perf: 支持短信验证码登录

packages/ui/certd-server/src/config/config.default.ts

@@ -4,7 +4,6 @@ import { MidwayConfig } from '@midwayjs/core';
 // import { fileURLToPath } from 'node:url';
 // // const __filename = fileURLToPath(import.meta.url);
 // const __dirname = dirname(fileURLToPath(import.meta.url));
-// eslint-disable-next-line node/no-extraneous-import
 import { FlywayHistory } from '@certd/midway-flyway-js';
 import { UserEntity } from '../modules/sys/authority/entity/user.js';
 import { PipelineEntity } from '../modules/pipeline/entity/pipeline.js';

packages/ui/certd-server/src/controller/basic/code-controller.ts

@@ -1,14 +1,12 @@
 import { Rule, RuleType } from '@midwayjs/validate';
-import { ALL, Inject } from '@midwayjs/core';
-import { Body } from '@midwayjs/core';
-import { Controller, Post, Provide } from '@midwayjs/core';
-import { BaseController } from '@certd/lib-server';
+import { ALL, Body, Controller, Get, Inject, Post, Provide, Query } from '@midwayjs/core';
+import { BaseController, Constants } from '@certd/lib-server';
 import { CodeService } from '../../modules/basic/service/code-service.js';
 import { EmailService } from '../../modules/basic/service/email-service.js';
-import { Constants } from '@certd/lib-server';
+
 export class SmsCodeReq {
-  @Rule(RuleType.number().required())
-  phoneCode: number;
+  @Rule(RuleType.string().required())
+  phoneCode: string;
 
   @Rule(RuleType.string().required())
   mobile: string;
@@ -16,7 +14,18 @@ export class SmsCodeReq {
   @Rule(RuleType.string().required().max(10))
   randomStr: string;
 
-  @Rule(RuleType.number().required().max(4))
+  @Rule(RuleType.string().required().max(4))
+  imgCode: string;
+}
+
+export class EmailCodeReq {
+  @Rule(RuleType.string().required())
+  email: string;
+
+  @Rule(RuleType.string().required().max(10))
+  randomStr: string;
+
+  @Rule(RuleType.string().required().max(4))
   imgCode: string;
 }
 
@@ -32,21 +41,30 @@ export class BasicController extends BaseController {
   emailService: EmailService;
 
   @Post('/sendSmsCode', { summary: Constants.per.guest })
-  public sendSmsCode(
+  public async sendSmsCode(
     @Body(ALL)
     body: SmsCodeReq
   ) {
+    await this.codeService.checkCaptcha(body.randomStr, body.imgCode);
+    await this.codeService.sendSmsCode(body.phoneCode, body.mobile, body.randomStr);
+    return this.ok(null);
+  }
+
+  @Post('/sendEmailCode', { summary: Constants.per.guest })
+  public async sendEmailCode(
+    @Body(ALL)
+    body: EmailCodeReq
+  ) {
+    await this.codeService.checkCaptcha(body.randomStr, body.imgCode);
+    await this.codeService.sendEmailCode(body.email, body.randomStr);
     // 设置缓存内容
     return this.ok(null);
   }
 
-  @Post('/captcha', { summary: Constants.per.guest })
-  public async getCaptcha(
-    @Body()
-    randomStr
-  ) {
-    console.assert(randomStr < 10, 'randomStr 过长');
+  @Get('/captcha', { summary: Constants.per.guest })
+  public async getCaptcha(@Query('randomStr') randomStr: any) {
     const captcha = await this.codeService.generateCaptcha(randomStr);
-    return this.ok(captcha.data);
+    this.ctx.res.setHeader('Content-Type', 'image/svg+xml');
+    return captcha.data;
   }
 }

packages/ui/certd-server/src/controller/login/login-controller.ts

@@ -1,7 +1,7 @@
-import { Body, Controller, Inject, Post, Provide, ALL } from '@midwayjs/core';
+import { ALL, Body, Controller, Inject, Post, Provide } from '@midwayjs/core';
 import { LoginService } from '../../modules/login/service/login-service.js';
-import { BaseController } from '@certd/lib-server';
-import { Constants } from '@certd/lib-server';
+import { BaseController, Constants, SysPublicSettings, SysSettingsService } from '@certd/lib-server';
+import { CodeService } from '../../modules/basic/service/code-service.js';
 
 /**
  */
@@ -10,13 +10,23 @@ import { Constants } from '@certd/lib-server';
 export class LoginController extends BaseController {
   @Inject()
   loginService: LoginService;
+  @Inject()
+  codeService: CodeService;
+
+  @Inject()
+  sysSettingsService: SysSettingsService;
+
   @Post('/login', { summary: Constants.per.guest })
   public async login(
     @Body(ALL)
     user: any
   ) {
-    const token = await this.loginService.login(user);
+    const settings = await this.sysSettingsService.getSetting<SysPublicSettings>(SysPublicSettings);
+    if (settings.passwordLoginEnabled === false) {
+      throw new Error('当前站点已禁止密码登录');
+    }
 
+    const token = await this.loginService.loginByPassword(user);
     this.ctx.cookies.set('token', token.token, {
       maxAge: 1000 * token.expire,
     });
@@ -29,7 +39,17 @@ export class LoginController extends BaseController {
     @Body(ALL)
     body: any
   ) {
-    const token = await this.loginService.loginBySmsCode(body);
+    const settings = await this.sysSettingsService.getSetting<SysPublicSettings>(SysPublicSettings);
+    if (settings.smsLoginEnabled !== true) {
+      throw new Error('当前站点禁止短信验证码登录');
+    }
+
+    const token = await this.loginService.loginBySmsCode({
+      phoneCode: body.phoneCode,
+      mobile: body.mobile,
+      smsCode: body.smsCode,
+      randomStr: body.randomStr,
+    });
 
     this.ctx.cookies.set('token', token.token, {
       maxAge: 1000 * token.expire,

packages/ui/certd-server/src/controller/login/register-controller.ts

@@ -1,9 +1,20 @@
 import { ALL, Body, Controller, Inject, Post, Provide } from '@midwayjs/core';
-import { BaseController } from '@certd/lib-server';
-import { Constants } from '@certd/lib-server';
-import { UserService } from '../../modules/sys/authority/service/user-service.js';
-import { UserEntity } from '../../modules/sys/authority/entity/user.js';
-import { SysSettingsService } from '@certd/lib-server';
+import { BaseController, Constants, SysSettingsService } from '@certd/lib-server';
+import { RegisterType, UserService } from '../../modules/sys/authority/service/user-service.js';
+import { CodeService } from '../../modules/basic/service/code-service.js';
+
+export type RegisterReq = {
+  type: RegisterType;
+  username: string;
+  password: string;
+  mobile: string;
+  email: string;
+  phoneCode?: string;
+
+  validateCode: string;
+  imageCode: string;
+  randomStr: string;
+};
 
 /**
  */
@@ -12,6 +23,8 @@ import { SysSettingsService } from '@certd/lib-server';
 export class RegisterController extends BaseController {
   @Inject()
   userService: UserService;
+  @Inject()
+  codeService: CodeService;
 
   @Inject()
   sysSettingsService: SysSettingsService;
@@ -19,13 +32,55 @@ export class RegisterController extends BaseController {
   @Post('/register', { summary: Constants.per.guest })
   public async register(
     @Body(ALL)
-    user: UserEntity
+    body: RegisterReq
   ) {
     const sysPublicSettings = await this.sysSettingsService.getPublicSettings();
     if (sysPublicSettings.registerEnabled === false) {
       throw new Error('当前站点已禁止自助注册功能');
     }
-    const newUser = await this.userService.register(user);
-    return this.ok(newUser);
+
+    if (body.type === 'username') {
+      if (sysPublicSettings.usernameRegisterEnabled) {
+        throw new Error('当前站点已禁止用户名注册功能');
+      }
+      const newUser = await this.userService.register(body.type, {
+        username: body.username,
+        password: body.password,
+      } as any);
+      return this.ok(newUser);
+    } else if (body.type === 'mobile') {
+      if (sysPublicSettings.mobileRegisterEnabled) {
+        throw new Error('当前站点已禁止手机号注册功能');
+      }
+      //验证短信验证码
+      await this.codeService.checkSmsCode({
+        mobile: body.mobile,
+        phoneCode: body.phoneCode,
+        smsCode: body.validateCode,
+        randomStr: body.randomStr,
+        throwError: true,
+      });
+      const newUser = await this.userService.register(body.type, {
+        phoneCode: body.phoneCode,
+        mobile: body.mobile,
+        password: body.password,
+      } as any);
+      return this.ok(newUser);
+    } else if (body.type === 'email') {
+      if (sysPublicSettings.emailRegisterEnabled === false) {
+        throw new Error('当前站点已禁止Email注册功能');
+      }
+      this.codeService.checkEmailCode({
+        email: body.email,
+        randomStr: body.randomStr,
+        validateCode: body.validateCode,
+        throwError: true,
+      });
+      const newUser = await this.userService.register(body.type, {
+        email: body.email,
+        password: body.password,
+      } as any);
+      return this.ok(newUser);
+    }
   }
 }

packages/ui/certd-server/src/modules/basic/service/code-service.ts

@@ -1,5 +1,12 @@
 import { Inject, Provide } from '@midwayjs/core';
-import { CacheManager } from '@midwayjs/cache';
+import { cache, isDev, randomNumber } from '@certd/basic';
+import { SysSettingsService } from '@certd/lib-server';
+import { SmsServiceFactory } from '../sms/factory.js';
+import { ISmsService } from '../sms/api.js';
+import { CodeErrorException } from '@certd/lib-server/dist/basic/exception/code-error-exception.js';
+import { EmailService } from './email-service.js';
+import { AccessService } from '../../pipeline/service/access-service.js';
+import { AccessSysGetter } from '../../pipeline/service/access-sys-getter.js';
 
 // {data: '<svg.../svg>', text: 'abcd'}
 /**
@@ -7,7 +14,12 @@ import { CacheManager } from '@midwayjs/cache';
 @Provide()
 export class CodeService {
   @Inject()
-  cache: CacheManager; // 依赖注入CacheManager
+  sysSettingsService: SysSettingsService;
+  @Inject()
+  emailService: EmailService;
+
+  @Inject()
+  accessService: AccessService;
 
   /**
    */
@@ -17,41 +29,114 @@ export class CodeService {
     const c = svgCaptcha.create();
     //{data: '<svg.../svg>', text: 'abcd'}
     const imgCode = c.text; // = RandomUtil.randomStr(4, true);
-    await this.cache.set('imgCode:' + randomStr, imgCode, {
+    cache.set('imgCode:' + randomStr, imgCode, {
       ttl: 2 * 60 * 1000, //过期时间 2分钟
     });
     return c;
   }
 
   async getCaptchaText(randomStr) {
-    return await this.cache.get('imgCode:' + randomStr);
+    return cache.get('imgCode:' + randomStr);
   }
 
   async removeCaptcha(randomStr) {
-    await this.cache.del('imgCode:' + randomStr);
+    cache.delete('imgCode:' + randomStr);
   }
 
-  async checkCaptcha(randomStr, userCaptcha) {
+  async checkCaptcha(randomStr: string, userCaptcha: string) {
     const code = await this.getCaptchaText(randomStr);
     if (code == null) {
       throw new Error('验证码已过期');
     }
-    if (code !== userCaptcha) {
+    if (code.toLowerCase() !== userCaptcha.toLowerCase()) {
       throw new Error('验证码不正确');
     }
+    await this.removeCaptcha(randomStr);
     return true;
   }
   /**
    */
-  async sendSms(phoneCode, mobile, smsCode) {
+  async sendSmsCode(phoneCode, mobile, randomStr) {
     console.assert(phoneCode != null && mobile != null, '手机号不能为空');
-    console.assert(smsCode != null, '验证码不能为空');
+    console.assert(randomStr != null, 'randomStr不能为空');
+
+    const sysSettings = await this.sysSettingsService.getPrivateSettings();
+    if (!sysSettings.sms?.config?.accessId) {
+      throw new Error('当前站点还未配置短信');
+    }
+    const smsType = sysSettings.sms.type;
+    const smsConfig = sysSettings.sms.config;
+    const sender: ISmsService = SmsServiceFactory.createSmsService(smsType);
+    const accessGetter = new AccessSysGetter(this.accessService);
+    sender.setCtx({
+      accessService: accessGetter,
+      config: smsConfig,
+    });
+    const smsCode = randomNumber(4);
+    await sender.sendSmsCode({
+      mobile,
+      code: smsCode,
+      phoneCode,
+    });
+
+    const key = this.buildSmsCodeKey(phoneCode, mobile, randomStr);
+    cache.set(key, smsCode, {
+      ttl: 5 * 60 * 1000, //5分钟
+    });
   }
 
   /**
-   * loginBySmsCode
    */
-  async loginBySmsCode(user, smsCode) {
-    console.assert(user.mobile != null, '手机号不能为空');
+  async sendEmailCode(email: string, randomStr: string) {
+    console.assert(!email, '手机号不能为空');
+    console.assert(!randomStr, 'randomStr不能为空');
+
+    const code = randomNumber(4);
+    await this.emailService.send({
+      subject: '【Certd】验证码',
+      content: `您的验证码是${code}，请勿泄露`,
+      receivers: [email],
+    });
+
+    const key = this.buildEmailCodeKey(email, code);
+    cache.set(key, code, {
+      ttl: 5 * 60 * 1000, //5分钟
+    });
+  }
+
+  /**
+   * checkSms
+   */
+  async checkSmsCode(opts: { mobile: string; phoneCode: string; smsCode: string; randomStr: string; throwError: boolean }) {
+    const key = this.buildSmsCodeKey(opts.phoneCode, opts.mobile, opts.randomStr);
+    if (isDev()) {
+      return true;
+    }
+    return this.checkValidateCode(key, opts.smsCode, opts.throwError);
+  }
+
+  buildSmsCodeKey(phoneCode: string, mobile: string, randomStr: string) {
+    return `sms:${phoneCode}${mobile}:${randomStr}`;
+  }
+
+  buildEmailCodeKey(email: string, randomStr: string) {
+    return `email:${email}:${randomStr}`;
+  }
+  checkValidateCode(key: string, userCode: string, throwError = true) {
+    //验证图片验证码
+    const code = cache.get(key);
+    if (code == null || code !== userCode) {
+      if (throwError) {
+        throw new CodeErrorException('验证码错误');
+      }
+      return false;
+    }
+    cache.delete(key);
+    return true;
+  }
+
+  checkEmailCode(opts: { randomStr: string; validateCode: string; email: string; throwError: boolean }) {
+    const key = this.buildEmailCodeKey(opts.email, opts.randomStr);
+    return this.checkValidateCode(key, opts.validateCode, opts.throwError);
   }
 }

packages/ui/certd-server/src/modules/basic/service/email-service.ts

@@ -91,7 +91,6 @@ export class EmailService implements IEmailService {
 
   async test(userId: number, receiver: string) {
     await this.send({
-      userId,
       receivers: [receiver],
       subject: '测试邮件,from certd',
       content: '测试邮件,from certd',

packages/ui/certd-server/src/modules/basic/sms/aliyun-sms.ts

@@ -0,0 +1,68 @@
+import { AliyunAccess, AliyunClient } from '@certd/plugin-plus';
+import { logger } from '@certd/basic';
+import { ISmsService, PluginInputs, SmsPluginCtx } from './api.js';
+export type AliyunSmsConfig = {
+  accessId: string;
+  regionId: string;
+  signName: string;
+  codeTemplateId: string;
+};
+
+export class AliyunSmsService implements ISmsService {
+  static getDefine() {
+    return {
+      name: 'aliyun-sms',
+      desc: '阿里云短信服务',
+      input: {
+        accessId: {
+          title: '阿里云授权',
+          component: {
+            name: 'access-selector',
+            from: 'aliyun',
+          },
+          required: true,
+        },
+        regionId: {
+          title: '接入点',
+          required: true,
+        },
+        signName: {
+          title: '签名',
+          required: true,
+        },
+        codeTemplateId: {
+          title: '验证码模板Id',
+          required: true,
+        },
+      } as PluginInputs<AliyunSmsConfig>,
+    };
+  }
+
+  ctx: SmsPluginCtx<AliyunSmsConfig>;
+
+  setCtx(ctx: any) {
+    this.ctx = ctx;
+  }
+
+  async sendSmsCode(opts: { mobile: string; code: string; phoneCode: string }) {
+    const { mobile, code, phoneCode } = opts;
+    const access = await this.ctx.accessService.getById<AliyunAccess>(this.ctx.config.accessId);
+    const aliyunClinet = new AliyunClient({ logger });
+    await aliyunClinet.init({
+      accessKeyId: access.accessKeyId,
+      accessKeySecret: access.accessKeySecret,
+      endpoint: 'https://dysmsapi.aliyuncs.com',
+      apiVersion: '2017-05-25',
+    });
+    const smsConfig = this.ctx.config;
+    const phoneNumber = phoneCode + mobile;
+    const params = {
+      PhoneNumbers: phoneNumber,
+      SignName: smsConfig.signName,
+      TemplateCode: smsConfig.codeTemplateId,
+      TemplateParam: `{"code":"${code}"}`,
+    };
+
+    await aliyunClinet.request('SendSms', params);
+  }
+}

packages/ui/certd-server/src/modules/basic/sms/api.ts

@@ -0,0 +1,15 @@
+import { FormItemProps, IAccessService } from '@certd/pipeline';
+
+export interface ISmsService {
+  sendSmsCode(opts: { mobile: string; code: string; phoneCode: string }): Promise<void>;
+  setCtx(ctx: { accessService: IAccessService; config: { [key: string]: any } }): void;
+}
+
+export type PluginInputs<T = any> = {
+  [key in keyof T]: FormItemProps;
+};
+
+export type SmsPluginCtx<T = any> = {
+  accessService: IAccessService;
+  config: T;
+};

packages/ui/certd-server/src/modules/basic/sms/factory.ts

@@ -0,0 +1,12 @@
+import { AliyunSmsService } from './aliyun-sms.js';
+
+export class SmsServiceFactory {
+  static createSmsService(type: string) {
+    switch (type) {
+      case 'aliyun':
+        return new AliyunSmsService();
+      default:
+        throw new Error('不支持的短信服务类型');
+    }
+  }
+}

packages/ui/certd-server/src/modules/login/service/login-service.ts

@@ -8,6 +8,7 @@ import { SysSettingsService } from '@certd/lib-server';
 import { SysPrivateSettings } from '@certd/lib-server';
 import { cache } from '@certd/basic';
 import { LoginErrorException } from '@certd/lib-server/dist/basic/exception/login-error-exception.js';
+import { CodeService } from '../../basic/service/code-service.js';
 
 /**
  * 系统用户
@@ -18,6 +19,9 @@ export class LoginService {
   userService: UserService;
   @Inject()
   roleService: RoleService;
+
+  @Inject()
+  codeService: CodeService;
   @Config('auth.jwt')
   private jwt: any;
 
@@ -68,16 +72,28 @@ export class LoginService {
     throw new LoginErrorException(errorMessage, leftTimes);
   }
 
-  async loginBySmsCode(req: { mobile: string; phoneCode: string; smsChecked: boolean }) {
-    const { mobile, phoneCode, smsChecked } = req;
+  async loginBySmsCode(req: { mobile: string; phoneCode: string; smsCode: string; randomStr: string }) {
+    const smsChecked = await this.codeService.checkSmsCode({
+      mobile: req.mobile,
+      phoneCode: req.phoneCode,
+      smsCode: req.smsCode,
+      randomStr: req.randomStr,
+      throwError: false,
+    });
+
+    const { mobile, phoneCode } = req;
     if (!smsChecked) {
       this.checkErrorTimes(mobile, '验证码错误');
     }
-    const info = await this.userService.findOne({ phoneCode, mobile: mobile });
+    let info = await this.userService.findOne({ phoneCode, mobile: mobile });
     if (info == null) {
-      throw new CommonException('手机号或验证码错误');
+      //用户不存在，注册
+      info = await this.userService.register('mobile', {
+        phoneCode,
+        mobile,
+        password: '',
+      } as any);
     }
-
     return this.onLoginSuccess(info);
   }
 
@@ -94,21 +110,21 @@ export class LoginService {
     return this.onLoginSuccess(info);
   }
 
-  /**
-   * login
-   */
-  async login(user) {
-    console.assert(user.username != null, '用户名不能为空');
-    const info = await this.userService.findOne({ username: user.username });
-    if (info == null) {
-      throw new CommonException('用户名或密码错误');
-    }
-    const right = await this.userService.checkPassword(user.password, info.password, info.passwordVersion);
-    if (!right) {
-      this.checkErrorTimes(user.username, '用户名或密码错误');
-    }
-    return await this.onLoginSuccess(info);
-  }
+  // /**
+  //  * login
+  //  */
+  // async login(user) {
+  //   console.assert(user.username != null, '用户名不能为空');
+  //   const info = await this.userService.findOne({ username: user.username });
+  //   if (info == null) {
+  //     throw new CommonException('用户名或密码错误');
+  //   }
+  //   const right = await this.userService.checkPassword(user.password, info.password, info.passwordVersion);
+  //   if (!right) {
+  //     this.checkErrorTimes(user.username, '用户名或密码错误');
+  //   }
+  //   return await this.onLoginSuccess(info);
+  // }
 
   private async onLoginSuccess(info: UserEntity) {
     if (info.status === 0) {

packages/ui/certd-server/src/modules/pipeline/service/access-sys-getter.ts

@@ -0,0 +1,17 @@
+import { IAccessService } from '@certd/pipeline';
+import { AccessService } from './access-service.js';
+
+export class AccessSysGetter implements IAccessService {
+  accessService: AccessService;
+  constructor(accessService: AccessService) {
+    this.accessService = accessService;
+  }
+
+  async getById<T = any>(id: any) {
+    return await this.accessService.getAccessById(id, false);
+  }
+
+  async getCommonById<T = any>(id: any) {
+    return await this.accessService.getAccessById(id, false);
+  }
+}

packages/ui/certd-server/src/modules/sys/authority/service/user-service.ts

@@ -12,7 +12,9 @@ import bcrypt from 'bcryptjs';
 import { RandomUtil } from '../../../../utils/random.js';
 import dayjs from 'dayjs';
 import { DbAdapter } from '../../../db/index.js';
-import { utils } from '@certd/basic';
+import { simpleNanoId, utils } from '@certd/basic';
+
+export type RegisterType = 'username' | 'mobile' | 'email';
 /**
  * 系统用户
  */
@@ -151,11 +153,36 @@ export class UserService extends BaseService<UserEntity> {
     return await this.roleService.getPermissionByRoleIds(roleIds);
   }
 
-  async register(user: UserEntity) {
+  async register(type: string, user: UserEntity) {
+    if (type !== 'username') {
+      user.username = 'user_' + simpleNanoId();
+      if (!user.password) {
+        user.password = simpleNanoId();
+      }
+    }
+    if (type === 'mobile') {
+      user.nickName = user.mobile.substring(0, 3) + '****' + user.mobile.substring(7);
+    }
+
     const old = await this.findOne({ username: user.username });
     if (old != null) {
-      throw new CommonException('用户名已经存在');
+      throw new CommonException('用户名已被注册');
     }
+
+    if (user.mobile) {
+      const old = await this.findOne({ mobile: user.mobile });
+      if (old != null) {
+        throw new CommonException('手机号已被注册');
+      }
+    }
+
+    if (user.email) {
+      const old = await this.findOne({ email: user.email });
+      if (old != null) {
+        throw new CommonException('邮箱已被注册');
+      }
+    }
+
     let newUser: UserEntity = UserEntity.of({
       username: user.username,
       password: user.password,
@@ -163,7 +190,7 @@ export class UserService extends BaseService<UserEntity> {
       avatar: user.avatar || '',
       email: user.email || '',
       mobile: user.mobile || '',
-      phoneCode: user.phoneCode || '',
+      phoneCode: user.phoneCode || '86',
       status: 1,
       passwordVersion: 2,
     });

packages/ui/certd-server/src/plugins/plugin-notification/email/index.ts

@@ -21,7 +21,6 @@ export class EmailNotification extends BaseNotification {
 
   async send(body: NotificationBody) {
     await this.ctx.emailService.send({
-      userId: body.userId,
       subject: body.title,
       content: body.content + '\n[查看详情](' + body.url + ')',
       receivers: this.receivers,