简化代码
This commit is contained in:
parent
20917d282c
commit
6a84eb6760
33
index.js
33
index.js
@ -211,7 +211,7 @@ const object_create = async function (req, res) {
|
||||
const { name, password, avatar = '' } = req.body
|
||||
if (!name) return res.status(400).send('用户名不能为空')
|
||||
if (!password) return res.status(400).send('密码不能为空')
|
||||
if (await count_load({ name })) return res.status(400).send('用户名已被占用')
|
||||
if (await count_load('user', { name })) return res.status(400).send('用户名已被占用')
|
||||
req.body = {
|
||||
...req.body, avatar,
|
||||
gid: (await count_load('user', {})) ? 0 : 1, // 默认是管理员为首个注册用户
|
||||
@ -260,9 +260,12 @@ const object_create = async function (req, res) {
|
||||
})
|
||||
}
|
||||
|
||||
const 密码加密 = (password, salt = random(32)) => ({ salt, password: md5(password + salt) })
|
||||
const 密码解密 = (password, salt) => md5(password + salt)
|
||||
|
||||
// 修改对象
|
||||
function object_patch(req, res, next) {
|
||||
return db(req.params.name).findOne({ _id: req.params._id }, function (err, doc) {
|
||||
return db(req.params.name).findOne({ _id: req.params._id }, async function (err, doc) {
|
||||
if (!doc) return res.status(404).send('目标对象不存在')
|
||||
if (typeof (req.body.attach) !== "undefined") return res.status(403).send("无权限修改挂载目标")
|
||||
if (typeof (req.body.aid) !== "undefined") return res.status(403).send("无权限修改挂载目标")
|
||||
@ -270,27 +273,16 @@ function object_patch(req, res, next) {
|
||||
// 如果是 user 做一些特殊处理
|
||||
if (req.params.name === 'user') {
|
||||
if (req.session.account.gid !== 1) {
|
||||
if (req.session.account.uid !== doc._id) {
|
||||
return res.status(403).send('没有权限修改账户')
|
||||
}
|
||||
if (typeOf(req.body.gid) == "undefined") {
|
||||
return res.status(403).send('没有权限修改权限')
|
||||
}
|
||||
if (req.session.account.uid !== doc._id) return res.status(403).send('没有权限修改账户')
|
||||
if (typeOf(req.body.gid) == "undefined") return res.status(403).send('没有权限修改权限')
|
||||
}
|
||||
if (req.body.password) {
|
||||
req.body.salt = random(32) // 密码加盐
|
||||
req.body.password = md5(req.body.password + req.body.salt) // 设置密码
|
||||
}
|
||||
if (req.body.name) {
|
||||
// 检查用户名是否可用
|
||||
req.body = { ...req.body, ...密码加密(req.body.password) }
|
||||
}
|
||||
if (req.body.name && await count_load('user', { name: req.body.name })) return res.status(400).send('用户名已被占用')
|
||||
} else {
|
||||
if (req.session.account.uid !== doc.uid && req.session.account.gid !== 1) {
|
||||
return res.status(403).send('没有权限修改对象')
|
||||
}
|
||||
if (req.body.uid && req.session.account.gid !== 1) {
|
||||
return res.status(403).send('没有权限修改归属')
|
||||
}
|
||||
if (req.session.account.uid !== doc.uid && req.session.account.gid !== 1) return res.status(403).send('没有权限修改对象')
|
||||
if (req.body.uid && req.session.account.gid !== 1) return res.status(403).send('没有权限修改归属')
|
||||
}
|
||||
return db(req.params.name).update({ _id: req.params._id }, { $set: req.body }, function (err, count) {
|
||||
if (!count) return res.status(500).send('修改失败')
|
||||
@ -300,9 +292,6 @@ function object_patch(req, res, next) {
|
||||
})
|
||||
}
|
||||
|
||||
// 用户的 like 表 (map)
|
||||
// 当用户下线自动转换为冷数据, 从内存剔除
|
||||
|
||||
// 删除对象
|
||||
const object_remove = function (req, res) {
|
||||
return db(req.params.name).findOne({ _id: req.params._id }, async function (err, doc) {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user