2025-04-14 18:09:54 +08:00
|
|
|
import {Config, Inject, Provide, Scope, ScopeEnum} from '@midwayjs/core';
|
|
|
|
|
import {UserService} from '../../sys/authority/service/user-service.js';
|
2024-07-15 00:30:33 +08:00
|
|
|
import jwt from 'jsonwebtoken';
|
2025-04-17 13:41:08 +08:00
|
|
|
import {AuthException, CommonException, Need2FAException} from "@certd/lib-server";
|
2025-04-14 18:09:54 +08:00
|
|
|
import {RoleService} from '../../sys/authority/service/role-service.js';
|
|
|
|
|
import {UserEntity} from '../../sys/authority/entity/user.js';
|
|
|
|
|
import {SysSettingsService} from '@certd/lib-server';
|
|
|
|
|
import {SysPrivateSettings} from '@certd/lib-server';
|
2025-04-17 01:15:55 +08:00
|
|
|
import {cache, utils} from '@certd/basic';
|
2025-04-14 18:09:54 +08:00
|
|
|
import {LoginErrorException} from '@certd/lib-server/dist/basic/exception/login-error-exception.js';
|
|
|
|
|
import {CodeService} from '../../basic/service/code-service.js';
|
2025-04-17 13:41:08 +08:00
|
|
|
import {TwoFactorService} from "../../mine/service/two-factor-service.js";
|
|
|
|
|
import {UserSettingsService} from '../../mine/service/user-settings-service.js';
|
|
|
|
|
import {isPlus} from "@certd/plus-core";
|
2023-01-29 13:44:19 +08:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* 系统用户
|
|
|
|
|
*/
|
|
|
|
|
@Provide()
|
2025-04-14 18:09:54 +08:00
|
|
|
@Scope(ScopeEnum.Request, {allowDowngrade: true})
|
2023-01-29 13:44:19 +08:00
|
|
|
export class LoginService {
|
|
|
|
|
@Inject()
|
|
|
|
|
userService: UserService;
|
2023-06-27 09:29:43 +08:00
|
|
|
@Inject()
|
|
|
|
|
roleService: RoleService;
|
2024-11-28 17:36:45 +08:00
|
|
|
|
|
|
|
|
@Inject()
|
|
|
|
|
codeService: CodeService;
|
2023-06-28 09:44:35 +08:00
|
|
|
@Config('auth.jwt')
|
2023-01-29 13:44:19 +08:00
|
|
|
private jwt: any;
|
|
|
|
|
|
2024-08-27 13:46:19 +08:00
|
|
|
@Inject()
|
|
|
|
|
sysSettingsService: SysSettingsService;
|
2025-04-17 01:15:55 +08:00
|
|
|
@Inject()
|
|
|
|
|
userSettingsService: UserSettingsService;
|
|
|
|
|
@Inject()
|
|
|
|
|
twoFactorService: TwoFactorService;
|
2024-08-27 13:46:19 +08:00
|
|
|
|
2025-04-14 18:09:54 +08:00
|
|
|
checkIsBlocked(username: string) {
|
|
|
|
|
const blockDurationKey = `login_block_duration:${username}`;
|
|
|
|
|
const value = cache.get(blockDurationKey);
|
|
|
|
|
if (value) {
|
|
|
|
|
const ttl = cache.getRemainingTTL(blockDurationKey)
|
|
|
|
|
const leftMin = Math.ceil(ttl / 1000 / 60);
|
|
|
|
|
throw new CommonException(`账号被锁定,请${leftMin}分钟后重试`);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
clearCacheOnSuccess(username: string) {
|
|
|
|
|
cache.delete(`login_error_times:${username}`);
|
|
|
|
|
cache.delete(`login_block_times:${username}`);
|
|
|
|
|
cache.delete(`login_block_duration:${username}`);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
addErrorTimes(username: string, errorMessage: string) {
|
|
|
|
|
const errorTimesKey = `login_error_times:${username}`;
|
2024-11-28 11:10:57 +08:00
|
|
|
const blockTimesKey = `login_block_times:${username}`;
|
2025-04-14 18:09:54 +08:00
|
|
|
const blockDurationKey = `login_block_duration:${username}`;
|
2024-11-28 11:10:57 +08:00
|
|
|
let blockTimes = cache.get(blockTimesKey);
|
2025-04-14 18:09:54 +08:00
|
|
|
// let maxWaitMin = 2;
|
|
|
|
|
const maxRetryTimes = blockTimes > 1 ? 3 : 5;
|
2024-11-28 11:10:57 +08:00
|
|
|
if (blockTimes == null) {
|
2025-04-14 18:09:54 +08:00
|
|
|
blockTimes = 0;
|
2024-11-28 11:10:57 +08:00
|
|
|
}
|
2025-04-14 18:09:54 +08:00
|
|
|
// maxWaitMin = maxWaitMin * blockTimes;
|
|
|
|
|
// let ttl = maxWaitMin * 60 * 1000;
|
2024-11-28 11:10:57 +08:00
|
|
|
|
2025-04-14 18:09:54 +08:00
|
|
|
let errorTimes = cache.get(errorTimesKey);
|
2024-11-28 11:10:57 +08:00
|
|
|
|
|
|
|
|
if (errorTimes == null) {
|
|
|
|
|
errorTimes = 0;
|
|
|
|
|
}
|
|
|
|
|
errorTimes += 1;
|
2025-04-14 18:09:54 +08:00
|
|
|
const ttl24H = 24 * 60 * 60 * 1000;
|
|
|
|
|
cache.set(errorTimesKey, errorTimes, {
|
|
|
|
|
ttl: ttl24H,
|
2024-11-28 11:10:57 +08:00
|
|
|
});
|
2025-04-14 18:09:54 +08:00
|
|
|
if (errorTimes > maxRetryTimes) {
|
|
|
|
|
blockTimes += 1;
|
|
|
|
|
cache.set(blockTimesKey, blockTimes, {
|
|
|
|
|
ttl: ttl24H,
|
|
|
|
|
});
|
|
|
|
|
//按照block次数指数递增,最长24小时
|
|
|
|
|
const ttl = Math.min(blockTimes * blockTimes * 60 * 1000, ttl24H);
|
2024-11-28 11:10:57 +08:00
|
|
|
const leftMin = Math.ceil(ttl / 1000 / 60);
|
2025-04-14 18:09:54 +08:00
|
|
|
cache.set(blockDurationKey, 1, {
|
|
|
|
|
ttl: ttl,
|
|
|
|
|
})
|
|
|
|
|
// 清除error次数
|
|
|
|
|
cache.delete(errorTimesKey);
|
2024-11-28 11:10:57 +08:00
|
|
|
throw new LoginErrorException(`登录失败次数过多,请${leftMin}分钟后重试`, 0);
|
|
|
|
|
}
|
|
|
|
|
const leftTimes = maxRetryTimes - errorTimes;
|
|
|
|
|
if (leftTimes < 3) {
|
2025-04-14 18:09:54 +08:00
|
|
|
throw new LoginErrorException(`登录失败(${errorMessage}),剩余尝试次数:${leftTimes}`, leftTimes);
|
2024-11-28 11:10:57 +08:00
|
|
|
}
|
|
|
|
|
throw new LoginErrorException(errorMessage, leftTimes);
|
|
|
|
|
}
|
|
|
|
|
|
2025-04-14 18:09:54 +08:00
|
|
|
|
2024-11-28 17:36:45 +08:00
|
|
|
async loginBySmsCode(req: { mobile: string; phoneCode: string; smsCode: string; randomStr: string }) {
|
2025-04-14 18:09:54 +08:00
|
|
|
|
|
|
|
|
this.checkIsBlocked(req.mobile)
|
|
|
|
|
|
2024-11-28 17:36:45 +08:00
|
|
|
const smsChecked = await this.codeService.checkSmsCode({
|
|
|
|
|
mobile: req.mobile,
|
|
|
|
|
phoneCode: req.phoneCode,
|
|
|
|
|
smsCode: req.smsCode,
|
|
|
|
|
randomStr: req.randomStr,
|
|
|
|
|
throwError: false,
|
|
|
|
|
});
|
|
|
|
|
|
2025-04-14 18:09:54 +08:00
|
|
|
const {mobile, phoneCode} = req;
|
2024-11-28 11:10:57 +08:00
|
|
|
if (!smsChecked) {
|
2025-04-14 18:09:54 +08:00
|
|
|
this.addErrorTimes(mobile, '验证码错误');
|
2024-11-28 11:10:57 +08:00
|
|
|
}
|
2025-04-14 18:09:54 +08:00
|
|
|
let info = await this.userService.findOne({phoneCode, mobile: mobile});
|
2024-11-28 11:10:57 +08:00
|
|
|
if (info == null) {
|
2024-11-28 17:36:45 +08:00
|
|
|
//用户不存在,注册
|
|
|
|
|
info = await this.userService.register('mobile', {
|
|
|
|
|
phoneCode,
|
|
|
|
|
mobile,
|
|
|
|
|
password: '',
|
|
|
|
|
} as any);
|
2024-11-28 11:10:57 +08:00
|
|
|
}
|
2025-04-14 18:09:54 +08:00
|
|
|
this.clearCacheOnSuccess(mobile);
|
2024-11-28 11:10:57 +08:00
|
|
|
return this.onLoginSuccess(info);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
async loginByPassword(req: { username: string; password: string; phoneCode: string }) {
|
2025-04-14 18:09:54 +08:00
|
|
|
this.checkIsBlocked(req.username)
|
|
|
|
|
const {username, password, phoneCode} = req;
|
|
|
|
|
const info = await this.userService.findOne([{username: username}, {email: username}, {
|
|
|
|
|
phoneCode,
|
|
|
|
|
mobile: username
|
|
|
|
|
}]);
|
2024-11-28 11:10:57 +08:00
|
|
|
if (info == null) {
|
|
|
|
|
throw new CommonException('用户名或密码错误');
|
|
|
|
|
}
|
|
|
|
|
const right = await this.userService.checkPassword(password, info.password, info.passwordVersion);
|
|
|
|
|
if (!right) {
|
2025-04-14 18:09:54 +08:00
|
|
|
this.addErrorTimes(username, '用户名或密码错误');
|
2024-11-28 11:10:57 +08:00
|
|
|
}
|
2025-04-14 18:09:54 +08:00
|
|
|
this.clearCacheOnSuccess(username);
|
2024-11-28 11:10:57 +08:00
|
|
|
return this.onLoginSuccess(info);
|
|
|
|
|
}
|
|
|
|
|
|
2025-04-17 13:41:08 +08:00
|
|
|
async checkTwoFactorEnabled(userId: number) {
|
2025-04-17 01:15:55 +08:00
|
|
|
//检查是否开启多重认证
|
2025-04-17 13:41:08 +08:00
|
|
|
if (!isPlus()) {
|
|
|
|
|
return true
|
|
|
|
|
}
|
2025-04-17 01:15:55 +08:00
|
|
|
|
|
|
|
|
const twoFactorSetting = await this.twoFactorService.getSetting(userId)
|
|
|
|
|
|
|
|
|
|
const authenticatorSetting = twoFactorSetting.authenticator
|
2025-04-17 13:41:08 +08:00
|
|
|
if (authenticatorSetting.enabled) {
|
2025-04-17 01:15:55 +08:00
|
|
|
//要检查
|
|
|
|
|
const randomKey = utils.id.simpleNanoId(12)
|
|
|
|
|
cache.set(`login_2fa_code:${randomKey}`, userId, {
|
|
|
|
|
ttl: 60 * 1000,
|
|
|
|
|
})
|
|
|
|
|
throw new Need2FAException('已开启多重认证,请在60秒内输入验证码')
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
2025-04-17 13:41:08 +08:00
|
|
|
async loginByTwoFactor(req: { loginCode: string; verifyCode: string }) {
|
|
|
|
|
//检查是否开启多重认证
|
|
|
|
|
if (!isPlus()) {
|
|
|
|
|
throw new Error('本功能需要开通专业版')
|
|
|
|
|
}
|
|
|
|
|
const userId = cache.get(`login_2fa_code:${req.loginCode}`)
|
|
|
|
|
if (!userId) {
|
2025-04-17 01:15:55 +08:00
|
|
|
throw new AuthException('登录状态已失效,请重新登录')
|
|
|
|
|
}
|
|
|
|
|
await this.twoFactorService.verifyAuthenticatorCode(userId, req.verifyCode)
|
|
|
|
|
|
|
|
|
|
return this.generateToken(await this.userService.findOne(userId))
|
|
|
|
|
}
|
2025-04-14 18:09:54 +08:00
|
|
|
|
2025-04-17 01:15:55 +08:00
|
|
|
private async onLoginSuccess(info: UserEntity) {
|
2024-10-27 00:04:02 +08:00
|
|
|
if (info.status === 0) {
|
|
|
|
|
throw new CommonException('用户已被禁用');
|
|
|
|
|
}
|
2025-04-17 01:15:55 +08:00
|
|
|
await this.checkTwoFactorEnabled(info.id)
|
|
|
|
|
return this.generateToken(info);
|
2023-01-29 13:44:19 +08:00
|
|
|
}
|
|
|
|
|
|
2025-04-17 01:15:55 +08:00
|
|
|
|
2023-01-29 13:44:19 +08:00
|
|
|
/**
|
|
|
|
|
* 生成token
|
|
|
|
|
* @param user 用户对象
|
2023-06-27 09:29:43 +08:00
|
|
|
* @param roleIds
|
2023-01-29 13:44:19 +08:00
|
|
|
*/
|
2025-04-17 01:15:55 +08:00
|
|
|
async generateToken(user: UserEntity) {
|
|
|
|
|
const roleIds = await this.roleService.getRoleIdsByUserId(user.id);
|
2023-01-29 13:44:19 +08:00
|
|
|
const tokenInfo = {
|
|
|
|
|
username: user.username,
|
|
|
|
|
id: user.id,
|
2023-06-27 09:29:43 +08:00
|
|
|
roles: roleIds,
|
2023-01-29 13:44:19 +08:00
|
|
|
};
|
|
|
|
|
const expire = this.jwt.expire;
|
2024-08-27 13:46:19 +08:00
|
|
|
|
|
|
|
|
const setting = await this.sysSettingsService.getSetting<SysPrivateSettings>(SysPrivateSettings);
|
|
|
|
|
const jwtSecret = setting.jwtKey;
|
|
|
|
|
|
|
|
|
|
const token = jwt.sign(tokenInfo, jwtSecret, {
|
2023-01-29 13:44:19 +08:00
|
|
|
expiresIn: expire,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
return {
|
|
|
|
|
token,
|
|
|
|
|
expire,
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
}
|
