Issues in permissions.js (master) - Issues in master - garyvv/node-sharp - Measure and Improve Code Quality continuously with Scrutinizer

Issues (124)

app/permissions.js (2 issues)

Labels

Severity

Major 2

const Redis = require('./libraries/redis')
const Constant = require('./libraries/constant')
const ApiError = require('./util/api_error')
module.exports = function (permission) {

	return async function (ctx, next) {

		async function checkToken() {
			let token = (typeof (ctx.request.headers.token) == 'undefined' || !ctx.request.headers.token) ?
				ctx.cookies.get('token') : ctx.request.headers.token
			let uid = (typeof (ctx.request.headers.uid) == 'undefined' || !ctx.request.headers.uid) ?
				ctx.cookies.get('uid') : ctx.request.headers.uid

			if (!token || !uid) {
				console.log('token: ' + token)
				console.log('uid: ' + uid)
				throw new ApiError('auth.error', 'token missing')
			}

			sessionKey = Constant.WECHAT_SESSION + token

			session = await Redis.get(sessionKey)

			session = JSON.parse(session)
			if (!session) {
				throw new ApiError('auth.error', 'token error')
			}

			if (session.uid == uid) {
				ctx.uid = uid
				return true
			} else {
				throw new ApiError('auth.error', 'no permission')
			}
			
		}

		async function checkUser() {
			await checkToken()
			await next()
		}

		// guest
		if (permission === 'guest') {
			await next()
		} else if (permission === 'user') {
			return await checkUser()
		} else {
			throw new ApiError('role.notExist')
		}

	}

}


1			const Redis = require('./libraries/redis')
2			const Constant = require('./libraries/constant')
3			const ApiError = require('./util/api_error')
4			module.exports = function (permission) {
5
6			return async function (ctx, next) {
7
8			async function checkToken() {
9			let token = (typeof (ctx.request.headers.token) == 'undefined' \|\| !ctx.request.headers.token) ?
10			ctx.cookies.get('token') : ctx.request.headers.token
11			let uid = (typeof (ctx.request.headers.uid) == 'undefined' \|\| !ctx.request.headers.uid) ?
12			ctx.cookies.get('uid') : ctx.request.headers.uid
13
14			if (!token \|\| !uid) {
15			console.log('token: ' + token)
16			console.log('uid: ' + uid)
17			throw new ApiError('auth.error', 'token missing')
18			}
19
20			sessionKey = Constant.WECHAT_SESSION + token
			0 ignored issues – show Bug introduced 2018-06-25 02:35 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `sessionKey` seems to be never declared. Assigning variables without defining them first makes them global. If this was intended, consider making it explicit like using `window.sessionKey`. Loading history...
21			session = await Redis.get(sessionKey)
			0 ignored issues – show Bug introduced 2018-06-25 02:35 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `session` seems to be never declared. Assigning variables without defining them first makes them global. If this was intended, consider making it explicit like using `window.session`. Loading history...
22			session = JSON.parse(session)
23			if (!session) {
24			throw new ApiError('auth.error', 'token error')
25			}
26
27			if (session.uid == uid) {
28			ctx.uid = uid
29			return true
30			} else {
31			throw new ApiError('auth.error', 'no permission')
32			}
33
34			}
35
36			async function checkUser() {
37			await checkToken()
38			await next()
39			}
40
41			// guest
42			if (permission === 'guest') {
43			await next()
44			} else if (permission === 'user') {
45			return await checkUser()
46			} else {
47			throw new ApiError('role.notExist')
48			}
49
50			}
51
52			}
53

garyvv / node-sharp

Issues (124)

app/permissions.js (2 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like