优化权限判断

src/modules/base/controller/admin/open.ts

@@ -6,6 +6,7 @@ import {
   CoolUrlTag,
   CoolTag,
   TagTypes,
+  RESCODE,
 } from '@cool-midway/core';
 import { LoginDTO } from '../../dto/login';
 import { BaseSysLoginService } from '../../service/sys/login';
@@ -84,6 +85,15 @@ export class BaseOpenController extends BaseController {
   @CoolTag(TagTypes.IGNORE_TOKEN)
   @Get('/refreshToken', { summary: '刷新token' })
   async refreshToken(@Query('refreshToken') refreshToken: string) {
-    return this.ok(await this.baseSysLoginService.refreshToken(refreshToken));
+    try {
+      const token = await this.baseSysLoginService.refreshToken(refreshToken);
+      return this.ok(token);
+    } catch (e) {
+      this.ctx.status = 401;
+      this.ctx.body = {
+        code: RESCODE.COMMFAIL,
+        message: '登录失效~',
+      };
+    }
   }
 }

src/modules/base/middleware/authority.ts

@@ -39,7 +39,7 @@ export class BaseAuthorityMiddleware
     return async (ctx: Context, next: NextFunction) => {
       let statusCode = 200;
       let { url } = ctx;
-      url = url.replace(this.prefix, '');
+      url = url.replace(this.prefix, '').split('?')[0];
       const token = ctx.get('Authorization');
       const adminUrl = '/admin/';
       // 路由地址为 admin前缀的 需要权限校验

src/modules/base/service/sys/login.ts

@@ -1,5 +1,5 @@
 import { Inject, Provide, Config } from '@midwayjs/decorator';
-import { BaseService, CoolCommException, RESCODE } from '@cool-midway/core';
+import { BaseService, CoolCommException } from '@cool-midway/core';
 import { LoginDTO } from '../../dto/login';
 import * as svgCaptcha from 'svg-captcha';
 import { v1 as uuid } from 'uuid';
@@ -217,43 +217,34 @@ export class BaseSysLoginService extends BaseService {
    * @param token
    */
   async refreshToken(token: string) {
-    try {
+    const decoded = jwt.verify(token, this.coolConfig.jwt.secret);
-      const decoded = jwt.verify(token, this.coolConfig.jwt.secret);
+    if (decoded && decoded['isRefresh']) {
-      if (decoded && decoded['isRefresh']) {
+      delete decoded['exp'];
-        delete decoded['exp'];
+      delete decoded['iat'];
-        delete decoded['iat'];
 
-        const { expire, refreshExpire } = this.coolConfig.jwt.token;
+      const { expire, refreshExpire } = this.coolConfig.jwt.token;
-        decoded['isRefresh'] = false;
+      decoded['isRefresh'] = false;
-        const result = {
+      const result = {
-          expire,
+        expire,
-          token: jwt.sign(decoded, this.coolConfig.jwt.secret, {
+        token: jwt.sign(decoded, this.coolConfig.jwt.secret, {
-            expiresIn: expire,
+          expiresIn: expire,
-          }),
+        }),
-          refreshExpire,
+        refreshExpire,
-          refreshToken: '',
+        refreshToken: '',
-        };
-        decoded['isRefresh'] = true;
-        result.refreshToken = jwt.sign(decoded, this.coolConfig.jwt.secret, {
-          expiresIn: refreshExpire,
-        });
-        await this.cacheManager.set(
-          `admin:passwordVersion:${decoded['userId']}`,
-          decoded['passwordVersion']
-        );
-        await this.cacheManager.set(
-          `admin:token:${decoded['userId']}`,
-          result.token
-        );
-        return result;
-      }
-    } catch (err) {
-      this.ctx.status = 401;
-      this.ctx.body = {
-        code: RESCODE.COMMFAIL,
-        message: '登录失效~',
       };
-      return;
+      decoded['isRefresh'] = true;
+      result.refreshToken = jwt.sign(decoded, this.coolConfig.jwt.secret, {
+        expiresIn: refreshExpire,
+      });
+      await this.cacheManager.set(
+        `admin:passwordVersion:${decoded['userId']}`,
+        decoded['passwordVersion']
+      );
+      await this.cacheManager.set(
+        `admin:token:${decoded['userId']}`,
+        result.token
+      );
+      return result;
     }
   }
 }