However, in this process, I saw a document and found a place that could be optimized. I wrote the interface without request constraint, so I added a request constraint to the single interface call limit: 60 times /20 seconds;

let list = [];
let key = -1; 
let timer = setInterval(function(){list = []; key=-1},20000)

app.use(async (ctx, next) => {
    let url = ctx.request.url
    list.forEach((item,index) = >{if(item.name === url){ key=index }})
    if(! ~key){ list.push({name:ctx.request.url,count:1});
        if( url === '/login') {await next()
        }else{
            let token = ctx.request.header.token||[]
            let user = await tools.search(User,{token},"all")
            if(user.length){
                await next()
            }else{
                ctx.body = {
                    "retCode": false."resultMsg": 'Login has expired please log in again'."errorCode": 3}}}}else{
        if(list[key].count>=20){
            ctx.body = {
                "retCode": false."resultMsg": 'Too many requests please try again later'."errorCode": 4}}else{
            list[key].count++
            if( url === '/login') {await next()
            }else{
                let token = ctx.request.header.token||[]
                let user = await tools.search(User,{token},"all")
                if(user.length){
                        await next()
                }else{
                    ctx.body = {
                        "retCode": false."resultMsg": 'Login has expired please log in again'."errorCode": 3}}}}}})Copy the code

Permission Design

Database section

The user the users table

The custom

Branch role table

  • Give five fields, for example: first, second, third, fourth, fifth

These five fields correspond to 5 levels, first is the highest level and fifth is the role.

  • All fields are named after departments. If the field requires a role, add the role name to the field at the next level. The department can be defined as the person in charge of the department and perform data processing when obtaining the interfacefirst: [{name:second,children:[]},{name:second}]

Privs permissions table

  • Custom permissions

User_branch User role association table

Branch_privs Role permission association table

Interface section

Add and delete

  1. Add, delete, change and check the role
  2. User’s add, delete, change and check
  3. You can obtain the role ID and department based on the user ID

The front part

  1. ElementUI has a tree control as a base option
  2. The increase, deletion, change and check of permissions are realized by box style

The target

  • Under the condition that the quality of work is not delayed, the deadline for emergencies is July 31

Go to work, steal code to play by yourself, play by yourself!!