登陆注销、rbac可视控制、加载进度条、动态提示、history mode

Author: flute

package.json

@@ -14,6 +14,7 @@
     "axios": "^0.16.1",
     "body-parser": "^1.17.2",
     "cookie-parser": "^1.4.3",
+    "express-session": "^1.15.3",
     "iview": "^2.0.0-rc.15",
     "moment": "^2.18.1",
     "monk": "^5.0.2",

server/dev-server.js

@@ -10,6 +10,7 @@ var opn = require('opn')
 var path = require('path')
 var express = require('express')
 var cookieParser = require('cookie-parser')
+var session = require('express-session');
 var bodyParser = require('body-parser')
 var routes = require('./routes/index');
 
@@ -27,9 +28,20 @@ var proxyTable = config.dev.proxyTable
 
 var app = express()
 
+//app.use(express.static(path.join(__dirname, 'static')));
 app.use(bodyParser.json());
 app.use(bodyParser.urlencoded({ extended: false }));
+// cookie
 app.use(cookieParser());
+app.use(session({
+    secret: 'backend',
+    name:'backend',
+    cookie: {
+        maxAge: 1000 * 60 * 60
+    },// 1h
+    resave: false,
+    saveUninitialized: true,
+}));
 routes(app);
 
 var compiler = webpack(webpackConfig)

server/lib/rbac.js

@@ -1,7 +1,39 @@
 const rbac = (req, res, next) => {
 	// RBAC权限检验
-	console.log('Time:', Date.now());
-	next()
+	console.log('Time：', Date.now());
+	console.log('originalUrl：'+req.originalUrl)
+	console.log('baseUrl：'+req.baseUrl)
+	console.log('path：'+req.path)
+
+	const pathArr = ['/agent/new','/agent/list','/mongo/list','/mongo/insert','/mongo/update','/mongo/remove'];
+
+	if( pathArr.indexOf(req.path)>=0 ){
+		// 需授权的合法路由
+		if( req.session.user && req.session.permission ){
+			//console.log(req)
+			let permission = req.session.permission.path;
+			if( permission.indexOf(req.path)>=0 ){
+				// 有权限
+				next()
+			}else{
+				// 无权限
+				res.json({
+					status: 0,
+					msg: 'permission denied!'
+				})
+			}
+		}else{
+			// permission denied
+			res.json({
+				status: 0,
+				msg: '未登陆'
+			})
+		}
+	}else{
+		// 静态资源、无需授权路径
+		next()
+	}
+
 }
 
 module.exports = rbac

server/routes/index.js

@@ -3,8 +3,10 @@
 
 //const RBAC = require('../lib/rbac.js');
 const RBAC = require('../lib/rbac');
+const Islogin = require('../service/islogin.js')
 
 const crypto = require('crypto')
+const async = require('async');
 
 const db = require('monk')('localhost:27017/backend')
 const posts = db.get('posts');
@@ -15,31 +17,116 @@ function md5 (text) {
 
 module.exports = function(app){
 
-	app.use(RBAC);
+	//app.use(Islogin);
+	
+	app.use(RBAC)
+
+	app.get('/islogin', Islogin)
+	
+	app.get('/logout', function(req, res, next){
+		req.session.user = null
+		req.session.permission = null
+		res.json({
+			status: 1,
+			msg: 'logout success'
+		})
+	})
 	// 登陆
 	app.post('/login', function(req, res, next){
 		let account = req.body.account,
 			pwd = req.body.pwd;
 
 		const user = db.get('user');
 		user.findOne({account: account}).then((userinfo)=>{
-			console.log(userinfo)
-			if( md5(pwd) == userinfo.pwd ){
-				let data = {
-					status: 1,
-					msg: 'success',
-					data: userinfo
+			if( userinfo ){
+				console.log(userinfo)
+				if( md5(pwd) == userinfo.pwd ){
+
+					let role = db.get('role'),
+						perObj = {
+							path: [],
+							dom: []
+						}; // 权限合集
+					// 获取角色的所有权限
+					async.eachSeries( userinfo.roles, function(item,cb){
+						role.findOne({name: item}).then((result) => {	console.log('findOne role：');console.log(result)
+							if( result ){
+								//cb(null,result)
+								let permission = db.get('permission')
+								// 获取权限的所有dom
+								async.eachSeries( result.permissions, function(item,callback){
+									permission.findOne({ename: item}).then((presult) => {	console.log('findOne per：');console.log(presult)
+										if( presult ){
+											perObj.dom = perObj.dom.concat( presult.dom )
+											perObj.path = perObj.path.concat( presult.path )
+										}
+										callback()
+									})
+									.catch((err) => {
+										if( err ){
+											callback(err)
+										}
+									})
+								},function(err, result){
+									if( err ){
+										cb(err)
+									}else{
+										cb();
+									}
+								})
+							}else{
+								cb()
+							}
+						})
+						.catch((err) => {
+							if( err ){
+								cb(err)
+							}
+						})	
+					},function(err, results){
+						if( err ){
+							let data = {
+								status: 0,
+								msg: '未知错误'
+							}
+							res.json(data);
+						}else{
+							let data = {
+								status: 1,
+								msg: 'success',
+								data: userinfo,
+								permission: perObj
+							}
+							req.session.user = userinfo;
+							req.session.permission = perObj;
+							res.json(data);
+						}
+						db.close();
+					});
+				}else{
+					let data = {
+						status: 0,
+						msg: 'wrong password'
+					}
+					res.json(data);
 				}
-				res.json(data);
 			}else{
+				// 没有此用户
 				let data = {
 					status: 0,
 					msg: 'wrong password'
 				}
 				res.json(data);
 			}
-		}).then(() => db.close())
+		})
+		.catch((err) => {
+			if(err){
+				res.json({status: 0, msg: '发生未知错误'})
+			}
+		})
+		//.then(() => db.close())
 	})
+
 	// 新增代理
 	app.post('/agent/new', function(req, res, next){
 		let account = req.body.account,
@@ -108,14 +195,14 @@ module.exports = function(app){
 		})
 	})
 
-	app.get('/list', function(req, res, next){
+	app.get('/mongo/list', function(req, res, next){
 		posts.find({}).then((result) => {
 			//console.log(result);
 			res.json(result);
 		}).then(() => db.close())
 	})
 
-	app.get('/insert', function(req, res, next){
+	app.get('/mongo/insert', function(req, res, next){
 		posts.insert({
 			name: 'bob',
 			time: {
@@ -132,13 +219,13 @@ module.exports = function(app){
 		}).then(() => db.close())
 	})
 
-	app.get('/update', function(req, res, next){
+	app.get('/mongo/update', function(req, res, next){
 		posts.update({name: 'bob'}, {name: 'stack'}).then((result)=>{
 			res.json(result)
 		}).then(() => db.close())
 	})
 
-	app.get('/remove', function(req, res, next){
+	app.get('/mongo/remove', function(req, res, next){
 		posts.remove({name: 'stack'}).then((result)=>{
 			res.json(result)
 		}).then(() => db.close())

server/service/islogin.js

@@ -0,0 +1,19 @@
+const islogin = (req, res, next) => {
+	// 检测是否登录
+	if( req.session.user && req.session.permission ){
+		res.json({
+			status: 1,
+			msg: '已登录',
+			userinfo: req.session.user,
+			permission: req.session.permission
+		})
+		next()
+	}else{
+		res.json({
+			status: 0,
+			msg: '未登录233'
+		})
+	}
+}
+
+module.exports = islogin

src/App.vue

@@ -49,9 +49,31 @@ export default {
 	methods:{
 		logout(name){
 			if( name === 'logout' ){
-				this.$store.commit('showLogin', true)
-				this.$store.commit('updateUserInfo', null)
+				this.axios.get('/logout')
+				.then(response => response.data)
+				.then(res => {
+					if( res.status ){
+						this.$store.commit('showLogin', true)
+						this.$store.commit('updateUserInfo', null)
+					}else{
+						alert('注销失败')
+					}
+				})
 			}
+		},
+		checkLogin(){
+			this.axios.get('/islogin')
+				.then(response => response.data)
+				.then(res => {
+					if( res.status ){
+						// 已登录
+						this.$store.commit('showLogin', false)
+						this.$store.commit('updateUserInfo', res.userinfo)
+						this.$store.commit('updatePermission', res.permission)
+					}else{
+						// 未登录
+					}
+				})
 		}
 	},
 	computed:{
@@ -65,6 +87,10 @@ export default {
 	components:{
 		VAside,
 		VLogin
+	},
+	mounted(){
+		console.log('app.vue mounted')
+		this.checkLogin();
 	}
 }
 </script>