|
这个例子里面是登录后生成了一个 access_token,和用户绑定,然后返回给前端:
member.oauth = async(req)=> {
try {
const data = req.body;
let res = await member.codeToUserInfo(data.code);
if (!res.openid) {
return { status: 1, msg: "授权登录失败:"+res.errmsg+""};
}
let user = await member.findOne({where:{openid:res.openid}});
const crypto = Models.api.crypto;
let access_token = crypto.createHash('md5').update(res.openid + new Date().getTime()).digest("hex");
if (user) {
await member.updateAll({ id:user.id }, {access_token:access_token});
user.access_token = access_token;
} else {
let sexArr = ['未知','男','女'];
let add = {
'openid':res.openid,
'nickname':data.userInfo.nickName,
'sex':sexArr[data.userInfo.gender],
'avatar':data.userInfo.avatarUrl,
'city':data.userInfo.city,
'country':data.userInfo.country,
'province':data.userInfo.province,
'access_token':access_token
};
await member.create(add);
delete add.openid;
user = add;
}
return { status: 0, udata:user, msg:"登录成功"};
} catch (err) {
Models.api.console(err);
return {status: 1,err:err,req: req.query,msg: "获取失败"};
}
};
前端在后面访问接口时会在 header 里面带上该 access_token,服务端在需要登录的接口中调用 getUser 方法进行验证:
async function getUser(req,need) {
try {
const token = req.header('X-APPTOKEN') || null;
if (need && !token) {
throw new gError('缺少token', 110);
}
let udata = await Models.member.tokenToUser(token);
if (need && !udata) {
throw new gError('未找到用户信息', 110);
}
return udata;
} catch(err) {
throw new gError(G.needUserLoginMsg, 120);
}
} |
|