You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
162 lines
4.7 KiB
162 lines
4.7 KiB
'use strict';
|
|
const Hex = require('crypto-js/enc-hex');
|
|
const SHA1 = require('crypto-js/sha1');
|
|
const MD5 = require('crypto-js/md5');
|
|
const moment = require('moment');
|
|
const uuid = require('uuid');
|
|
|
|
async function login(ctx, next) {
|
|
try {
|
|
const transaction = await ctx.fs.dc.orm.transaction();
|
|
|
|
const models = ctx.fs.dc.models;
|
|
const params = ctx.request.body;
|
|
let password = Hex.stringify(MD5(params.password));
|
|
const userRes = await models.User.findOne({
|
|
where: {
|
|
username: params.username,
|
|
password: password,
|
|
delete: false,
|
|
enable: true
|
|
},
|
|
attributes: { exclude: ['password'] },
|
|
include: [{
|
|
attributes: ["resourceId"],
|
|
model: models.UserResource
|
|
}]
|
|
});
|
|
|
|
|
|
if (!userRes) {
|
|
ctx.status = 400;
|
|
ctx.body = {
|
|
"message": "账号或密码错误"
|
|
}
|
|
}
|
|
|
|
if (userRes)
|
|
if (userRes && !userRes.enable) {
|
|
ctx.status = 400;
|
|
ctx.body = { message: "该用户已被禁用" }
|
|
} else {
|
|
const token = uuid.v4();
|
|
let deptInfo = null;
|
|
if (userRes) {
|
|
const { departmentId } = userRes.dataValues;
|
|
deptInfo = await models.Department.findOne({
|
|
where: {
|
|
id: departmentId
|
|
}
|
|
})
|
|
}
|
|
|
|
if (!userRes) {
|
|
ctx.status = 400;
|
|
ctx.body = { message: "暂无登录权限,请联系管理员" }
|
|
return;
|
|
}
|
|
|
|
let userData = userRes.dataValues;
|
|
let userRslt = Object.assign(userData, {
|
|
authorized: true,
|
|
token: token,
|
|
userResources: userRes ? userRes.userResources.map(r => r.resourceId) : [],
|
|
type: deptInfo ? deptInfo.type : '',
|
|
deptName: deptInfo ? deptInfo.name : '',
|
|
});
|
|
await models.UserToken.create({
|
|
token: token,
|
|
userInfo: userRslt,
|
|
expired: moment().add(30, 'days').format()
|
|
});
|
|
|
|
ctx.status = 200;
|
|
ctx.body = userRslt;
|
|
}
|
|
await transaction.commit();
|
|
} catch (error) {
|
|
await transaction.rollback();
|
|
ctx.fs.logger.error(`path: ${ctx.path}, error: ${error}`);
|
|
ctx.status = 400;
|
|
ctx.body = {
|
|
"message": "登录失败"
|
|
}
|
|
}
|
|
}
|
|
|
|
async function varfiyCode(ctx) {
|
|
try {
|
|
const { models } = ctx.fs.dc;
|
|
const { pushBySms, pushByEmail } = ctx.app.fs.utils
|
|
const { phone, sig, r } = ctx.request.body
|
|
|
|
// 伪造的请求可能由相同的sig参数组成
|
|
const checkSigUsed = await models.PhoneValidateCode.findOne({
|
|
where: { sig: sig }
|
|
});
|
|
if (checkSigUsed) {
|
|
throw '参数错误!'
|
|
}
|
|
|
|
// 验证sig正确性
|
|
const checkSig = Hex.stringify(SHA1(phone + r));
|
|
if (!r || !sig || sig != checkSig) {
|
|
throw '参数错误!'
|
|
}
|
|
|
|
let varifyCode = ''
|
|
for (let i = 0; i < 6; i++) {
|
|
varifyCode += Math.floor(Math.random() * 10)
|
|
}
|
|
|
|
// await pushBySms({
|
|
// phone: phone,
|
|
// templateCode: 'SMS_248250074',
|
|
// templateParam: {
|
|
// code: varifyCode
|
|
// },
|
|
// })
|
|
|
|
await models.PhoneValidateCode.create({
|
|
phone: phone,
|
|
code: varifyCode,
|
|
sig: sig,
|
|
expired: moment().add(10, 'minutes').format('YYYY-MM-DD HH:mm:ss')
|
|
})
|
|
|
|
ctx.status = 204;
|
|
} catch (error) {
|
|
ctx.fs.logger.error(`path: ${ctx.path}, error: ${error}`);
|
|
ctx.status = 400;
|
|
ctx.body = {
|
|
message: typeof error == 'string' ? error : '获取验证码失败'
|
|
}
|
|
}
|
|
}
|
|
|
|
async function logout(ctx) {
|
|
try {
|
|
const models = ctx.fs.dc.models;
|
|
const params = ctx.request.body;
|
|
|
|
await models.UserToken.destroy({
|
|
where: {
|
|
token: params.token,
|
|
}
|
|
});
|
|
|
|
ctx.status = 204;
|
|
} catch (error) {
|
|
ctx.fs.logger.error(`path: ${ctx.path}, error: ${error}`);
|
|
ctx.status = 400;
|
|
ctx.body = {
|
|
message: typeof error == 'string' ? error : undefined
|
|
}
|
|
}
|
|
}
|
|
|
|
module.exports = {
|
|
login,
|
|
varfiyCode,
|
|
logout,
|
|
};
|