註冊
因爲註冊使用到bcryptjs密碼加密功能,
bcrypt加密語法
1
2
3
4
5
6
| //引入bcryptjs密碼加密
const bcrypt = require('bcryptjs')
const saltRounds = 10;
const hashPassword = bcrypt.hashSync(密碼, saltRounds)
|
models.users.js
1
| INSERT INTO `users` (column1, column2, column3...) SET (value1, value2, value3...)
|
token
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
| //bcryptjs密碼加密
const bcrypt = require('bcryptjs')
//載入 jsonwebtoken
const jwt = require('jsonwebtoken')
// 建立使用者
var User = function(newUser){
this.uId = newUser.uId;
this.userName = newUser.userName;
this.userEmail = newUser.userEmail;
this.userPassword = bcrypt.hashSync(newUser.userPassword, 3);//bcrypt.hashSync(newUser.userPassword, 12)
this.userPhone= newUser.userPhone;
this.roleId= newUser.roleId;
this.token = jwt.sign({_id: newUser.uId ,username: newUser.userName,email: newUser.userEmail}, 'RESTFULAPI',{expiresIn: "24h"}).toString();//jwt
this.createdAt= newUser.createdAt;
this.updatedAt= newUser.updatedAt;
this.deletedAt= newUser.deletedAt;
}
User.create = function (newUser, callback) {
db.query('INSERT INTO users SET ?', newUser, callback);
};
module.exports = User;
|
登入
尋找帳號與密碼驗證 => 內連結的模組資料表的資料內容 (取出modulePermissionId與modulePermissionName 並且新增到menu )
使用資料庫語法:
1
2
3
4
|
SELECT 顯示欄位 FROM `資料表1` INNER JOIN `資料表2` ON 資料表1uId=資料表2roleId WHERE 資料表1.欄位名 ='';
//例如
SELECT users.id, users.uId, users.userName, users.userEmail, users.userPassword, users.userPhone, users.roleId, users.token ,modulePermissions.modulePermissionId,modulePermissions.modulePermissionName FROM `users` INNER JOIN `modulePermissions` ON users.uId=modulePermissions.roleId WHERE users.userName =?;
|
登入時必須帳號登入時驗證密碼(bcrypt.compareSync(密碼, 密碼加密))
bcrypt驗證語法
1
| bcrypt.compareSync(密碼, 密碼加密)
|
models.users.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
| 'use strict';
var db = require('../config/database');
//bcryptjs密碼加密
const bcrypt = require('bcryptjs')
//載入 jsonwebtoken
const jwt = require('jsonwebtoken')
User.userName = (userName, result) =>
{
let sql = 'SELECT users.id, users.uId, users.userName, users.userEmail, users.userPassword, users.userPhone, users.roleId, users.token ,modulePermissions.modulePermissionId,modulePermissions.modulePermissionName FROM `users` INNER JOIN `modulePermissions` ON users.uId=modulePermissions.roleId WHERE users.userName =?';
db.query(sql, userName, (err, row, fields) =>
{
if (err) result(err, null,);
result(null, row);
});
};
|
controllers.users.js
- bcrypt.hashSync(密碼, SaltRound)
- bcrypt.compareSync(密碼,加密密碼)
加密後的 bcrypt 分為四個部分:
- Bcrypt
該字串為 UTF-8 編碼,並且包含一個終止符
- Round
(回合數)每增加一次就加倍雜湊次數,預設10次
- Salt
(加鹽)128 bits 22個字元
- Hash
(雜湊)138 bits 31個字元
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
| const User = require('../models/users');
exports.login = async (req, res, next) =>
{
/*
#swagger.summary='登入',
#swagger.description = '' */
/* #swagger.parameters['body'] = {
in: 'body',
description: '',
required: true,
schema: { $ref: "#/definitions/Login" }
} */
/* #swagger.security = [{
"apiKeyAuth": []
}] */
const userName = req.body.userName;
const userPassword = req.body.userPassword;
try {
//檢查是否有userName 帳號
User.userName(userName, (error, item) =>
{
if (item.length != 0 && bcrypt.compareSync(userPassword, item[0].userPassword) ) {
// console.log('登入item', item)
console.log('登入驗證密碼', bcrypt.compareSync(userPassword, item[0].userPassword))
let menu = [];
// forEach
item.forEach(el => {
let query = {
modulePermissionId: el.modulePermissionId,
modulePermissionName: el.modulePermissionName,
}
menu.push(query)
});
let loginValue = {
userName: item[0].userName,
token: item[0].token,
menu: menu,
}
return res.status(200).json(loginValue);
} else {
return res.status(400).send('沒有userName')
}
})
}
catch (error) {
return res.status(500).json({message: error.message})
}
}
|
routes/users.js
1
2
3
4
5
| var express = require('express');
var router = express.Router();
const userController = require('../controllers/users');
router.post('/login', userController.login);
|
