| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507 |
- 'use strict';
- /**
- * 项目账号数据模型
- *
- * @author CaiAoLin
- * @date 2017/11/16
- * @version
- */
- // 加密类
- const crypto = require('crypto');
- const SSO = require('../lib/sso');
- const SMS = require('../lib/sms');
- module.exports = app => {
- class ProjectAccount extends app.BaseService {
- /**
- * 构造函数
- *
- * @param {Object} ctx - egg全局变量
- * @return {void}
- */
- constructor(ctx) {
- super(ctx);
- this.tableName = 'project_account';
- }
- /**
- * 数据验证规则
- *
- * @param {String} scene - 场景
- * @return {Object} - 返回数据
- */
- rule(scene) {
- let rule = {};
- switch (scene) {
- case 'login':
- rule = {
- account: { type: 'string', required: true, min: 2 },
- project_password: { type: 'string', required: true, min: 4 },
- project: { type: 'string', required: true, min: 5 },
- };
- break;
- case 'ssoLogin':
- rule = {
- username: { type: 'string', required: true, min: 2 },
- password: { type: 'string', required: true, min: 4 },
- };
- break;
- case 'profileBase':
- rule = {
- name: { type: 'string', allowEmpty: true, max: 10 },
- company: { type: 'string', allowEmpty: true, max: 30 },
- role: { type: 'string', allowEmpty: true, max: 10 },
- mobile: { type: 'mobile', allowEmpty: true },
- telephone: { type: 'string', allowEmpty: true, max: 12 },
- };
- break;
- case 'modifyPassword':
- rule = {
- password: { type: 'password', required: true, min: 6 },
- new_password: { type: 'password', required: true, min: 6 },
- confirm_password: { type: 'password', required: true, min: 6, compare: 'new_password' },
- };
- break;
- case 'bindMobile':
- rule = {
- code: { type: 'string', required: true, min: 6 },
- auth_mobile: { type: 'mobile', allowEmpty: false },
- };
- break;
- case 'add':
- rule = {
- account: { type: 'string', required: true },
- password: { type: 'string', required: true, min: 6 },
- name: { type: 'string', required: true },
- company: { type: 'string', required: true },
- role: { type: 'string', required: true },
- mobile: { type: 'mobile', required: true },
- };
- break;
- case 'modify':
- rule = {
- account: { type: 'string', required: true },
- name: { type: 'string', required: true },
- company: { type: 'string', required: true },
- role: { type: 'string', required: true },
- mobile: { type: 'mobile', required: true },
- };
- break;
- default:
- break;
- }
- return rule;
- }
- /**
- * 账号登录
- *
- * @param {Object} data - 表单post数据
- * @param {Number} loginType - 登录类型 1 | 2
- * @return {Boolean} - 返回登录结果
- */
- async accountLogin(data, loginType) {
- let result = false;
- try {
- // 验证数据
- const scene = loginType === 1 ? 'ssoLogin' : 'login';
- const rule = this.rule(scene);
- this.ctx.validate(rule, data);
- let accountData = {};
- let projectInfo = {};
- let projectList = [];
- let permission = '';
- let cooperation = 0;
- if (loginType === 2) {
- // 查找项目数据
- const projectData = await this.ctx.service.project.getProjectByCode(data.project.toString());
- if (projectData === null) {
- throw '不存在项目数据';
- }
- projectInfo = {
- id: projectData.id,
- name: projectData.name,
- userAccount: projectData.user_account,
- };
- // 查找对应数据
- accountData = await this.db.get(this.tableName, {
- account: data.account,
- project_id: projectData.id,
- enable: 1,
- });
- if (accountData === null) {
- throw '不存在对应用户数据';
- }
- projectList = await this.getProjectInfoByAccount(data.account);
- permission = accountData.permission;
- cooperation = accountData.cooperation;
- // 判断密码
- // if (accountData.is_admin === 1) {
- // // 管理员则用sso通道判断
- // const sso = new SSO(this.ctx);
- // result = await sso.loginValid(data.account, data.project_password.toString());
- // } else {
- // 加密密码
- const encryptPassword = crypto.createHmac('sha1', data.account).update(data.project_password)
- .digest().toString('base64');
- result = encryptPassword === accountData.password;
- // }
- } else {
- // sso登录(演示版)
- const sso = new SSO(this.ctx);
- result = await sso.loginValid(data.username, data.password.toString());
- accountData.account = data.username;
- accountData.id = sso.accountID;
- }
- // 如果成功则更新登录时间
- if (result) {
- const currentTime = new Date().getTime() / 1000;
- if (loginType === 2) {
- const updateData = {
- last_login: currentTime,
- };
- await this.update(updateData, { id: accountData.id });
- }
- // 加密token
- const sessionToken = crypto.createHmac('sha1', currentTime + '').update(accountData.account)
- .digest().toString('base64');
- // 存入session
- this.ctx.session.sessionUser = {
- account: accountData.account,
- name: accountData.name,
- accountId: accountData.id,
- loginTime: currentTime,
- is_admin: accountData.is_admin,
- sessionToken,
- loginType,
- permission,
- cooperation,
- };
- this.ctx.session.sessionProject = projectInfo;
- this.ctx.session.sessionProjectList = projectList;
- }
- } catch (error) {
- console.log(error);
- result = false;
- }
- return result;
- }
- /**
- * 根据项目id获取用户列表
- *
- * @param {Number} projectId - 项目id
- * @return {Array} - 返回用户数据
- */
- async getAccountByProjectId(projectId) {
- const condition = {
- columns: ['id', 'account', 'name', 'company', 'role', 'mobile', 'telephone', 'enable', 'permission'],
- where: { project_id: projectId, is_admin: 0 },
- };
- const accountList = await this.getAllDataByCondition(condition);
- return accountList;
- }
- /**
- * 停用/启用
- *
- * @param {Number} accountId - 账号id
- * @return {Boolean} - 返回操作结果
- */
- async enableAccount(accountId) {
- let result = false;
- const accountData = await this.getDataByCondition({ id: accountId });
- if (accountData === null) {
- return result;
- }
- const changeStatus = accountData.enable === 1 ? 0 : 1;
- result = await this.update({ enable: changeStatus }, { id: accountId });
- return result;
- }
- /**
- * 根据账号id查找对应的项目数据
- *
- * @param {Number} account - 账号
- * @return {Array} - 返回数据
- */
- async getProjectInfoByAccount(account) {
- let column = ['p.name', 'p.id', 'p.user_account'];
- column = column.join(',');
- const sql = 'SELECT ' + column + ' FROM ' +
- '?? AS pa ' +
- 'LEFT JOIN ?? AS p ' +
- 'ON pa.`project_id` = p.`id` ' +
- 'WHERE pa.`account` = ? ' +
- 'GROUP BY pa.`project_id`;';
- const sqlParam = [this.tableName, this.ctx.service.project.tableName, account];
- const projectInfo = await this.db.query(sql, sqlParam);
- return projectInfo;
- }
- /**
- * 根据项目Id,用户名查找用户数据
- * @param {int} projectId - 项目id
- * @param {Object} name - 关键字
- * @param {int} type - 查询方式
- * @return {Object} 列表或单条数据
- */
- async getAccountInfoByName(projectId, name, type = 0) {
- this.initSqlBuilder();
- this.sqlBuilder.columns = ['id', 'name', 'company', 'role'];
- this.sqlBuilder.setAndWhere('project_id', {
- operate: '=',
- value: projectId,
- });
- this.sqlBuilder.setAndWhere('name', {
- operate: 'like',
- value: this.db.escape('%' + name + '%'),
- });
- const [sql, sqlParam] = this.sqlBuilder.build(this.tableName, 'select');
- const info = type === 1 ? await this.db.query(sql, sqlParam) : await this.db.queryOne(sql, sqlParam);
- return info;
- }
- async getAccountInfoById(id) {
- this.initSqlBuilder();
- this.sqlBuilder.columns = ['id', 'name', 'company', 'role'];
- this.sqlBuilder.setAndWhere('id', {
- operate: '=',
- value: id,
- });
- const [sql, sqlParam] = this.sqlBuilder.build(this.tableName, 'select');
- const info = await this.db.queryOne(sql, sqlParam);
- return info;
- }
- /**
- * 修改用户数据
- *
- * @param {Object} data - post过来的数据
- * @return {Boolean} - 返回修改结果
- */
- async save(data) {
- if (data._csrf !== undefined) {
- delete data._csrf;
- }
- const id = data.id !== undefined ? parseInt(data.id) : 0;
- if (id > 0) {
- // 修改操作时
- delete data.create_time;
- data.id = id;
- } else {
- // 重名检测
- const accountData = await this.db.select(this.tableName, {
- where: {
- account: data.account,
- project_id: data.enterprise_id,
- },
- });
- if (accountData.length > 0) {
- throw '已存在对应的帐户名';
- }
- // 加密密码
- data.password = crypto.createHmac('sha1', data.account).update(data.password)
- .digest().toString('base64');
- }
- const operate = id === 0 ? await this.db.insert(this.tableName, data) :
- await this.db.update(this.tableName, data);
- const result = operate.affectedRows > 0;
- return result;
- }
- /**
- * 修改密码
- *
- * @param {Number} accountId - 账号id
- * @param {String} password - 旧密码
- * @param {String} newPassword - 新密码
- * @return {Boolean} - 返回修改结果
- */
- async modifyPassword(accountId, password, newPassword) {
- // 查找账号
- const accountData = await this.getDataByCondition({ id: accountId });
- if (accountData.password === undefined) {
- throw '不存在对应用户';
- }
- // 判断是否为sso账号,如果是则不能在此系统修改(后续通过接口修改?)
- if (accountData.password === 'SSO password') {
- throw 'SSO用户请到SSO系统修改密码';
- }
- // 加密密码
- const encryptPassword = crypto.createHmac('sha1', accountData.account).update(password)
- .digest().toString('base64');
- if (encryptPassword !== accountData.password) {
- throw '密码错误';
- }
- // 通过密码验证后修改数据
- const encryptNewPassword = crypto.createHmac('sha1', accountData.account).update(newPassword)
- .digest().toString('base64');
- const updateData = { password: encryptNewPassword };
- const result = await this.save(updateData, accountId);
- return result;
- }
- /**
- * 设置短信验证码
- *
- * @param {Number} accountId - 账号id
- * @param {String} mobile - 电话号码
- * @return {Boolean} - 设置结果
- */
- async setSMSCode(accountId, mobile) {
- const cacheKey = 'smsCode:' + accountId;
- const randString = this.ctx.helper.generateRandomString(6, 2);
- // 缓存15分钟(拼接电话,防止篡改)
- this.cache.set(cacheKey, randString + mobile, 'EX', 900);
- let result = false;
- // 发送短信
- try {
- const sms = new SMS(this.ctx);
- const content = '【纵横计量支付】验证码:' + randString + ',15分钟有效。';
- result = await sms.send(mobile, content);
- } catch (error) {
- result = false;
- }
- return result;
- }
- /**
- * 绑定认证手机
- *
- * @param {Number} accountId - 账号id
- * @param {Object} data - post过来的数据
- * @return {Boolean} - 绑定结果
- */
- async bindMobile(accountId, data) {
- const cacheKey = 'smsCode:' + accountId;
- const cacheCode = await this.cache.get(cacheKey);
- if (cacheCode === null || data.code === undefined || cacheCode !== (data.code + data.auth_mobile)) {
- return false;
- }
- // 查找是否有重复的认证手机
- const accountData = await this.getDataByCondition({ auth_mobile: data.auth_mobile });
- if (accountData !== null) {
- throw '已存在对应的手机';
- }
- const updateData = { auth_mobile: data.auth_mobile };
- return this.save(updateData, accountId);
- }
- /**
- * 重置密码
- *
- * @param {Number} accountId - 账号id
- * @param {String} password - 重置的密码
- * @return {Boolean} - 重置结果
- */
- async resetPassword(accountId, password) {
- // 初始化事务
- this.transaction = await this.db.beginTransaction();
- let result = false;
- try {
- // 查找对应账号数据
- const accountData = await this.getDataByCondition({ id: accountId });
- if (accountData.account === undefined) {
- throw '不存在对应账号';
- }
- // 加密密码
- const encryptPassword = crypto.createHmac('sha1', accountData.account).update(password)
- .digest().toString('base64');
- // 更新账号密码
- const sql = 'UPDATE ?? SET password=? WHERE id=? AND password != ?;';
- const sqlParam = [this.tableName, encryptPassword, accountId, 'SSO password'];
- const operate = await this.transaction.query(sql, sqlParam);
- result = operate.affectedRows > 0;
- if (!result) {
- throw '更新密码失败';
- }
- // 发送短信
- if (accountData.auth_mobile !== '') {
- const sms = new SMS(this.ctx);
- const content = '【纵横计量支付】账号:' + accountData.account + ',密码重置为:' + password;
- sms.send(accountData.auth_mobile, content);
- }
- this.transaction.commit();
- } catch (error) {
- this.transaction.rollback();
- }
- return result;
- }
- /**
- * 判断是否存在对应的账号
- *
- * @param {String} account - 账号名称
- * @param {Number} projectId - 项目id
- * @return {Boolean} - 返回是否存在
- */
- async isAccountExist(account, projectId) {
- const accountData = await this.db.get(this.tableName, { account, project_id: projectId });
- return accountData;
- }
- /**
- * 保存用户权限数据
- *
- * @param {Object} data - post过来的数据
- * @return {Boolean} - 返回权限修改结果
- */
- async permissionSave(id, data) {
- if (data._csrf !== undefined) {
- delete data._csrf;
- }
- const updateData = {
- id,
- cooperation: data.cooperation,
- };
- delete data.cooperation;
- delete data.id;
- updateData.permission = JSON.stringify(data);
- const operate = await this.db.update(this.tableName, updateData);
- const result = operate.affectedRows > 0;
- return result;
- }
- }
- return ProjectAccount;
- };
|
