mirror of
https://github.com/certd/certd.git
synced 2026-04-23 19:57:27 +08:00
perf: 多重认证登录
This commit is contained in:
xiaojunnuo
@@ -0,0 +1,61 @@
|
||||
import { ALL, Body, Controller, Inject, Post, Provide } from "@midwayjs/core";
|
||||
import { BaseController, Constants } from "@certd/lib-server";
|
||||
import { UserSettingsService } from "../../../modules/mine/service/user-settings-service.js";
|
||||
import { UserTwoFactorSetting } from "../../../modules/mine/service/models.js";
|
||||
import { merge } from "lodash-es";
|
||||
import { TwoFactorService } from "../../../modules/mine/service/two-factor-service.js";
|
||||
|
||||
/**
|
||||
*/
|
||||
@Provide()
|
||||
@Controller("/api/user/settings/twoFactor")
|
||||
export class UserTwoFactorSettingController extends BaseController {
|
||||
@Inject()
|
||||
service: UserSettingsService;
|
||||
|
||||
@Inject()
|
||||
twoFactorService: TwoFactorService;
|
||||
|
||||
|
||||
|
||||
@Post("/get", { summary: Constants.per.authOnly })
|
||||
async get() {
|
||||
const userId = this.getUserId();
|
||||
const setting = await this.service.getSetting<UserTwoFactorSetting>(userId, UserTwoFactorSetting);
|
||||
return this.ok(setting);
|
||||
}
|
||||
|
||||
@Post("/save", { summary: Constants.per.authOnly })
|
||||
async save(@Body(ALL) bean: any) {
|
||||
const userId = this.getUserId();
|
||||
const setting = new UserTwoFactorSetting();
|
||||
merge(setting, bean);
|
||||
|
||||
// 禁用时清除
|
||||
if(!setting.authenticator.enabled){
|
||||
setting.authenticator.secret = null;
|
||||
setting.authenticator.verified = false;
|
||||
}
|
||||
|
||||
await this.service.saveSetting(userId, setting);
|
||||
return this.ok({});
|
||||
}
|
||||
|
||||
@Post("/authenticator/qrcode", { summary: Constants.per.authOnly })
|
||||
async authenticatorQrcode() {
|
||||
const userId = this.getUserId();
|
||||
const qrcode = await this.twoFactorService.getAuthenticatorQrCode(userId);
|
||||
return this.ok(qrcode);
|
||||
}
|
||||
|
||||
@Post("/authenticator/save", { summary: Constants.per.authOnly })
|
||||
async authenticatorSave(@Body(ALL) bean: any) {
|
||||
const userId = this.getUserId();
|
||||
await this.twoFactorService.saveAuthenticator({
|
||||
userId,
|
||||
verifyCode: bean.verifyCode,
|
||||
});
|
||||
return this.ok();
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,8 +1,7 @@
|
||||
import { ALL, Body, Controller, Inject, Post, Provide, Query } from '@midwayjs/core';
|
||||
import { CrudController } from '@certd/lib-server';
|
||||
import { Constants } from '@certd/lib-server';
|
||||
import { UserSettingsService } from '../../../modules/mine/service/user-settings-service.js';
|
||||
import { UserSettingsEntity } from '../../../modules/mine/entity/user-settings.js';
|
||||
import { ALL, Body, Controller, Inject, Post, Provide, Query } from "@midwayjs/core";
|
||||
import { Constants, CrudController } from "@certd/lib-server";
|
||||
import { UserSettingsService } from "../../../modules/mine/service/user-settings-service.js";
|
||||
import { UserSettingsEntity } from "../../../modules/mine/entity/user-settings.js";
|
||||
|
||||
/**
|
||||
*/
|
||||
@@ -66,4 +65,6 @@ export class UserSettingsController extends CrudController<UserSettingsService>
|
||||
const entity = await this.service.getByKey(key, this.getUserId());
|
||||
return this.ok(entity);
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
@@ -0,0 +1,22 @@
|
||||
import { BaseSettings } from "@certd/lib-server";
|
||||
|
||||
export type TwoFactorAuthenticator = {
|
||||
enabled: boolean;
|
||||
secret?: string;
|
||||
type?: string;
|
||||
verified?:boolean;
|
||||
}
|
||||
|
||||
export class UserTwoFactorSetting extends BaseSettings {
|
||||
static __title__ = "用户多重认证设置";
|
||||
static __key__ = "user.two.factor";
|
||||
|
||||
authenticator: TwoFactorAuthenticator = {
|
||||
enabled:false,
|
||||
verified:false,
|
||||
type: "totp"
|
||||
};
|
||||
|
||||
}
|
||||
|
||||
|
||||
@@ -0,0 +1,62 @@
|
||||
import { Inject, Provide, Scope, ScopeEnum } from "@midwayjs/core";
|
||||
import { UserSettingsService } from "./user-settings-service.js";
|
||||
import { UserTwoFactorSetting } from "./models.js";
|
||||
import { utils } from "@certd/basic";
|
||||
import { UserService } from "../../sys/authority/service/user-service.js";
|
||||
|
||||
/**
|
||||
* 授权
|
||||
*/
|
||||
@Provide()
|
||||
@Scope(ScopeEnum.Request, { allowDowngrade: true })
|
||||
export class TwoFactorService {
|
||||
@Inject()
|
||||
userSettingsService: UserSettingsService;
|
||||
@Inject()
|
||||
userService: UserService;
|
||||
|
||||
|
||||
async getAuthenticatorQrCode(userId: any) {
|
||||
const setting = await this.userSettingsService.getSetting<UserTwoFactorSetting>(userId, UserTwoFactorSetting);
|
||||
|
||||
const authenticator = setting.authenticator;
|
||||
if (!authenticator.secret) {
|
||||
authenticator.secret = utils.id.simpleNanoId(16);
|
||||
await this.userSettingsService.saveSetting(userId, setting);
|
||||
}
|
||||
|
||||
const user = await this.userService.info(userId);
|
||||
const username = user.username;
|
||||
const secret = authenticator.secret;
|
||||
const qrcodeContent = `otpauth://totp/Certd:${username}?secret=${secret}&issuer=Certd`;
|
||||
|
||||
//生成qrcode base64
|
||||
const qrcode = await import("qrcode");
|
||||
return await qrcode.toDataURL(qrcodeContent);
|
||||
|
||||
}
|
||||
|
||||
async saveAuthenticator(req: { userId: any; verifyCode: any }) {
|
||||
const userId = req.userId;
|
||||
const { authenticator } = await import("otplib");
|
||||
const tfSetting = await this.userSettingsService.getSetting<UserTwoFactorSetting>(userId, UserTwoFactorSetting);
|
||||
|
||||
const setting = tfSetting.authenticator;
|
||||
if (!setting.secret) {
|
||||
throw new Error("secret is required");
|
||||
}
|
||||
const secret = setting.secret;
|
||||
const token = req.verifyCode;
|
||||
|
||||
const isValid = authenticator.verify({ token, secret });
|
||||
if (!isValid) {
|
||||
throw new Error("authenticator 校验错误");
|
||||
}
|
||||
|
||||
//校验成功,保存开启状态
|
||||
setting.enabled = true;
|
||||
setting.verified = true;
|
||||
|
||||
await this.userSettingsService.saveSetting(userId, setting);
|
||||
}
|
||||
}
|
||||
@@ -1,8 +1,9 @@
|
||||
import { Provide, Scope, ScopeEnum } from '@midwayjs/core';
|
||||
import { InjectEntityModel } from '@midwayjs/typeorm';
|
||||
import { Repository } from 'typeorm';
|
||||
import { BaseService } from '@certd/lib-server';
|
||||
import { UserSettingsEntity } from '../entity/user-settings.js';
|
||||
import { Provide, Scope, ScopeEnum } from "@midwayjs/core";
|
||||
import { InjectEntityModel } from "@midwayjs/typeorm";
|
||||
import { Repository } from "typeorm";
|
||||
import { BaseService, BaseSettings } from "@certd/lib-server";
|
||||
import { UserSettingsEntity } from "../entity/user-settings.js";
|
||||
import { merge } from "lodash-es";
|
||||
|
||||
/**
|
||||
* 授权
|
||||
@@ -27,23 +28,29 @@ export class UserSettingsService extends BaseService<UserSettingsEntity> {
|
||||
const setting = JSON.parse(entity.setting);
|
||||
return {
|
||||
id: entity.id,
|
||||
...setting,
|
||||
...setting
|
||||
};
|
||||
}
|
||||
|
||||
async getByKey(key: string, userId: number): Promise<UserSettingsEntity | null> {
|
||||
if(!userId){
|
||||
throw new Error('userId is required');
|
||||
}
|
||||
if (!key || !userId) {
|
||||
return null;
|
||||
}
|
||||
return await this.repository.findOne({
|
||||
where: {
|
||||
key,
|
||||
userId,
|
||||
},
|
||||
userId
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
async getSettingByKey(key: string, userId: number): Promise<any | null> {
|
||||
if(!userId){
|
||||
throw new Error('userId is required');
|
||||
}
|
||||
const entity = await this.getByKey(key, userId);
|
||||
if (!entity) {
|
||||
return null;
|
||||
@@ -55,8 +62,8 @@ export class UserSettingsService extends BaseService<UserSettingsEntity> {
|
||||
const entity = await this.repository.findOne({
|
||||
where: {
|
||||
key: bean.key,
|
||||
userId: bean.userId,
|
||||
},
|
||||
userId: bean.userId
|
||||
}
|
||||
});
|
||||
if (entity) {
|
||||
entity.setting = bean.setting;
|
||||
@@ -66,4 +73,39 @@ export class UserSettingsService extends BaseService<UserSettingsEntity> {
|
||||
await this.repository.save(bean);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
async getSetting<T>( userId: number,type: any): Promise<T> {
|
||||
if(!userId){
|
||||
throw new Error('userId is required');
|
||||
}
|
||||
const key = type.__key__;
|
||||
let newSetting: T = new type();
|
||||
const savedSettings = await this.getSettingByKey(key, userId);
|
||||
newSetting = merge(newSetting, savedSettings);
|
||||
return newSetting;
|
||||
}
|
||||
|
||||
async saveSetting<T extends BaseSettings>(userId:number,bean: T) {
|
||||
if(!userId){
|
||||
throw new Error('userId is required');
|
||||
}
|
||||
const old = await this.getSetting(userId,bean.constructor)
|
||||
bean = merge(old,bean)
|
||||
|
||||
const type: any = bean.constructor;
|
||||
const key = type.__key__;
|
||||
const entity = await this.getByKey(key,userId);
|
||||
const newEntity = new UserSettingsEntity();
|
||||
if (entity) {
|
||||
newEntity.id = entity.id;
|
||||
}else{
|
||||
newEntity.key = key;
|
||||
newEntity.title = type.__title__;
|
||||
newEntity.userId = userId;
|
||||
}
|
||||
entity.setting = JSON.stringify(bean);
|
||||
await this.repository.save(entity);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user