UNPKG

bem-auth

Version:

gitlab.com/bemcloud/auth

389 lines (368 loc) • 9.79 kB

JavaScript

'use strict'; var assert = require("assert"); var Auth = require('./'); var co = require('co'); var jwt = require('jsonwebtoken'); var redis = require('redis'); var thunkify = require('thunkify'); var client = redis.createClient(6379); let Mongo = require('bem-mongo'); let fs = require('fs'); let App = require('bem-app'); let path = require('path'); let sha1 = require('bem-sha1'); let user, admin, mongo, secret = 'bem'; let sign = function(method, path, data, key) { let str = ''; try { str = JSON.stringify(data); } catch (e) { return null; } let strToSign = `${method.toUpperCase()}/${path}/${str}`; let signature = sha1(strToSign, key); return signature; }; let context, app; describe('auth', function() { before(function(done) { co(function*() { let file = path.join(__dirname, 'appId'); let appId; if (fs.existsSync(file)) { appId = fs.readFileSync(file).toString(); } if (appId) { app = yield App.getAppDataByAppId(appId); } if (!app) { try { app = yield App.createApp({ uid: 'test', name: 'test', zone: 'test', password: 'asd', email: 'asd' }); } catch (e) { let mongo = yield Mongo.get({ db: '_BEMCLOUD' }); app = (yield mongo.read({ className: 'app', where: { uid: 'test', name: 'test', zone: 'test' } }))[0]; } fs.writeFileSync(file, app.appId); } mongo = yield Mongo.get({ db: `test_${app.appId}` }); yield mongo.delete({ className: '_User' }); user = yield mongo.create({ className: '_User', obj: { username: 'asd@asd.com', password: 'haha' } }); admin = yield mongo.create({ className: '_Admin', obj: { username: 'asd@asd.com', password: 'haha' } }); }).then(done, done); }); beforeEach(function(done) { context = { method: 'post', path: '/', cookies: { get: function() {} }, request: { query: {}, body: { name: 'name', value: 'value' } }, headers: { 'x-bem-appid': app.appId } }; done(); }); it('不传签名需要报错', function(done) { co(function*() { let auth = Auth({ client, secret }); yield auth.call(context, function*() {}); assert.equal(context.body.code, 401); }).then(function() { done(); }, function(err) { done(err); }); }); it('传错误的clientSign要报错', function(done) { co(function*() { context.headers['x-bem-client-sign'] = 'sign'; let auth = Auth({ client, secret }); yield auth.call(context, function*() {}); assert.equal(context.body.code, 401); }).then(function() { done(); }, function(err) { done(err); }); }); it('传错误的javascriptSign要报错', function(done) { co(function*() { context.headers['x-bem-javascript-sign'] = 'sign'; let auth = Auth({ client, secret }); yield auth.call(context, function*() {}); assert.equal(context.body.code, 401); }).then(function() { done(); }, function(err) { done(err); }); }); it('传错误的apiSign要报错', function(done) { co(function*() { context.headers['x-bem-api-sign'] = 'sign'; let auth = Auth({ client, secret }); yield auth.call(context, function*() {}); assert.equal(context.body.code, 401); }).then(function() { done(); }, function(err) { done(err); }); }); it('传错误的consoleKey要报错', function(done) { co(function*() { context.headers['x-bem-console-key'] = 'key'; let auth = Auth({ client, secret }); yield auth.call(context, function*() {}); assert.equal(context.body.code, 401); }).then(function() { done(); }, function(err) { done(err); }); }); it('传错误的masterKey要报错', function(done) { co(function*() { context.headers['x-bem-master-key'] = 'key'; let auth = Auth({ client, secret }); yield auth.call(context, function*() {}); assert.equal(context.body.code, 401); }).then(function() { done(); }, function(err) { done(err); }); }); it('传正确的clientSign', function(done) { co(function*() { context.headers['x-bem-client-sign'] = sign(context.method, context.path, context.request.body, app.clientKey); let auth = Auth({ client, secret }); yield auth.call(context, function*() {}); assert.notEqual(context.appData, null); assert.equal(context.user, null); }).then(function() { done(); }, function(err) { done(err); }); }); it('传正确的javascriptSign', function(done) { co(function*() { context.headers['x-bem-javascript-sign'] = sign(context.method, context.path, context.request.body, app.javascriptKey); let auth = Auth({ client, secret }); yield auth.call(context, function*() {}); assert.notEqual(context.appData, null); assert.equal(context.user, null); }).then(function() { done(); }, function(err) { done(err); }); }); it('传正确的apiSign', function(done) { co(function*() { context.headers['x-bem-api-sign'] = sign(context.method, context.path, context.request.body, app.apiKey); let auth = Auth({ client, secret }); yield auth.call(context, function*() {}); assert.notEqual(context.appData, null); assert.equal(context.user, null); }).then(function() { done(); }, function(err) { done(err); }); }); it('传正确的consoleKey', function(done) { co(function*() { context.headers['x-bem-console-sign'] = sign(context.method, context.path, context.request.body, app.consoleKey); let auth = Auth({ client, secret }); yield auth.call(context, function*() {}); assert.notEqual(context.appData, null); assert.equal(context.user, null); }).then(function() { done(); }, function(err) { done(err); }); }); it('传正确的masterKey', function(done) { co(function*() { context.headers['x-bem-master-key'] = app.masterKey; let auth = Auth({ client, secret }); yield auth.call(context, function*() {}); assert.notEqual(context.appData, null); assert.equal(context.user, null); }).then(function() { done(); }, function(err) { done(err); }); }); it('验证token', function(done) { co(function*() { var token = jwt.sign({ uid: user.objectId, }, secret); context.headers['x-bem-session'] = token; yield thunkify(client.sadd.bind(client))('bem_u_' + user.objectId, token); context.headers['x-bem-master-key'] = app.masterKey; let auth = Auth({ client, secret, redis: { read: { host: 'localhost' }, write: { host: 'localhost' } } }); yield auth.call(context, function*() {}); assert.notEqual(context.user, null); assert.equal(context.user.username, 'asd@asd.com'); }).then(function() { done(); }, function(err) { done(err); }); }); it('验证admin token', function(done) { co(function*() { var token = jwt.sign({ uid: admin.objectId, }, secret); context.headers['x-bem-session'] = token; yield thunkify(client.sadd.bind(client))('bem_a_' + admin.objectId, token); context.headers['x-bem-console-sign'] = sign(context.method, context.path, context.request.body, app.consoleKey); let auth = Auth({ client, secret, redis: { read: { host: 'localhost' }, write: { host: 'localhost' } } }); yield auth.call(context, function*() {}); assert.notEqual(context.user, null); assert.equal(context.user.username, 'asd@asd.com'); }).then(function() { done(); }, function(err) { done(err); }); }); it('验证多用户登录', function(done) { co(function*() { let token1 = jwt.sign({ uid: user.objectId, }, secret); let token2 = jwt.sign({ uid: user.objectId, }, secret); yield thunkify(client.sadd.bind(client))('bem_u_' + user.objectId, token1); yield thunkify(client.sadd.bind(client))('bem_u_' + user.objectId, token2); context.headers['x-bem-master-key'] = app.masterKey; let auth = Auth({ client, secret, redis: { read: { host: 'localhost' }, write: { host: 'localhost' } } }); context.headers['x-bem-session'] = token1; yield auth.call(context, function*() {}); assert.notEqual(context.user, null); assert.equal(context.user.username, 'asd@asd.com'); context.headers['x-bem-session'] = token2; yield auth.call(context, function*() {}); assert.notEqual(context.user, null); assert.equal(context.user.username, 'asd@asd.com'); }).then(function() { done(); }, function(err) { done(err); }); }); });