fix: upload file (#101)

nanzm · JacksonTian · commit 5b1b2404aefb · 2018-04-08T09:56:29.000+08:00
* fix: upload file (#99) * test: add upload test (#99) * fix: del sync code * fix：move qnUpload hepler into service * snyk pass * lint * fix: some specifics
diff --git a/.snyk b/.snyk
@@ -0,0 +1,31 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.10.2
+# ignores vulnerabilities until expiry date; change duration by modifying expiry date
+ignore:
+  'npm:hoek:20180212':
+    - loader-builder > less > request > hawk > hoek:
+        reason: None given
+        expires: '2018-04-24T12:22:34.546Z'
+    - loader-builder > less > request > hawk > boom > hoek:
+        reason: i dont know how to fix this.
+        expires: '2018-04-24T12:22:34.546Z'
+    - loader-builder > less > request > hawk > sntp > hoek:
+        reason: None given
+        expires: '2018-04-24T12:22:34.546Z'
+    - loader-builder > less > request > hawk > cryptiles > boom > hoek:
+        reason: None given
+        expires: '2018-04-24T12:22:34.546Z'
+    - loader-koa > less > request > hawk > boom > hoek:
+        reason: None given
+        expires: '2018-04-24T12:22:34.547Z'
+    - loader-koa > less > request > hawk > sntp > hoek:
+        reason: None given
+        expires: '2018-04-24T12:22:34.547Z'
+    - loader-koa > less > request > hawk > cryptiles > boom > hoek:
+        reason: None given
+        expires: '2018-04-24T12:22:34.547Z'
+  'npm:mime:20170907':
+    - qiniu > mime:
+        reason: None given
+        expires: '2018-04-24T12:22:34.547Z'
+patch: {}
diff --git a/app/controller/topic.js b/app/controller/topic.js
@@ -4,6 +4,7 @@ const Controller = require('egg').Controller;
 const _ = require('lodash');
 const path = require('path');
 const fs = require('fs');
+const uuidv1 = require('uuid/v1');
 const awaitWriteStream = require('await-stream-ready').write;
 const sendToWormhole = require('stream-wormhole');
 
@@ -415,26 +416,25 @@ class TopicController extends Controller {
    * 上传
    */
   async upload() {
-    const { ctx, config } = this;
+    const { ctx, config, service } = this;
+    const uid = uuidv1();
     const stream = await ctx.getFileStream();
-    const filename = encodeURIComponent(stream.fields.name) +
-      path.extname(stream.filename).toLowerCase();
-    const target = path.join(config.upload.path, filename);
+    const filename = uid + path.extname(stream.filename).toLowerCase();
 
     // 如果有七牛云的配置,优先上传七牛云
-    if (config.qn_access) {
+    if (config.qn_access && config.qn_access.secretKey !== 'your secret key') {
       try {
-        const upload = this.ctx.helper.qnUpload(config.qn_access);
-        const result = await upload(stream);
+        const result = await service.topic.qnUpload(stream, filename);
         ctx.body = {
           success: true,
-          url: result.url,
+          url: config.qn_access.origin + '/' + result.key,
         };
       } catch (err) {
         await sendToWormhole(stream);
         throw err;
       }
     } else {
+      const target = path.join(config.upload.path, filename);
       const writeStream = fs.createWriteStream(target);
       try {
         await awaitWriteStream(stream.pipe(writeStream));
diff --git a/app/extend/helper.js b/app/extend/helper.js
@@ -5,8 +5,6 @@ const validator = require('validator');
 const jsxss = require('xss');
 const moment = require('moment');
 const bcrypt = require('bcryptjs');
-const util = require('util');
-const qn = require('qn');
 
 moment.locale('zh-cn'); // 使用中文
 
@@ -114,16 +112,3 @@ exports.bhash = str => {
 exports.bcompare = (str, hash) => {
   return bcrypt.compareSync(str, hash);
 };
-
-let qnClientUpload;
-
-exports.qnUpload = options => {
-  // 7牛 client
-  if (qnClientUpload) return qnClientUpload;
-  let qnClient;
-  if (options.qn_access && options.qn_access.secretKey !== 'your secret key') {
-    qnClient = qn.create(options.qn_access);
-  }
-  qnClientUpload = util.promisify(qnClient.upload);
-  return qnClientUpload;
-};
diff --git a/app/public/upload/.gitkeep b/app/public/upload/.gitkeep
diff --git a/app/router.js b/app/router.js
@@ -95,7 +95,7 @@ module.exports = app => {
   router.post('/reply/:reply_id/edit', userRequired, reply.update); // 修改某评论
   router.post('/reply/:reply_id/delete', userRequired, reply.delete); // 删除某评论
   router.post('/reply/:reply_id/up', userRequired, reply.up); // 为评论点赞
-  // router.post('/upload', auth.userRequired, topic.upload); // 上传图片
+  router.post('/upload', userRequired, topic.upload); // 上传图片
   // static page
   router.get('/about', page.about);
   router.get('/faq', page.faq);
diff --git a/app/service/topic.js b/app/service/topic.js
@@ -1,6 +1,7 @@
 'use strict';
 
 const Service = require('egg').Service;
+const qiniu = require('qiniu');
 
 class TopicService extends Service {
   /*
@@ -179,6 +180,38 @@ class TopicService extends Service {
 
     return topic.save();
   }
+
+  /*
+   * 七牛上传
+   * @param {Stream} readableStream 流
+   * @param {String} key 文件名key
+   * @param {Function} callback 回调函数
+   */
+  qnUpload(readableStream, key) {
+    const { accessKey, secretKey, bucket } = this.config.qn_access;
+
+    const mac = new qiniu.auth.digest.Mac(accessKey, secretKey);
+    const putPolicy = new qiniu.rs.PutPolicy({ scope: bucket });
+    const uploadToken = putPolicy.uploadToken(mac);
+
+    const config = new qiniu.conf.Config();
+    const formUploader = new qiniu.form_up.FormUploader(config);
+    const putExtra = new qiniu.form_up.PutExtra();
+
+    return new Promise(function(resolve, reject) {
+      formUploader.putStream(uploadToken, key, readableStream, putExtra, function(respErr, respBody, respInfo) {
+        if (respErr) {
+          reject(respErr);
+          return;
+        }
+        if (respInfo.statusCode === 200) {
+          resolve(respBody);
+        } else {
+          reject(new Error('上传失败:statusCode !== 200'));
+        }
+      });
+    });
+  }
 }
 
 module.exports = TopicService;
diff --git a/config/config.default.js b/config/config.default.js
@@ -67,7 +67,7 @@ module.exports = appInfo => {
   // 文件上传配置
   // 注：如果填写 qn_access，则会上传到 7牛，以下配置无效
   config.upload = {
-    path: path.join(__dirname, 'public/upload/'),
+    path: path.join(__dirname, '../app/public/upload/'),
     url: '/public/upload/',
   };
 
diff --git a/package.json b/package.json
@@ -24,7 +24,7 @@
     "markdown-it": "^8.4.1",
     "nodemailer": "^4.6.2",
     "nodemailer-smtp-transport": "^2.7.4",
-    "qn": "^1.3.0",
+    "qiniu": "^7.1.3",
     "stream-wormhole": "^1.0.3",
     "uuid": "^3.2.1",
     "validator": "^9.4.1",
diff --git a/test/app/controller/topic.test.js b/test/app/controller/topic.test.js
@@ -1,6 +1,7 @@
 'use strict';
 
 const { app, assert } = require('egg-mock/bootstrap');
+const path = require('path');
 
 function randomInt() {
   return (Math.random() * 10000).toFixed(0);
@@ -287,4 +288,23 @@ describe('test/app/controller/topic.test.js', () => {
     await app.httpRequest().post(`/topic/${topicId}/delete`).expect(200);
     await app.httpRequest().post(`/topic/${objectId}/delete`).expect(422);
   });
+
+  it('should POST /upload ok', async () => {
+    const file = path.resolve(__dirname, '../../../app/public/images/logo.png');
+    mockUser();
+    await app
+      .httpRequest()
+      .post('/upload')
+      .attach('logo', file)
+      .expect(200);
+  });
+
+  it('should POST /upload forbidden', async () => {
+    const file = path.resolve(__dirname, '../../../app/public/images/logo.png');
+    await app
+      .httpRequest()
+      .post('/upload')
+      .attach('logo', file)
+      .expect(403);
+  });
 });
