feat: 守卫中修改为单点登录

Author: kuangshp

src/decorators/current.user.ts

@@ -14,11 +14,9 @@ export const CurrentUser = createParamDecorator((data: string, ctx: ExecutionCon
  */
 export interface ICurrentUserType {
   id: number;
-  username?: string;
-  mobile?: string;
-  email?: string;
-  isSuper?: number;
-  platform?: number;
-  iat: number;
-  exp: number;
+  username: string;
+  email: string;
+  mobile: string;
+  isSuper: number;
+  platform: number;
 }

src/guard/auth/auth.guard.ts

@@ -6,13 +6,13 @@ import {
   HttpStatus,
   Logger,
 } from '@nestjs/common';
-import * as jwt from 'jsonwebtoken';
 import { getUrlQuery } from '@src/utils';
 import { CodeEnum, CodeMessage } from '@src/enums/code.enum';
 import { API_AUTH_KEY } from '@src/constants';
 import { ApiAuthService } from '@src/modules/shared/services/api-auth/api-auth.service';
-
-const SECRET = process.env.SECRET as string;
+import { AccountTokenEntity } from '@src/modules/admin/system/account/entities/account.token.entity';
+import moment from 'moment';
+import { ICurrentUserType } from '@src/decorators/current.user';
 
 @Injectable()
 export class AuthGuard implements CanActivate {
@@ -30,17 +30,22 @@ export class AuthGuard implements CanActivate {
     console.log(methodAuth, classAuth, '守卫中', request.method, request.url);
     if (token) {
       try {
-        const user = await this.verifyToken(token, SECRET);
-        console.log(user, '当前用户');
-        if (user) {
-          request.user = user;
+        // 1.从数据库查询是否存在记录
+        const accountInfo: Extract<AccountTokenEntity, ICurrentUserType> | undefined =
+          await AccountTokenEntity.findOne({
+            where: { token },
+            select: ['userId', 'username', 'mobile', 'expireTime', 'platform', 'email', 'isSuper'],
+          });
+        const isExpire: boolean = moment(accountInfo?.expireTime).isAfter(new Date());
+        console.log(isExpire, '是否过期');
+        if (accountInfo && isExpire) {
+          const user: ICurrentUserType = { ...accountInfo, id: accountInfo.userId };
+          request.user = accountInfo;
           if (methodAuth || classAuth) {
-            console.log('11走资源守卫');
             const method = request.method;
             const url = request.url;
             return this.apiAuthService.apiAuth(user, method, url);
           } else {
-            console.log('11不走资源守卫');
             return true;
           }
         } else {
@@ -63,28 +68,4 @@ export class AuthGuard implements CanActivate {
       );
     }
   }
-
-  /**
-   * @Author: 水痕
-   * @Date: 2021-03-22 11:13:07
-   * @LastEditors: 水痕
-   * @Description: 校验用户传递过来的token
-   * @param {string} token
-   * @param {string} secret
-   * @return {*}
-   */
-  private verifyToken(token: string, secret: string): Promise<any> {
-    return new Promise((resolve) => {
-      jwt.verify(token, secret, (error, payload) => {
-        if (error) {
-          console.log('-----------error start--------------');
-          console.log(error);
-          console.log('-----------error end--------------');
-          throw new HttpException('token不合法', HttpStatus.OK);
-        } else {
-          resolve(payload);
-        }
-      });
-    });
-  }
 }

src/modules/admin/system/account/services/login/login.service.ts

@@ -11,15 +11,8 @@ import { AccountTokenEntity } from '../../entities/account.token.entity';
 import { ConfigService, InjectConfig } from 'nestjs-config';
 import moment from 'moment';
 import { usernameReg } from '@src/constants';
+import { ICurrentUserType } from '@src/decorators/current.user';
 
-interface IAccount {
-  id: number;
-  username: string;
-  email: string;
-  mobile: string;
-  isSuper: number;
-  platform: number;
-}
 @Injectable()
 export class LoginService {
   private logger: Logger = new Logger(LoginService.name);
@@ -45,7 +38,7 @@ export class LoginService {
   async adminLogin(loginDto: LoginDto, ipAddress: string): Promise<LoginVo> {
     try {
       const { username, password } = loginDto;
-      type TypeAccountFindResult = Extract<AccountEntity, IAccount> | undefined;
+      type TypeAccountFindResult = Extract<AccountEntity, ICurrentUserType> | undefined;
       let findAccount: TypeAccountFindResult;
       const queryBuilder = this.queryLoginBuilder;
       // 根据手机号码查询
@@ -148,10 +141,10 @@ export class LoginService {
    * @Date: 2021-07-26 10:15:17
    * @LastEditors: 水痕
    * @Description: 过来字段
-   * @param {IAccount} accountInfo
+   * @param {ICurrentUserType} accountInfo
    * @return {*}
    */
-  private filterAccountField(accountInfo: IAccount): IAccount {
+  private filterAccountField(accountInfo: ICurrentUserType): ICurrentUserType {
     const { username, mobile, email } = accountInfo;
     const _mobile = isMobilePhone(mobile, 'zh-CN') ? mobile : '';
     const _email = isEmail(email) ? email : '';

src/modules/shared/services/api-auth/api-auth.service.ts

@@ -26,33 +26,44 @@ export class ApiAuthService {
    */
   public async apiAuth(user: ICurrentUserType, method: string, url: string): Promise<boolean> {
     const { isSuper, id } = user;
+    console.log(user, '11');
     // 1.如果是超级管理员就直接返回true
     if (isSuper) {
       return true;
     } else {
+      console.log(user, '222');
       // 2.根据当前账号id获取当前账号拥有的角色id
-      const authRoleList: AccountRoleEntity[] = await this.accountRoleRepository.find({
-        where: { accountId: id },
-        select: ['roleId'],
-      });
-      const authRoleIdList: number[] = authRoleList.map((item: AccountRoleEntity) => item.roleId);
-      console.log(authRoleList, '授权的角色列表');
+      const authRoleList: Pick<AccountRoleEntity, 'roleId'>[] =
+        await this.accountRoleRepository.find({
+          where: { accountId: id },
+          select: ['roleId'],
+        });
+      console.log(authRoleList, '333');
+      const authRoleIdList: number[] = authRoleList.map(
+        (item: Pick<AccountRoleEntity, 'roleId'>) => item.roleId,
+      );
+      console.log(authRoleIdList, '授权的角色列表44');
+      if (!authRoleIdList.length) {
+        throw new HttpException(`当前账号没操作:${method}-${url}的权限`, HttpStatus.OK);
+      }
       // 3.根据角色ID列表获取当前账号拥有的资源id
-      const authAccessList = await getConnection()
-        .createQueryBuilder(RoleAccessEntity, 'role_access')
-        .select(['role_access.accessId', 'role_access.type'])
-        .where('role_access.roleId in (:...roleId)', { roleId: authRoleIdList })
-        .getMany();
-      console.log(authAccessList, '授权的资源列表'); // [ RoleAccessEntity { accessId: 5, type: 3 } ]
+      const authAccessList: Pick<RoleAccessEntity, 'accessId' | 'type'>[] | undefined =
+        await getConnection()
+          .createQueryBuilder(RoleAccessEntity, 'role_access')
+          .select(['role_access.accessId', 'role_access.type'])
+          .where('role_access.roleId in (:...roleId)', { roleId: authRoleIdList })
+          .getMany();
+      console.log(authAccessList, '授权的资源列表55'); // [ RoleAccessEntity { accessId: 5, type: 3 } ]
       const formatUrl = this.formatUrl(method, url);
       // 4.根据请求方式和路径去查询数据
-      const accessResult: AccessEntity | undefined = await this.accessRepository.findOne({
-        where: { method, url: formatUrl },
-        select: ['id', 'type'],
-      });
-      console.log(accessResult, '当前请求的资源');
+      const accessResult: Pick<AccessEntity, 'id' | 'type'> | undefined =
+        await this.accessRepository.findOne({
+          where: { method, url: formatUrl },
+          select: ['id', 'type'],
+        });
+      console.log(accessResult, '当前请求的资源66');
       const isExist = authAccessList.find(
-        (item: RoleAccessEntity) =>
+        (item: Pick<RoleAccessEntity, 'accessId' | 'type'>) =>
           item.accessId === accessResult?.id && Number(item.type) === Number(accessResult?.type),
       );
       if (isExist) {