You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
195 lines
5.8 KiB
195 lines
5.8 KiB
2 years ago
|
'use strict';
|
||
|
const Hex = require('crypto-js/enc-hex');
|
||
|
const SHA1 = require('crypto-js/sha1');
|
||
|
const MD5 = require('crypto-js/md5');
|
||
|
const moment = require('moment');
|
||
|
const uuid = require('uuid');
|
||
|
|
||
|
async function login(ctx, next) {
|
||
|
// const transaction = await ctx.fs.dc.orm.transaction();
|
||
|
try {
|
||
|
const models = ctx.fs.dc.models;
|
||
|
const params = ctx.request.body;
|
||
|
|
||
|
|
||
|
let userRes = null
|
||
|
if (params.username && params.password) {
|
||
|
const password = Hex.stringify(MD5(params.password));
|
||
|
userRes = await models.User.findOne({
|
||
|
attributes: { exclude: ['password'] },
|
||
|
where: {
|
||
|
userName: params.username,
|
||
|
password: password,
|
||
|
del: false,
|
||
|
},
|
||
|
include: [{
|
||
|
model: models.UserDepartment,
|
||
|
include: [{
|
||
|
model: models.Department,
|
||
|
attributes: ['id', 'name'],
|
||
|
include: [{
|
||
|
model: models.Company,
|
||
|
attributes: ['id', 'name'],
|
||
|
}]
|
||
|
}]
|
||
|
}, {
|
||
|
model: models.UserPost,
|
||
|
include: [{
|
||
|
model: models.Post,
|
||
|
attributes: ['id', 'name'],
|
||
|
}]
|
||
|
}, {
|
||
|
model: models.Role,
|
||
|
}]
|
||
|
});
|
||
|
} else if (params.phone && params.code) {
|
||
|
const record = await models.PhoneValidateCode.findOne({
|
||
|
where: {
|
||
|
phone: phone,
|
||
|
code: code
|
||
|
}
|
||
|
});
|
||
|
if (!record) {
|
||
|
throw '验证码错误'
|
||
|
} else if (record.expired < new Date()) {
|
||
|
throw '验证码已失效'
|
||
|
}
|
||
|
userRes = await models.User.findOne({
|
||
|
attributes: { exclude: ['password'] },
|
||
|
where: {
|
||
|
tel: phone,
|
||
|
del: false,
|
||
|
},
|
||
|
include: [{
|
||
|
model: models.UserDepartment,
|
||
|
include: [{
|
||
|
model: models.Department,
|
||
|
attributes: ['id', 'name'],
|
||
|
include: [{
|
||
|
model: models.Company,
|
||
|
attributes: ['id', 'name'],
|
||
|
}]
|
||
|
}]
|
||
|
}, {
|
||
|
model: models.UserPost,
|
||
|
include: [{
|
||
|
model: models.Post,
|
||
|
attributes: ['id', 'name'],
|
||
|
}]
|
||
|
}, {
|
||
|
model: models.Role,
|
||
|
}]
|
||
|
});
|
||
|
}
|
||
|
|
||
|
if (userRes) {
|
||
|
if (!userRes.state) {
|
||
|
throw '用户已禁用'
|
||
|
} else {
|
||
|
const token = uuid.v4();
|
||
|
const userInfo = {
|
||
|
authorized: true,
|
||
|
...userRes.dataValues,
|
||
|
token,
|
||
|
};
|
||
|
// 记录token
|
||
|
const expiredDay = 7;
|
||
|
const expired = moment().add(expiredDay, 'day').format('YYYY-MM-DD HH:mm:ss')
|
||
|
await models.UserToken.create({
|
||
|
token: token,
|
||
|
userInfo: userInfo,
|
||
|
expired: expired
|
||
|
});
|
||
|
|
||
|
ctx.status = 200;
|
||
|
ctx.body = userInfo;
|
||
|
}
|
||
|
} else {
|
||
|
throw '账号或密码错误'
|
||
|
}
|
||
|
// await transaction.commit();
|
||
|
} catch (error) {
|
||
|
// await transaction.rollback();
|
||
|
ctx.status = 400;
|
||
|
ctx.body = {
|
||
|
message: typeof error == 'string' ? error : '登录失败'
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
async function varfiyCode(ctx) {
|
||
|
try {
|
||
|
const { models } = ctx.fs.dc;
|
||
|
const { pushBySms, pushByEmail } = ctx.app.fs.utils
|
||
|
const { phone, sig, r } = ctx.request.body
|
||
|
|
||
|
// 伪造的请求可能由相同的sig参数组成
|
||
|
const checkSigUsed = await models.PhoneValidateCode.findOne({
|
||
|
where: { sig: sig }
|
||
|
});
|
||
|
if (checkSigUsed) {
|
||
|
throw '参数错误!'
|
||
|
}
|
||
|
|
||
|
// 验证sig正确性
|
||
|
const checkSig = Hex.stringify(SHA1(phone + r));
|
||
|
if (!r || !sig || sig != checkSig) {
|
||
|
throw '参数错误!'
|
||
|
}
|
||
|
|
||
|
let varifyCode = ''
|
||
|
for (let i = 0; i < 6; i++) {
|
||
|
varifyCode += Math.floor(Math.random() * 10)
|
||
|
}
|
||
|
|
||
|
// await pushBySms({
|
||
|
// phone: phone,
|
||
|
// templateCode: 'SMS_248250074',
|
||
|
// templateParam: {
|
||
|
// code: varifyCode
|
||
|
// },
|
||
|
// })
|
||
|
|
||
|
await models.PhoneValidateCode.create({
|
||
|
phone: phone,
|
||
|
code: varifyCode,
|
||
|
sig: sig,
|
||
|
expired: moment().add(10, 'minutes').format('YYYY-MM-DD HH:mm:ss')
|
||
|
})
|
||
|
|
||
|
ctx.status = 204;
|
||
|
} catch (error) {
|
||
|
ctx.fs.logger.error(`path: ${ctx.path}, error: ${error}`);
|
||
|
ctx.status = 400;
|
||
|
ctx.body = {
|
||
|
message: typeof error == 'string' ? error : '获取验证码失败'
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
async function logout(ctx) {
|
||
|
try {
|
||
|
const models = ctx.fs.dc.models;
|
||
|
const params = ctx.request.body;
|
||
|
|
||
|
await models.UserToken.destroy({
|
||
|
where: {
|
||
|
token: params.token,
|
||
|
}
|
||
|
});
|
||
|
|
||
|
ctx.status = 204;
|
||
|
} catch (error) {
|
||
|
ctx.fs.logger.error(`path: ${ctx.path}, error: ${error}`);
|
||
|
ctx.status = 400;
|
||
|
ctx.body = {
|
||
|
message: typeof error == 'string' ? error : undefined
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
module.exports = {
|
||
|
login,
|
||
|
varfiyCode,
|
||
|
logout,
|
||
|
};
|