首页 发现 帮助
登录
Lawsun
/
ysjj-system
1
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
目录树: 19e67b745c
分支列表 标签列表
ysjj-system
/
node_modules
/
egg-security
/
app
/
middleware
/
securities.js

securities.js 2.2 KB
文件历史 原始文件

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061 
  1. 'use strict';
    2. 

  2. 

  3. const compose = require('koa-compose');
    4. 

  4. const path = require('path');
    5. 

  5. const assert = require('assert');
    6. 

  6. const createMatch = require('egg-path-matching');
    7. 

  7. 

  8. module.exports = (_, app) => {
    9. 

  9.   const options = app.config.security;
    10. 

  10.   const middlewares = [];
    11. 

  11.   const defaultMiddleware = (options.defaultMiddleware || '').split(',');
    12. 

  12. 

  13.   if (options.match || options.ignore) {
    14. 

  14.     app.coreLogger.warn('[egg-security] Please set `match` or `ignore` on sub config');
    15. 

  15.   }
    16. 

  16. 

  17.   // format csrf.cookieDomain
    18. 

  18.   const orginalCookieDomain = options.csrf.cookieDomain;
    19. 

  19.   if (orginalCookieDomain && typeof orginalCookieDomain !== 'function') {
    20. 

  20.     options.csrf.cookieDomain = () => orginalCookieDomain;
    21. 

  21.   }
    22. 

  22. 

  23.   defaultMiddleware.forEach(middlewareName => {
    24. 

  24.     middlewareName = middlewareName.trim();
    25. 

  25. 

  26.     const opt = options[middlewareName];
    27. 

  27.     if (opt === false) {
    28. 

  28.       app.coreLogger.warn('[egg-security] Please use `config.security.%s = { enable: false }` instead of `config.security.%s = false`', middlewareName, middlewareName);
    29. 

  29.     }
    30. 

  30. 

  31.     assert(opt === false || typeof opt === 'object',
    32. 

  32.       `config.security.${middlewareName} must be an object, or false(if you turn it off)`);
    33. 

  33. 

  34.     if (opt === false || opt && opt.enable === false) {
    35. 

  35.       return;
    36. 

  36.     }
    37. 

  37. 

  38.     if (middlewareName === 'csrf' && opt.useSession && !app.plugins.session) {
    39. 

  39.       throw new Error('csrf.useSession enabled, but session plugin is disabled');
    40. 

  40.     }
    41. 

  41. 

  42.     // use opt.match first (compatibility)
    43. 

  43.     if (opt.match && opt.ignore) {
    44. 

  44.       app.coreLogger.warn('[egg-security] `options.match` and `options.ignore` are both set, using `options.match`');
    45. 

  45.       opt.ignore = undefined;
    46. 

  46.     }
    47. 

  47.     if (!opt.ignore && opt.blackUrls) {
    48. 

  48.       app.deprecate('[egg-security] Please use `config.security.xframe.ignore` instead, `config.security.xframe.blackUrls` will be removed very soon');
    49. 

  49.       opt.ignore = opt.blackUrls;
    50. 

  50.     }
    51. 

  51.     opt.matching = createMatch(opt);
    52. 

  52. 

  53.     const fn = require(path.join(__dirname, '../../lib/middlewares', middlewareName))(opt, app);
    54. 

  54.     middlewares.push(fn);
    55. 

  55.     app.coreLogger.info('[egg-security] use %s middleware', middlewareName);
    56. 

  56.   });
    57. 

  57.   app.coreLogger.info('[egg-security] compose %d middlewares into one security middleware',
    58. 

  58.     middlewares.length);
    59. 

  59. 

  60.   return compose(middlewares);
    61. 

  61. };
    62.