perf: 多重认证登录

2026-04-23 11:37:23 +08:00 · 2025-04-17 00:06:49 +08:00
parent 8786bae7dc
commit 0f82cf409b
12 changed files with 453 additions and 243 deletions
@@ -0,0 +1,22 @@
+import { BaseSettings } from "@certd/lib-server";
+
+export type TwoFactorAuthenticator = {
+  enabled: boolean;
+  secret?: string;
+  type?: string;
+  verified?:boolean;
+}
+
+export class UserTwoFactorSetting extends BaseSettings {
+  static __title__ = "用户多重认证设置";
+  static __key__ = "user.two.factor";
+
+  authenticator: TwoFactorAuthenticator = {
+    enabled:false,
+    verified:false,
+    type: "totp"
+  };
+
+}
+
+
@@ -0,0 +1,62 @@
+import { Inject, Provide, Scope, ScopeEnum } from "@midwayjs/core";
+import { UserSettingsService } from "./user-settings-service.js";
+import { UserTwoFactorSetting } from "./models.js";
+import { utils } from "@certd/basic";
+import { UserService } from "../../sys/authority/service/user-service.js";
+
+/**
+ * 授权
+ */
+@Provide()
+@Scope(ScopeEnum.Request, { allowDowngrade: true })
+export class TwoFactorService {
+  @Inject()
+  userSettingsService: UserSettingsService;
+  @Inject()
+  userService: UserService;
+
+
+  async getAuthenticatorQrCode(userId: any) {
+    const setting = await this.userSettingsService.getSetting<UserTwoFactorSetting>(userId, UserTwoFactorSetting);
+
+    const authenticator = setting.authenticator;
+    if (!authenticator.secret) {
+      authenticator.secret = utils.id.simpleNanoId(16);
+      await this.userSettingsService.saveSetting(userId, setting);
+    }
+
+    const user = await this.userService.info(userId);
+    const username = user.username;
+    const secret = authenticator.secret;
+    const qrcodeContent = `otpauth://totp/Certd:${username}?secret=${secret}&issuer=Certd`;
+
+    //生成qrcode base64
+    const qrcode = await import("qrcode");
+    return await qrcode.toDataURL(qrcodeContent);
+
+  }
+
+  async saveAuthenticator(req: { userId: any; verifyCode: any }) {
+    const userId = req.userId;
+    const { authenticator } = await import("otplib");
+    const tfSetting = await this.userSettingsService.getSetting<UserTwoFactorSetting>(userId, UserTwoFactorSetting);
+
+    const setting = tfSetting.authenticator;
+    if (!setting.secret) {
+      throw new Error("secret is required");
+    }
+    const secret = setting.secret;
+    const token = req.verifyCode;
+
+    const isValid = authenticator.verify({ token, secret });
+    if (!isValid) {
+      throw new Error("authenticator 校验错误");
+    }
+
+    //校验成功，保存开启状态
+    setting.enabled = true;
+    setting.verified = true;
+
+    await this.userSettingsService.saveSetting(userId, setting);
+  }
+}
@@ -1,8 +1,9 @@
-import { Provide, Scope, ScopeEnum } from '@midwayjs/core';
-import { InjectEntityModel } from '@midwayjs/typeorm';
-import { Repository } from 'typeorm';
-import { BaseService } from '@certd/lib-server';
-import { UserSettingsEntity } from '../entity/user-settings.js';
+import { Provide, Scope, ScopeEnum } from "@midwayjs/core";
+import { InjectEntityModel } from "@midwayjs/typeorm";
+import { Repository } from "typeorm";
+import { BaseService, BaseSettings } from "@certd/lib-server";
+import { UserSettingsEntity } from "../entity/user-settings.js";
+import { merge } from "lodash-es";

 /**
 * 授权
@@ -27,23 +28,29 @@ export class UserSettingsService extends BaseService<UserSettingsEntity> {
    const setting = JSON.parse(entity.setting);
    return {
      id: entity.id,
-      ...setting,
+      ...setting
    };
  }

  async getByKey(key: string, userId: number): Promise<UserSettingsEntity | null> {
+    if(!userId){
+      throw new Error('userId is required');
+    }
    if (!key || !userId) {
      return null;
    }
    return await this.repository.findOne({
      where: {
        key,
-        userId,
-      },
+        userId
+      }
    });
  }

  async getSettingByKey(key: string, userId: number): Promise<any | null> {
+    if(!userId){
+      throw new Error('userId is required');
+    }
    const entity = await this.getByKey(key, userId);
    if (!entity) {
      return null;
@@ -55,8 +62,8 @@ export class UserSettingsService extends BaseService<UserSettingsEntity> {
    const entity = await this.repository.findOne({
      where: {
        key: bean.key,
-        userId: bean.userId,
-      },
+        userId: bean.userId
+      }
    });
    if (entity) {
      entity.setting = bean.setting;
@@ -66,4 +73,39 @@ export class UserSettingsService extends BaseService<UserSettingsEntity> {
      await this.repository.save(bean);
    }
  }
+
+
+  async getSetting<T>( userId: number,type: any): Promise<T> {
+    if(!userId){
+      throw new Error('userId is required');
+    }
+    const key = type.__key__;
+    let newSetting: T = new type();
+    const savedSettings = await this.getSettingByKey(key, userId);
+    newSetting = merge(newSetting, savedSettings);
+    return newSetting;
+  }
+
+  async saveSetting<T extends BaseSettings>(userId:number,bean: T) {
+    if(!userId){
+      throw new Error('userId is required');
+    }
+    const old = await this.getSetting(userId,bean.constructor)
+    bean = merge(old,bean)
+
+    const type: any = bean.constructor;
+    const key = type.__key__;
+    const entity = await this.getByKey(key,userId);
+    const newEntity = new UserSettingsEntity();
+    if (entity) {
+      newEntity.id = entity.id;
+    }else{
+      newEntity.key = key;
+      newEntity.title = type.__title__;
+      newEntity.userId = userId;
+    }
+    entity.setting = JSON.stringify(bean);
+    await this.repository.save(entity);
+  }
+
 }