请在下面找到我的 Node.JS 服务器代码片段:
// Define the user API
var API = {
list: 'private',
login: 'public',
logout: 'private',
add: 'admin',
remove: 'admin',
edit: 'admin'
};
// Attach API handlers
for(var label in API) {
var denied = 'Permission denied';
var wrapper = (function (label) {
return function (req, res) {
var permission = API[label];
if(!req.session) {
if(permission !== 'public') {
res.send(denied);
return;
}
} else if((permission === 'admin') && (req.session.rights !== 'Administrator')) {
res.send(denied);
return;
}
eval(label + '(req, res)');
};
}(label));
server.post('/user/' + label, wrapper);
}
基本上,我为 中的每个属性都有一个 API 处理程序API
,并以编程方式附加处理程序,并根据需要处理权限。然而 JSHint 真的不喜欢这样。我得到三个错误:
Line 29: eval(label + '(req, res)');
eval is evil.
Line 31: }(label));
Don't make functions within a loop.
Line 12: for(var label in API) {
The body of a for in should be wrapped in an if statement to filter unwanted properties from the prototype.
如何改进这段代码以使 JSHint 满意?您是否会建议对代码进行其他更改?