refactor: remove fastify-secure-session

2021-09-25 16:46:37 +08:00
parent 8d2a7f7981
commit bb7e5d823d
7 changed files with 58 additions and 88 deletions
--- a/44
+++ b/44
@@ -1,34 +1,32 @@
-FROM node:16 as builder
+# FROM node:16 as builder
+# WORKDIR /app
+# COPY . .
+# RUN npm i -g pnpm
+# RUN pnpm install
+# RUN pnpm bundle
+
+# FROM node:16
+# ARG redis_host
+# ARG mongo_host
+# RUN apt update
+# RUN apt install zip unzip mongo-tools -y
+
+# WORKDIR /app
+# COPY --from=builder /app/out .
+# EXPOSE 2333
+# CMD node index.js --redis_host=redis --db_host=mongo
+
+FROM node:16-alpine as builder
 WORKDIR /app
 COPY . .
 RUN npm i -g pnpm
 RUN pnpm install
 RUN pnpm bundle

-FROM node:16
-ARG redis_host
-ARG mongo_host
-RUN apt update
-RUN apt install zip unzip mongo-tools -y
+FROM node:16-alpine
+RUN apk add zip unzip mongodb-tools --no-cache

 WORKDIR /app
 COPY --from=builder /app/out .
 EXPOSE 2333
 CMD node index.js --redis_host=redis --db_host=mongo
-
-# FROM node:16-alpine as builder
-# WORKDIR /app
-# COPY . .
-# RUN apk add libtool autoconf automake make g++ python2 python3 --no-cache
-# RUN npm i -g pnpm
-# RUN pnpm install
-# RUN pnpm bundle
-
-# FROM node:16-alpine
-# RUN apk add zip unzip --no-cache
-# RUN apk add mongodb-tools --no-cache
-
-# WORKDIR /app
-# COPY --from=builder /app/out .
-# EXPOSE 2333
-# CMD ["node", "index.js"]
--- a/package.json
+++ b/package.json
@@ -82,8 +82,8 @@
    "dayjs": "1.10.7",
    "dotenv": "*",
    "ejs": "3.1.6",
+    "fastify-cookie": "^5.3.1",
    "fastify-multipart": "5.0.0",
-    "fastify-secure-session": "2.3.1",
    "fastify-swagger": "4.12.0",
    "graphql": "15.5.3",
    "html-minifier": "4.0.0",
@@ -93,7 +93,6 @@
    "jszip": "3.7.1",
    "lodash": "*",
    "marked": "3.0.4",
-    "mdurl": "*",
    "mkdirp": "*",
    "mongoose": "*",
    "mongoose-lean-id": "0.2.0",
@@ -117,7 +116,6 @@
    "zx": "4.2.0"
  },
  "devDependencies": {
-    "semver": "*",
    "@innei-util/eslint-config-ts": "latest",
    "@innei-util/prettier": "latest",
    "@nestjs/cli": "8.1.1",
@@ -148,6 +146,7 @@
    "prettier": "2.4.1",
    "rimraf": "3.0.2",
    "run-script-webpack-plugin": "0.0.11",
+    "semver": "*",
    "socket.io": "*",
    "ts-jest": "27.0.5",
    "ts-loader": "9.2.6",
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -56,8 +56,8 @@ specifiers:
  ejs: 3.1.6
  eslint: '*'
  fastify: '*'
+  fastify-cookie: ^5.3.1
  fastify-multipart: 5.0.0
-  fastify-secure-session: 2.3.1
  fastify-swagger: 4.12.0
  graphql: 15.5.3
  html-minifier: 4.0.0
@@ -71,7 +71,6 @@ specifiers:
  lint-staged: 11.1.2
  lodash: '*'
  marked: 3.0.4
-  mdurl: '*'
  mkdirp: '*'
  mongoose: '*'
  mongoose-lean-id: 0.2.0
@@ -136,8 +135,8 @@ dependencies:
  dayjs: 1.10.7
  dotenv: 10.0.0
  ejs: 3.1.6
+  fastify-cookie: 5.3.1
  fastify-multipart: 5.0.0
-  fastify-secure-session: 2.3.1
  fastify-swagger: 4.12.0
  graphql: 15.5.3
  html-minifier: 4.0.0
@@ -147,7 +146,6 @@ dependencies:
  jszip: 3.7.1
  lodash: 4.17.21
  marked: 3.0.4
-  mdurl: 1.0.1
  mkdirp: 1.0.4
  mongoose: 5.13.8
  mongoose-lean-id: 0.2.0_mongoose@5.13.8
@@ -4207,15 +4205,6 @@ packages:
    resolution: {integrity: sha512-ZdCvKEEd92DNLps5n0v231Bha8bkz1DjnPP/aEz37rz/q42Z5JVLmgnqR4DYuNn3NXAO3IDCPyRvgvxtJ4Ym4w==}
    dev: false

-  /fastify-secure-session/2.3.1:
-    resolution: {integrity: sha512-6XsatyRSiX0UQB0MOPlU/PC9yn3seImefS1yv8C0bAyjAJ876839eHKPrclwNKBVX+9SUX+LdJGJTBi8DSU63g==}
-    hasBin: true
-    dependencies:
-      fastify-cookie: 5.3.1
-      fastify-plugin: 3.0.0
-      sodium-native: 3.2.1
-    dev: false
-
  /fastify-static/4.2.3:
    resolution: {integrity: sha512-uFRgwYXZwLKyaMrByf10efO+HTjAPqyQOlUthoGljQKGCfbwUeTeE7EHadsDWeN7NMeqBE617RamVh9uqatuUw==}
    dependencies:
@@ -4855,10 +4844,6 @@ packages:
  /inherits/2.0.4:
    resolution: {integrity: sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==}

-  /ini/1.3.8:
-    resolution: {integrity: sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew==}
-    dev: false
-
  /inquirer/7.3.3:
    resolution: {integrity: sha512-JG3eIAj5V9CwcGvuOmoo6LB9kbAYT8HXffUl6memuszlwDC/qvFAJw49XJ5NROSFNPxp3iQg1GqkFhaY/CR0IA==}
    engines: {node: '>=8.0.0'}
@@ -6153,10 +6138,6 @@ packages:
    hasBin: true
    dev: false

-  /mdurl/1.0.1:
-    resolution: {integrity: sha1-/oWy7HWlkDfyrf7BAP1sYBdhFS4=}
-    dev: false
-
  /memfs/3.2.2:
    resolution: {integrity: sha512-RE0CwmIM3CEvpcdK3rZ19BC4E6hv9kADkMN5rPduRak58cNArWLi/9jFLsa4rhsjfVxMP3v0jO7FHXq7SvFY5Q==}
    engines: {node: '>= 4.0.0'}
@@ -6460,11 +6441,6 @@ packages:
    engines: {node: 4.x || >=6.0.0}
    dev: false

-  /node-gyp-build/4.3.0:
-    resolution: {integrity: sha512-iWjXZvmboq0ja1pUGULQBexmxq8CV4xBhX7VDOTbL7ZR4FOowwY/VOtRxBN/yKxmdGoIp4j5ysNT4u3S2pDQ3Q==}
-    hasBin: true
-    dev: false
-
  /node-int64/0.4.0:
    resolution: {integrity: sha1-h6kGXNs1XTGC2PlM4RGIuCXGijs=}
    dev: true
@@ -7602,14 +7578,6 @@ packages:
      - utf-8-validate
    dev: false

-  /sodium-native/3.2.1:
-    resolution: {integrity: sha512-EgDZ/Z7PxL2kCasKk7wnRkV8W9kvwuIlHuHXAxkQm3FF0MgVsjyLBXGjSRGhjE6u7rhSpk3KaMfFM23bfMysIQ==}
-    requiresBuild: true
-    dependencies:
-      ini: 1.3.8
-      node-gyp-build: 4.3.0
-    dev: false
-
  /sonic-boom/1.4.1:
    resolution: {integrity: sha512-LRHh/A8tpW7ru89lrlkU4AszXt1dbwSjVWguGrmlxE7tawVmDBlI1PILMkXAxJTwqhgsEeTHzj36D5CmHgQmNg==}
    dependencies:
--- a/src/app.config.ts
+++ b/src/app.config.ts
@@ -47,9 +47,4 @@ export const SECURITY = {
  jwtExpire: '7d',
  // 跳过登陆鉴权
  skipAuth: argv.skipAuth ?? false,
-  get secret() {
-    return this.jwtSecret
-  },
-  // 必须 16 位
-  salt: argv.salt || 'axczswrasxzfqxsa',
 }
--- a/src/common/adapt/fastify.ts
+++ b/src/common/adapt/fastify.ts
@@ -1,7 +1,6 @@
 import { FastifyAdapter } from '@nestjs/platform-fastify'
+import fastifyCookie from 'fastify-cookie'
 import FastifyMultipart from 'fastify-multipart'
-import secureSession from 'fastify-secure-session'
-import { SECURITY } from '~/app.config'

 const app: FastifyAdapter = new FastifyAdapter({
  trustProxy: true,
@@ -25,11 +24,6 @@ app.getInstance().addHook('onRequest', (request, reply, done) => {
  done()
 })

-app.register(secureSession, {
-  secret: SECURITY.secret.slice(10).repeat(4),
-  salt: SECURITY.salt,
-  cookie: {
-    path: '/',
-    httpOnly: true,
-  },
+app.register(fastifyCookie, {
+  secret: 'cookie-secret', // 这个 secret 不太重要, 不存鉴权相关, 无关紧要
 })
--- a/src/common/decorator/cookie.decorator.ts
+++ b/src/common/decorator/cookie.decorator.ts
@@ -0,0 +1,9 @@
+import { createParamDecorator, ExecutionContext } from '@nestjs/common'
+import { FastifyRequest } from 'fastify'
+
+export const Cookies = createParamDecorator(
+  (data: string, ctx: ExecutionContext) => {
+    const request = ctx.switchToHttp().getRequest<FastifyRequest>()
+    return data ? request.cookies?.[data] : request.cookies
+  },
+)
--- a/src/modules/pageproxy/pageproxy.controller.ts
+++ b/src/modules/pageproxy/pageproxy.controller.ts
@@ -1,6 +1,7 @@
-import { Controller, Get, Header, Query, Session } from '@nestjs/common'
-import * as secureSession from 'fastify-secure-session'
+import { Controller, Get, Query, Res } from '@nestjs/common'
+import { FastifyReply } from 'fastify'
 import { API_VERSION } from '~/app.config'
+import { Cookies } from '~/common/decorator/cookie.decorator'
 import { HTTPDecorators } from '~/common/decorator/http.decorator'
 import { ApiName } from '~/common/decorator/openapi.decorator'
 import { RedisKeys } from '~/constants/cache.constant'
@@ -30,18 +31,20 @@ export class PageProxyController {
  ) {}

  @Get('/qaqdmin')
-  @Header('Content-Type', 'text/html')
  @HTTPDecorators.Bypass
  async proxyAdmin(
-    @Session() session: secureSession.Session,
+    @Cookies() cookies: KV<string>,
    @Query() query: PageProxyDebugDto,
+    @Res() reply: FastifyReply,
  ) {
    const {
      adminExtra,
      url: { webUrl },
    } = await this.configs.waitForConfigReady()
    if (!adminExtra.enableAdminProxy && !isDev) {
-      return '<h1>Admin Proxy is disabled</h1>'
+      return reply.type('application/json').status(403).send({
+        message: 'admin proxy not enabled',
+      })
    }
    const {
      __apiUrl: apiUrl,
@@ -49,17 +52,18 @@ export class PageProxyController {
      __onlyGithub: onlyGithub,
      __debug: debug,
    } = query
-    session.options({ maxAge: 1000 * 60 * 10 })
+
    if (apiUrl) {
-      session.set('__apiUrl', apiUrl)
+      reply.setCookie('__apiUrl', apiUrl, { maxAge: 1000 * 60 * 10 })
    }

    if (gatewayUrl) {
-      session.set('__gatewayUrl', gatewayUrl)
+      reply.setCookie('__gatewayUrl', gatewayUrl, { maxAge: 1000 * 60 * 10 })
    }

    if (debug === false) {
-      session.delete()
+      reply.clearCookie('__apiUrl')
+      reply.clearCookie('__gatewayUrl')
    }

    let entry =
@@ -89,10 +93,13 @@ export class PageProxyController {
      ttl: 10 * 60,
    })

-    const sessionInjectableData = {
-      BASE_API: session.get('__apiUrl'),
-      GATEWAY: session.get('__gatewayUrl'),
-    }
+    const sessionInjectableData =
+      debug === false
+        ? {}
+        : {
+            BASE_API: apiUrl ?? cookies['__apiUrl'],
+            GATEWAY: gatewayUrl ?? cookies['__gatewayUrl'],
+          }

    entry = entry.replace(
      `<!-- injectable script -->`,
@@ -116,6 +123,6 @@ export class PageProxyController {
      }
      </script>`,
    )
-    return entry
+    return reply.type('text/html').send(entry)
  }
 }