mayfly-go/server/internal/auth/api/account_login.go

package api

import (
	"context"
	"fmt"
	"mayfly-go/internal/auth/api/form"
	"mayfly-go/internal/auth/config"
	"mayfly-go/internal/auth/imsg"
	"mayfly-go/internal/auth/pkg/captcha"
	"mayfly-go/internal/auth/pkg/otp"
	msgapp "mayfly-go/internal/msg/application"
	sysapp "mayfly-go/internal/sys/application"
	sysentity "mayfly-go/internal/sys/domain/entity"
	"mayfly-go/pkg/biz"
	"mayfly-go/pkg/cache"
	"mayfly-go/pkg/errorx"
	"mayfly-go/pkg/model"
	"mayfly-go/pkg/req"
	"mayfly-go/pkg/utils/collx"
	"mayfly-go/pkg/utils/cryptox"
	"mayfly-go/pkg/ws"
	"strconv"
	"time"
)

type AccountLogin struct {
	AccountApp sysapp.Account `inject:""`
	MsgApp     msgapp.Msg     `inject:""`
}

/**   用户账号密码登录   **/

// @router /auth/accounts/login [post]
func (a *AccountLogin) Login(rc *req.Ctx) {
	loginForm := req.BindJsonAndValid(rc, new(form.LoginForm))
	ctx := rc.MetaCtx

	accountLoginSecurity := config.GetAccountLoginSecurity()
	// 判断是否有开启登录验证码校验
	if accountLoginSecurity.UseCaptcha {
		// 校验验证码
		biz.IsTrueI(ctx, captcha.Verify(loginForm.Cid, loginForm.Captcha), imsg.ErrCaptchaErr)
	}

	username := loginForm.Username

	clientIp := getIpAndRegion(rc)
	rc.ReqParam = collx.Kvs("username", username, "ip", clientIp)

	originPwd, err := cryptox.DefaultRsaDecrypt(loginForm.Password, true)
	biz.ErrIsNilAppendErr(err, "decryption password error: %s")

	account := &sysentity.Account{Username: username}
	err = a.AccountApp.GetByCond(model.NewModelCond(account).Columns("Id", "Name", "Username", "Password", "Status", "LastLoginTime", "LastLoginIp", "OtpSecret"))

	failCountKey := fmt.Sprintf("account:login:failcount:%s", username)
	nowFailCount := cache.GetInt(failCountKey)
	loginFailCount := accountLoginSecurity.LoginFailCount
	loginFailMin := accountLoginSecurity.LoginFailMin
	biz.IsTrueI(ctx, nowFailCount < loginFailCount, imsg.ErrLoginRestrict, "failCount", loginFailCount, "min", loginFailMin)

	if err != nil || !cryptox.CheckPwdHash(originPwd, account.Password) {
		nowFailCount++
		cache.SetStr(failCountKey, strconv.Itoa(nowFailCount), time.Minute*time.Duration(loginFailMin))
		panic(errorx.NewBizI(ctx, imsg.ErrLoginFail, "failCount", nowFailCount))
	}

	// 校验密码强度（新用户第一次登录密码与账号名一致）
	// biz.IsTrueBy(utils.CheckAccountPasswordLever(originPwd), errorx.NewBizCode(401, "您的密码安全等级较低，请修改后重新登录"))
	rc.ResData = LastLoginCheck(ctx, account, accountLoginSecurity, clientIp)
}

type OtpVerifyInfo struct {
	AccountId    uint64
	Username     string
	OptStatus    int
	AccessToken  string
	RefreshToken string
	OtpSecret    string
}

// OTP双因素校验
func (a *AccountLogin) OtpVerify(rc *req.Ctx) {
	otpVerify := new(form.OtpVerfiy)
	req.BindJsonAndValid(rc, otpVerify)
	ctx := rc.MetaCtx

	tokenKey := fmt.Sprintf("otp:token:%s", otpVerify.OtpToken)
	otpInfo := new(OtpVerifyInfo)
	ok := cache.Get(tokenKey, otpInfo)
	biz.IsTrueI(ctx, ok, imsg.ErrOtpTokenInvalid)

	failCountKey := fmt.Sprintf("account:otp:failcount:%d", otpInfo.AccountId)
	failCount := cache.GetInt(failCountKey)
	biz.IsTrueI(ctx, failCount < 5, imsg.ErrOtpCheckRestrict)

	otpStatus := otpInfo.OptStatus
	accessToken := otpInfo.AccessToken
	accountId := otpInfo.AccountId
	otpSecret := otpInfo.OtpSecret

	if !otp.Validate(otpVerify.Code, otpSecret) {
		cache.SetStr(failCountKey, strconv.Itoa(failCount+1), time.Minute*time.Duration(10))
		panic(errorx.NewBizI(ctx, imsg.ErrOtpCheckFail))
	}

	// 如果是未注册状态，则更新account表的otpSecret信息
	if otpStatus == OtpStatusNoReg {
		update := &sysentity.Account{OtpSecret: otpSecret}
		update.Id = accountId
		biz.ErrIsNil(update.OtpSecretEncrypt())
		biz.ErrIsNil(a.AccountApp.Update(context.Background(), update))
	}

	la := &sysentity.Account{Username: otpInfo.Username}
	la.Id = accountId
	go saveLogin(ctx, la, getIpAndRegion(rc))

	cache.Del(tokenKey)
	rc.ResData = collx.Kvs("token", accessToken, "refresh_token", otpInfo.RefreshToken)
}

func (a *AccountLogin) RefreshToken(rc *req.Ctx) {
	refreshToken := rc.Query("refresh_token")
	biz.NotEmpty(refreshToken, "refresh_token cannot be empty")

	accountId, username, err := req.ParseToken(refreshToken)
	biz.IsTrueBy(err == nil, errorx.PermissionErr)

	token, refreshToken, err := req.CreateToken(accountId, username)
	biz.ErrIsNil(err)
	rc.ResData = collx.Kvs("token", token, "refresh_token", refreshToken)
}

func (a *AccountLogin) Logout(rc *req.Ctx) {
	la := rc.GetLoginAccount()
	req.GetPermissionCodeRegistery().Remove(la.Id)
	ws.CloseClient(ws.UserId(la.Id))
}
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
+								package api
 								import (
-												feat: 机器列表新增运行状态 & refactor: 登录账号信息存储与context

											
										
										
											2023-11-07 21:05:21 +08:00
+									"context"
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
+									"fmt"
 									"mayfly-go/internal/auth/api/form"
-												refactor: 终端重构、系统参数配置调整

											
										
										
											2023-08-31 21:49:20 +08:00
+									"mayfly-go/internal/auth/config"
-												feat: i18n

											
										
										
											2024-11-20 22:43:53 +08:00
+									"mayfly-go/internal/auth/imsg"
-												refactor: dbm

											
										
										
											2024-12-08 13:04:23 +08:00
+									"mayfly-go/internal/auth/pkg/captcha"
 									"mayfly-go/internal/auth/pkg/otp"
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
+									msgapp "mayfly-go/internal/msg/application"
 									sysapp "mayfly-go/internal/sys/application"
 									sysentity "mayfly-go/internal/sys/domain/entity"
 									"mayfly-go/pkg/biz"
 									"mayfly-go/pkg/cache"
-												refactor: 新增base.Repo与base.App，重构repo与app层代码

											
										
										
											2023-10-26 17:15:49 +08:00
+									"mayfly-go/pkg/errorx"
-												refactor: 精简base.repo与base.app等

											
										
										
											2024-04-28 23:45:57 +08:00
+									"mayfly-go/pkg/model"
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
+									"mayfly-go/pkg/req"
-												review

											
										
										
											2023-10-12 12:14:56 +08:00
+									"mayfly-go/pkg/utils/collx"
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
+									"mayfly-go/pkg/utils/cryptox"
-												refactor: 系统websocket消息重构

											
										
										
											2023-09-12 20:54:07 +08:00
+									"mayfly-go/pkg/ws"
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
+									"strconv"
 									"time"
 								)
 								type AccountLogin struct {
-												feat: 新增简易版ioc

											
										
										
											2024-01-21 22:52:20 +08:00
+									AccountApp sysapp.Account `inject:""`
 									MsgApp     msgapp.Msg     `inject:""`
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
+								}
 								/**   用户账号密码登录   **/
 								// @router /auth/accounts/login [post]
 								func (a *AccountLogin) Login(rc *req.Ctx) {
-												refactor: api层尽可能屏蔽gin框架相关代码

											
										
										
											2024-02-24 16:30:29 +08:00
+									loginForm := req.BindJsonAndValid(rc, new(form.LoginForm))
-												feat: i18n

											
										
										
											2024-11-20 22:43:53 +08:00
+									ctx := rc.MetaCtx
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
-												refactor: 终端重构、系统参数配置调整

											
										
										
											2023-08-31 21:49:20 +08:00
+									accountLoginSecurity := config.GetAccountLoginSecurity()
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
+									// 判断是否有开启登录验证码校验
 									if accountLoginSecurity.UseCaptcha {
 										// 校验验证码
-												feat: i18n

											
										
										
											2024-11-20 22:43:53 +08:00
+										biz.IsTrueI(ctx, captcha.Verify(loginForm.Cid, loginForm.Captcha), imsg.ErrCaptchaErr)
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
+									}
 									username := loginForm.Username
 									clientIp := getIpAndRegion(rc)
-												review

											
										
										
											2023-10-12 12:14:56 +08:00
+									rc.ReqParam = collx.Kvs("username", username, "ip", clientIp)
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
 									originPwd, err := cryptox.DefaultRsaDecrypt(loginForm.Password, true)
-												feat: i18n

											
										
										
											2024-11-20 22:43:53 +08:00
+									biz.ErrIsNilAppendErr(err, "decryption password error: %s")
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
 									account := &sysentity.Account{Username: username}
-												refactor: 精简base.repo与base.app等

											
										
										
											2024-04-28 23:45:57 +08:00
+									err = a.AccountApp.GetByCond(model.NewModelCond(account).Columns("Id", "Name", "Username", "Password", "Status", "LastLoginTime", "LastLoginIp", "OtpSecret"))
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
 									failCountKey := fmt.Sprintf("account:login:failcount:%s", username)
 									nowFailCount := cache.GetInt(failCountKey)
 									loginFailCount := accountLoginSecurity.LoginFailCount
 									loginFailMin := accountLoginSecurity.LoginFailMin
-												feat: i18n

											
										
										
											2024-11-20 22:43:53 +08:00
+									biz.IsTrueI(ctx, nowFailCount < loginFailCount, imsg.ErrLoginRestrict, "failCount", loginFailCount, "min", loginFailMin)
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
 									if err != nil || !cryptox.CheckPwdHash(originPwd, account.Password) {
 										nowFailCount++
 										cache.SetStr(failCountKey, strconv.Itoa(nowFailCount), time.Minute*time.Duration(loginFailMin))
-												feat: i18n

											
										
										
											2024-11-20 22:43:53 +08:00
+										panic(errorx.NewBizI(ctx, imsg.ErrLoginFail, "failCount", nowFailCount))
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
+									}
 									// 校验密码强度（新用户第一次登录密码与账号名一致）
-												feat: i18n

											
										
										
											2024-11-20 22:43:53 +08:00
+									// biz.IsTrueBy(utils.CheckAccountPasswordLever(originPwd), errorx.NewBizCode(401, "您的密码安全等级较低，请修改后重新登录"))
 									rc.ResData = LastLoginCheck(ctx, account, accountLoginSecurity, clientIp)
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
+								}
 								type OtpVerifyInfo struct {
-												refactor: 引入dayjs、新增refreshToken无感刷新、团队新增有效期、数据库等问题修复

											
										
										
											2024-05-13 19:55:43 +08:00
+									AccountId    uint64
 									Username     string
 									OptStatus    int
 									AccessToken  string
 									RefreshToken string
 									OtpSecret    string
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
+								}
 								// OTP双因素校验
 								func (a *AccountLogin) OtpVerify(rc *req.Ctx) {
 									otpVerify := new(form.OtpVerfiy)
-												refactor: api层尽可能屏蔽gin框架相关代码

											
										
										
											2024-02-24 16:30:29 +08:00
+									req.BindJsonAndValid(rc, otpVerify)
-												feat: i18n

											
										
										
											2024-11-20 22:43:53 +08:00
+									ctx := rc.MetaCtx
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
 									tokenKey := fmt.Sprintf("otp:token:%s", otpVerify.OtpToken)
 									otpInfo := new(OtpVerifyInfo)
-												refactor: 引入dayjs、新增refreshToken无感刷新、团队新增有效期、数据库等问题修复

											
										
										
											2024-05-13 19:55:43 +08:00
+									ok := cache.Get(tokenKey, otpInfo)
-												feat: i18n

											
										
										
											2024-11-20 22:43:53 +08:00
+									biz.IsTrueI(ctx, ok, imsg.ErrOtpTokenInvalid)
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
 									failCountKey := fmt.Sprintf("account:otp:failcount:%d", otpInfo.AccountId)
 									failCount := cache.GetInt(failCountKey)
-												feat: i18n

											
										
										
											2024-11-20 22:43:53 +08:00
+									biz.IsTrueI(ctx, failCount < 5, imsg.ErrOtpCheckRestrict)
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
 									otpStatus := otpInfo.OptStatus
 									accessToken := otpInfo.AccessToken
 									accountId := otpInfo.AccountId
 									otpSecret := otpInfo.OtpSecret
 									if !otp.Validate(otpVerify.Code, otpSecret) {
 										cache.SetStr(failCountKey, strconv.Itoa(failCount+1), time.Minute*time.Duration(10))
-												feat: i18n

											
										
										
											2024-11-20 22:43:53 +08:00
+										panic(errorx.NewBizI(ctx, imsg.ErrOtpCheckFail))
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
+									}
 									// 如果是未注册状态，则更新account表的otpSecret信息
 									if otpStatus == OtpStatusNoReg {
 										update := &sysentity.Account{OtpSecret: otpSecret}
 										update.Id = accountId
-												重构数据库备份与恢复模块 (#80)

* fix: 保存 LastResult 时截断字符串过长部分，以避免数据库报错

* refactor: 新增 entity.DbTaskBase 和 persistence.dbTaskBase, 用于实现数据库备份和恢复任务处理相关部分

* fix: aeskey变更后，解密密码出现数组越界访问错误

* fix: 时间属性为零值时，保存到 mysql 数据库报错

* refactor db.infrastructure.service.scheduler

* feat: 实现立即备份功能

* refactor db.infrastructure.service.db_instance

* refactor: 从数据库中获取数据库备份目录、mysql文件路径等配置信息

* fix: 数据库备份和恢复问题

* fix: 修改 .gitignore 文件，忽略数据库备份目录和数据库程序目录
											
										
										
											2024-01-05 08:55:34 +08:00
+										biz.ErrIsNil(update.OtpSecretEncrypt())
-												feat: 机器列表新增运行状态 & refactor: 登录账号信息存储与context

											
										
										
											2023-11-07 21:05:21 +08:00
+										biz.ErrIsNil(a.AccountApp.Update(context.Background(), update))
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
+									}
 									la := &sysentity.Account{Username: otpInfo.Username}
 									la.Id = accountId
-												feat: i18n

											
										
										
											2024-11-20 22:43:53 +08:00
+									go saveLogin(ctx, la, getIpAndRegion(rc))
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
 									cache.Del(tokenKey)
-												refactor: 引入dayjs、新增refreshToken无感刷新、团队新增有效期、数据库等问题修复

											
										
										
											2024-05-13 19:55:43 +08:00
+									rc.ResData = collx.Kvs("token", accessToken, "refresh_token", otpInfo.RefreshToken)
 								}
 								func (a *AccountLogin) RefreshToken(rc *req.Ctx) {
 									refreshToken := rc.Query("refresh_token")
-												feat: i18n

											
										
										
											2024-11-20 22:43:53 +08:00
+									biz.NotEmpty(refreshToken, "refresh_token cannot be empty")
-												refactor: 引入dayjs、新增refreshToken无感刷新、团队新增有效期、数据库等问题修复

											
										
										
											2024-05-13 19:55:43 +08:00
 									accountId, username, err := req.ParseToken(refreshToken)
-												fix: 问题修复

											
										
										
											2024-05-16 17:26:32 +08:00
+									biz.IsTrueBy(err == nil, errorx.PermissionErr)
-												refactor: 引入dayjs、新增refreshToken无感刷新、团队新增有效期、数据库等问题修复

											
										
										
											2024-05-13 19:55:43 +08:00
+									token, refreshToken, err := req.CreateToken(accountId, username)
 									biz.ErrIsNil(err)
 									rc.ResData = collx.Kvs("token", token, "refresh_token", refreshToken)
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
+								}
 								func (a *AccountLogin) Logout(rc *req.Ctx) {
-												feat: 机器列表新增运行状态 & refactor: 登录账号信息存储与context

											
										
										
											2023-11-07 21:05:21 +08:00
+									la := rc.GetLoginAccount()
 									req.GetPermissionCodeRegistery().Remove(la.Id)
 									ws.CloseClient(ws.UserId(la.Id))
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
+								}