Dev (#135)

* feat: assets 目录用作本地文件上传，移到项目根目录 * style(*): prettier 格式化代码 * feat(*): 新增登录验证码校验 * feat: add captcha functionality * Update README.md Co-authored-by: unknown <Shirmy> Co-authored-by: shirmy <[email protected]> Co-authored-by: wang-ev <[email protected]>
TaleLin · Nov 8, 2021 · a74121b · a74121b
1 parent 3fd09ff
commit a74121b
Show file tree

Hide file tree

Showing 20 changed files with 276 additions and 105 deletions.
diff --git a/.gitignore b/.gitignore
@@ -14,4 +14,4 @@ suspect/
 dist
 learn
 tokens.json
-app/assets
+assets
diff --git a/README.md b/README.md
@@ -63,7 +63,12 @@ QQ 群号：643205479 / 814597236
 
 ## 版本日志
 
-最新版本 `0.3.11`
+最新版本 `0.3.12`
+
+### 0.3.12
+
+1. `A` 新增验证码功能，默认关闭验证码
+2. `U` assets 目录用作本地文件上传，移到项目根目录
 
 ### 0.3.11
 

diff --git a/app/api/cms/file.js b/app/api/cms/file.js
@@ -12,7 +12,7 @@ file.linPost('upload', '/', loginRequired, async ctx => {
   if (files.length < 1) {
     throw new ParametersException({ code: 10033 });
   }
-  const uploader = new LocalUploader('app/assets');
+  const uploader = new LocalUploader('assets');
   const arr = await uploader.upload(files);
   ctx.json(arr);
 });

diff --git a/app/api/cms/user.js b/app/api/cms/user.js
@@ -14,6 +14,7 @@ import {
 import { UserIdentityModel } from '../../model/user';
 import { logger } from '../../middleware/logger';
 import { UserDao } from '../../dao/user';
+import { generateCaptcha } from '../../lib/captcha';
 
 const user = new LinRouter({
   prefix: '/cms/user',
@@ -34,12 +35,16 @@ user.linPost(
     const v = await new RegisterValidator().validate(ctx);
     await userDao.createUser(v);
     if (config.getItem('socket.enable')) {
-      const username = v.get('body.username')
-      ctx.websocket.broadCast(JSON.stringify({
-        name: username,
-        content: `管理员${ctx.currentUser.getDataValue('username')}新建了一个用户${username}`,
-        time: new Date()
-      }))
+      const username = v.get('body.username');
+      ctx.websocket.broadCast(
+        JSON.stringify({
+          name: username,
+          content: `管理员${ctx.currentUser.getDataValue(
+            'username'
+          )}新建了一个用户${username}`,
+          time: new Date()
+        })
+      );
     }
     ctx.success({
       code: 11
@@ -49,19 +54,27 @@ user.linPost(
 
 user.linPost('userLogin', '/login', user.permission('登录'), async ctx => {
   const v = await new LoginValidator().validate(ctx);
-  const user = await UserIdentityModel.verify(
-    v.get('body.username'),
-    v.get('body.password')
-  );
-  const { accessToken, refreshToken } = getTokens({
-    id: user.user_id
-  });
+  const { accessToken, refreshToken } = await userDao.getTokens(v, ctx);
   ctx.json({
     access_token: accessToken,
     refresh_token: refreshToken
   });
 });
 
+user.linPost('userCaptcha', '/captcha', async ctx => {
+  let tag = null;
+  let image = null;
+
+  if (config.getItem('loginCaptchaEnabled', false)) {
+    ({ tag, image } = await generateCaptcha());
+  }
+
+  ctx.json({
+    tag,
+    image
+  });
+});
+
 user.linPut(
   'userUpdate',
   '/',

diff --git a/app/app.js b/app/app.js
@@ -5,7 +5,7 @@ import mount from 'koa-mount';
 import serve from 'koa-static';
 import { config, json, logging, success, jwt, Loader } from 'lin-mizar';
 import { PermissionModel } from './model/permission';
-import WebSocket from './extension/socket/socket'
+import WebSocket from './extension/socket/socket';
 
 /**
  * 首页
@@ -64,10 +64,10 @@ function applyDefaultExtends (app) {
  */
 function applyWebSocket (app) {
   if (config.getItem('socket.enable')) {
-    const server = new WebSocket(app)
-    return server.init()
+    const server = new WebSocket(app);
+    return server.init();
   }
-  return app
+  return app;
 }
 
 /**

diff --git a/app/config/code-message.js b/app/config/code-message.js
@@ -77,6 +77,7 @@ module.exports = {
     10231: '无法分配不存在的权限',
     10240: '书籍已存在',
     10250: '请使用正确类型的令牌',
-    10251: '请使用正确作用域的令牌'
+    10251: '请使用正确作用域的令牌',
+    10260: '请输入正确的验证码'
   }
 };
diff --git a/app/config/secure.js b/app/config/secure.js
@@ -12,7 +12,7 @@ module.exports = {
     timezone: '+08:00',
     define: {
       charset: 'utf8mb4'
-    },
+    }
   },
   secret:
     '\x88W\xf09\x91\x07\x98\x89\x87\x96\xa0A\xc68\xf9\xecJJU\x17\xc5V\xbe\x8b\xef\xd7\xd8\xd3\xe6\x95*4' // 发布生产环境前，请务必修改此默认秘钥

diff --git a/app/config/setting.js b/app/config/setting.js
@@ -24,5 +24,7 @@ module.exports = {
     //   // other config
     //   limit: 2
     // },
-  }
+  },
+  // 是否开启登录验证码
+  loginCaptchaEnabled: false
 };
diff --git a/app/dao/admin.js b/app/dao/admin.js
@@ -107,11 +107,11 @@ class AdminDao {
         group_id: GroupLevel.Root,
         user_id: id
       }
-    })
+    });
     if (root) {
       throw new Forbidden({
         code: 10079
-      })
+      });
     }
     let transaction;
     try {

diff --git a/app/dao/user.js b/app/dao/user.js
@@ -1,4 +1,11 @@
-import { RepeatException, generate, NotFound, Forbidden } from 'lin-mizar';
+import {
+  RepeatException,
+  generate,
+  NotFound,
+  Forbidden,
+  config,
+  getTokens
+} from 'lin-mizar';
 import { UserModel, UserIdentityModel } from '../model/user';
 import { UserGroupModel } from '../model/user-group';
 import { GroupPermissionModel } from '../model/group-permission';
@@ -9,6 +16,7 @@ import sequelize from '../lib/db';
 import { MountType, GroupLevel, IdentityType } from '../lib/type';
 import { Op } from 'sequelize';
 import { set, has, uniq } from 'lodash';
+import { verifyCaptcha } from '../lib/captcha';
 
 class UserDao {
   async createUser (v) {
@@ -50,6 +58,31 @@ class UserDao {
     await this.registerUser(v);
   }
 
+  async getTokens (v, ctx) {
+    if (config.getItem('loginCaptchaEnabled', false)) {
+      const tag = ctx.req.headers.tag;
+      const captcha = v.get('body.captcha');
+
+      if (!verifyCaptcha(captcha, tag)) {
+        throw new Forbidden({
+          code: 10260
+        });
+      }
+    }
+    const user = await UserIdentityModel.verify(
+      v.get('body.username'),
+      v.get('body.password')
+    );
+    const { accessToken, refreshToken } = getTokens({
+      id: user.user_id
+    });
+
+    return {
+      accessToken,
+      refreshToken
+    };
+  }
+
   async updateUser (ctx, v) {
     const user = ctx.currentUser;
     if (v.get('body.username') && user.username !== v.get('body.username')) {

diff --git a/app/extension/file/config.js b/app/extension/file/config.js
@@ -2,7 +2,7 @@
 
 module.exports = {
   file: {
-    storeDir: 'app/assets',
+    storeDir: 'assets',
     singleLimit: 1024 * 1024 * 2,
     totalLimit: 1024 * 1024 * 20,
     nums: 10,

diff --git a/app/extension/socket/config.js b/app/extension/socket/config.js
@@ -4,6 +4,6 @@ module.exports = {
   socket: {
     path: '/ws/message',
     enable: false, // 是否开启 websocket 模块
-    intercept: false, // 是否开启 websocket 的鉴权拦截器
+    intercept: false // 是否开启 websocket 的鉴权拦截器
   }
-};
+};
-Original file line number
+Diff line change
@@ Expand Up / @@ -14,4 +14,4 @@ suspect/ @@
     dist
     learn
     tokens.json
-    app/assets
+    assets