前后端分离，cros跨域，解决vue axios与express cookie不能跨域共享问题

Author: flute

server/dev-server.js renamed to build/dev-server.js

@@ -1,22 +1,16 @@
-require('../build/check-versions')()
+require('./check-versions')()
 
 var config = require('../config')
 if (!process.env.NODE_ENV) {
   process.env.NODE_ENV = JSON.parse(config.dev.env.NODE_ENV)
 }
 
 var opn = require('opn')
-// express
 var path = require('path')
 var express = require('express')
-var cookieParser = require('cookie-parser')
-var session = require('express-session');
-var bodyParser = require('body-parser')
-var routes = require('./routes/index');
-
 var webpack = require('webpack')
 var proxyMiddleware = require('http-proxy-middleware')
-var webpackConfig = require('../build/webpack.dev.conf')
+var webpackConfig = require('./webpack.dev.conf')
 
 // default port where dev server listens for incoming traffic
 var port = process.env.PORT || config.dev.port
@@ -27,23 +21,6 @@ var autoOpenBrowser = !!config.dev.autoOpenBrowser
 var proxyTable = config.dev.proxyTable
 
 var app = express()
-
-//app.use(express.static(path.join(__dirname, 'static')));
-app.use(bodyParser.json());
-app.use(bodyParser.urlencoded({ extended: false }));
-// cookie
-app.use(cookieParser());
-app.use(session({
-    secret: 'backend',
-    name:'backend',
-    cookie: {
-        maxAge: 1000 * 60 * 60
-    },// 1h
-    resave: false,
-    saveUninitialized: true,
-}));
-routes(app);
-
 var compiler = webpack(webpackConfig)
 
 var devMiddleware = require('webpack-dev-middleware')(compiler, {

package.json

@@ -5,24 +5,31 @@
   "author": "ludis <[email protected]>",
   "private": true,
   "scripts": {
-    "dev": "node server/dev-server.js",
-    "start": "node server/dev-server.js",
+    "dev": "node build/dev-server.js",
+    "start": "node build/dev-server.js",
     "build": "node build/build.js",
-    "lint": "eslint --ext .js,.vue src"
+    "lint": "eslint --ext .js,.vue src",
+    "server": "node server/bin/www"
   },
   "dependencies": {
     "axios": "^0.16.1",
-    "body-parser": "^1.17.2",
-    "cookie-parser": "^1.4.3",
-    "express-session": "^1.15.3",
     "iview": "^2.0.0-rc.15",
     "moment": "^2.18.1",
     "monk": "^5.0.2",
     "vue": "^2.3.3",
     "vue-awesome": "^2.3.1",
     "vue-axios": "^2.0.2",
     "vue-router": "^2.3.1",
-    "vuex": "^2.3.1"
+    "vuex": "^2.3.1",
+    "async": "^2.1.4",
+    "cors": "^2.8.3",
+    "body-parser": "~1.15.1",
+    "cookie-parser": "~1.4.3",
+    "debug": "~2.2.0",
+    "express": "~4.13.4",
+    "express-session": "latest",
+    "formidable": "^1.1.1",
+    "morgan": "~1.7.0"
   },
   "devDependencies": {
     "autoprefixer": "^6.7.2",

server/app.js

@@ -0,0 +1,84 @@
+var express = require('express');
+var path = require('path');
+var logger = require('morgan');
+var cookieParser = require('cookie-parser');
+var bodyParser = require('body-parser');
+var session = require('express-session');
+//const MongoStore = require('connect-mongo')(session);
+
+//var redisStore = require('connect-redis')(session);
+var cors = require('cors');
+
+var routes = require('./routes/index');
+
+var app = express();
+
+/*app.all('/*', function(req, res, next) {
+  res.header("Access-Control-Allow-Origin", "*");
+  res.header("Access-Control-Allow-Headers", "X-Requested-With");
+  next();
+});*/
+
+app.use(logger('dev'));
+app.use(bodyParser.json());
+app.use(bodyParser.urlencoded({ extended: false }));
+
+// cookie
+app.use(cors({
+    origin:['http://localhost:8080'],
+    methods:['GET','POST'],
+    credentials: true
+}));
+
+/*app.use(cors({
+    origin:['http://localhost:8080'],
+    methods:['GET','POST'],
+    credentials: true
+}));*/
+//app.set('trust proxy', 1)
+app.use(cookieParser());
+app.use(session({
+    secret: 'backend123',
+    name:'backend',
+    cookie: {
+        maxAge: 1000 * 60 * 60,
+    },// 1h
+    resave: true,
+    saveUninitialized: false,
+}));
+//app.use(express.static(path.join(__dirname, 'public')));
+// cookie
+//app.use(cookieParser());
+//app.set('trust proxy', 1)
+/*app.use(session({
+    secret: 'backend',
+    store: new redisStore(),
+    name:'backend',
+    cookie: {
+        maxAge: 1000 * 60 * 60
+    },// 1h
+    resave: false,
+    saveUninitialized: true,
+}));*/
+
+routes(app)
+
+// catch 404 and forward to error handler
+app.use(function(req, res, next) {
+  var err = new Error('Not Found');
+  err.status = 404;
+  next(err);
+});
+
+// error handler
+app.use(function(err, req, res, next) {
+  // set locals, only providing error in development
+  res.locals.message = err.message;
+  res.locals.error = req.app.get('env') === 'development' ? err : {};
+
+  // render the error page
+  res.status(err.status || 500);
+  res.render('error');
+});
+
+module.exports = app;

server/bin/www

@@ -0,0 +1,90 @@
+#!/usr/bin/env node
+
+/**
+ * Module dependencies.
+ */
+
+var app = require('../app');
+var debug = require('debug')('backend:server');
+var http = require('http');
+
+/**
+ * Get port from environment and store in Express.
+ */
+
+var port = normalizePort(process.env.PORT || '3000');
+app.set('port', port);
+
+/**
+ * Create HTTP server.
+ */
+
+var server = http.createServer(app);
+
+/**
+ * Listen on provided port, on all network interfaces.
+ */
+
+server.listen(port);
+server.on('error', onError);
+server.on('listening', onListening);
+
+/**
+ * Normalize a port into a number, string, or false.
+ */
+
+function normalizePort(val) {
+  var port = parseInt(val, 10);
+
+  if (isNaN(port)) {
+    // named pipe
+    return val;
+  }
+
+  if (port >= 0) {
+    // port number
+    return port;
+  }
+
+  return false;
+}
+
+/**
+ * Event listener for HTTP server "error" event.
+ */
+
+function onError(error) {
+  if (error.syscall !== 'listen') {
+    throw error;
+  }
+
+  var bind = typeof port === 'string'
+    ? 'Pipe ' + port
+    : 'Port ' + port;
+
+  // handle specific listen errors with friendly messages
+  switch (error.code) {
+    case 'EACCES':
+      console.error(bind + ' requires elevated privileges');
+      process.exit(1);
+      break;
+    case 'EADDRINUSE':
+      console.error(bind + ' is already in use');
+      process.exit(1);
+      break;
+    default:
+      throw error;
+  }
+}
+
+/**
+ * Event listener for HTTP server "listening" event.
+ */
+
+function onListening() {
+  var addr = server.address();
+  var bind = typeof addr === 'string'
+    ? 'pipe ' + addr
+    : 'port ' + addr.port;
+  debug('Listening on ' + bind);
+}

server/lib/rbac.js

@@ -1,9 +1,12 @@
+
 const rbac = (req, res, next) => {
 	// RBAC权限检验
 	console.log('Time：', Date.now());
 	console.log('originalUrl：'+req.originalUrl)
 	console.log('baseUrl：'+req.baseUrl)
 	console.log('path：'+req.path)
+	console.log(req.session.user)
+	console.log(req.session.permission)
 
 	const pathArr = ['/agent/new','/agent/list','/mongo/list','/mongo/insert','/mongo/update','/mongo/remove'];
 
@@ -30,7 +33,7 @@ const rbac = (req, res, next) => {
 			})
 		}
 	}else{
-		// 静态资源、无需授权路径
+		// 无需授权路径
 		next()
 	}
 

server/routes/index.js

@@ -1,3 +1,4 @@
+
 //var express = require('express');
 //var router = express.Router();
 
@@ -35,10 +36,12 @@ module.exports = function(app){
 	app.post('/login', function(req, res, next){
 		let account = req.body.account,
 			pwd = req.body.pwd;
-
+			console.log('account：'+account,'pwd：'+pwd)
+			console.log(req.params)
 		const user = db.get('user');
-		user.findOne({account: account}).then((userinfo)=>{
+		user.findOne({account: account}, '-_id').then((userinfo)=>{
 			if( userinfo ){
+				console.log('userinfo')
 				console.log(userinfo)
 				if( md5(pwd) == userinfo.pwd ){
 
@@ -49,13 +52,13 @@ module.exports = function(app){
 						}; // 权限合集
 					// 获取角色的所有权限
 					async.eachSeries( userinfo.roles, function(item,cb){
-						role.findOne({name: item}).then((result) => {	console.log('findOne role：');console.log(result)
+						role.findOne({name: item}, '-_id').then((result) => {	console.log('findOne role：');console.log(result)
 							if( result ){
 								//cb(null,result)
 								let permission = db.get('permission')
 								// 获取权限的所有dom
 								async.eachSeries( result.permissions, function(item,callback){
-									permission.findOne({ename: item}).then((presult) => {	console.log('findOne per：');console.log(presult)
+									permission.findOne({ename: item}, '-_id').then((presult) => {	console.log('findOne per：');console.log(presult)
 										if( presult ){
 											perObj.dom = perObj.dom.concat( presult.dom )
 											perObj.path = perObj.path.concat( presult.path )
@@ -99,6 +102,9 @@ module.exports = function(app){
 							}
 							req.session.user = userinfo;
 							req.session.permission = perObj;
+							console.log('123')
+							console.log(req.session.user);console.log(req.session.permission);
+							console.log('456')
 							res.json(data);
 						}
 						db.close();
@@ -114,7 +120,7 @@ module.exports = function(app){
 				// 没有此用户
 				let data = {
 					status: 0,
-					msg: 'wrong password'
+					msg: 'no user'
 				}
 				res.json(data);
 			}
@@ -135,9 +141,9 @@ module.exports = function(app){
 			admin = req.body.admin;
 
 		const user = db.get('user');
-		user.findOne({account: account}).then((userinfo)=>{
+		user.findOne({account: account}, '-_id').then((userinfo)=>{
 			if(!userinfo){
-				user.findOne({account: admin}).then((adminInfo)=>{
+				user.findOne({account: admin}, '-_id').then((adminInfo)=>{
 					if( adminInfo ){
 						if( adminInfo.parents ){
 							var p = adminInfo.parents
@@ -181,7 +187,8 @@ module.exports = function(app){
 			  agent = [];
 		console.log('account：'+account);
 		const users = db.get('user');
-		users.find({}).each((user, {close, pause, resume}) => {
+		users.find({},'-_id').each((user, {close, pause, resume}) => {
+			console.log(user)
 			if( user.parents.indexOf(account) >= 0 ){
 				agent.push(user)
 			}
@@ -196,7 +203,7 @@ module.exports = function(app){
 	})
 
 	app.get('/mongo/list', function(req, res, next){
-		posts.find({}).then((result) => {
+		posts.find({},'-_id').then((result) => {
 			//console.log(result);
 			res.json(result);
 		}).then(() => db.close())