feat: add blockUser middleware (#86)

JacksonTian · web-flow · commit 79b26a72c8e3 · 2018-03-18T23:32:43.000+08:00
* feat: add blockUser middleware

* add test case for block user
diff --git a/app/controller/user.js b/app/controller/user.js
@@ -188,10 +188,10 @@ class UserController extends Controller {
   }
 
   async setting() {
-    const { ctx, ctx: { request: req }, service } = this;
+    const { ctx, service } = this;
     // 显示出错或成功信息
     async function showMessage(msg, data, isSuccess) {
-      data = data || req.body;
+      data = data || ctx.request.body;
       const user = {
         loginname: data.loginname,
         email: data.email,
@@ -201,16 +201,19 @@ class UserController extends Controller {
         weibo: data.weibo,
         accessToken: data.accessToken,
       };
+
       if (isSuccess) {
         user.success = msg;
       } else {
         user.error = msg;
       }
+
       return await ctx.render('user/setting', { user });
     }
 
     // post
-    const { body, body: { action } } = req;
+    const { body } = ctx.request;
+    const action = body.action;
     if (action === 'change_setting') {
       const url = validator.trim(body.url);
       const location = validator.trim(body.location);
@@ -227,8 +230,8 @@ class UserController extends Controller {
     }
 
     if (action === 'change_password') {
-      const oldPass = validator.trim(req.body.old_pass);
-      const newPass = validator.trim(req.body.new_pass);
+      const oldPass = validator.trim(body.old_pass);
+      const newPass = validator.trim(body.new_pass);
       if (!oldPass || !newPass) {
         return showMessage('旧密码或新密码不得为空');
       }
@@ -247,10 +250,13 @@ class UserController extends Controller {
   }
 
   async toggleStar() {
-    const { ctx, ctx: { request: req }, service } = this;
-    const { body } = req;
-    const user_id = body.user_id;
+    const { ctx, service } = this;
+    const user_id = ctx.request.body.user_id;
     const user = await service.user.getUserById(user_id);
+    if (!user) {
+      ctx.body = { status: 'failed', message: '用户不存在' };
+      return;
+    }
 
     user.is_star = !user.is_star;
     await user.save();
@@ -259,8 +265,8 @@ class UserController extends Controller {
   }
 
   async block() {
-    const { ctx, ctx: { request: req }, service } = this;
-    const { body: { action } } = req;
+    const { ctx, service } = this;
+    const action = ctx.request.body.action;
     const loginname = ctx.params.name;
     const user = await service.user.getUserByLoginName(loginname);
 
diff --git a/app/middleware/block_user.js b/app/middleware/block_user.js
@@ -0,0 +1,19 @@
+'use strict';
+
+module.exports = () => {
+
+  return async function blockUser(ctx, next) {
+    if (ctx.path === '/signout') {
+      await next();
+      return;
+    }
+
+    if (ctx.user && ctx.user.is_block && ctx.method !== 'GET') {
+      ctx.status = 403;
+      ctx.body = '您已被管理员屏蔽了。有疑问请联系 @alsotang。';
+      return;
+    }
+
+    await next();
+  };
+};
diff --git a/app/router.js b/app/router.js
@@ -21,13 +21,13 @@ module.exports = app => {
 
   // sign controller
   if (config.allow_sign_up) {
-    router.get('/signup', sign.showSignup); // 跳转到注册页面
-    router.post('/signup', sign.signup); // 提交注册信息
+    // 跳转到注册页面
+    router.get('/signup', sign.showSignup);
+    // 提交注册信息
+    router.post('/signup', sign.signup);
   } else {
     // 进行github验证
-    router.get('/signup', async function() {
-      this.ctx.redirect('/auth/github');
-    });
+    router.redirect('/singup', '/auth/github');
   }
 
   const localStrategy = app.passport.authenticate('local', {
diff --git a/config/config.default.js b/config/config.default.js
@@ -21,7 +21,7 @@ module.exports = appInfo => {
   config.session_secret = 'node_club_secret'; // 务必修改
 
   // add your config here
-  config.middleware = [ 'locals', 'authUser', 'errorPage' ];
+  config.middleware = [ 'locals', 'authUser', 'blockUser', 'errorPage' ];
 
   config.authUser = {
     enable: true,
diff --git a/test/app/controller/user.test.js b/test/app/controller/user.test.js
@@ -146,7 +146,7 @@ describe('test/app/controller/user.test.js', () => {
       assert(/<strong>([\S\s]+)<\/strong>/g.exec(text)[1] === '需要管理员权限。');
     }
 
-    async function handleAdminPost(url, body, cb) {
+    async function handleAdminPost(url, body) {
       // const adminName = Object.keys(app.config.admins)[0];
       // let admin = await ctx.service.user.getUserByLoginName(adminName);
       // if (!admin) {
@@ -162,8 +162,7 @@ describe('test/app/controller/user.test.js', () => {
         .send(body);
       assert(res.status === 200);
       assert(res.body.status === 'success');
-      const updatedUser = await ctx.service.user.getUserById(user._id);
-      cb(updatedUser);
+      return await ctx.service.user.getUserById(user._id);
     }
 
     it('should POST /passport/local set cookies', async () => {
@@ -217,42 +216,41 @@ describe('test/app/controller/user.test.js', () => {
 
 
     it('should POST /user/set_star ok', async () => {
-      await handleAdminPost('/user/set_star', { user_id: user._id }, user => {
-        assert(user.is_star === true);
-      });
+      const result = await handleAdminPost('/user/set_star', { user_id: user._id });
+      assert(result.is_star === true);
     });
 
     it('should POST /user/cancel_star ok', async () => {
-      await handleAdminPost('/user/cancel_star', { user_id: user._id }, user => {
-        assert(user.is_star === false);
-      });
+      const result = await handleAdminPost('/user/cancel_star', { user_id: user._id });
+      assert(result.is_star === false);
     });
 
     it('should POST /user/:name/block no_admin reject', async () => {
       await handleUserPost(`/user/${user.loginname}/block`);
     });
 
     it('should POST /user/:name/block set block ok', async () => {
-      await handleAdminPost(`/user/${user.loginname}/block`, { action: 'set_block' }, user => {
-        assert(user.is_block === true);
+      const result = await handleAdminPost(`/user/${user.loginname}/block`, {
+        action: 'set_block',
       });
+      assert(result.is_block === true);
     });
 
     it('should POST /user/:name/block cancel block ok', async () => {
-      await handleAdminPost(`/user/${user.loginname}/block`, { action: 'cancel_block' }, user => {
-        assert(user.is_block === false);
+      const result = await handleAdminPost(`/user/${user.loginname}/block`, {
+        action: 'cancel_block',
       });
+      assert(result.is_block === false);
     });
 
     it('should POST /user/:name/delete_all no_admin reject', async () => {
       await handleUserPost(`/user/${user.loginname}/delete_all`);
     });
 
     it('should POST /user/:name/delete_all ok', async () => {
-      await handleAdminPost(`/user/${user.loginname}/delete_all`, {}, user => {
-        assert(user);
-        // TODO: Check topics and replies by service method.
-      });
+      const result = await handleAdminPost(`/user/${user.loginname}/delete_all`, {});
+      assert(result);
+      // TODO: Check topics and replies by service method.
     });
   });
 
