refactor: setting page & auth expired check & admin (#43)

* refactor: user page when no signin

* refactor: user page with data

* refactor: user page(collectTopics, topics, replies)

* refactor: middleware errorPage

* refactor: user page when no signin

* refactor: replace lodash function

* fix: use lodash sortBy

* refactor: move avatar_hostname to default.config

* refactor: inject helper in middleware ctx.locals

* refactor: setting page with session user data

* refactor: user setting post

* fix: setting post failure

* refactor: set auth cookies

* refactor: admin(toggleStar, blockUser, deleteAllReply)

* fix: admin_user_name

* test: user contorller UT 1/2

* refactor: middleware errorPage

* refactor: move avatar_hostname to default.config

* refactor: inject helper in middleware ctx.locals

* refactor: setting page with session user data

* fix: setting post failure

* refactor: set auth cookies

* refactor: admin(toggleStar, blockUser, deleteAllReply)

* fix: admin_user_name

Author: lqs469

app.js

@@ -23,8 +23,7 @@ module.exports = app => {
 
     const passhash = existUser.pass;
     // TODO: change to async compare
-    const equal = tools.bcompare(passhash, password);
-
+    const equal = tools.bcompare(password, passhash);
     // 密码不匹配
     if (!equal) {
       return null;
@@ -67,6 +66,24 @@ module.exports = app => {
   app.passport.verify(async (ctx, user) => {
     ctx.logger.debug('passport.verify', user);
     const handler = user.provider === 'github' ? githubHandler : localHandler;
-    return handler(ctx, user);
+    const existUser = await handler(ctx, user);
+    if (existUser) {
+      // id存入Cookie, 用于验证过期.
+      const auth_token = existUser._id + '$$$$'; // 以后可能会存储更多信息，用 $$$$ 来分隔
+      const opts = {
+        path: '/',
+        maxAge: 1000 * 60 * 60 * 24 * 30,
+        signed: true,
+        httpOnly: true,
+      };
+      ctx.cookies.set(app.config.auth_cookie_name, auth_token, opts); // cookie 有效期30天
+    }
+    return existUser;
+  });
+
+  app.passport.serializeUser(async (ctx, user) => {
+    // 默认会注入session.passport.user, 为方便使用改为session.user (?)
+    ctx.session.user = user;
+    return user;
   });
 };

app/controller/user.js

@@ -2,7 +2,8 @@
 
 const _ = require('lodash');
 const utility = require('utility');
-
+const tools = require('../common/tools');
+const validator = require('validator');
 const Controller = require('egg').Controller;
 
 class UserController extends Controller {
@@ -177,6 +178,145 @@ class UserController extends Controller {
     });
   }
 
+  async showSetting() {
+    const { ctx, service } = this;
+    const id = ctx.session.user._id;
+    const user = await service.user.getUserById(id);
+
+    if (!user) {
+      ctx.status = 404;
+      ctx.message = '发生错误';
+      return;
+    }
+
+    if (ctx.request.query.save === 'success') {
+      user.success = '保存成功。';
+    }
+
+    return await ctx.render('user/setting', { user });
+  }
+
+  async setting() {
+    const { ctx, ctx: { request: req }, service } = this;
+    // 显示出错或成功信息
+    async function showMessage(msg, data, isSuccess) {
+      data = data || req.body;
+      const user = {
+        loginname: data.loginname,
+        email: data.email,
+        url: data.url,
+        location: data.location,
+        signature: data.signature,
+        weibo: data.weibo,
+        accessToken: data.accessToken,
+      };
+      if (isSuccess) {
+        user.success = msg;
+      } else {
+        user.error = msg;
+      }
+      return await ctx.render('user/setting', { user });
+    }
+
+    // post
+    const { body, body: { action } } = req;
+    if (action === 'change_setting') {
+      const url = validator.trim(body.url);
+      const location = validator.trim(body.location);
+      const weibo = validator.trim(body.weibo);
+      const signature = validator.trim(body.signature);
+
+      const user = await service.user.getUserById(ctx.session.user._id);
+      user.url = url;
+      user.location = location;
+      user.signature = signature;
+      user.weibo = weibo;
+      user.save();
+
+      ctx.session.user = user.toObject({ virtual: true });
+      return ctx.redirect('/setting?save=success');
+    }
+
+    if (action === 'change_password') {
+      const oldPass = validator.trim(req.body.old_pass);
+      const newPass = validator.trim(req.body.new_pass);
+      if (!oldPass || !newPass) {
+        return showMessage('旧密码或新密码不得为空');
+      }
+
+      const user = await service.user.getUserById(ctx.session.user._id);
+      const equal = tools.bcompare(oldPass, user.pass);
+      if (!equal) {
+        return showMessage('当前密码不正确。', user);
+      }
+
+      const newPassHash = tools.bhash(newPass);
+      user.pass = newPassHash;
+      user.save();
+      return showMessage('密码已被修改。', user, true);
+    }
+  }
+
+  async toggleStar() {
+    const { ctx, ctx: { request: req }, service } = this;
+    const { body } = req;
+    const user_id = body.user_id;
+    const user = await service.user.getUserById(user_id);
+
+    if (!user) {
+      ctx.status = 404;
+      ctx.message = 'user is not exists';
+      return;
+    }
+    user.is_star = !user.is_star;
+    user.save();
+
+    ctx.body = { status: 'success' };
+  }
+
+  async block() {
+    const { ctx, ctx: { request: req }, service } = this;
+    const { body: { action } } = req;
+    const loginname = ctx.params.name;
+
+    const user = await service.user.getUserByLoginName(loginname);
+    if (!user) {
+      ctx.status = 404;
+      ctx.message = 'user is not exists';
+      return;
+    }
+
+    if (action === 'set_block') {
+      user.is_block = true;
+      user.save();
+      ctx.body = { status: 'success' };
+    } else if (action === 'cancel_block') {
+      user.is_block = false;
+      user.save();
+      ctx.body = { status: 'success' };
+    }
+  }
+
+  async deleteAll() {
+    const { ctx, service } = this;
+    const loginname = ctx.params.name;
+
+
+    const user = await service.user.getUserByLoginName(loginname);
+    if (!user) {
+      ctx.status = 404;
+      ctx.message = 'user is not exists';
+      return;
+    }
+
+    // 删除主题
+    ctx.model.Topic.update({ author_id: user._id }, { $set: { deleted: true } }, { multi: true });
+    // 删除评论
+    ctx.model.Reply.update({ author_id: user._id }, { $set: { deleted: true } }, { multi: true });
+    // 点赞数也全部干掉
+    ctx.model.Reply.update({}, { $pull: { ups: user._id } }, { multi: true });
+    ctx.body = { status: 'success' };
+  }
 }
 
 // var User         = require('../proxy').User;

app/middleware/admin_required.js

@@ -1,22 +1,18 @@
 'use strict';
 
-module.exports = (options, app) => {
-
+module.exports = () => {
   /**
    * 需要管理员权限
    */
+
   return async function(ctx, next) {
     if (!ctx.session.user) {
-      await ctx.render('notify/notify', {
-        error: '你还没有登录。'
-      });
+      await ctx.render('notify/notify', { error: '你还没有登录。' });
       return;
     }
 
     if (!ctx.session.user.is_admin) {
-      await ctx.render('notify/notify', {
-        error: '需要管理员权限。'
-      });
+      await ctx.render('notify/notify', { error: '需要管理员权限。' });
       return;
     }
 

app/middleware/auth_user.js

@@ -14,7 +14,7 @@ module.exports = () => {
       return await next();
     }
 
-    let user = ctx.session.user;
+    let { user } = ctx.session;
     if (user) {
       const auth_token = ctx.cookies.get(ctx.app.config.auth_cookie_name, {
         signed: true,
@@ -37,7 +37,7 @@ module.exports = () => {
       user.is_admin = true;
     }
 
-    const count = await this.service.message.getMessagesCount(user._id);
+    const count = await ctx.service.message.getMessagesCount(user._id);
     user.messages_count = count;
     ctx.session.user = user;
     ctx.locals.current_user = user;

app/middleware/locals.js

@@ -1,6 +1,7 @@
 'use strict';
 
 const Loader = require('loader');
+const helper = require('../extend/helper');
 
 module.exports = (options, app) => {
   // assets
@@ -24,6 +25,7 @@ module.exports = (options, app) => {
     ctx.locals.Loader = Loader;
     ctx.locals.assets = assets;
     ctx.locals.csrf = ctx.csrf;
+    ctx.locals = Object.assign({}, ctx.locals, helper);
     await next();
   };
 };

app/middleware/proxy.js

@@ -1,12 +1,13 @@
 'use strict';
 
-module.exports = (options, app) => {
-
+module.exports = () => {
   /**
    * 需要登录
    */
+
   return async function(ctx, next) {
-    if (!ctx.session || !ctx.session.user || !ctx.session.user._id) {
+    const { session } = ctx;
+    if (!session || !session.user || !session.user._id) {
       ctx.status = 403;
       ctx.body = 'forbidden!';
       return;

app/middleware/user_required.js

@@ -49,17 +49,17 @@ module.exports = app => {
 
   // user controller
   router.get('/user/:name', user.index); // 用户个人主页
-  // router.get('/setting', userRequired, user.showSetting); // 用户个人设置页
-  // router.post('/setting', userRequired, user.setting); // 提交个人信息设置
+  router.get('/setting', userRequired, user.showSetting); // 用户个人设置页
+  router.post('/setting', userRequired, user.setting); // 提交个人信息设置
   router.get('/stars', user.listStars); // 显示所有达人列表页
   router.get('/users/top100', user.top100); // 显示积分前一百用户页
   router.get('/user/:name/collections', user.listCollectedTopics); // 用户收藏的所有话题页
   router.get('/user/:name/topics', user.listTopics); // 用户发布的所有话题页
   router.get('/user/:name/replies', user.listReplies); // 用户参与的所有回复页
-  // router.post('/user/set_star', adminRequired, user.toggleStar); // 把某用户设为达人
-  // router.post('/user/cancel_star', adminRequired, user.toggleStar); // 取消某用户的达人身份
-  // router.post('/user/:name/block', adminRequired, user.block); // 禁言某用户
-  // router.post('/user/:name/delete_all', adminRequired, user.deleteAll); // 删除某用户所有发言
+  router.post('/user/set_star', adminRequired, user.toggleStar); // 把某用户设为达人
+  router.post('/user/cancel_star', adminRequired, user.toggleStar); // 取消某用户的达人身份
+  router.post('/user/:name/block', adminRequired, user.block); // 禁言某用户
+  router.post('/user/:name/delete_all', adminRequired, user.deleteAll); // 删除某用户所有发言
 
   // // message controler
   // router.get('/my/messages', userRequired, message.index); // 用户个人的所有消息页

app/router.js

@@ -1,4 +1,4 @@
-<% include ./sidebar.html %>
+<% include sidebar.html %>
 
 <div id="content">
   <div class="panel">

app/view/index.html

@@ -6,7 +6,7 @@
       <span class='col_fade'>个人信息</span>
     </div>
     <div class='inner'>
-      <%-  include('../user/card.html', { object: typeof user === 'undefined' ? current_user : user, as: 'user' }) %>
+      <%-  include('./user/card.html', { user: typeof user === 'undefined' ? current_user : user }) %>
     </div>
     <% } else { %>
     <div class='inner'>
@@ -50,7 +50,7 @@
     <div class='inner'>
       <% if (no_reply_topics.length > 0) { %>
       <ul class="unstyled">
-        <%- include('topic/small', { collection: no_reply_topics, as: 'topic' }) %>
+        <%- include('topic/small', { topic: no_reply_topics }) %>
       </ul>
       <% } else { %>
       <p>无</p>