fix: 遗漏sql补充

mayfly_go_web/src/views/login/component/AccountLogin.vue

@@ -60,15 +60,15 @@
         </el-dialog>
 
         <el-dialog title="OTP校验" v-model="otpDialog.visible" @close="loading.signIn = false" :close-on-click-modal="false"
-            width="450px" :destroy-on-close="true">
+            width="350px" :destroy-on-close="true">
             <el-form ref="otpFormRef" :model="otpDialog.form" :rules="otpDialog.rules" label-width="65px">
                 <el-form-item v-if="otpDialog.otpUrl" label="二维码">
                     <qrcode-vue :value="otpDialog.otpUrl" :size="200" level="H" />
                 </el-form-item>
 
                 <el-form-item prop="code" label="OTP" required>
-                    <el-input ref="otpCodeInputRef" v-model.trim="otpDialog.form.code" clearable @keyup.enter="otpVerify"
+                    <el-input style="width:220px" ref="otpCodeInputRef" v-model.trim="otpDialog.form.code" clearable @keyup.enter="otpVerify"
-                        placeholder="请输入双因素认证APP中显示的授权码"></el-input>
+                        placeholder="请输入令牌APP中显示的授权码"></el-input>
                 </el-form-item>
             </el-form>
 

mayfly_go_web/src/views/system/account/AccountList.vue

@@ -60,8 +60,8 @@
                         <el-button v-auth="'account:changeStatus'" v-if="scope.row.status == -1" type="success"
                             @click="changeStatus(scope.row)" size="small" plain>启用</el-button>
 
-                        <el-button v-auth="'account:add'" @click="resetOtpSecret(scope.row)" type="warning" size="small"
+                        <el-button v-auth="'account:add'" :disabled="!scope.row.otpSecret || scope.row.otpSecret == '-'"
-                            plain>重置OTP</el-button>
+                            @click="resetOtpSecret(scope.row)" type="warning" size="small" plain>重置OTP</el-button>
                     </template>
                 </el-table-column>
             </el-table>
@@ -219,6 +219,7 @@ const resetOtpSecret = async (row: any) => {
         id,
     });
     ElMessage.success('操作成功');
+    row.otpSecret = "-";
 };
 
 const handlePageChange = (curPage: number) => {

mayfly_go_web/src/views/system/config/ConfigList.vue

@@ -1,8 +1,9 @@
 <template>
     <div class="role-list">
         <el-card>
-            <el-button type="primary" icon="plus" @click="editConfig(false)">添加</el-button>
+            <el-button v-auth="'config:save'" type="primary" icon="plus" @click="editConfig(false)">添加</el-button>
-            <el-button :disabled="chooseId == null" @click="editConfig(chooseData)" type="primary" icon="edit">编辑
+            <el-button v-auth="'config:save'" :disabled="chooseId == null" @click="editConfig(chooseData)" type="primary"
+                icon="edit">编辑
             </el-button>
 
             <el-table :data="configs" @current-change="choose" ref="table" style="width: 100%">
@@ -60,7 +61,7 @@
             <template #footer>
                 <span class="dialog-footer">
                     <el-button @click="closeSetConfigDialog()">取 消</el-button>
-                    <el-button type="primary" @click="setConfig()">确 定</el-button>
+                    <el-button v-auth="'config:save'" type="primary" @click="setConfig()">确 定</el-button>
                 </span>
             </template>
         </el-dialog>

server/internal/sys/api/account.go

@@ -89,6 +89,7 @@ func (a *Account) Login(rc *req.Ctx) {
 	accessToken := req.CreateToken(account.Id, username)
 	// 若系统配置中设置开启otp双因素校验，则进行otp校验
 	if accountLoginSecurity.UseOtp {
+		account.OtpSecretDecrypt()
 		otpSecret := account.OtpSecret
 		// 修改状态为已注册
 		otpStatus = OtpStatusReg
@@ -164,6 +165,7 @@ func (a *Account) OtpVerify(rc *req.Ctx) {
 	if otpStatus == OtpStatusNoReg {
 		update := &entity.Account{OtpSecret: otpSecret}
 		update.Id = accountId
+		update.OtpSecretEncrypt()
 		a.AccountApp.Update(update)
 	}
 

server/internal/sys/api/vo/account.go

@@ -11,6 +11,7 @@ type AccountManageVO struct {
 	Username      string     `json:"username"`
 	Status        int        `json:"status"`
 	LastLoginTime *time.Time `json:"lastLoginTime"`
+	OtpSecret     string     `json:"otpSecret"`
 }
 
 // 账号角色信息

server/internal/sys/domain/entity/account.go

@@ -1,6 +1,7 @@
 package entity
 
 import (
+	"mayfly-go/internal/common/utils"
 	"mayfly-go/pkg/model"
 	"time"
 )
@@ -26,6 +27,17 @@ func (a *Account) IsEnable() bool {
 	return a.Status == AccountEnableStatus
 }
 
+func (a *Account) OtpSecretEncrypt() {
+	a.OtpSecret = utils.PwdAesEncrypt(a.OtpSecret)
+}
+
+func (a *Account) OtpSecretDecrypt() {
+	if a.OtpSecret == "-" {
+		return
+	}
+	a.OtpSecret = utils.PwdAesDecrypt(a.OtpSecret)
+}
+
 const (
 	AccountEnableStatus  int8 = 1  // 启用状态
 	AccountDisableStatus int8 = -1 // 禁用状态

server/internal/sys/router/config.go

@@ -12,8 +12,9 @@ func InitSysConfigRouter(router *gin.RouterGroup) {
 	r := &api.Config{ConfigApp: application.GetConfigApp()}
 	db := router.Group("sys/configs")
 	{
+		baseP := req.NewPermission("config:base")
 		db.GET("", func(c *gin.Context) {
-			req.NewCtxWithGin(c).Handle(r.Configs)
+			req.NewCtxWithGin(c).WithRequiredPermission(baseP).Handle(r.Configs)
 		})
 
 		db.GET("/value", func(c *gin.Context) {
@@ -21,7 +22,7 @@ func InitSysConfigRouter(router *gin.RouterGroup) {
 		})
 
 		saveConfig := req.NewLogInfo("保存系统配置信息").WithSave(true)
-		saveConfigP := req.NewPermission("config:base")
+		saveConfigP := req.NewPermission("config:save")
 		db.POST("", func(c *gin.Context) {
 			req.NewCtxWithGin(c).
 				WithLog(saveConfig).

server/mayfly-go.sql

@@ -287,6 +287,7 @@ CREATE TABLE `t_sys_account` (
   `username` varchar(30) CHARACTER SET utf8mb4 COLLATE utf8mb4_bin NOT NULL,
   `password` varchar(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_bin NOT NULL,
   `status` tinyint(4) DEFAULT NULL,
+  `otp_secret` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_bin DEFAULT NULL COMMENT 'otp秘钥',
   `last_login_time` datetime DEFAULT NULL COMMENT '最后登录时间',
   `last_login_ip` varchar(24) CHARACTER SET utf8mb4 COLLATE utf8mb4_bin DEFAULT NULL,
   `create_time` datetime NOT NULL,
@@ -506,6 +507,7 @@ INSERT INTO t_sys_resource (id, pid, ui_path, `type`, status, name, code, weight
 INSERT INTO t_sys_resource (id, pid, ui_path, `type`, status, name, code, weight, meta, creator_id, creator, modifier_id, modifier, create_time, update_time) VALUES(106, 103, '12sSjal1/exahgl32/Glxag234/', 2, 1, '删除权限', 'authcert:del', 30000000, 'null', 1, 'admin', 1, 'admin', '2023-02-23 11:38:09', '2023-02-23 11:38:09');
 INSERT INTO t_sys_resource (id, pid, ui_path, `type`, status, name, code, weight, meta, creator_id, creator, modifier_id, modifier, create_time, update_time) VALUES(108, 61, 'RedisXq4/Exitx4al/Gxlagheg/', 2, 1, '数据删除', 'redis:data:del', 30000000, 'null', 1, 'admin', 1, 'admin', '2023-03-14 17:20:00', '2023-03-14 17:20:00');
 INSERT INTO t_sys_resource (id, pid, ui_path, `type`, status, name, code, weight, meta, creator_id, creator, modifier_id, modifier, create_time, update_time) VALUES(109, 3, '12sSjal1/lskeiql1/KMdsix43/', 2, 1, '关闭连接', 'machine:close-cli', 60000000, 'null', 1, 'admin', 1, 'admin', '2023-03-16 16:11:04', '2023-03-16 16:11:04');
+INSERT INTO t_sys_resource (id, pid, ui_path, `type`, status, name, code, weight, meta, creator_id, creator, modifier_id, modifier, create_time, update_time) VALUES(128, 87, 'Xlqig32x/Ulxaee23/MoOWr2N0/', 2, 1, '配置保存', 'config:save', 1687315135, 'null', 1, 'admin', 1, 'admin', '2023-06-21 10:38:55', '2023-06-21 10:38:55');
 COMMIT;
 
 -- ----------------------------
@@ -719,7 +721,8 @@ INSERT INTO `t_sys_role_resource` (role_id,resource_id,creator_id,creator,create
 	 (6,85,1,'admin','2023-03-14 17:29:00'),
 	 (6,87,1,'admin','2023-03-14 17:29:00'),
 	 (6,88,1,'admin','2023-03-14 17:29:00'),
-	 (1,109,1,'admin','2023-03-16 16:11:25');
+	 (1,109,1,'admin','2023-03-16 16:11:25'),
+     (1,128,1,'admin','2023-03-16 16:11:25');
 COMMIT;
 
 -- ----------------------------