[系统用户]增加OTP动态密码二次认证

2026-04-24 22:05:18 +08:00 · 2020-12-24 17:15:53 +08:00
parent 89506a15c0
commit bf61b2a170
35 changed files with 532 additions and 137 deletions
--- a/internal/web/actions/default/index/index.go
+++ b/internal/web/actions/default/index/index.go
@@ -1,6 +1,7 @@
 package index

 import (
+	"encoding/json"
 	"fmt"
 	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
 	teaconst "github.com/TeaOSLab/EdgeAdmin/internal/const"
@@ -13,8 +14,10 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
 	"github.com/iwind/TeaGo/types"
 	stringutil "github.com/iwind/TeaGo/utils/string"
+	"github.com/xlzd/gotp"
 	"time"
 )

@@ -71,6 +74,7 @@ func (this *IndexAction) RunPost(params struct {
 	Token    string
 	Username string
 	Password string
+	OtpCode  string
 	Remember bool
 	Must     *actions.Must
 	Auth     *helpers.UserShouldAuth
@@ -126,6 +130,28 @@ func (this *IndexAction) RunPost(params struct {
 		this.Fail("请输入正确的用户名密码")
 	}

+	// 检查OTP
+	otpLoginResp, err := this.RPC().LoginRPC().FindEnabledLogin(this.AdminContext(), &pb.FindEnabledLoginRequest{
+		AdminId: resp.AdminId,
+		Type:    "otp",
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if otpLoginResp.Login != nil && otpLoginResp.Login.IsOn {
+		loginParams := maps.Map{}
+		err = json.Unmarshal(otpLoginResp.Login.ParamsJSON, &loginParams)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		secret := loginParams.GetString("secret")
+		if gotp.NewDefaultTOTP(secret).Now() != params.OtpCode {
+			this.Fail("请输入正确的OTP动态密码")
+		}
+	}
+
 	adminId := resp.AdminId
 	params.Auth.StoreAdmin(adminId, params.Remember)