0

我正在尝试为我们内部网络(内联网、bpm 等)中的许多产品编写一个代理请求的单个后端。在 bpm Bonita 的情况下,我需要每个用户使用自己的凭据登录到使用 cookie 响应的服务。我的想法是在登录数据库后为每个用户保存 cookie,然后将其附加到用户进行的每个调用中。

功能:

        let unirest = require('unirest');
    //I try to call  it with the cookie of the last session passed in data.cookie
    unirest.post('https://bonitaurl:8443/bonita/' + data.query)
        .headers({
            'Accept': 'application/json',
            'Content-Type': 'application/json',
            'ContentType': 'application/json'
        })
        .send(data.Presult.params)
        .jar(data.cookie)//import cookie from database
        .strictSSL(false)
        .end(function (Tryresponse) {
            if (Tryresponse.statusCode != 401 && Tryresponse.statusCode != 404) {
                console.log('loggedin as : ', data.user);
                console.log(data.cookie);
                console.log(Tryresponse.statusCode);
                return callback(Tryresponse);
            }
            else if (Tryresponse.statusCode == 401 || Tryresponse.statusCode == 403) {
                console.log(Refresh cookie for user : ', data.user);
                request = unirest.post('https://bonitaurl:8443/bonita/loginservice')
                    .send({'redirect': false, 'username': data.user, 'password': data.pass})
                    .headers({
                        'Accept': 'application/json',
                        'Accept': 'application/x-www-form-urlencoded',
                        'Content-Type': 'application/x-www-form-urlencoded'
                    })
                    .strictSSL(false)
                    .jar(true)//save cookies
                    .end(function (loginresponse) {
                        if (loginresponse) {
                            //Call using previus cookies

                            // Start DB
                            let pgp = require("pg-promise")();
                            let db = pgp("postgres://DBUSER:*****@localhost:5432/MYDB");

                            //I will save tokens to database
                            db.none("update users set bpmtk = $1 where username = $2  ", [JSON.stringify(loginresponse.cookies), data.user])
                                .then(function () {
                                    console.log('updated ' + user);
                                    unirest.post('https://bonitaurl:8443/bonita/' + data.query)
                                        .headers({
                                            'Accept': 'application/json',
                                            'Content-Type': 'application/json',
                                            'ContentType': 'application/json'
                                        })
                                        .send(data.Presult.params)
                                        .jar(loginresponse.cookies)//Import cookies from the last request
                                        .strictSSL(false)
                                        .end(function (Proxyresponse) {
                                            if (Proxyresponse) {
                                                return callback(Proxyresponse);
                                            }
                                        })
                                });
                        }
                    })
            }
            else {
                console.log('Error code: : ', Tryresponse.statusCode);
                return callback(Tryresponse.statusCode);
            }
        })

该代码有效,每个用户都可以使用最后一个 cookie 正确登录,但如果我检查用户的会话,它指向最后一个登录的用户!为避免这种情况,我必须每次登录、执行呼叫然后注销!这对性能非常不利。任何想法 ?

4

0 回答 0