContext();
-    loginname = `loginname_${Date.now()}`;
+    loginname = `user_loginname_${Date.now()}`;
     email = `${loginname}@test.com`;
     user = await ctx.service.user.newAndSave('name', loginname, tools.bhash('pass'), email, 'avatar_url', 'active');
     assert(user.loginname === loginname);
   });
 
   describe('- Index', () => {
     it('should GET /user ok', async () => {
-      await app.httpRequest().get('/user').expect(404);
-      await app.httpRequest().get('/user/unexisted_user').expect(404);
-      await app.httpRequest().get(`/user/${loginname}`).expect(200);
+      user.url = 'test_url';
+      await user.save();
+
+      const r1 = await app.httpRequest().get('/user');
+      assert(r1.status === 404);
+      assert(/<strong>([\S\s]+)<\/strong>/g.exec(r1.text)[1] === 'Not Found');
+
+      const r2 = await app.httpRequest().get('/user/unexisted_user');
+      assert(r2.status === 404);
+      assert(/<strong>([\S\s]+)<\/strong>/g.exec(r2.text)[1] === '这个用户不存在。');
+
+      const res = await app.httpRequest().get(`/user/${loginname}`);
+      assert(res.status === 200);
+      assert(/<img src="([^"]+)" title=/g.exec(res.text)[1] === user.avatar);
+      assert(/<a class="dark">([^"]+)<\/a>/g.exec(res.text)[1] === user.loginname);
+      assert(/<span class="big">([^"]+)<\/span> 积分/g.exec(res.text)[1] === user.score.toString());
+      assert(/“([\S\s]+)”/g.exec(res.text)[1].replace(/[\t\s]+/g, '') === '这家伙很懒，什么个性签名都没有留下。');
     });
   });
 
@@ -34,10 +48,14 @@ describe('test/app/controller/user.test.js', () => {
     };
 
     it('should GET /setting ok', async () => {
-      await app.httpRequest().get('/setting').expect(403);
+      const nologinRes = await app.httpRequest().get('/setting');
+      assert(nologinRes.status === 403);
+      assert(nologinRes.text === 'forbidden!');
 
       app.mockContext({ user });
       await app.httpRequest().get('/setting').expect(200);
+      const { text } = await app.httpRequest().get('/setting?save=success');
+      assert(/<strong>([\S\s]+)<\/strong>/g.exec(text)[1] === '保存成功。');
     });
 
 
@@ -60,15 +78,37 @@ describe('test/app/controller/user.test.js', () => {
     it('should POST /setting change password ok', async () => {
       app.mockCsrf();
       app.mockContext({ user });
-      const { status } = await app.httpRequest()
+      const res1 = await app.httpRequest()
+        .post('/setting')
+        .type('form')
+        .send({
+          action: 'change_password',
+          old_pass: '',
+          new_pass: '',
+        });
+      assert(res1.status === 200);
+      assert(/<strong>([\S\s]+)<\/strong>/g.exec(res1.text)[1] === '旧密码或新密码不得为空');
+
+      const res2 = await app.httpRequest()
+        .post('/setting')
+        .type('form')
+        .send({
+          action: 'change_password',
+          old_pass: 'worngPass',
+          new_pass: 'worngPass',
+        });
+      assert(res2.status === 200);
+      assert(/<strong>([\S\s]+)<\/strong>/g.exec(res2.text)[1] === '当前密码不正确。');
+
+      const res3 = await app.httpRequest()
         .post('/setting')
         .type('form')
         .send({
           action: 'change_password',
           old_pass: 'pass',
           new_pass: 'newpass',
         });
-      assert(status === 200);
+      assert(res3.status === 200);
 
       const savedUser = await ctx.service.user.getUserById(user._id);
       const equal = tools.bcompare('newpass', savedUser.pass);
@@ -78,36 +118,53 @@ describe('test/app/controller/user.test.js', () => {
 
   describe('- Admin', () => {
     async function handleUserPost(url) {
+      delete user.is_admin;
       app.mockCsrf();
       app.mockContext({ user });
       const { text } = await app.httpRequest()
         .post(url)
-        .type('form')
         .send()
         .expect(200);
       assert(/<strong>([\S\s]+)<\/strong>/g.exec(text)[1] === '需要管理员权限。');
     }
 
     async function handleAdminPost(url, body, cb) {
-      const adminName = Object.keys(app.config.admins)[0];
-      let admin = await ctx.service.user.getUserByLoginName(adminName);
-      if (!admin) {
-        admin = await ctx.service.user.newAndSave(adminName, adminName, 'pass', '[email protected]', 'u', 'active');
-      }
-      const auth_token = admin._id + '$$$$';
-      app.mockCookies({ [app.config.auth_cookie_name]: auth_token });
+      // const adminName = Object.keys(app.config.admins)[0];
+      // let admin = await ctx.service.user.getUserByLoginName(adminName);
+      // if (!admin) {
+      //   admin = await ctx.service.user.newAndSave(adminName, adminName, 'pass', '[email protected]', 'u', 'active');
+      // }
+      // const auth_token = admin._id + '$$$$';
+      // app.mockCookies({ [app.config.auth_cookie_name]: auth_token });
+
+      user.is_admin = true;
       app.mockCsrf();
-      app.mockContext({ user: admin });
-      const res = await app.httpRequest()
-        .post(url)
-        .type('json')
-        .send(body)
-        .expect(200);
+      app.mockContext({ user });
+      const res = await app.httpRequest().post(url).type('json')
+        .send(body);
+      assert(res.status === 200);
       assert(res.body.status === 'success');
       const updatedUser = await ctx.service.user.getUserById(user._id);
       cb(updatedUser);
     }
 
+    it('should POST /passport/local set cookies', async () => {
+      app.mockCsrf();
+      const login = await app.httpRequest().post('/passport/local').send({ name: user.loginname, pass: 'newpass' });
+      assert(login.status === 302);
+      const cookies = login.headers['set-cookie'];
+      const authUser = cookies.find(c => c.indexOf('$$$$') > -1);
+      assert(/=([^$]+)\$/g.exec(authUser)[1] === user._id.toString());
+      assert(login.headers.location === '/');
+    });
+
+    it('should POST /user/set_star no_login reject', async () => {
+      app.mockCsrf();
+      const res = await app.httpRequest().post('/user/set_star').send();
+      assert(res.status === 200);
+      assert(/<strong>([\S\s]+)<\/strong>/g.exec(res.text)[1] === '你还没有登录。');
+    });
+
     it('should POST /user/set_star no_admin reject', async () => {
       await handleUserPost('/user/set_star');
     });
@@ -159,16 +216,31 @@ describe('test/app/controller/user.test.js', () => {
     });
   });
 
+  describe('- Stars', () => {
+    it('should GET /stars ok', async () => {
+      await app.httpRequest().get('/stars').expect(200);
+    });
+  });
+
   describe('- Records', () => {
     it('should GET /user/:name/collections ok', async () => {
+      const noExistedUser = await app.httpRequest().get('/user/no_user/collections');
+      assert(noExistedUser.status === 404);
+      assert(/<strong>([\S\s]+)<\/strong>/g.exec(noExistedUser.text)[1] === '这个用户不存在。');
       await app.httpRequest().get(`/user/${user.loginname}/collections`).expect(200);
     });
 
     it('should GET /user/:name/topics ok', async () => {
+      const noExistedUser = await app.httpRequest().get('/user/no_user/topics');
+      assert(noExistedUser.status === 404);
+      assert(/<strong>([\S\s]+)<\/strong>/g.exec(noExistedUser.text)[1] === '这个用户不存在。');
       await app.httpRequest().get(`/user/${user.loginname}/topics`).expect(200);
     });
 
     it('should GET /user/:name/replies ok', async () => {
+      const noExistedUser = await app.httpRequest().get('/user/no_user/replies');
+      assert(noExistedUser.status === 404);
+      assert(/<strong>([\S\s]+)<\/strong>/g.exec(noExistedUser.text)[1] === '这个用户不存在。');
       await app.httpRequest().get(`/user/${user.loginname}/replies`).expect(200);
     });
   });