perf: 支持oidc单点登录

2026-05-18 06:17:31 +08:00 · 2025-11-27 01:59:22 +08:00
parent c7b298c46f
commit ec75afbc44
25 changed files with 633 additions and 103 deletions
@@ -17,9 +17,9 @@ import { TwoFactorService } from "../../mine/service/two-factor-service.js";
 import { UserSettingsService } from "../../mine/service/user-settings-service.js";
 import { isPlus } from "@certd/plus-core";
 import { AddonService } from "@certd/lib-server";
+import { OauthBoundService } from "./oauth-bound-service.js";

 /**
- * 系统用户
 */
@Provide()
@Scope(ScopeEnum.Request, {allowDowngrade: true})
@@ -42,6 +42,8 @@ export class LoginService {
  twoFactorService: TwoFactorService;
  @Inject()
  addonService: AddonService;
+  @Inject()
+  oauthBoundService: OauthBoundService;

  checkIsBlocked(username: string) {
    const blockDurationKey = `login_block_duration:${username}`;
@@ -204,6 +206,10 @@ export class LoginService {
   * @param roleIds
   */
  async generateToken(user: UserEntity) {
+    if (user.status === 0) {
+      throw new CommonException('用户已被禁用');
+    }
+
    const roleIds = await this.roleService.getRoleIdsByUserId(user.id);
    const tokenInfo = {
      username: user.username,
@@ -224,4 +230,20 @@ export class LoginService {
      expire,
    };
  }
+
+
+  async loginByOpenId(req: { openId: string, type:string }) {
+    const {openId, type} = req;
+    const oauthBound = await this.oauthBoundService.findOne({
+      where:{openId, type}
+    });
+    if (oauthBound == null) {
+      return null
+    }
+    const info = await this.userService.findOne({id: oauthBound.userId});
+    if (info == null) {
+      throw new CommonException('用户不存在');
+    }
+    return this.generateToken(info);
+  }
 }
@@ -0,0 +1,74 @@
+import { BaseService, SysSettingsService } from "@certd/lib-server";
+import { Inject, Provide, Scope, ScopeEnum } from "@midwayjs/core";
+import { InjectEntityModel } from "@midwayjs/typeorm";
+import { Repository } from "typeorm";
+import { OauthBoundEntity } from "../entity/oauth-bound.js";
+
+
+@Provide()
+@Scope(ScopeEnum.Request, { allowDowngrade: true })
+export class OauthBoundService extends BaseService<OauthBoundEntity> {
+ 
+  @InjectEntityModel(OauthBoundEntity)
+  repository: Repository<OauthBoundEntity>;
+
+  @Inject()
+  sysSettingsService: SysSettingsService;
+
+
+  //@ts-ignore
+  getRepository() {
+    return this.repository;
+  }
+
+  async unbind(req: { userId: any; type: any; }) {
+    const { userId, type } = req;
+    if (!userId || !type) {
+      throw new Error('参数错误');
+    }
+
+    await this.repository.delete({
+      userId,
+      type,
+    });
+  }
+
+ async bind(req: { userId: any; type: any; openId: any; }) {
+    const { userId, type, openId } = req;
+    if (!userId || !type || !openId) {
+      throw new Error('参数错误');
+    }
+    const exist = await this.repository.findOne({
+      where: {
+        openId,
+        type,
+      },
+    });
+    if (exist) {
+      throw new Error('该第三方账号已绑定用户');
+    }
+
+    const exist2 = await this.repository.findOne({
+      where: {
+        userId,
+        type,
+      },
+    });
+    if (exist2) {
+      //覆盖绑定
+      exist2.openId = openId;
+      await this.update({
+        id: exist2.id,
+        openId,
+      });
+      return;
+    } 
+    //新增
+    await this.add({
+      userId,
+      type,
+      openId,
+    });
+  }
+
+}