🐶 重构部分用户数据库操作代码

2021-03-18 00:07:30 +08:00
parent d6ef8aa1db
commit 805fec4a67
50 changed files with 478 additions and 453 deletions
--- a/server/api/account.go
+++ b/server/api/account.go
@ -0,0 +1,310 @@
+package api
+
+import (
+	"strings"
+	"time"
+
+	"next-terminal/server/global"
+	"next-terminal/server/model"
+	"next-terminal/server/totp"
+	"next-terminal/server/utils"
+
+	"github.com/labstack/echo/v4"
+)
+
+const (
+	RememberEffectiveTime    = time.Hour * time.Duration(24*14)
+	NotRememberEffectiveTime = time.Hour * time.Duration(2)
+)
+
+type LoginAccount struct {
+	Username string `json:"username"`
+	Password string `json:"password"`
+	Remember bool   `json:"remember"`
+	TOTP     string `json:"totp"`
+}
+
+type ConfirmTOTP struct {
+	Secret string `json:"secret"`
+	TOTP   string `json:"totp"`
+}
+
+type ChangePassword struct {
+	NewPassword string `json:"newPassword"`
+	OldPassword string `json:"oldPassword"`
+}
+
+type Authorization struct {
+	Token    string
+	Remember bool
+	User     model.User
+}
+
+func LoginEndpoint(c echo.Context) error {
+	var loginAccount LoginAccount
+	if err := c.Bind(&loginAccount); err != nil {
+		return err
+	}
+
+	user, err := userRepository.FindByUsername(loginAccount.Username)
+
+	// 存储登录失败次数信息
+	loginFailCountKey := loginAccount.Username
+	v, ok := global.Cache.Get(loginFailCountKey)
+	if !ok {
+		v = 1
+	}
+	count := v.(int)
+	if count >= 5 {
+		return Fail(c, -1, "登录失败次数过多，请稍后再试")
+	}
+
+	if err != nil {
+		count++
+		global.Cache.Set(loginFailCountKey, count, time.Minute*time.Duration(5))
+		return FailWithData(c, -1, "您输入的账号或密码不正确", count)
+	}
+
+	if err := utils.Encoder.Match([]byte(user.Password), []byte(loginAccount.Password)); err != nil {
+		count++
+		global.Cache.Set(loginFailCountKey, count, time.Minute*time.Duration(5))
+		return FailWithData(c, -1, "您输入的账号或密码不正确", count)
+	}
+
+	if user.TOTPSecret != "" && user.TOTPSecret != "-" {
+		return Fail(c, 0, "")
+	}
+
+	token, err := LoginSuccess(c, loginAccount, user)
+	if err != nil {
+		return err
+	}
+
+	return Success(c, token)
+}
+
+func LoginSuccess(c echo.Context, loginAccount LoginAccount, user model.User) (token string, err error) {
+	token = strings.Join([]string{utils.UUID(), utils.UUID(), utils.UUID(), utils.UUID()}, "")
+
+	authorization := Authorization{
+		Token:    token,
+		Remember: loginAccount.Remember,
+		User:     user,
+	}
+
+	cacheKey := BuildCacheKeyByToken(token)
+
+	if authorization.Remember {
+		// 记住登录有效期两周
+		global.Cache.Set(cacheKey, authorization, RememberEffectiveTime)
+	} else {
+		global.Cache.Set(cacheKey, authorization, NotRememberEffectiveTime)
+	}
+
+	// 保存登录日志
+	loginLog := model.LoginLog{
+		ID:              token,
+		UserId:          user.ID,
+		ClientIP:        c.RealIP(),
+		ClientUserAgent: c.Request().UserAgent(),
+		LoginTime:       utils.NowJsonTime(),
+		Remember:        authorization.Remember,
+	}
+
+	if model.CreateNewLoginLog(&loginLog) != nil {
+		return "", err
+	}
+
+	// 修改登录状态
+	err = userRepository.Update(&model.User{Online: true, ID: user.ID})
+
+	return token, err
+}
+
+func BuildCacheKeyByToken(token string) string {
+	cacheKey := strings.Join([]string{Token, token}, ":")
+	return cacheKey
+}
+
+func GetTokenFormCacheKey(cacheKey string) string {
+	token := strings.Split(cacheKey, ":")[1]
+	return token
+}
+
+func loginWithTotpEndpoint(c echo.Context) error {
+	var loginAccount LoginAccount
+	if err := c.Bind(&loginAccount); err != nil {
+		return err
+	}
+
+	// 存储登录失败次数信息
+	loginFailCountKey := loginAccount.Username
+	v, ok := global.Cache.Get(loginFailCountKey)
+	if !ok {
+		v = 1
+	}
+	count := v.(int)
+	if count >= 5 {
+		return Fail(c, -1, "登录失败次数过多，请稍后再试")
+	}
+
+	user, err := userRepository.FindByUsername(loginAccount.Username)
+	if err != nil {
+		count++
+		global.Cache.Set(loginFailCountKey, count, time.Minute*time.Duration(5))
+		return FailWithData(c, -1, "您输入的账号或密码不正确", count)
+	}
+
+	if err := utils.Encoder.Match([]byte(user.Password), []byte(loginAccount.Password)); err != nil {
+		count++
+		global.Cache.Set(loginFailCountKey, count, time.Minute*time.Duration(5))
+		return FailWithData(c, -1, "您输入的账号或密码不正确", count)
+	}
+
+	if !totp.Validate(loginAccount.TOTP, user.TOTPSecret) {
+		count++
+		global.Cache.Set(loginFailCountKey, count, time.Minute*time.Duration(5))
+		return FailWithData(c, -1, "您输入双因素认证授权码不正确", count)
+	}
+
+	token, err := LoginSuccess(c, loginAccount, user)
+	if err != nil {
+		return err
+	}
+
+	return Success(c, token)
+}
+
+func LogoutEndpoint(c echo.Context) error {
+	token := GetToken(c)
+	cacheKey := BuildCacheKeyByToken(token)
+	global.Cache.Delete(cacheKey)
+	err := model.Logout(token)
+	if err != nil {
+		return err
+	}
+	return Success(c, nil)
+}
+
+func ConfirmTOTPEndpoint(c echo.Context) error {
+	if global.Config.Demo {
+		return Fail(c, 0, "演示模式禁止开启两步验证")
+	}
+	account, _ := GetCurrentAccount(c)
+
+	var confirmTOTP ConfirmTOTP
+	if err := c.Bind(&confirmTOTP); err != nil {
+		return err
+	}
+
+	if !totp.Validate(confirmTOTP.TOTP, confirmTOTP.Secret) {
+		return Fail(c, -1, "TOTP 验证失败，请重试")
+	}
+
+	u := &model.User{
+		TOTPSecret: confirmTOTP.Secret,
+		ID:         account.ID,
+	}
+
+	if err := userRepository.Update(u); err != nil {
+		return err
+	}
+
+	return Success(c, nil)
+}
+
+func ReloadTOTPEndpoint(c echo.Context) error {
+	account, _ := GetCurrentAccount(c)
+
+	key, err := totp.NewTOTP(totp.GenerateOpts{
+		Issuer:      c.Request().Host,
+		AccountName: account.Username,
+	})
+	if err != nil {
+		return Fail(c, -1, err.Error())
+	}
+
+	qrcode, err := key.Image(200, 200)
+	if err != nil {
+		return Fail(c, -1, err.Error())
+	}
+
+	qrEncode, err := utils.ImageToBase64Encode(qrcode)
+	if err != nil {
+		return Fail(c, -1, err.Error())
+	}
+
+	return Success(c, map[string]string{
+		"qr":     qrEncode,
+		"secret": key.Secret(),
+	})
+}
+
+func ResetTOTPEndpoint(c echo.Context) error {
+	account, _ := GetCurrentAccount(c)
+	u := &model.User{
+		TOTPSecret: "-",
+		ID:         account.ID,
+	}
+	if err := userRepository.Update(u); err != nil {
+		return err
+	}
+	return Success(c, "")
+}
+
+func ChangePasswordEndpoint(c echo.Context) error {
+	if global.Config.Demo {
+		return Fail(c, 0, "演示模式禁止修改密码")
+	}
+	account, _ := GetCurrentAccount(c)
+
+	var changePassword ChangePassword
+	if err := c.Bind(&changePassword); err != nil {
+		return err
+	}
+
+	if err := utils.Encoder.Match([]byte(account.Password), []byte(changePassword.OldPassword)); err != nil {
+		return Fail(c, -1, "您输入的原密码不正确")
+	}
+
+	passwd, err := utils.Encoder.Encode([]byte(changePassword.NewPassword))
+	if err != nil {
+		return err
+	}
+	u := &model.User{
+		Password: string(passwd),
+		ID:       account.ID,
+	}
+
+	if err := userRepository.Update(u); err != nil {
+		return err
+	}
+
+	return LogoutEndpoint(c)
+}
+
+type AccountInfo struct {
+	Id         string `json:"id"`
+	Username   string `json:"username"`
+	Nickname   string `json:"nickname"`
+	Type       string `json:"type"`
+	EnableTotp bool   `json:"enableTotp"`
+}
+
+func InfoEndpoint(c echo.Context) error {
+	account, _ := GetCurrentAccount(c)
+
+	user, err := userRepository.FindById(account.ID)
+	if err != nil {
+		return err
+	}
+
+	info := AccountInfo{
+		Id:         user.ID,
+		Username:   user.Username,
+		Nickname:   user.Nickname,
+		Type:       user.Type,
+		EnableTotp: user.TOTPSecret != "" && user.TOTPSecret != "-",
+	}
+	return Success(c, info)
+}