javascript 这是Sequelize用户模型,具有令牌授权。通用盐与密码一起存储。
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了javascript 这是Sequelize用户模型,具有令牌授权。通用盐与密码一起存储。相关的知识,希望对你有一定的参考价值。
module.exports = function(sequelize, DataTypes) {
var
User;
User = sequelize.define('User', {
name: {
type: DataTypes.STRING,
unique: false,
allowNull: true
},
avatar: {
type: DataTypes.STRING
},
email: {
type: DataTypes.STRING,
unique: true,
allowNull: false
},
company: {
type: DataTypes.STRING
},
password: {
type: DataTypes.STRING,
allowNull: false,
set: function (plain_password) {
this.setDataValue('salt', crypto.randomBytes(saltLength).toString('hex'));
this.setDataValue('password', this.encryptPassword(plain_password));
this.token = User.generateToken();
}
},
tempPassword: {
type: DataTypes.STRING
},
status: {
type: DataTypes.ENUM('new', 'confirmed', 'active', 'disabled'),
defaultValue: 'new'
},
isAdmin: {
type: DataTypes.BOOLEAN,
defaultValue: false
},
salt: {
type: DataTypes.STRING
},
token: {
type: DataTypes.STRING,
set: function (newToken) {
this.setDataValue('token', newToken);
this.tokenCreatedAt = Date.now();
}
},
tokenCreatedAt: {
type: DataTypes.DATE
}
},
{
instanceMethods: {
encryptPassword: function (plain) {
return crypto.createHmac('sha1', this.salt).update(plain).digest('hex');
},
isTokenOutdated: function() {
var
currentDate = new Date(),
tokenAge = (currentDate - this.tokenCreatedAt) / 1000;
return tokenAge > config.authorization.token_out_of_date;
},
createToken: function () {
if (!this.token || this.isTokenOutdated()) {
this.token = User.generateToken();
this.save();
}
return this.token;
},
removeAvatar: function() {
if (this.avatar) {
fs.unlink(pathService.absFile(user.avatar), function(err) {
// doing nothing
});
}
}
},
classMethods: {
createNewUser: function(user) {
return User.create({
name: user.name,
company: user.company,
email: user.email,
password: this.generatePassword(),
tempPassword: this.generatePassword()
});
},
generatePassword: function() {
return crypto.randomBytes(tempPasswordLength).toString('hex');
},
generateToken: function() {
return crypto.randomBytes(tokenLength).toString('hex');
},
authorization: function(email, password, done) {
User.findOne({
where: {
email: email
}
}).then(function(foundUser) {
if (!foundUser) {
done('User not found')
} else if (foundUser.status === 'confirmed' && foundUser.tempPassword === password) {
done(null, {
confirmed: true,
token: foundUser.createToken()
});
} else if (foundUser.password !== foundUser.encryptPassword(password)) {
done('Incorrect password');
} else if (foundUser.status !== 'active') {
done('This user isn\'t confirmed by admin or account has been locked');
} else {
done(null, {
name: foundUser.name,
email: foundUser.email,
isAdmin: foundUser.isAdmin,
token: foundUser.createToken()
});
}
}, done);
},
authByToken: function(token, done) {
User.findOne({
where: {
token: token
}
}).then(function(foundUser) {
return done(null, (!foundUser || foundUser.isTokenOutdated()) ? false : foundUser);
}, done);
},
findByToken: function(token) {
return User.findOne({
where: {
token: token
}
});
},
associate: function (models) {
User.hasMany(models.Client);
}
},
hooks: {
beforeDestroy: function(user) {
user.removeAvatar();
}
}
});
return User;
};
以上是关于javascript 这是Sequelize用户模型,具有令牌授权。通用盐与密码一起存储。的主要内容,如果未能解决你的问题,请参考以下文章
[usedIf在数据库中时,sequelize findOne找不到用户标识