[系统用户]增加OTP动态密码二次认证

2026-02-18 22:45:37 +08:00 · 2020-12-24 17:15:53 +08:00
parent 89506a15c0
commit bf61b2a170
35 changed files with 532 additions and 137 deletions
--- a/internal/web/actions/default/index/checkOTP.go
+++ b/internal/web/actions/default/index/checkOTP.go
@@ -0,0 +1,30 @@
+package index
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+)
+
+// 检查是否需要OTP
+type CheckOTPAction struct {
+	actionutils.ParentAction
+}
+
+func (this *CheckOTPAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *CheckOTPAction) RunPost(params struct {
+	Username string
+
+	Must *actions.Must
+}) {
+	checkResp, err := this.RPC().AdminRPC().CheckAdminOTPWithUsername(this.AdminContext(), &pb.CheckAdminOTPWithUsernameRequest{Username: params.Username})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["requireOTP"] = checkResp.RequireOTP
+	this.Success()
+}
--- a/internal/web/actions/default/index/index.go
+++ b/internal/web/actions/default/index/index.go
@@ -1,6 +1,7 @@
 package index

 import (
+	"encoding/json"
 	"fmt"
 	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
 	teaconst "github.com/TeaOSLab/EdgeAdmin/internal/const"
@@ -13,8 +14,10 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
 	"github.com/iwind/TeaGo/types"
 	stringutil "github.com/iwind/TeaGo/utils/string"
+	"github.com/xlzd/gotp"
 	"time"
 )

@@ -71,6 +74,7 @@ func (this *IndexAction) RunPost(params struct {
 	Token    string
 	Username string
 	Password string
+	OtpCode  string
 	Remember bool
 	Must     *actions.Must
 	Auth     *helpers.UserShouldAuth
@@ -126,6 +130,28 @@ func (this *IndexAction) RunPost(params struct {
 		this.Fail("请输入正确的用户名密码")
 	}

+	// 检查OTP
+	otpLoginResp, err := this.RPC().LoginRPC().FindEnabledLogin(this.AdminContext(), &pb.FindEnabledLoginRequest{
+		AdminId: resp.AdminId,
+		Type:    "otp",
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if otpLoginResp.Login != nil && otpLoginResp.Login.IsOn {
+		loginParams := maps.Map{}
+		err = json.Unmarshal(otpLoginResp.Login.ParamsJSON, &loginParams)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		secret := loginParams.GetString("secret")
+		if gotp.NewDefaultTOTP(secret).Now() != params.OtpCode {
+			this.Fail("请输入正确的OTP动态密码")
+		}
+	}
+
 	adminId := resp.AdminId
 	params.Auth.StoreAdmin(adminId, params.Remember)

--- a/internal/web/actions/default/index/init.go
+++ b/internal/web/actions/default/index/init.go
@@ -6,7 +6,9 @@ import (

 func init() {
 	TeaGo.BeforeStart(func(server *TeaGo.Server) {
-		server.Prefix("/").
+		server.
+			Post("/checkOTP", new(CheckOTPAction)).
+			Prefix("/").
 			GetPost("", new(IndexAction)).
 			EndAll()
 	})