增加用户身份认证相关接口

internal/db/models/file_dao.go

@@ -1,6 +1,7 @@
 package models
 
 import (
+	"github.com/TeaOSLab/EdgeAPI/internal/utils"
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/iwind/TeaGo/Tea"
 	"github.com/iwind/TeaGo/dbs"
@@ -33,7 +34,7 @@ func init() {
 	})
 }
 
-// 启用条目
+// EnableFile 启用条目
 func (this *FileDAO) EnableFile(tx *dbs.Tx, id int64) error {
 	_, err := this.Query(tx).
 		Pk(id).
@@ -42,7 +43,7 @@ func (this *FileDAO) EnableFile(tx *dbs.Tx, id int64) error {
 	return err
 }
 
-// 禁用条目
+// DisableFile 禁用条目
 func (this *FileDAO) DisableFile(tx *dbs.Tx, id int64) error {
 	_, err := this.Query(tx).
 		Pk(id).
@@ -51,7 +52,7 @@ func (this *FileDAO) DisableFile(tx *dbs.Tx, id int64) error {
 	return err
 }
 
-// 查找启用中的条目
+// FindEnabledFile 查找启用中的条目
 func (this *FileDAO) FindEnabledFile(tx *dbs.Tx, id int64) (*File, error) {
 	result, err := this.Query(tx).
 		Pk(id).
@@ -63,9 +64,9 @@ func (this *FileDAO) FindEnabledFile(tx *dbs.Tx, id int64) (*File, error) {
 	return result.(*File), err
 }
 
-// 创建文件
+// CreateFile 创建文件
 func (this *FileDAO) CreateFile(tx *dbs.Tx, adminId int64, userId int64, businessType, description string, filename string, size int64, isPublic bool) (int64, error) {
-	op := NewFileOperator()
+	var op = NewFileOperator()
 	op.AdminId = adminId
 	op.UserId = userId
 	op.Type = businessType
@@ -74,6 +75,7 @@ func (this *FileDAO) CreateFile(tx *dbs.Tx, adminId int64, userId int64, busines
 	op.Size = size
 	op.Filename = filename
 	op.IsPublic = isPublic
+	op.Code = utils.Sha1RandomString()
 	err := this.Save(tx, op)
 	if err != nil {
 		return 0, err
@@ -82,7 +84,7 @@ func (this *FileDAO) CreateFile(tx *dbs.Tx, adminId int64, userId int64, busines
 	return types.Int64(op.Id), nil
 }
 
-// 将文件置为已完成
+// UpdateFileIsFinished 将文件置为已完成
 func (this *FileDAO) UpdateFileIsFinished(tx *dbs.Tx, fileId int64) error {
 	_, err := this.Query(tx).
 		Pk(fileId).

internal/db/models/file_model.go

@@ -1,9 +1,10 @@
 package models
 
-// 文件管理
+// File 文件管理
 type File struct {
 	Id          uint32 `field:"id"`          // ID
 	AdminId     uint32 `field:"adminId"`     // 管理员ID
+	Code        string `field:"code"`        // 代号
 	UserId      uint32 `field:"userId"`      // 用户ID
 	Description string `field:"description"` // 文件描述
 	Filename    string `field:"filename"`    // 文件名
@@ -19,6 +20,7 @@ type File struct {
 type FileOperator struct {
 	Id          interface{} // ID
 	AdminId     interface{} // 管理员ID
+	Code        interface{} // 代号
 	UserId      interface{} // 用户ID
 	Description interface{} // 文件描述
 	Filename    interface{} // 文件名

internal/db/models/plan_dao.go

@@ -217,7 +217,7 @@ func (this *PlanDAO) ListEnabledPlans(tx *dbs.Tx, offset int64, size int64) (res
 		Limit(size).
 		Slice(&result).
 		Desc("order").
-		DescPk().
+		AscPk().
 		FindAll()
 	return
 }

internal/db/models/user_identity_dao.go

@@ -0,0 +1,184 @@
+package models
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeCommon/pkg/userconfigs"
+	_ "github.com/go-sql-driver/mysql"
+	"github.com/iwind/TeaGo/Tea"
+	"github.com/iwind/TeaGo/dbs"
+	"time"
+)
+
+const (
+	UserIdentityStateEnabled  = 1 // 已启用
+	UserIdentityStateDisabled = 0 // 已禁用
+)
+
+type UserIdentityDAO dbs.DAO
+
+func NewUserIdentityDAO() *UserIdentityDAO {
+	return dbs.NewDAO(&UserIdentityDAO{
+		DAOObject: dbs.DAOObject{
+			DB:     Tea.Env,
+			Table:  "edgeUserIdentities",
+			Model:  new(UserIdentity),
+			PkName: "id",
+		},
+	}).(*UserIdentityDAO)
+}
+
+var SharedUserIdentityDAO *UserIdentityDAO
+
+func init() {
+	dbs.OnReady(func() {
+		SharedUserIdentityDAO = NewUserIdentityDAO()
+	})
+}
+
+// EnableUserIdentity 启用条目
+func (this *UserIdentityDAO) EnableUserIdentity(tx *dbs.Tx, id uint64) error {
+	_, err := this.Query(tx).
+		Pk(id).
+		Set("state", UserIdentityStateEnabled).
+		Update()
+	return err
+}
+
+// DisableUserIdentity 禁用条目
+func (this *UserIdentityDAO) DisableUserIdentity(tx *dbs.Tx, id uint64) error {
+	_, err := this.Query(tx).
+		Pk(id).
+		Set("state", UserIdentityStateDisabled).
+		Update()
+	return err
+}
+
+// FindEnabledUserIdentity 查找启用中的条目
+func (this *UserIdentityDAO) FindEnabledUserIdentity(tx *dbs.Tx, id int64) (*UserIdentity, error) {
+	result, err := this.Query(tx).
+		Pk(id).
+		Attr("state", UserIdentityStateEnabled).
+		Find()
+	if result == nil {
+		return nil, err
+	}
+	return result.(*UserIdentity), err
+}
+
+// CreateUserIdentity 创建
+func (this *UserIdentityDAO) CreateUserIdentity(tx *dbs.Tx, userId int64, idType userconfigs.UserIdentityType, realName string, number string, fileIds []int64) (int64, error) {
+	var op = NewUserIdentityOperator()
+	op.UserId = userId
+	op.Type = idType
+	op.RealName = realName
+	op.Number = number
+
+	if fileIds == nil {
+		fileIds = []int64{}
+	}
+	fileIdsJSON, err := json.Marshal(fileIds)
+	if err != nil {
+		return 0, err
+	}
+	op.FileIds = fileIdsJSON
+
+	op.Status = userconfigs.UserIdentityStatusNone
+	op.State = UserIdentityStateEnabled
+	return this.SaveInt64(tx, op)
+}
+
+// UpdateUserIdentity 修改
+func (this *UserIdentityDAO) UpdateUserIdentity(tx *dbs.Tx, identityId int64, idType userconfigs.UserIdentityType, realName string, number string, fileIds []int64) error {
+	if identityId <= 0 {
+		return nil
+	}
+
+	var op = NewUserIdentityOperator()
+	op.Id = identityId
+	op.Type = idType
+	op.Number = number
+
+	if fileIds == nil {
+		fileIds = []int64{}
+	}
+	fileIdsJSON, err := json.Marshal(fileIds)
+	if err != nil {
+		return err
+	}
+	op.FileIds = fileIdsJSON
+
+	return this.Save(tx, op)
+}
+
+// SubmitUserIdentity 提交审核
+func (this *UserIdentityDAO) SubmitUserIdentity(tx *dbs.Tx, identityId int64) error {
+	return this.Query(tx).
+		Pk(identityId).
+		Set("status", userconfigs.UserIdentityStatusSubmitted).
+		Set("submittedAt", time.Now().Unix()).
+		UpdateQuickly()
+}
+
+// CancelUserIdentity 取消提交审核
+func (this *UserIdentityDAO) CancelUserIdentity(tx *dbs.Tx, identityId int64) error {
+	return this.Query(tx).
+		Pk(identityId).
+		Set("status", userconfigs.UserIdentityStatusNone).
+		Set("updatedAt", time.Now().Unix()).
+		UpdateQuickly()
+}
+
+// RejectUserIdentity 拒绝
+func (this *UserIdentityDAO) RejectUserIdentity(tx *dbs.Tx, identityId int64) error {
+	return this.Query(tx).
+		Pk(identityId).
+		Set("status", userconfigs.UserIdentityStatusRejected).
+		Set("rejectedAt", time.Now().Unix()).
+		UpdateQuickly()
+}
+
+// VerifyUserIdentity 通过
+func (this *UserIdentityDAO) VerifyUserIdentity(tx *dbs.Tx, identityId int64) error {
+	return this.Query(tx).
+		Pk(identityId).
+		Set("status", userconfigs.UserIdentityStatusVerified).
+		Set("verifiedAt", time.Now().Unix()).
+		UpdateQuickly()
+}
+
+// CheckUserIdentity 检查用户认证
+func (this *UserIdentityDAO) CheckUserIdentity(tx *dbs.Tx, userId int64, identityId int64) error {
+	b, err := this.Query(tx).
+		Pk(identityId).
+		Attr("userId", userId).
+		State(UserIdentityStateEnabled).
+		Exist()
+	if err != nil {
+		return err
+	}
+	if !b {
+		return ErrNotFound
+	}
+	return nil
+}
+
+// FindUserIdentityStatus 查找认证信息当前状态
+func (this *UserIdentityDAO) FindUserIdentityStatus(tx *dbs.Tx, identityId int64) (userconfigs.UserIdentityStatus, error) {
+	return this.Query(tx).
+		Pk(identityId).
+		Result("status").
+		FindStringCol("")
+}
+
+// FindEnabledUserIdentityWithType 查找某个类型的认证信息
+func (this *UserIdentityDAO) FindEnabledUserIdentityWithType(tx *dbs.Tx, userId int64, idType userconfigs.UserIdentityType) (*UserIdentity, error) {
+	one, err := this.Query(tx).
+		Attr("userId", userId).
+		Attr("type", idType).
+		State(UserIdentityStateEnabled).
+		Find()
+	if err != nil || one == nil {
+		return nil, err
+	}
+	return one.(*UserIdentity), nil
+}

internal/db/models/user_identity_dao_test.go

@@ -0,0 +1,6 @@
+package models_test
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	_ "github.com/iwind/TeaGo/bootstrap"
+)

internal/db/models/user_identity_model.go

@@ -0,0 +1,40 @@
+package models
+
+import "github.com/iwind/TeaGo/dbs"
+
+// UserIdentity 用户实名认证信息
+type UserIdentity struct {
+	Id          uint64   `field:"id"`          // ID
+	UserId      uint64   `field:"userId"`      // 用户ID
+	Type        string   `field:"type"`        // 类型
+	RealName    string   `field:"realName"`    // 真实姓名
+	Number      string   `field:"number"`      // 编号
+	FileIds     dbs.JSON `field:"fileIds"`     // 文件ID
+	Status      string   `field:"status"`      // 状态：none,submitted,verified,rejected
+	State       uint8    `field:"state"`       // 状态
+	CreatedAt   uint64   `field:"createdAt"`   // 创建时间
+	UpdatedAt   uint64   `field:"updatedAt"`   // 修改时间
+	SubmittedAt uint64   `field:"submittedAt"` // 提交时间
+	RejectedAt  uint64   `field:"rejectedAt"`  // 拒绝时间
+	VerifiedAt  uint64   `field:"verifiedAt"`  // 认证时间
+}
+
+type UserIdentityOperator struct {
+	Id          interface{} // ID
+	UserId      interface{} // 用户ID
+	Type        interface{} // 类型
+	RealName    interface{} // 真实姓名
+	Number      interface{} // 编号
+	FileIds     interface{} // 文件ID
+	Status      interface{} // 状态：none,submitted,verified,rejected
+	State       interface{} // 状态
+	CreatedAt   interface{} // 创建时间
+	UpdatedAt   interface{} // 修改时间
+	SubmittedAt interface{} // 提交时间
+	RejectedAt  interface{} // 拒绝时间
+	VerifiedAt  interface{} // 认证时间
+}
+
+func NewUserIdentityOperator() *UserIdentityOperator {
+	return &UserIdentityOperator{}
+}

internal/db/models/user_identity_model_ext.go

@@ -0,0 +1,16 @@
+package models
+
+import "encoding/json"
+
+func (this *UserIdentity) DecodeFileIds() []int64 {
+	if len(this.FileIds) == 0 {
+		return []int64{}
+	}
+
+	var result = []int64{}
+	err := json.Unmarshal(this.FileIds, &result)
+	if err != nil {
+		// ignore error
+	}
+	return result
+}

internal/nodes/api_node_services.go

@@ -338,6 +338,11 @@ func (this *APINode) registerServices(server *grpc.Server) {
 		pb.RegisterUserServiceServer(server, instance)
 		this.rest(instance)
 	}
+	{
+		var instance = this.serviceInstance(&services.UserIdentityService{}).(*services.UserIdentityService)
+		pb.RegisterUserIdentityServiceServer(server, instance)
+		this.rest(instance)
+	}
 	{
 		var instance = this.serviceInstance(&services.ServerDailyStatService{}).(*services.ServerDailyStatService)
 		pb.RegisterServerDailyStatServiceServer(server, instance)

internal/rpc/services/service_user_identity.go

@@ -0,0 +1,228 @@
+// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package services
+
+import (
+	"context"
+	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
+	"github.com/TeaOSLab/EdgeAPI/internal/errors"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/userconfigs"
+)
+
+// UserIdentityService 用户身份认证服务
+type UserIdentityService struct {
+	BaseService
+}
+
+// CreateUserIdentity 创建身份认证信息
+func (this *UserIdentityService) CreateUserIdentity(ctx context.Context, req *pb.CreateUserIdentityRequest) (*pb.CreateUserIdentityResponse, error) {
+	userId, err := this.ValidateUserNode(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	switch req.Type {
+	case userconfigs.UserIdentityTypeIDCard:
+		if len(req.FileIds) < 2 {
+			return nil, errors.New("need for file(s) for id card")
+		}
+	default:
+		return nil, errors.New("unknown identity type '" + req.Type + "'")
+	}
+
+	var tx = this.NullTx()
+	identityId, err := models.SharedUserIdentityDAO.CreateUserIdentity(tx, userId, req.Type, req.RealName, req.Number, req.FileIds)
+	if err != nil {
+		return nil, err
+	}
+
+	return &pb.CreateUserIdentityResponse{UserIdentityId: identityId}, nil
+}
+
+// FindUserEnabledUserIdentityWithType 查看身份认证信息
+func (this *UserIdentityService) FindUserEnabledUserIdentityWithType(ctx context.Context, req *pb.FindUserEnabledUserIdentityWithTypeRequest) (*pb.FindUserEnabledUserIdentityWithTypeResponse, error) {
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
+	if err != nil {
+		return nil, err
+	}
+
+	if userId > 0 {
+		req.UserId = userId
+	}
+
+	var tx = this.NullTx()
+	identity, err := models.SharedUserIdentityDAO.FindEnabledUserIdentityWithType(tx, req.UserId, req.Type)
+	if err != nil {
+		return nil, err
+	}
+	if identity == nil {
+		return &pb.FindUserEnabledUserIdentityWithTypeResponse{
+			UserIdentity: nil,
+		}, nil
+	}
+
+	return &pb.FindUserEnabledUserIdentityWithTypeResponse{
+		UserIdentity: &pb.UserIdentity{
+			Id:          int64(identity.Id),
+			Type:        identity.Type,
+			RealName:    identity.RealName,
+			Number:      identity.Number,
+			FileIds:     identity.DecodeFileIds(),
+			Status:      identity.Status,
+			CreatedAt:   int64(identity.CreatedAt),
+			UpdatedAt:   int64(identity.UpdatedAt),
+			SubmittedAt: int64(identity.SubmittedAt),
+			RejectedAt:  int64(identity.RejectedAt),
+			VerifiedAt:  int64(identity.VerifiedAt),
+		},
+	}, nil
+}
+
+// UpdateUserIdentity 修改身份认证信息
+func (this *UserIdentityService) UpdateUserIdentity(ctx context.Context, req *pb.UpdateUserIdentityRequest) (*pb.RPCSuccess, error) {
+	userId, err := this.ValidateUserNode(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	var tx = this.NullTx()
+
+	// 检查用户
+	err = models.SharedUserIdentityDAO.CheckUserIdentity(tx, userId, req.UserIdentityId)
+	if err != nil {
+		return nil, err
+	}
+
+	// 检查状态
+	status, err := models.SharedUserIdentityDAO.FindUserIdentityStatus(tx, req.UserIdentityId)
+	if err != nil {
+		return nil, err
+	}
+	if len(status) > 0 && status != userconfigs.UserIdentityStatusNone {
+		return nil, errors.New("identity status should be '" + userconfigs.UserIdentityStatusNone + "' instead of '" + status + "'")
+	}
+
+	err = models.SharedUserIdentityDAO.UpdateUserIdentity(tx, req.UserIdentityId, req.Type, req.RealName, req.Number, req.FileIds)
+	if err != nil {
+		return nil, err
+	}
+
+	return this.Success()
+}
+
+// SubmitUserIdentity 提交审核身份认证信息
+func (this *UserIdentityService) SubmitUserIdentity(ctx context.Context, req *pb.SubmitUserIdentityRequest) (*pb.RPCSuccess, error) {
+	userId, err := this.ValidateUserNode(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	var tx = this.NullTx()
+
+	// 检查用户
+	err = models.SharedUserIdentityDAO.CheckUserIdentity(tx, userId, req.UserIdentityId)
+	if err != nil {
+		return nil, err
+	}
+
+	// 检查状态
+	status, err := models.SharedUserIdentityDAO.FindUserIdentityStatus(tx, req.UserIdentityId)
+	if err != nil {
+		return nil, err
+	}
+	if len(status) > 0 && status != userconfigs.UserIdentityStatusNone {
+		return nil, errors.New("identity status should be '" + userconfigs.UserIdentityStatusNone + "' instead of '" + status + "'")
+	}
+
+	err = models.SharedUserIdentityDAO.SubmitUserIdentity(tx, req.UserIdentityId)
+	if err != nil {
+		return nil, err
+	}
+
+	return this.Success()
+}
+
+// CancelUserIdentity 取消提交身份审核认证信息
+func (this *UserIdentityService) CancelUserIdentity(ctx context.Context, req *pb.CancelUserIdentityRequest) (*pb.RPCSuccess, error) {
+	userId, err := this.ValidateUserNode(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	var tx = this.NullTx()
+
+	// 检查用户
+	err = models.SharedUserIdentityDAO.CheckUserIdentity(tx, userId, req.UserIdentityId)
+	if err != nil {
+		return nil, err
+	}
+
+	// 检查状态
+	status, err := models.SharedUserIdentityDAO.FindUserIdentityStatus(tx, req.UserIdentityId)
+	if err != nil {
+		return nil, err
+	}
+	if status != userconfigs.UserIdentityStatusSubmitted {
+		return nil, errors.New("identity status should be '" + userconfigs.UserIdentityStatusSubmitted + "' instead of '" + status + "'")
+	}
+
+	err = models.SharedUserIdentityDAO.CancelUserIdentity(tx, req.UserIdentityId)
+	if err != nil {
+		return nil, err
+	}
+
+	return this.Success()
+}
+
+// RejectUserIdentity 拒绝用户身份认证信息
+func (this *UserIdentityService) RejectUserIdentity(ctx context.Context, req *pb.RejectUserIdentityRequest) (*pb.RPCSuccess, error) {
+	_, err := this.ValidateAdmin(ctx, 0)
+	if err != nil {
+		return nil, err
+	}
+
+	var tx = this.NullTx()
+
+	// 检查状态
+	status, err := models.SharedUserIdentityDAO.FindUserIdentityStatus(tx, req.UserIdentityId)
+	if err != nil {
+		return nil, err
+	}
+	if status != userconfigs.UserIdentityStatusSubmitted {
+		return nil, errors.New("identity status should be '" + userconfigs.UserIdentityStatusSubmitted + "' instead of '" + status + "'")
+	}
+
+	err = models.SharedUserIdentityDAO.RejectUserIdentity(tx, req.UserIdentityId)
+	if err != nil {
+		return nil, err
+	}
+
+	return this.Success()
+}
+
+// VerifyUserIdentity 通过用户身份认证信息
+func (this *UserIdentityService) VerifyUserIdentity(ctx context.Context, req *pb.VerifyUserIdentityRequest) (*pb.RPCSuccess, error) {
+	_, err := this.ValidateAdmin(ctx, 0)
+	if err != nil {
+		return nil, err
+	}
+
+	var tx = this.NullTx()
+
+	// 检查状态
+	status, err := models.SharedUserIdentityDAO.FindUserIdentityStatus(tx, req.UserIdentityId)
+	if err != nil {
+		return nil, err
+	}
+	if status != userconfigs.UserIdentityStatusSubmitted {
+		return nil, errors.New("identity status should be '" + userconfigs.UserIdentityStatusSubmitted + "' instead of '" + status + "'")
+	}
+
+	err = models.SharedUserIdentityDAO.VerifyUserIdentity(tx, req.UserIdentityId)
+	if err != nil {
+		return nil, err
+	}
+
+	return this.Success()
+}

internal/utils/sha1.go

@@ -0,0 +1,21 @@
+// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package utils
+
+import (
+	"crypto/sha1"
+	"fmt"
+	"github.com/iwind/TeaGo/rands"
+	"github.com/iwind/TeaGo/types"
+	"sync/atomic"
+	"time"
+)
+
+const sha1RandomPrefix = "SHA1_RANDOM"
+
+var sha1Id int64 = 0
+
+func Sha1RandomString() string {
+	var s = sha1RandomPrefix + types.String(time.Now().UnixNano()) + "@" + types.String(rands.Int64()) + "@" + types.String(atomic.AddInt64(&sha1Id, 1))
+	return fmt.Sprintf("%x", sha1.Sum([]byte(s)))
+}

internal/utils/sha1_test.go

@@ -0,0 +1,16 @@
+// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package utils_test
+
+import (
+	"github.com/TeaOSLab/EdgeAPI/internal/utils"
+	"github.com/iwind/TeaGo/types"
+	"testing"
+)
+
+func TestSha1Random(t *testing.T) {
+	for i := 0; i < 10; i++ {
+		var s = utils.Sha1RandomString()
+		t.Log("["+types.String(len(s))+"]", s)
+	}
+}