perf: 支持oidc单点登录

packages/ui/certd-server/src/modules/basic/service/code-service.ts

@@ -1,5 +1,5 @@
 import { Inject, Provide, Scope, ScopeEnum } from '@midwayjs/core';
-import { cache, isDev, randomNumber } from '@certd/basic';
+import { cache, isDev, randomNumber, simpleNanoId } from '@certd/basic';
 import { SysSettingsService, SysSiteInfo } from '@certd/lib-server';
 import { SmsServiceFactory } from '../sms/factory.js';
 import { ISmsService } from '../sms/api.js';
@@ -188,4 +188,20 @@ export class CodeService {
     `
     );
   }
+
+
+  buildValidationValueKey(code:string) {
+    return `validationValue:${code}`;
+  }
+  setValidationValue(value:any) {
+    const randomCode = simpleNanoId(12);
+    const key = this.buildValidationValueKey(randomCode);
+    cache.set(key, value, {
+      ttl: 5 * 60 * 1000, //5分钟
+    });
+    return randomCode;
+  }
+  getValidationValue(code:string) {
+    return cache.get(this.buildValidationValueKey(code));
+  }
 }

packages/ui/certd-server/src/modules/login/entity/oauth-bound.ts

@@ -1,7 +1,7 @@
 import { Column, Entity, PrimaryGeneratedColumn } from 'typeorm';
 
-@Entity('cd_oauth_bind')
-export class OauthBindEntity {
+@Entity('cd_oauth_bound')
+export class OauthBoundEntity {
   @PrimaryGeneratedColumn()
   id: number;
 

packages/ui/certd-server/src/modules/login/service/login-service.ts

@@ -17,9 +17,9 @@ import { TwoFactorService } from "../../mine/service/two-factor-service.js";
 import { UserSettingsService } from "../../mine/service/user-settings-service.js";
 import { isPlus } from "@certd/plus-core";
 import { AddonService } from "@certd/lib-server";
+import { OauthBoundService } from "./oauth-bound-service.js";
 
 /**
- * 系统用户
  */
 @Provide()
 @Scope(ScopeEnum.Request, {allowDowngrade: true})
@@ -42,6 +42,8 @@ export class LoginService {
   twoFactorService: TwoFactorService;
   @Inject()
   addonService: AddonService;
+  @Inject()
+  oauthBoundService: OauthBoundService;
 
   checkIsBlocked(username: string) {
     const blockDurationKey = `login_block_duration:${username}`;
@@ -204,6 +206,10 @@ export class LoginService {
    * @param roleIds
    */
   async generateToken(user: UserEntity) {
+    if (user.status === 0) {
+      throw new CommonException('用户已被禁用');
+    }
+
     const roleIds = await this.roleService.getRoleIdsByUserId(user.id);
     const tokenInfo = {
       username: user.username,
@@ -224,4 +230,20 @@ export class LoginService {
       expire,
     };
   }
+
+
+  async loginByOpenId(req: { openId: string, type:string }) {
+    const {openId, type} = req;
+    const oauthBound = await this.oauthBoundService.findOne({
+      where:{openId, type}
+    });
+    if (oauthBound == null) {
+      return null
+    }
+    const info = await this.userService.findOne({id: oauthBound.userId});
+    if (info == null) {
+      throw new CommonException('用户不存在');
+    }
+    return this.generateToken(info);
+  }
 }

packages/ui/certd-server/src/modules/login/service/oauth-bound-service.ts

@@ -0,0 +1,74 @@
+import { BaseService, SysSettingsService } from "@certd/lib-server";
+import { Inject, Provide, Scope, ScopeEnum } from "@midwayjs/core";
+import { InjectEntityModel } from "@midwayjs/typeorm";
+import { Repository } from "typeorm";
+import { OauthBoundEntity } from "../entity/oauth-bound.js";
+
+
+@Provide()
+@Scope(ScopeEnum.Request, { allowDowngrade: true })
+export class OauthBoundService extends BaseService<OauthBoundEntity> {
+ 
+  @InjectEntityModel(OauthBoundEntity)
+  repository: Repository<OauthBoundEntity>;
+
+  @Inject()
+  sysSettingsService: SysSettingsService;
+
+
+  //@ts-ignore
+  getRepository() {
+    return this.repository;
+  }
+
+  async unbind(req: { userId: any; type: any; }) {
+    const { userId, type } = req;
+    if (!userId || !type) {
+      throw new Error('参数错误');
+    }
+
+    await this.repository.delete({
+      userId,
+      type,
+    });
+  }
+
+ async bind(req: { userId: any; type: any; openId: any; }) {
+    const { userId, type, openId } = req;
+    if (!userId || !type || !openId) {
+      throw new Error('参数错误');
+    }
+    const exist = await this.repository.findOne({
+      where: {
+        openId,
+        type,
+      },
+    });
+    if (exist) {
+      throw new Error('该第三方账号已绑定用户');
+    }
+
+    const exist2 = await this.repository.findOne({
+      where: {
+        userId,
+        type,
+      },
+    });
+    if (exist2) {
+      //覆盖绑定
+      exist2.openId = openId;
+      await this.update({
+        id: exist2.id,
+        openId,
+      });
+      return;
+    } 
+    //新增
+    await this.add({
+      userId,
+      type,
+      openId,
+    });
+  }
+
+}

packages/ui/certd-server/src/modules/sys/authority/service/user-service.ts

@@ -1,6 +1,6 @@
 import { Inject, Provide, Scope, ScopeEnum } from '@midwayjs/core';
 import { InjectEntityModel } from '@midwayjs/typeorm';
-import {In, MoreThan, Not, Repository} from 'typeorm';
+import {EntityManager, In, MoreThan, Not, Repository} from 'typeorm';
 import { UserEntity } from '../entity/user.js';
 import * as _ from 'lodash-es';
 import { BaseService, CommonException, Constants, FileService, SysInstallInfo, SysSettingsService } from '@certd/lib-server';
@@ -171,7 +171,7 @@ export class UserService extends BaseService<UserEntity> {
     return await this.roleService.getPermissionByRoleIds(roleIds);
   }
 
-  async register(type: string, user: UserEntity) {
+  async register(type: string, user: UserEntity,withTx?:(tx: EntityManager)=>Promise<void>) {
     if (!user.password) {
       user.password = simpleNanoId();
     }
@@ -227,6 +227,10 @@ export class UserService extends BaseService<UserEntity> {
       newUser = await txManager.save(newUser);
       const userRole: UserRoleEntity = UserRoleEntity.of(newUser.id, Constants.role.defaultUser);
       await txManager.save(userRole);
+
+      if(withTx) {
+        await withTx(txManager);
+      }
     });
 
     delete newUser.password;