feat(auth): 27 Adjust disabling user routing to universal editing rou…

…ting
diskcloud · Jul 5, 2024 · 2902cc6 · 2902cc6
1 parent 86d846b
commit 2902cc6
Show file tree

Hide file tree

Showing 5 changed files with 86 additions and 17 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,47 @@
-## 2.0.0 (2024-07-04)
+# [2.0.0](https://github.com/diskcloud/service/compare/v2.0.0-beta.1-plus...v2.0.0) (2024-07-05)
 
-* chore(release): update changelog ([311197a](https://github.com/diskcloud/service/commit/311197a))
+
+
+# [2.0.0-beta.1-plus](https://github.com/diskcloud/service/compare/v2.0.0-beta.0-plus...v2.0.0-beta.1-plus) (2024-07-04)
+
+
+### Bug Fixes
+
+* [#32](https://github.com/diskcloud/service/issues/32) Some interfaces have not undergone permission verification ([b8eba14](https://github.com/diskcloud/service/commit/b8eba1441dfb6246b8712a3ca0bd21ddd7004997))
+* [#32](https://github.com/diskcloud/service/issues/32) Some interfaces have not undergone permission verification ([4d4a6b5](https://github.com/diskcloud/service/commit/4d4a6b56989fe8ff449faff4c379e2fb94b15fdd))
+* Fix the issue of incorrect thumbnail after uploading 🐛 ([bdf719a](https://github.com/diskcloud/service/commit/bdf719ab1853e8ac6776b6305b139c244e54e0cd))
+* Fix the issue of incorrect thumbnail after uploading 🐛 ([4d5baca](https://github.com/diskcloud/service/commit/4d5baca48596458c4899873c80c83882f14fe115))
+* Fix ws affected by a DoS when handling a request with many HTTP headers ([0938e80](https://github.com/diskcloud/service/commit/0938e803aef6a1d839d15d42df52be28dbace784))
+* repair create mysql table syntax error 🐛 ([67db9c7](https://github.com/diskcloud/service/commit/67db9c77c004adba116de5788de903b18970f672))
+* repair mysql query data syntax error 🐛 ([c5435fc](https://github.com/diskcloud/service/commit/c5435fc6047eac86e2a6426dc9e262f371b85eed))
+
+
+### Features
+
+* [#1](https://github.com/diskcloud/service/issues/1) Feature - Add parameter validation rule definition ([1e4e86e](https://github.com/diskcloud/service/commit/1e4e86eb24afb1f7dbccbbc1f43c77b847c25ddf))
+* [#12](https://github.com/diskcloud/service/issues/12) Add permission control to file operations ([e28c47b](https://github.com/diskcloud/service/commit/e28c47b09c415c4b43f9678e0eeb6c782c6424bc))
+* [#18](https://github.com/diskcloud/service/issues/18) Feature - Add processing filesize module ([a03b7c0](https://github.com/diskcloud/service/commit/a03b7c03b89a482a0263253fff7a14b50c199253))
+* [#22](https://github.com/diskcloud/service/issues/22) Add administrator middleware verification ([ccbc692](https://github.com/diskcloud/service/commit/ccbc692e295bd4f8bbe00925994c33b2b9f17580))
+* [#22](https://github.com/diskcloud/service/issues/22) Add administrator middleware verification ([8a3c7f1](https://github.com/diskcloud/service/commit/8a3c7f17b07201e93f0209a47a199f614c406206))
+* [#24](https://github.com/diskcloud/service/issues/24) New file and user model association query relationship ([b2ed670](https://github.com/diskcloud/service/commit/b2ed670d4c57af25094e41fd46a0baf42fdda109))
+* [#24](https://github.com/diskcloud/service/issues/24) New file and user model association query relationship ([1ba3c68](https://github.com/diskcloud/service/commit/1ba3c6828c9f92faa232ea382806ad5d2f043a80))
+* [#3](https://github.com/diskcloud/service/issues/3) New batch export function for files added ([ae762f0](https://github.com/diskcloud/service/commit/ae762f0659097e4885274e014506dac2e8e244df))
+* [#4](https://github.com/diskcloud/service/issues/4) Feature - File information editing ([fd0536f](https://github.com/diskcloud/service/commit/fd0536f210eaf675c79b5ce69f87966baccabc61))
+* [#5](https://github.com/diskcloud/service/issues/5) Feature - File details ([ea5f0c5](https://github.com/diskcloud/service/commit/ea5f0c53ba87df93a65a8a304bdb35ed5c9b24b4))
+* [#8](https://github.com/diskcloud/service/issues/8) Feature - User module login ([b9e0b6b](https://github.com/diskcloud/service/commit/b9e0b6bf84c18ec9e7e4c22be41b0d61ae9f18de))
+* [#8](https://github.com/diskcloud/service/issues/8) Soft deletion of files ([9d9df1f](https://github.com/diskcloud/service/commit/9d9df1f6fe1a43e5c292087030f36e5f406a9a56))
+* [#9](https://github.com/diskcloud/service/issues/9) Paging Example and Return Parameter Adjustment ([a654d2b](https://github.com/diskcloud/service/commit/a654d2bb775362a186f0b8c08eba25c43276fc4f))
+* [#9](https://github.com/diskcloud/service/issues/9) Paging Example and Return Parameter Adjustment ([a747978](https://github.com/diskcloud/service/commit/a74797815ee1dc05c5e75f1a560523d92a6901d9))
+* [#9](https://github.com/diskcloud/service/issues/9) Paging Example and Return Parameter Adjustment ([1260fd1](https://github.com/diskcloud/service/commit/1260fd1ea618ce1c0d41be9eb6135a3dfd166fc9))
+* 增加mysql默认字段 ([915387e](https://github.com/diskcloud/service/commit/915387e6ba2962622c6e2235323fcca216109cb6))
+* 支持各种格式上传&文件默认缩略图 ([e75939f](https://github.com/diskcloud/service/commit/e75939f4a05627e92c2d3a46f652db9807bd556f))
+* add image preview method ([bc2c23a](https://github.com/diskcloud/service/commit/bc2c23aa9a14924917033cb3d7d08f851d5c85cc))
+* add image thumb ([44f35e4](https://github.com/diskcloud/service/commit/44f35e44ab78a037df6bda7adeffccbc4ac98c13))
+* add util methods ([c1d8c27](https://github.com/diskcloud/service/commit/c1d8c27f835555130ccb5b3299f9e257e596b484))
+* init pull version ([139c202](https://github.com/diskcloud/service/commit/139c202cbe2fb5ffd92a44f168a58f515a80a4e7))
+* init pull version ([b6e15aa](https://github.com/diskcloud/service/commit/b6e15aa680d88bc5ac5037d34e51d57967b7da44))
+* init pull version ([d244cb1](https://github.com/diskcloud/service/commit/d244cb1a47023e4515b508d70400bf511be1a834))
+* init pull version ([f3dc513](https://github.com/diskcloud/service/commit/f3dc513fa387b525bfa2db27a48b090f7f97e1c9))
 
 
 
diff --git a/constants/users.js b/constants/users.js
@@ -5,6 +5,18 @@ const USER_STATUS = {
   PENDING: "PENDING", // 用户账号待审核
 };
 
+const USER_ACTION_TYPES = {
+  disabled: {
+    label: "disabled",
+    value: USER_STATUS.BANNED,
+  },
+  activated: {
+    label: "activated",
+    value: USER_STATUS.ACTIVE,
+  },
+};
+
 module.exports = {
   USER_STATUS,
+  USER_ACTION_TYPES,
 };
diff --git a/middleware/authenticateToken.js b/middleware/authenticateToken.js
@@ -6,16 +6,16 @@ const { match } = require("path-to-regexp");
 
 // 白名单配置 URL: Method
 const whiteList = {
-  "/login": "POST", // 登录
-  "/register": "POST", // 注册
-  "/files/:id/preview": "GET", // 文件预览
+  "/sessions": ["POST", "DELETE"], // 登录和登出
+  "/users": ["POST"], // 注册
+  "/files/:id/preview": ["GET"], // 文件预览
 };
 
 // 路径匹配函数
 const isWhitelisted = (url, method) => {
   for (const path in whiteList) {
     const matcher = match(path, { decode: decodeURIComponent });
-    if (matcher(url) && whiteList[path] === method) {
+    if (matcher(url) && whiteList[path].includes(method)) {
       return true;
     }
   }

diff --git a/routers/users.js b/routers/users.js
@@ -7,11 +7,11 @@ require("dotenv").config({ path: ".env.local" });
 const Users = require("../models/users");
 const { USERS_LOGIN_POST, USER_REST_ID } = require("../types/schema/users");
 const { validateBody, validateParams } = require("../types");
-const { USER_STATUS } = require("../constants/users");
+const { USER_STATUS, USER_ACTION_TYPES } = require("../constants/users");
 
 const router = new Router();
 
-router.post("/login", validateBody(USERS_LOGIN_POST), async (ctx) => {
+router.post("/sessions", validateBody(USERS_LOGIN_POST), async (ctx) => {
   const { username, password } = ctx.request.body;
 
   try {
@@ -61,7 +61,7 @@ router.post("/login", validateBody(USERS_LOGIN_POST), async (ctx) => {
   }
 });
 
-router.post("/register", validateBody(USERS_LOGIN_POST), async (ctx) => {
+router.post("/users", validateBody(USERS_LOGIN_POST), async (ctx) => {
   const { username, password } = ctx.request.body;
 
   try {
@@ -109,7 +109,7 @@ router.get("/users/info", async (ctx) => {
   }
 });
 
-router.post("/logout", async (ctx) => {
+router.delete("/sessions", async (ctx) => {
   const { id } = ctx.state.user;
   if (!ctx.state.token) {
     ctx.status = 200;
@@ -138,11 +138,12 @@ router.post("/logout", async (ctx) => {
 
 // 禁用用户
 router.patch(
-  "/users/:id/disabled",
+  "/users/:id/:action",
   validateParams(USER_REST_ID),
   checkAdminAuth,
   async (ctx) => {
-    const { id } = ctx.params;
+    const { id, action } = ctx.params;
+
     const user = await Users.findOne({ where: { id } });
 
     if (!user.id) {
@@ -151,16 +152,27 @@ router.patch(
       return;
     }
 
-    // 强制下线 Token
-    await redisClient.del(`user_login:${id}`);
+    const updateStatus = USER_ACTION_TYPES[action].value;
+
+    if (action === USER_ACTION_TYPES.disabled.label) {
+      // 强制下线 Token
+      await redisClient.del(`user_login:${id}`);
+      user.update({
+        status: updateStatus,
+        logout_at: new Date(),
+      });
+      ctx.status = 204;
+      return;
+    }
 
     // 禁用此账号
     user.update({
-      status: "BANNED",
-      logout_at: new Date(),
+      status: updateStatus,
     });
 
-    ctx.status = 204;
+    ctx.body = user;
+
+    ctx.status = 200;
   }
 );
 

diff --git a/types/schema/users.js b/types/schema/users.js
@@ -1,4 +1,5 @@
 const Joi = require("joi");
+const { USER_ACTION_TYPES } = require("../../constants/users");
 
 const USERS_LOGIN_POST = Joi.object({
   username: Joi.string().required(),
@@ -7,6 +8,9 @@ const USERS_LOGIN_POST = Joi.object({
 
 const USER_REST_ID = Joi.object({
   id: Joi.string().required(),
+  action: Joi.string()
+    .valid(...Object.keys(USER_ACTION_TYPES))
+    .required(),
 });
 
 module.exports = {