起源
Yapi作为市面上流传已久的接口文档,我将其部署在公司内网后(暴露域名用于外部访问)。但是为了避免外部人员看到内部文档,基于内部登录重写Yapi的第三方登录系统,关闭开放注册
同一域名下,登录其他系统会通用token
不想大改Yapi登录结构
了解Yapi结构
- server端核心代码在base.js,校验登录状态方法getLoginStatus可以做手脚
|--server
|--controller
|--base.js
- 增加else的处理逻辑
再安装一个东西
npm install -save request-promise-native
const rpn = require('request-promise-native');
else {
let token = ctx.cookies.get('token');
if (token != null) {
let questUrl = "http://localhost:8080/checkUser?token=" + token;
let options = {
method: 'GET',
uri: questUrl
};
let rpnbody = await rpn(options);
if (rpnbody == null) {
body = yapi.commons.resReturn(null, 40011, '请登录...');
} else {
let userIndex = rpnbody.indexOf("自定义条件")
if (userIndex != -1) {
//当前用户token有效
let userInst = yapi.getInst(userModel);
let checkRepeat = await userInst.checkRepeat(rpnbody); //然后检查是否已经存在该用户
if (checkRepeat > 0) {
let dbUser = await userInst.findByEmail(rpnbody);
let _id = dbUser.get("_id");
let username = dbUser.get("username");
let email = dbUser.get("email");
let passsalt = dbUser.get("passsalt")
//赋值
this.$uid = _id;
this.$auth = true;
this.$user = dbUser;
let dbResult = yapi.commons.fieldSelect(dbUser, [
'_id',
'username',
'email',
'up_time',
'add_time',
'role',
'type',
'study'
]);
this.setLoginCookie(_id, passsalt);
await this.handlePrivateGroup(_id, username, email);
body = yapi.commons.resReturn(dbResult);
} else {
body = yapi.commons.resReturn(null, 40011, '请登录...');
}
}
这种已经可以实现需求,利用Http请求校验身份的正确性
未完