feat: 用户登录接口 /api/user/login (#4)

* feat: 用户登录接口 /api/user/login

* feat: 错误码枚举

* feat: 错误处理中间件 & jwt错误码 & jwt测试用例

* feat: 用户查询接口

* fix(tinyfix): 删除冗余代码

* fix: 解决jsonwebtoken ts类型问题

* feat: 添加checkJWT, refreshJWT中间件 & 抽出token有效期配置

* fix: 处理review comment & 移除了refreshJWT中间件

* feat: add dotenv

Co-authored-by: upupming <[email protected]>

Author: Hokori23

.gitignore

@@ -9,3 +9,4 @@ yarn-error.log
 build
 storybook-static
 .vercel
+.env

backend/README.md

@@ -0,0 +1,12 @@
+# ByteDance 7 后端代码
+
+## dotenv 配置
+
+项目使用 `dotenv` 存储秘钥等信息，你需要在此目录下创建一个 `.env 文件，并且存储如下的秘钥：
+
+```env
+ACCESS_TOKEN_SECRET=xxx
+DATABASE_PASSWORD=xxx
+```
+
+这些秘钥的值需要大家在哦本地都保持一样，秘钥最新值请参考：https://pox1djiawm.feishu.cn/docs/doccnroSzyajOrxn86MNw94VYke 。

backend/package-lock.json

@@ -7,7 +7,7 @@
   "main": "/bin/www.js",
   "scripts": {
     "serve": "cross-env NODE_ENV=production nodemon ./build/bin/www.js",
-    "dev": "cross-env NODE_ENV=development nodemon ./build/bin/www.js",
+    "dev": "cross-env NODE_ENV=development nodemon --inspect ./build/bin/www.js",
     "build": "ttsc",
     "build:watch": "ttsc -w"
   },
@@ -29,11 +29,13 @@
     "jsonwebtoken": "^8.5.1",
     "moment": "^2.29.0",
     "mysql2": "^2.1.0",
+    "dotenv": "^8.2.0",
     "sequelize": "^6.3.5"
   },
   "devDependencies": {
     "@types/express": "^4.17.11",
     "@types/express-jwt": "^6.0.0",
+    "@types/jsonwebtoken": "^8.5.0",
     "@types/node": "^14.11.4",
     "@types/validator": "^13.1.0",
     "@zerollup/ts-transform-paths": "^1.7.18",

backend/package.json

@@ -1,31 +1,25 @@
 import express from 'express'
-import expressJwt from 'express-jwt'
 
-import config from 'bd7.config'
 import { UserRouter, TestRouter } from '@routes'
-import { Restful } from '@utils'
-const { cryptoConfig } = config
+import { errorHandler, checkJWT } from '@middleware'
 
 const app = express()
 
 app.use(express.json())
 app.use(express.urlencoded({ extended: false }))
-app.use(
-  expressJwt({
-    secret: cryptoConfig.password,
-    algorithms: ['HS256'],
-    requestProperty: 'auth',
-  }).unless({
-    path: ['/login', '/signup', '/api/test'], // 指定路径不经过 Token 解析
-  }),
-)
+
+/**
+ * JWT中间件
+ */
+app.use(checkJWT)
+
+/**
+ * 业务路由
+ */
 app.use('/api/test', TestRouter)
 app.use('/api/user', UserRouter)
 
-// https://liu-xin.me/2017/10/07/%E8%AE%A9Express%E6%94%AF%E6%8C%81async-await/
-app.use(function (err, req, res, next) {
-  console.error('Error caught:', err)
-  res.status(err.status).json(new Restful(err.code, err?.inner?.message))
-})
+// 包底错误处理中间件
+app.use(errorHandler)
 
 export default app

backend/src/app.ts

@@ -1,5 +1,7 @@
 import { BinaryToTextEncoding } from 'crypto'
 import { Options } from 'sequelize/types'
+import dotenv from 'dotenv'
+dotenv.config()
 
 const sequelizeOptions: Options = {
   // 数据库类别
@@ -32,8 +34,6 @@ const devConfig = {
   host:
     // "https://api.hokori.online" ||
     'http://localhost/',
-  // 完整URL为： nginx配置下的转发路径 `${location}`
-  baseURL: '/bd7',
   cryptoConfig: {
     // 每次分段加密的字符串最大长度（优先度高于cryptCount字段）
     onceCryptLength: 5,
@@ -44,7 +44,7 @@ const devConfig = {
     // 可选值：['hex', 'Base64', ...]
     digest: 'hex' as BinaryToTextEncoding,
     // 用于cipher对称加密生成密钥的密码
-    password: 'bd7',
+    secret: process.env.ACCESS_TOKEN_SECRET as string,
   },
   dataBaseConfig: {
     // 数据库名
@@ -54,14 +54,16 @@ const devConfig = {
     user: 'bd7',
 
     // 密码
-    password: 'M4NshB5mLw5r5c83',
+    password: process.env.DATABASE_PASSWORD as string,
 
     // options
     options: sequelizeOptions,
 
     // 时区
     timezone: '+08:00',
   },
+  // 12个小时
+  tokenExpiredTime: '12h',
 }
 
 const prodConfig = {

backend/src/bd7.config.ts

@@ -5,14 +5,14 @@ const { dataBaseConfig } = config
 
 const { database, user, password, options } = dataBaseConfig
 
-const DB = new Sequelize(database, user, password, {
+const sequelize = new Sequelize(database, user, password, {
   ...options,
   logging: isDev ? console.log : false, // 是否输出数据库日志
 })
 
 const init = async () => {
-  await DB.sync({ alter: isDev })
+  await sequelize.sync({ alter: isDev })
   console.log('All models were synchronized successfully.')
 }
 export { init }
-export default DB
+export default sequelize

backend/src/database/index.ts

@@ -0,0 +1,14 @@
+import expressJwt from 'express-jwt'
+import config from 'bd7.config'
+import { ROUTER_WHITE_LIST } from '@utils'
+
+const {
+  cryptoConfig: { secret },
+} = config
+export default expressJwt({
+  secret,
+  algorithms: ['HS256'],
+  requestProperty: 'auth',
+}).unless({
+  path: ROUTER_WHITE_LIST, // 指定路径不经过 Token 解析
+})

backend/src/middleware/checkJWT.ts

@@ -0,0 +1,14 @@
+import { CodeDictionary, Restful } from '@utils'
+
+const tokenCodeDictionary = {
+  credentials_required: CodeDictionary.JWT_ERROR__REQUIRED,
+  invalid_token: CodeDictionary.JWT_ERROR__EXPIRED,
+}
+export default (err, req, res, next) => {
+  if (err.name !== 'UnauthorizedError') {
+    console.error('Error caught:', err)
+  } else {
+    err.code = tokenCodeDictionary[err.code]
+  }
+  res.status(err.status).json(new Restful(err.code, err?.inner?.message))
+}

backend/src/middleware/errorHandler.ts

@@ -0,0 +1,7 @@
+import errorHandler from './errorHandler'
+import checkJWT from './checkJWT'
+export { errorHandler, checkJWT }
+export default {
+  errorHandler,
+  checkJWT,
+}

backend/src/middleware/index.ts

@@ -8,7 +8,21 @@ const ROUTER = EXPRESS.Router()
 ROUTER.get('/', (_req, res, next) => {
   res
     .status(200)
-    .json(new Restful(0, 'Hello world', `Time now is ${currentTime}`))
+    .json(
+      new Restful(
+        0,
+        'Hello world(no need for token)',
+        `Time now is ${currentTime}`,
+      ),
+    )
+  next()
+})
+ROUTER.get('/token', (_req, res, next) => {
+  res
+    .status(200)
+    .json(
+      new Restful(0, 'Hello world(token needed)', `Time now is ${currentTime}`),
+    )
   next()
 })
 export default ROUTER