mayfly-go/server/internal/auth/api/common.go

package api

import (
	"context"
	"fmt"
	"mayfly-go/internal/auth/config"
	"mayfly-go/internal/auth/imsg"
	"mayfly-go/internal/auth/pkg/otp"
	msgdto "mayfly-go/internal/msg/application/dto"
	"mayfly-go/internal/pkg/event"
	sysapp "mayfly-go/internal/sys/application"
	sysentity "mayfly-go/internal/sys/domain/entity"
	"mayfly-go/pkg/biz"
	"mayfly-go/pkg/cache"
	"mayfly-go/pkg/global"
	"mayfly-go/pkg/req"
	"mayfly-go/pkg/utils/collx"
	"mayfly-go/pkg/utils/netx"
	"mayfly-go/pkg/utils/stringx"
	"mayfly-go/pkg/utils/timex"
	"time"
)

const (
	OtpStatusNone  = -1 // 未启用otp校验
	OtpStatusReg   = 1  // 用户otp secret已注册
	OtpStatusNoReg = 2  // 用户otp secret未注册
)

// 最后的登录校验（共用）。校验通过返回登录成功响应结果map
func LastLoginCheck(ctx context.Context, account *sysentity.Account, accountLoginSecurity *config.AccountLoginSecurity, loginIp string) map[string]any {
	biz.IsTrueI(ctx, account.IsEnable(), imsg.ErrAccountNotAvailable)
	username := account.Username

	res := collx.M{
		"name":          account.Name,
		"username":      username,
		"lastLoginTime": account.LastLoginTime,
		"lastLoginIp":   account.LastLoginIp,
	}

	// 默认为不校验otp
	otpStatus := OtpStatusNone
	// 访问系统使用的token
	accessToken, refreshToken, err := req.CreateToken(account.Id, username)
	biz.ErrIsNilAppendErr(err, "token create failed: %s")

	// 若系统配置中设置开启otp双因素校验，则进行otp校验
	if accountLoginSecurity.UseOtp {
		otpInfo, otpurl, otpToken := useOtp(account, accountLoginSecurity.OtpIssuer, accessToken, refreshToken)
		otpStatus = otpInfo.OptStatus
		if otpurl != "" {
			res["otpUrl"] = otpurl
		}
		accessToken = otpToken
	} else {
		res["refresh_token"] = refreshToken
		// 不进行otp二次校验则直接返回accessToken
		// 保存登录消息
		go saveLogin(ctx, account, loginIp)
	}

	// 赋值otp状态
	res["otp"] = otpStatus
	res["token"] = accessToken
	return res
}

func useOtp(account *sysentity.Account, otpIssuer, accessToken string, refreshToken string) (*OtpVerifyInfo, string, string) {
	biz.ErrIsNil(account.OtpSecretDecrypt())
	otpSecret := account.OtpSecret
	// 修改状态为已注册
	otpStatus := OtpStatusReg
	otpUrl := ""
	// 该token用于otp双因素校验
	token := stringx.Rand(32)
	// 未注册otp secret或重置了秘钥
	if otpSecret == "" || otpSecret == "-" {
		otpStatus = OtpStatusNoReg
		key, err := otp.NewTOTP(otp.GenerateOpts{
			AccountName: account.Username,
			Issuer:      otpIssuer,
		})
		biz.ErrIsNilAppendErr(err, "otp generate failed: %s")
		otpUrl = key.URL()
		otpSecret = key.Secret()
	}
	// 缓存otpInfo, 只有双因素校验通过才可返回真正的token
	otpInfo := &OtpVerifyInfo{
		AccountId:    account.Id,
		Username:     account.Username,
		OptStatus:    otpStatus,
		OtpSecret:    otpSecret,
		AccessToken:  accessToken,
		RefreshToken: refreshToken,
	}
	cache.Set(fmt.Sprintf("otp:token:%s", token), otpInfo, time.Minute*time.Duration(3))
	return otpInfo, otpUrl, token
}

// 获取ip与归属地信息
func getIpAndRegion(rc *req.Ctx) string {
	clientIp := rc.ClientIP()
	return fmt.Sprintf("%s %s", clientIp, netx.Ip2Region(clientIp))
}

// 保存更新账号登录信息
func saveLogin(ctx context.Context, account *sysentity.Account, ip string) {
	// 更新账号最后登录时间
	now := time.Now()
	updateAccount := &sysentity.Account{LastLoginTime: &now}
	updateAccount.Id = account.Id
	updateAccount.LastLoginIp = ip
	// 偷懒为了方便直接获取accountApp
	biz.ErrIsNil(sysapp.GetAccountApp().Update(context.TODO(), updateAccount))

	global.EventBus.Publish(ctx, event.EventTopicMsgTmplSend, &msgdto.MsgTmplSendEvent{
		TmplChannel: msgdto.MsgTmplLogin,
		Params: collx.M{
			"ip":   ip,
			"time": timex.DefaultFormat(now),
		},
		ReceiverIds: []uint64{account.Id},
	})
}
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
+								package api
 								import (
-												feat: 机器列表新增运行状态 & refactor: 登录账号信息存储与context

											
										
										
											2023-11-07 21:05:21 +08:00
+									"context"
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
+									"fmt"
-												refactor: 终端重构、系统参数配置调整

											
										
										
											2023-08-31 21:49:20 +08:00
+									"mayfly-go/internal/auth/config"
-												feat: i18n

											
										
										
											2024-11-20 22:43:53 +08:00
+									"mayfly-go/internal/auth/imsg"
-												refactor: dbm

											
										
										
											2024-12-08 13:04:23 +08:00
+									"mayfly-go/internal/auth/pkg/otp"
-												refactor: 消息模块重构，infra包路径简写等

											
										
										
											2025-07-27 21:02:48 +08:00
+									msgdto "mayfly-go/internal/msg/application/dto"
 									"mayfly-go/internal/pkg/event"
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
+									sysapp "mayfly-go/internal/sys/application"
 									sysentity "mayfly-go/internal/sys/domain/entity"
 									"mayfly-go/pkg/biz"
 									"mayfly-go/pkg/cache"
-												refactor: 消息模块重构，infra包路径简写等

											
										
										
											2025-07-27 21:02:48 +08:00
+									"mayfly-go/pkg/global"
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
+									"mayfly-go/pkg/req"
-												review

											
										
										
											2023-10-12 12:14:56 +08:00
+									"mayfly-go/pkg/utils/collx"
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
+									"mayfly-go/pkg/utils/netx"
 									"mayfly-go/pkg/utils/stringx"
 									"mayfly-go/pkg/utils/timex"
 									"time"
 								)
 								const (
 									OtpStatusNone  = -1 // 未启用otp校验
 									OtpStatusReg   = 1  // 用户otp secret已注册
 									OtpStatusNoReg = 2  // 用户otp secret未注册
 								)
 								// 最后的登录校验（共用）。校验通过返回登录成功响应结果map
-												feat: i18n

											
										
										
											2024-11-20 22:43:53 +08:00
+								func LastLoginCheck(ctx context.Context, account *sysentity.Account, accountLoginSecurity *config.AccountLoginSecurity, loginIp string) map[string]any {
 									biz.IsTrueI(ctx, account.IsEnable(), imsg.ErrAccountNotAvailable)
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
+									username := account.Username
-												review

											
										
										
											2023-10-12 12:14:56 +08:00
+									res := collx.M{
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
+										"name":          account.Name,
 										"username":      username,
 										"lastLoginTime": account.LastLoginTime,
 										"lastLoginIp":   account.LastLoginIp,
 									}
 									// 默认为不校验otp
 									otpStatus := OtpStatusNone
 									// 访问系统使用的token
-												refactor: 引入dayjs、新增refreshToken无感刷新、团队新增有效期、数据库等问题修复

											
										
										
											2024-05-13 19:55:43 +08:00
+									accessToken, refreshToken, err := req.CreateToken(account.Id, username)
-												feat: i18n

											
										
										
											2024-11-20 22:43:53 +08:00
+									biz.ErrIsNilAppendErr(err, "token create failed: %s")
-												refactor: 新增base.Repo与base.App，重构repo与app层代码

											
										
										
											2023-10-26 17:15:49 +08:00
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
+									// 若系统配置中设置开启otp双因素校验，则进行otp校验
 									if accountLoginSecurity.UseOtp {
-												refactor: 引入dayjs、新增refreshToken无感刷新、团队新增有效期、数据库等问题修复

											
										
										
											2024-05-13 19:55:43 +08:00
+										otpInfo, otpurl, otpToken := useOtp(account, accountLoginSecurity.OtpIssuer, accessToken, refreshToken)
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
+										otpStatus = otpInfo.OptStatus
 										if otpurl != "" {
 											res["otpUrl"] = otpurl
 										}
 										accessToken = otpToken
 									} else {
-												refactor: 引入dayjs、新增refreshToken无感刷新、团队新增有效期、数据库等问题修复

											
										
										
											2024-05-13 19:55:43 +08:00
+										res["refresh_token"] = refreshToken
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
+										// 不进行otp二次校验则直接返回accessToken
 										// 保存登录消息
-												feat: i18n

											
										
										
											2024-11-20 22:43:53 +08:00
+										go saveLogin(ctx, account, loginIp)
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
+									}
 									// 赋值otp状态
 									res["otp"] = otpStatus
 									res["token"] = accessToken
 									return res
 								}
-												refactor: 引入dayjs、新增refreshToken无感刷新、团队新增有效期、数据库等问题修复

											
										
										
											2024-05-13 19:55:43 +08:00
+								func useOtp(account *sysentity.Account, otpIssuer, accessToken string, refreshToken string) (*OtpVerifyInfo, string, string) {
-												重构数据库备份与恢复模块 (#80)

* fix: 保存 LastResult 时截断字符串过长部分，以避免数据库报错

* refactor: 新增 entity.DbTaskBase 和 persistence.dbTaskBase, 用于实现数据库备份和恢复任务处理相关部分

* fix: aeskey变更后，解密密码出现数组越界访问错误

* fix: 时间属性为零值时，保存到 mysql 数据库报错

* refactor db.infrastructure.service.scheduler

* feat: 实现立即备份功能

* refactor db.infrastructure.service.db_instance

* refactor: 从数据库中获取数据库备份目录、mysql文件路径等配置信息

* fix: 数据库备份和恢复问题

* fix: 修改 .gitignore 文件，忽略数据库备份目录和数据库程序目录
											
										
										
											2024-01-05 08:55:34 +08:00
+									biz.ErrIsNil(account.OtpSecretDecrypt())
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
+									otpSecret := account.OtpSecret
 									// 修改状态为已注册
 									otpStatus := OtpStatusReg
 									otpUrl := ""
 									// 该token用于otp双因素校验
 									token := stringx.Rand(32)
 									// 未注册otp secret或重置了秘钥
 									if otpSecret == "" || otpSecret == "-" {
 										otpStatus = OtpStatusNoReg
 										key, err := otp.NewTOTP(otp.GenerateOpts{
 											AccountName: account.Username,
 											Issuer:      otpIssuer,
 										})
-												feat: i18n

											
										
										
											2024-11-20 22:43:53 +08:00
+										biz.ErrIsNilAppendErr(err, "otp generate failed: %s")
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
+										otpUrl = key.URL()
 										otpSecret = key.Secret()
 									}
-												refactor: 引入dayjs、新增refreshToken无感刷新、团队新增有效期、数据库等问题修复

											
										
										
											2024-05-13 19:55:43 +08:00
+									// 缓存otpInfo, 只有双因素校验通过才可返回真正的token
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
+									otpInfo := &OtpVerifyInfo{
-												refactor: 引入dayjs、新增refreshToken无感刷新、团队新增有效期、数据库等问题修复

											
										
										
											2024-05-13 19:55:43 +08:00
+										AccountId:    account.Id,
 										Username:     account.Username,
 										OptStatus:    otpStatus,
 										OtpSecret:    otpSecret,
 										AccessToken:  accessToken,
 										RefreshToken: refreshToken,
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
+									}
-												refactor: code optimization

											
										
										
											2025-04-23 20:36:32 +08:00
+									cache.Set(fmt.Sprintf("otp:token:%s", token), otpInfo, time.Minute*time.Duration(3))
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
+									return otpInfo, otpUrl, token
 								}
 								// 获取ip与归属地信息
 								func getIpAndRegion(rc *req.Ctx) string {
-												refactor: 简化api层相关调用

											
										
										
											2024-02-25 12:46:18 +08:00
+									clientIp := rc.ClientIP()
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
+									return fmt.Sprintf("%s %s", clientIp, netx.Ip2Region(clientIp))
 								}
 								// 保存更新账号登录信息
-												feat: i18n

											
										
										
											2024-11-20 22:43:53 +08:00
+								func saveLogin(ctx context.Context, account *sysentity.Account, ip string) {
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
+									// 更新账号最后登录时间
 									now := time.Now()
 									updateAccount := &sysentity.Account{LastLoginTime: &now}
 									updateAccount.Id = account.Id
 									updateAccount.LastLoginIp = ip
 									// 偷懒为了方便直接获取accountApp
-												feat: 机器列表新增运行状态 & refactor: 登录账号信息存储与context

											
										
										
											2023-11-07 21:05:21 +08:00
+									biz.ErrIsNil(sysapp.GetAccountApp().Update(context.TODO(), updateAccount))
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
-												refactor: 消息模块重构，infra包路径简写等

											
										
										
											2025-07-27 21:02:48 +08:00
+									global.EventBus.Publish(ctx, event.EventTopicMsgTmplSend, &msgdto.MsgTmplSendEvent{
 										TmplChannel: msgdto.MsgTmplLogin,
 										Params: collx.M{
 											"ip":   ip,
 											"time": timex.DefaultFormat(now),
 										},
 										ReceiverIds: []uint64{account.Id},
 									})
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
+								}