拷贝代码备忘,filter过滤请求,proxyReqOptDecorator重写请求头,代码如下:
var express = require('express');
var proxy = require('express-http-proxy')
var app = express();
app.all('*', function (req, res, next) {
res.header("Access-Control-Allow-Origin", req.headers.origin);
res.header("Access-Control-Allow-Methods", "PUT,POST,GET,DELETE,OPTIONS");
res.header("Access-Control-Allow-Credentials", "true");
res.header("Content-Type", "application/json;charset=utf-8");
if (req.method == 'OPTIONS') {
res.header('Access-Control-Allow-Headers', req.headers['access-control-request-headers']);
res.send(200); /*让options请求快速返回*/
}
else {
next();
}
});
// 代码转发
app.use('/ProxySSO', proxy(req => {
return req.headers.apiurl
}, {
filter: function (req, res) {
// 用户名\系统标识\用户权限
let { systemName, masterName, powers } = req.tokenDecode;
const { originalUrl } = req;
const url = originalUrl.replace('/ProxySSO', '').split('?')[0];
/**
* 接口权限检查
* @param {String} url 接口地址
* @param {Object} powers rbac权限列表
* @returns {boolean} 是否有权限
*/
const checkPowers = (url, powers) => {
// do something
}
const hasPowers = checkPowers(url, powers);
// 权限判断
return hasPowers;
},
proxyReqOptDecorator: function(proxyReqOpts, srcReq) {
// header增加masterName 具体按照自己的需求来
// proxyReqOpts.headers['masterName'] = srcReq.tokenDecode.masterName;
return proxyReqOpts;
}
}));
module.exports = app;
