Issues in catering_permissions.js (master) - Issues in master - garyvv/node-sharp - Measure and Improve Code Quality continuously with Scrutinizer

Issues (124)

app/catering_permissions.js (8 issues)

Labels

Severity

const Redis = require('./libraries/redis')
const Constant = require('./libraries/constant')
const ApiError = require('./util/api_error')
const _ = require('underscore')
const ServiceAudit = require('./services/catering/audit')
const ServiceStore = require('./services/catering/store')

module.exports = function (permission) {

	return async function (ctx, next) {

		async function checkToken() {
			let token = (typeof (ctx.request.headers.token) == 'undefined' || !ctx.request.headers.token) ?
				ctx.cookies.get('token') : ctx.request.headers.token
			let uid = (typeof (ctx.request.headers.uid) == 'undefined' || !ctx.request.headers.uid) ?
				ctx.cookies.get('uid') : ctx.request.headers.uid

			if (!token || !uid) {
				console.log('token: ' + token)

				console.log('uid: ' + uid)
				throw new ApiError('auth.error', 'token missing')
			}

			sessionKey = Constant.CATERING_SESSION + token

			session = await Redis.get(sessionKey)

			session = JSON.parse(session)
			if (!session) {
				throw new ApiError('auth.error', 'token error')
			}

			if (session.uid == uid) {
				ctx.uid = uid
				return true
			} else {

				throw new ApiError('auth.error', 'no permission')
			}
			
		}

		async function checkUser() {
			await checkToken()
			await next()
		}

		async function checkAudit() {
			await checkToken()
			await isAudit()
			await next()
		}

		async function checkStore() {
			await checkToken()
			await ownerStore()
			await next()
		}

		async function isAudit() {
			let check = await ServiceAudit.getAudit(ctx.uid)
			if (_.isEmpty(check)) throw new ApiError('auth.error', 'no permission audit')
if (a > 0)
    b = 42;
			return true
		}

		async function ownerStore() {
			let storeId = ctx.params.storeId
			let check = await ServiceStore.getStore(storeId)
			if (_.isEmpty(check)) throw new ApiError('auth.error', 'no permission store')
if (a > 0)
    b = 42;
			if (check.seller_id != ctx.uid) throw new ApiError('auth.notPermission')
if (a > 0)
    b = 42;
			return true
		}

		// 检查header
		if (!_.has(ctx.request.headers, 'store-id')) {
			throw new ApiError('validate.error', 'store-id')
		}
		if (!_.has(ctx.request.headers, 'mina-source')) {
			throw new ApiError('validate.error', 'mina-source')
		}

		// guest
		if (permission === 'guest') {
			await next()
		} else if (permission === 'user') {

			return await checkUser()
		} else if (permission === 'audit') {
			return await checkAudit()
		} else if (permission === 'store') {
			return await checkStore()
		} else {
			throw new ApiError('role.notExist')
		}

	}

}


1			const Redis = require('./libraries/redis')
2			const Constant = require('./libraries/constant')
3			const ApiError = require('./util/api_error')
4			const _ = require('underscore')
5			const ServiceAudit = require('./services/catering/audit')
6			const ServiceStore = require('./services/catering/store')
7
8			module.exports = function (permission) {
9
10			return async function (ctx, next) {
11
12			async function checkToken() {
13			let token = (typeof (ctx.request.headers.token) == 'undefined' \|\| !ctx.request.headers.token) ?
14			ctx.cookies.get('token') : ctx.request.headers.token
15			let uid = (typeof (ctx.request.headers.uid) == 'undefined' \|\| !ctx.request.headers.uid) ?
16			ctx.cookies.get('uid') : ctx.request.headers.uid
17
18			if (!token \|\| !uid) {
19			console.log('token: ' + token)
			0 ignored issues – show Debugging Code introduced 2018-06-25 02:35 UTC by Report Bug Copy Issue Report Show Similar Issues like this `console.log` looks like debug code. Are you sure you do not want to remove it? Loading history...
20			console.log('uid: ' + uid)
21			throw new ApiError('auth.error', 'token missing')
22			}
23
24			sessionKey = Constant.CATERING_SESSION + token
			0 ignored issues – show Bug introduced 2018-06-25 02:35 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `sessionKey` seems to be never declared. Assigning variables without defining them first makes them global. If this was intended, consider making it explicit like using `window.sessionKey`. Loading history...
25			session = await Redis.get(sessionKey)
			0 ignored issues – show Bug introduced 2018-06-25 02:35 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `session` seems to be never declared. Assigning variables without defining them first makes them global. If this was intended, consider making it explicit like using `window.session`. Loading history...
26			session = JSON.parse(session)
27			if (!session) {
28			throw new ApiError('auth.error', 'token error')
29			}
30
31			if (session.uid == uid) {
32			ctx.uid = uid
33			return true
34			} else {
			0 ignored issues – show Comprehensibility introduced 2018-06-25 02:35 UTC by Report Bug Copy Issue Report Show Similar Issues like this `else` is not necessary here since all `if` branches return, consider removing it to reduce nesting and make code more readable. Loading history...
35			throw new ApiError('auth.error', 'no permission')
36			}
37
38			}
39
40			async function checkUser() {
41			await checkToken()
42			await next()
43			}
44
45			async function checkAudit() {
46			await checkToken()
47			await isAudit()
48			await next()
49			}
50
51			async function checkStore() {
52			await checkToken()
53			await ownerStore()
54			await next()
55			}
56
57			async function isAudit() {
58			let check = await ServiceAudit.getAudit(ctx.uid)
59			if (_.isEmpty(check)) throw new ApiError('auth.error', 'no permission audit')
			0 ignored issues – show Coding Style Best Practice introduced 2018-07-03 07:07 UTC by Report Bug Copy Issue Report Show Similar Issues like this Curly braces around statements make for more readable code and help prevent bugs when you add further statements. Consider adding curly braces around all statements when they are executed conditionally. This is optional if there is only one statement, but leaving them out can lead to unexpected behaviour if another statement is added later. Consider: if (a > 0) b = 42; If you or someone else later decides to put another statement in, only the first statement will be executed. if (a > 0) console.log("a > 0"); b = 42; In this case the statement `b = 42` will always be executed, while the logging statement will be executed conditionally. if (a > 0) { console.log("a > 0"); b = 42; } ensures that the proper code will be executed conditionally no matter how many statements are added or removed. Loading history...
60			return true
61			}
62
63			async function ownerStore() {
64			let storeId = ctx.params.storeId
65			let check = await ServiceStore.getStore(storeId)
66			if (_.isEmpty(check)) throw new ApiError('auth.error', 'no permission store')
			0 ignored issues – show Coding Style Best Practice introduced 2018-07-06 09:06 UTC by Report Bug Copy Issue Report Show Similar Issues like this Curly braces around statements make for more readable code and help prevent bugs when you add further statements. Consider adding curly braces around all statements when they are executed conditionally. This is optional if there is only one statement, but leaving them out can lead to unexpected behaviour if another statement is added later. Consider: if (a > 0) b = 42; If you or someone else later decides to put another statement in, only the first statement will be executed. if (a > 0) console.log("a > 0"); b = 42; In this case the statement `b = 42` will always be executed, while the logging statement will be executed conditionally. if (a > 0) { console.log("a > 0"); b = 42; } ensures that the proper code will be executed conditionally no matter how many statements are added or removed. Loading history...
67			if (check.seller_id != ctx.uid) throw new ApiError('auth.notPermission')
			0 ignored issues – show Coding Style Best Practice introduced 2018-07-06 09:06 UTC by Report Bug Copy Issue Report Show Similar Issues like this Curly braces around statements make for more readable code and help prevent bugs when you add further statements. Consider adding curly braces around all statements when they are executed conditionally. This is optional if there is only one statement, but leaving them out can lead to unexpected behaviour if another statement is added later. Consider: if (a > 0) b = 42; If you or someone else later decides to put another statement in, only the first statement will be executed. if (a > 0) console.log("a > 0"); b = 42; In this case the statement `b = 42` will always be executed, while the logging statement will be executed conditionally. if (a > 0) { console.log("a > 0"); b = 42; } ensures that the proper code will be executed conditionally no matter how many statements are added or removed. Loading history...
68			return true
69			}
70
71			// 检查header
72			if (!_.has(ctx.request.headers, 'store-id')) {
73			throw new ApiError('validate.error', 'store-id')
74			}
75			if (!_.has(ctx.request.headers, 'mina-source')) {
76			throw new ApiError('validate.error', 'mina-source')
77			}
78
79			// guest
80			if (permission === 'guest') {
81			await next()
82			} else if (permission === 'user') {
			0 ignored issues – show Best Practice introduced 2018-07-12 06:01 UTC by Report Bug Copy Issue Report Show Similar Issues like this There is no `return` statement in this branch, but you do return something in other branches. Did you maybe miss it? If you do not want to return anything, consider adding `return undefined;` explicitly. Loading history...
83			return await checkUser()
84			} else if (permission === 'audit') {
85			return await checkAudit()
86			} else if (permission === 'store') {
87			return await checkStore()
88			} else {
89			throw new ApiError('role.notExist')
90			}
91
92			}
93
94			}
95

garyvv / node-sharp

Issues (124)

app/catering_permissions.js (8 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like