42 lines
1.4 KiB
JavaScript
42 lines
1.4 KiB
JavaScript
|
||
const { AESDecrypt } = require('./encrypt')
|
||
const { readKey } = require('./storage')
|
||
const jwt = require('jsonwebtoken')
|
||
|
||
const enumLoginCode = {
|
||
SUCCESS: 1,
|
||
EXPIRES: -1,
|
||
ERROR_TOKEN: -2
|
||
}
|
||
|
||
// 校验token与登录IP
|
||
const verifyAuth = (token, clientIp) =>{
|
||
if(['::ffff:', '::1'].includes(clientIp)) clientIp = '127.0.0.1'
|
||
token = AESDecrypt(token) // 先aes解密
|
||
const { commonKey } = readKey()
|
||
try {
|
||
const { exp } = jwt.verify(token, commonKey)
|
||
if(Date.now() > (exp * 1000)) return { code: -1, msg: 'token expires' } // 过期
|
||
|
||
let lastLoginIp = global.loginRecord[0] ? global.loginRecord[0].ip : ''
|
||
consola.info('校验客户端IP:', clientIp)
|
||
consola.info('最后登录的IP:', lastLoginIp)
|
||
// 判断: (生产环境)clientIp与上次登录成功IP不一致
|
||
if(isProd() && (!lastLoginIp || !clientIp || !clientIp.includes(lastLoginIp))) {
|
||
return { code: enumLoginCode.EXPIRES, msg: '登录IP发生变化, 需重新登录' } // IP与上次登录访问的不一致
|
||
}
|
||
return { code: enumLoginCode.SUCCESS, msg: 'success' } // 验证成功
|
||
} catch (error) {
|
||
return { code: enumLoginCode.ERROR_TOKEN, msg: error } // token错误, 验证失败
|
||
}
|
||
}
|
||
|
||
const isProd = () => {
|
||
const EXEC_ENV = process.env.EXEC_ENV || 'production'
|
||
return EXEC_ENV === 'production'
|
||
}
|
||
|
||
module.exports = {
|
||
verifyAuth,
|
||
isProd
|
||
} |