fix: login with github (#87)

* fix: login with github

* use ctx.ip instead of

Author: JacksonTian

app.js

@@ -39,19 +39,16 @@ module.exports = app => {
 
   const githubHandler = async (ctx, { profile }) => {
     const email = profile.emails && profile.emails[0] && profile.emails[0].value;
-    const existUser = await ctx.service.user.getUsersByQuery({
-      githubId: profile.id,
-    });
+    let existUser = await ctx.service.user.getUserByGithubId(profile.id);
 
     // 用户不存在则创建
-    // TODO
     if (!existUser) {
-      return null;
+      existUser = new ctx.model.User();
+      existUser.active = true;
     }
 
     // 用户存在，更新字段
-    // existUser.loginname = profile.username;
-    existUser.githubId = profile.id;
+    existUser.loginname = profile.username;
     existUser.email = email || existUser.email;
     existUser.avatar = profile._json.avatar_url;
     existUser.githubUsername = profile.username;
@@ -76,6 +73,7 @@ module.exports = app => {
       };
       ctx.cookies.set(app.config.auth_cookie_name, auth_token, opts); // cookie 有效期30天
     }
+
     return existUser;
   });
 

app/middleware/topic_per_day_limit.js app/middleware/create_topic_limit.jsapp/middleware/topic_per_day_limit.js renamed to app/middleware/create_topic_limit.js

@@ -1,9 +1,10 @@
 'use strict';
+
 const moment = require('moment');
 
 module.exports = ({ perDayPerUserLimitCount = 10 }) => {
 
-  return async function(ctx, next) {
+  return async function createTopicLimit(ctx, next) {
     const { user, service } = ctx;
     const YYYYMMDD = moment().format('YYYYMMDD');
     const key = `topics_count_${user._id}_${YYYYMMDD}`;

app/middleware/create_user_limit.js

@@ -0,0 +1,35 @@
+'use strict';
+
+const moment = require('moment');
+
+module.exports = limitCount => {
+
+  return async function createUserLimit(ctx, next) {
+    const { service } = ctx;
+    const realIP = ctx.ip;
+
+    const YYYYMMDD = moment().format('YYYYMMDD');
+    const key = `user_count_${realIP}_${YYYYMMDD}`;
+
+    let todayTopicsCount = (await service.cache.get(key)) || 0;
+    if (todayTopicsCount >= limitCount) {
+      ctx.status = 403;
+      ctx.body = {
+        success: false,
+        error_msg: '频率限制：当前操作每天可以进行 ' + limitCount + ' 次',
+      };
+      return;
+    }
+
+    await next();
+
+    if (ctx.status === 302) {
+      // 新建话题成功
+      todayTopicsCount += 1;
+      await service.cache.incr(key, 60 * 60 * 24);
+      ctx.set('X-RateLimit-Limit', limitCount);
+      ctx.set('X-RateLimit-Remaining', limitCount - todayTopicsCount);
+    }
+  };
+};
+

app/router.js

@@ -6,11 +6,13 @@
 module.exports = app => {
   const { router, controller, config, middleware } = app;
 
-  const { site, sign, user, topic, rss, search, page, reply, message } = controller;
+  const { site, sign, user, topic, rss,
+    search, page, reply, message } = controller;
 
   const userRequired = middleware.userRequired();
   const adminRequired = middleware.adminRequired();
-  const topicPerDayLimit = middleware.topicPerDayLimit(config.topic);
+  const createTopicLimit = middleware.createTopicLimit(config.topic);
+  const createUserLimit = middleware.createUserLimit(config.create_user_per_ip);
 
   // home page
   router.get('/', site.index);
@@ -24,7 +26,7 @@ module.exports = app => {
     // 跳转到注册页面
     router.get('/signup', sign.showSignup);
     // 提交注册信息
-    router.post('/signup', sign.signup);
+    router.post('/signup', createUserLimit, sign.signup);
   } else {
     // 进行github验证
     router.redirect('/singup', '/auth/github');
@@ -79,7 +81,7 @@ module.exports = app => {
   router.post('/topic/:tid/delete', userRequired, topic.delete);
 
   // // 保存新建的文章
-  router.post('/topic/create', userRequired, topicPerDayLimit, topic.put);
+  router.post('/topic/create', userRequired, createTopicLimit, topic.put);
 
   router.post('/topic/:tid/edit', userRequired, topic.update);
   router.post('/topic/collect', userRequired, topic.collect); // 关注某话题

app/service/user.js

@@ -29,6 +29,16 @@ class UserService extends Service {
     return this.ctx.model.User.findOne(query).exec();
   }
 
+  /*
+   * 根据 githubId 查找用户
+   * @param {String} githubId 登录名
+   * @return {Promise[user]} 承载用户的 Promise 对象
+   */
+  getUserByGithubId(githubId) {
+    const query = { githubId };
+    return this.ctx.model.User.findOne(query).exec();
+  }
+
   /*
    * 根据用户ID，查找用户
    * @param {String} id 用户ID

app/view/sidebar.html

@@ -18,7 +18,7 @@
         或
         <a href='/signup'>注册</a>
         , 也可以
-        <a href="/auth/github">
+        <a href="/passport/github">
           <span class="span-info">
             通过 GitHub 登录
           </span>
@@ -51,7 +51,7 @@
       <% if (no_reply_topics.length > 0) { %>
       <ul class="unstyled">
         <% no_reply_topics.forEach(topic => { %>
-          <%- include('./topic/small.html', { topic }) %>          
+          <%- include('./topic/small.html', { topic }) %>
         <% }) %>
       </ul>
       <% } else { %>

config/config.default.js

@@ -147,5 +147,8 @@ module.exports = appInfo => {
 
   config.list_topic_count = 20;
 
+  // 每个 IP 每天可创建用户数
+  config.create_user_per_ip = 1000;
+
   return config;
 };

test/app/controller/sign.test.js

@@ -231,4 +231,14 @@ describe('test/app/controller/sign.test.js', () => {
     assert(res.statusCode === 422);
     assert(res.text.includes('用户名或邮箱已被使用。'));
   });
+
+  it('should GET /passport/github', async () => {
+    const res = await app.httpRequest()
+      .get('/passport/github');
+
+    assert(res.statusCode === 302);
+    const patt = /https:\/\/github\.com\/login\/oauth\/authorize\?response_type=code\&redirect_uri=http%3A%2F%2F127\.0\.0\.1%3A(\d+)%2Fpassport%2Fgithub%2Fcallback&client_id=test/;
+    assert(patt.test(res.headers.location));
+  });
+
 });

test/app/controller/user.test.js

@@ -174,21 +174,25 @@ describe('test/app/controller/user.test.js', () => {
       assert(/=([^$]+)\$/g.exec(authUser)[1] === user._id.toString());
       assert(login.headers.location === '/');
 
-      const login1 = await app.httpRequest().post('/passport/local').send({ name: user.loginname, pass: 'pass' });
+      const login1 = await app.httpRequest().post('/passport/local')
+        .send({ name: user.loginname, pass: 'pass' });
       assert(login1.status === 302);
       assert(login1.headers.location === '/signin');
 
-      const login2 = await app.httpRequest().post('/passport/local').send({ name: user.email, pass: 'newpass' });
+      const login2 = await app.httpRequest().post('/passport/local')
+        .send({ name: user.email, pass: 'newpass' });
       assert(login2.status === 302);
       assert(login2.headers.location === '/');
 
-      const login3 = await app.httpRequest().post('/passport/local').send({ name: 'noExistedUser', pass: 'pass' });
+      const login3 = await app.httpRequest().post('/passport/local')
+        .send({ name: 'noExistedUser', pass: 'pass' });
       assert(login3.status === 302);
       assert(login3.headers.location === '/signin');
 
       user.active = false;
       await user.save();
-      const login4 = await app.httpRequest().post('/passport/local').send({ name: user.loginname, pass: 'newpass' });
+      const login4 = await app.httpRequest().post('/passport/local')
+        .send({ name: user.loginname, pass: 'newpass' });
       assert(login4.status === 302);
       assert(login4.headers.location === '/signin');
     });

test/app/service/user.test.js

@@ -45,6 +45,14 @@ describe('test/app/service/user.test.js', () => {
     assert(user.loginname === loginname);
   });
 
+  it('getUserByGithubId should ok', async function() {
+    // 创建 ctx
+    const ctx = app.mockContext();
+
+    const user = await ctx.service.user.getUserByGithubId('githubid');
+    assert(user === null);
+  });
+
   it('getUserById should ok', async function() {
     // 创建 ctx
     const ctx = app.mockContext();