|
|
|
|
'use strict';
|
|
|
|
|
const Hex = require('crypto-js/enc-hex');
|
|
|
|
|
const SHA1 = require('crypto-js/sha1');
|
|
|
|
|
const MD5 = require('crypto-js/md5');
|
|
|
|
|
const moment = require('moment');
|
|
|
|
|
const uuid = require('uuid');
|
|
|
|
|
|
|
|
|
|
async function login (ctx, next) {
|
|
|
|
|
try {
|
|
|
|
|
// const transaction = await ctx.fs.dc.orm.transaction();
|
|
|
|
|
|
|
|
|
|
const models = ctx.fs.dc.models;
|
|
|
|
|
const params = ctx.request.body;
|
|
|
|
|
let password = Hex.stringify(MD5(params.password));
|
|
|
|
|
const userRes = await models.User.findOne({
|
|
|
|
|
where: {
|
|
|
|
|
username: params.username,
|
|
|
|
|
password: password,
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if (userRes) {
|
|
|
|
|
const token = uuid.v4();
|
|
|
|
|
const userInfo = {
|
|
|
|
|
authorized: true,
|
|
|
|
|
...userRes.dataValues,
|
|
|
|
|
token,
|
|
|
|
|
};
|
|
|
|
|
// 记录token
|
|
|
|
|
const expiredDay = 7;
|
|
|
|
|
const expired = moment().add(expiredDay, 'day').format('YYYY-MM-DD HH:mm:ss')
|
|
|
|
|
await models.UserToken.create({
|
|
|
|
|
token: token,
|
|
|
|
|
userInfo: userInfo,
|
|
|
|
|
expired: expired
|
|
|
|
|
});
|
|
|
|
|
ctx.status = 200;
|
|
|
|
|
ctx.body = userInfo;
|
|
|
|
|
} else {
|
|
|
|
|
ctx.status = 400;
|
|
|
|
|
ctx.body = {
|
|
|
|
|
"message": "账号或密码错误"
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
// await transaction.commit();
|
|
|
|
|
} catch (error) {
|
|
|
|
|
// await transaction.rollback();
|
|
|
|
|
ctx.fs.logger.error(`path: ${ctx.path}, error: ${error}`);
|
|
|
|
|
ctx.status = 400;
|
|
|
|
|
ctx.body = {
|
|
|
|
|
"message": "登录失败"
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
async function varfiyCode (ctx) {
|
|
|
|
|
try {
|
|
|
|
|
const { models } = ctx.fs.dc;
|
|
|
|
|
const { pushBySms, pushByEmail } = ctx.app.fs.utils
|
|
|
|
|
const { phone, sig, r } = ctx.request.body
|
|
|
|
|
|
|
|
|
|
// 伪造的请求可能由相同的sig参数组成
|
|
|
|
|
const checkSigUsed = await models.PhoneValidateCode.findOne({
|
|
|
|
|
where: { sig: sig }
|
|
|
|
|
});
|
|
|
|
|
if (checkSigUsed) {
|
|
|
|
|
throw '参数错误!'
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// 验证sig正确性
|
|
|
|
|
const checkSig = Hex.stringify(SHA1(phone + r));
|
|
|
|
|
if (!r || !sig || sig != checkSig) {
|
|
|
|
|
throw '参数错误!'
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
let varifyCode = ''
|
|
|
|
|
for (let i = 0; i < 6; i++) {
|
|
|
|
|
varifyCode += Math.floor(Math.random() * 10)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// await pushBySms({
|
|
|
|
|
// phone: phone,
|
|
|
|
|
// templateCode: 'SMS_248250074',
|
|
|
|
|
// templateParam: {
|
|
|
|
|
// code: varifyCode
|
|
|
|
|
// },
|
|
|
|
|
// })
|
|
|
|
|
|
|
|
|
|
await models.PhoneValidateCode.create({
|
|
|
|
|
phone: phone,
|
|
|
|
|
code: varifyCode,
|
|
|
|
|
sig: sig,
|
|
|
|
|
expired: moment().add(10, 'minutes').format('YYYY-MM-DD HH:mm:ss')
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
ctx.status = 204;
|
|
|
|
|
} catch (error) {
|
|
|
|
|
ctx.fs.logger.error(`path: ${ctx.path}, error: ${error}`);
|
|
|
|
|
ctx.status = 400;
|
|
|
|
|
ctx.body = {
|
|
|
|
|
message: typeof error == 'string' ? error : '获取验证码失败'
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
async function logout (ctx) {
|
|
|
|
|
try {
|
|
|
|
|
const models = ctx.fs.dc.models;
|
|
|
|
|
const params = ctx.request.body;
|
|
|
|
|
|
|
|
|
|
await models.UserToken.destroy({
|
|
|
|
|
where: {
|
|
|
|
|
token: params.token,
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
ctx.status = 204;
|
|
|
|
|
} catch (error) {
|
|
|
|
|
ctx.fs.logger.error(`path: ${ctx.path}, error: ${error}`);
|
|
|
|
|
ctx.status = 400;
|
|
|
|
|
ctx.body = {
|
|
|
|
|
message: typeof error == 'string' ? error : undefined
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
module.exports = {
|
|
|
|
|
login,
|
|
|
|
|
varfiyCode,
|
|
|
|
|
logout,
|
|
|
|
|
};
|
