完善登录逻辑

完善session和cookie的使用

app.js

@@ -1,10 +1,10 @@
 const createError = require('http-errors');
 const express = require('express');
 const path = require('path');
-const cookieParser = require('cookie-parser');
 const logger = require('morgan');
 const cors = require('cors');
 const session = require('express-session');
+const cookieParser = require('cookie-parser');
 
 const indexRouter = require('./routes/index');
 const mongodbConfig = require('./db/mongodb.config');
@@ -15,26 +15,24 @@ const app = express();
 require("dotenv").config();
 const dbAccount = process.env.DB_ACCOUNT;
 const dbPassword = process.env.DB_PASSWORD;
+const loginSecret = process.env.SESSION_SECRET;
 mongodbConfig.connectMongoDB(dbAccount, dbPassword);
 
 app.use(cors());
 app.use(logger('dev'));
 app.use(express.json());
 app.use(express.urlencoded({ extended: false }));
-app.use(cookieParser());
 app.use(express.static(path.join(__dirname, 'public')));
+app.use(cookieParser());
 app.use(session({
-  secret: 'sessiontest',
+  name: 'identityKey',
+  secret: loginSecret,
   resave: false,
   saveUninitialized: false,
   cookie: {
-    path: '/',
-    name: 'login',
-    secret: 'sessiontest',
     secure: false,
-    maxAge: 1000 * 60 * 60,
+    maxAge: 1000 * 60 * 10,
   },
-  name: 'ivan',
 }));
 
 app.use('/', indexRouter);

controllers/userController.js

@@ -10,3 +10,11 @@ exports.user_list = expressAsyncHandler(async (req, res, next) => {
         next(err);
     }
 });
+
+exports.find_user_login = expressAsyncHandler(async (account) => {
+    try {
+        return await User.findOne({ account: account });
+    } catch (err) {
+        next(err);
+    }
+});

routes/index.js

@@ -14,28 +14,57 @@ router.get('/', function (req, res, next) {
 });
 
 router.get('/user', async function (req, res, next) {
+  console.log(req.session);
+  console.log(req.session.account);
+  if (req.session.account === null || req.session.account === '' || req.session.account === undefined) {
+    res.send('not login');
+    return;
+  }
   let us = await user_controller.user_list();
   us = JSON.stringify(us);
   res.send(us);
 })
 
 router.post('/login', async function (req, res, next) {
-  let us = await user_controller.user_list();
   const body = JSON.parse(JSON.stringify(req.body));
-  if (StringUtils.isNotEmpty(body)) {
-    if (body.account === '' || body.account === undefined || body.account === null) {
-      res.send('account is null');
+  if (!StringUtils.isNotEmpty(body)) {
+    res.json({ ret_code: -1, ret_msg: '登录失败' });
   }
-    if (body.password === '' || body.password === undefined || body.password === null) {
-      res.send('password is null');
+  const account = body.account;
+  const password = body.password;
+
+  if (account === '' || account === undefined || account === null) {
+    return res.json({ ret_code: -1, ret_msg: '没有填写账号' });
   }
+  if (password === '' || password === undefined || password === null) {
+    return res.json({ ret_code: -1, ret_msg: '没有填写密码' });
   }
 
+  const user = await user_controller.find_user_login(account);
+  if (!user) {
+    return res.json({ ret_code: -1, ret_msg: '账号不存在' })
+  }
+
+  if (user.password != password) {
+    return res.json({ ret_code: -1, ret_msg: '密码错误' })
+  }
+
+  req.session.regenerate((err) => {
+    if (err) {
+      return res.json({ ret_code: -1, ret_msg: '登录失败' });
+    }
+    req.session.account = account;
+    console.log(req.session.account);
+    res.json({ ret_code: 0, ret_msg: '登录成功' });
+  });
+});
+
+router.get('/logout', async function (req, res, next) {
   console.log(req.session);
-  console.log(body.account);
-  req.session.userid = body.account;
-  console.log(req.session);
-  res.send('return ok');
+  console.log(req.sessionID);
+  console.log(req.session.account);
+  console.log(req.session.cookie);
+  res.json({ ret_code: 1, ret_msg: '成功' });
 });
 
 module.exports = router;

utils/LoginUtil.js

@@ -0,0 +1,10 @@
+exports.aopMiddleware = function (req, res, next) {
+    console.log(req.url);
+    console.log(req.method);
+
+    if (req.session) {
+
+    }
+
+    next();
+}