tone/tonePage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: 后端调整登陆逻辑

Browse Source
This commit is contained in:
tone
2025-12-16 22:48:51 +08:00
parent b235ca8a6e
commit 70517058ae
13 changed files with 305 additions and 194 deletions
Download Patch File Download Diff File Expand all files Collapse all files

77
apps/backend/src/auth/auth.controller.ts
View File

@@ -2,37 +2,86 @@ import {
BadRequestException,
Body,
Controller,
NotImplementedException,
Post,
Request,
Res,
UseGuards,
} from '@nestjs/common';
import { LoginDto } from './dto/login.dto';
import { LoginByPasswordDto } from './dto/login.dto';
import { AuthService } from './auth.service';
import { AuthGuard } from '@nestjs/passport';
import { UserSessionService } from 'src/user/services/user-session.service';
import { Throttle, ThrottlerGuard } from '@nestjs/throttler';
import { Response } from 'express';
import { UserService } from 'src/user/user.service';
@Controller('auth')
export class AuthController {
constructor(
private readonly authService: AuthService,
private readonly userService: UserService,
private readonly userSessionService: UserSessionService,
) { }
@Post('login')
@UseGuards(ThrottlerGuard)
@Throttle({ default: { limit: 20, ttl: 60000 } })
async login(@Body() loginDto: LoginDto) {
switch (loginDto.type) {
case 'password':
return this.authService.loginWithPassword(loginDto);
case 'phone':
return this.authService.loginWithPhone(loginDto);
case 'email':
return this.authService.loginWithEmail(loginDto);
default:
throw new BadRequestException('服务器错误');
// @Post('login')
// @UseGuards(ThrottlerGuard)
// @Throttle({ default: { limit: 20, ttl: 60000 } })
// async login(@Body() loginDto: LoginDto) {
// switch (loginDto.type) {
// case 'password':
// return this.authService.loginWithPassword(loginDto);
// case 'phone':
// return this.authService.loginWithPhone(loginDto);
// case 'email':
// return this.authService.loginWithEmail(loginDto);
// default:
// throw new BadRequestException('服务器错误');
// }
// }
private setUserToken(res: Response, token: string) {
res.cookie('token', token, {
httpOnly: true,
secure: process.env.NODE_ENV === 'production',
sameSite: 'lax',
// 永不过期不用设置maxAge
path: '/',
})
}
@Post('login/password')
async loginByPassword(
@Body() loginDto: LoginByPasswordDto,
@Res({ passthrough: true }) res: Response,
) {
const { identifier, password } = loginDto;
const loginRes = await this.authService.loginWithPassword(identifier, password);
const { userId, token } = loginRes;
this.setUserToken(res, token);
return {
user: await this.userService.findById(userId),
};
}
@Post('sms/send')
async sendSms() {
throw new NotImplementedException();
}
@Post('login/sms')
async loginBySms() {
throw new NotImplementedException();
}
@Post('passkey/login/options')
async loginByPasskeyOptions() {
throw new NotImplementedException();
}
@Post('passkey/login')
async loginByPasskey() {
throw new NotImplementedException();
}
@UseGuards(AuthGuard('jwt'))

87
apps/backend/src/auth/auth.service.ts
View File

@@ -1,12 +1,12 @@
import { createHash } from 'crypto';
import { BadRequestException, Injectable } from '@nestjs/common';
import { LoginDto } from './dto/login.dto';
import { UserService } from 'src/user/user.service';
import { User } from 'src/user/entities/user.entity';
import { JwtService } from '@nestjs/jwt';
import { UserSessionService } from 'src/user/services/user-session.service';
import { v4 as uuidv4 } from 'uuid';
import { VerificationService } from 'src/verification/verification.service';
import { BusinessException } from 'src/common/exceptions/business.exception';
import { ErrorCode } from 'src/common/constants/error-codes';
@Injectable()
export class AuthService {
@@ -17,38 +17,47 @@ export class AuthService {
private readonly verificationService: VerificationService,
) { }
async loginWithPassword(loginDto: LoginDto) {
const { account, password } = loginDto;
// 依次使用邮箱登录、手机号、账号
async loginWithPassword(identifier: string, password: string) {
// 依次使用邮箱、手机号、账号登陆(防止有大聪明给账号改成别人的邮箱或手机号)
const user = await this.userService.findOne(
[{ email: account }, { phone: account }, { username: account }],
[{ email: identifier }, { phone: identifier }, { username: identifier }],
{
withDeleted: true,
},
);
if (user && user.deletedAt !== null) {
throw new BadRequestException('该账号注销中');
throw new BusinessException({
message: '该账号注销中',
code: ErrorCode.USER_ACCOUNT_DEACTIVATED,
});
}
if (user === null || !user.password_hash || !user.salt) {
throw new BadRequestException('账户或密码错误');
throw new BusinessException({
message: '账户或密码错误',
code: ErrorCode.AUTH_INVALID_CREDENTIALS
});
}
// 判断密码是否正确
const hashedPassword = this.hashPassword(password, user.salt);
if (hashedPassword !== user.password_hash) {
throw new BadRequestException('账户或密码错误');
throw new BusinessException({
message: '账户或密码错误',
code: ErrorCode.AUTH_INVALID_CREDENTIALS
});
}
// 登录成功颁发token
return {
token: await this.generateToken(user),
userId: user.userId,
};
}
async loginWithPhone(loginDto: LoginDto) {
const { phone, code } = loginDto;
async loginWithPhone(data: { phone: string; code: string; }) {
const { phone, code } = data;
// 先判断验证码是否正确
const isValid = this.verificationService.verifyPhoneCode(
phone,
@@ -90,65 +99,21 @@ export class AuthService {
};
}
async loginWithEmail(loginDto: LoginDto) {
const { email, code } = loginDto;
// 先判断验证码是否正确
const isValid = this.verificationService.verifyEmailCode(
email,
code,
'login',
);
switch (isValid) {
case 0:
break;
case -1:
throw new BadRequestException('验证码已过期,请重新获取');
case -2:
throw new BadRequestException('验证码错误');
case -3:
throw new BadRequestException('验证码已失效,请重新获取');
default:
throw new BadRequestException('验证码错误,请稍后再试');
}
// 判断用户是否存在,若不存在则进行注册
let user = await this.userService.findOne({ email }, { withDeleted: true });
if (user && user.deletedAt !== null) {
throw new BadRequestException('该账号注销中,请使用其他邮箱');
}
if (!user) {
// 执行注册操作
user = await this.userService.create({ email: email });
}
if (!user || !user.userId) {
// 注册失败或用户信息错误
throw new BadRequestException('请求失败,请稍后再试');
}
// 登录颁发token
return {
token: await this.generateToken(user),
};
}
private hashPassword(password: string, salt: string): string {
return createHash('sha256').update(`${password}${salt}`).digest('hex');
}
private async generateToken(user: User) {
// 存储
const sessionRes = await this.userSessionService.createSession(
user.userId,
);
const payload = {
userId: user.userId,
sessionId: uuidv4(),
sessionId: sessionRes.sessionId,
};
// 存储
await this.userSessionService.createSession(
payload.userId,
payload.sessionId,
);
// 颁发token
return this.jwtService.sign(payload);
}

50
apps/backend/src/auth/dto/login.dto.ts
View File

@@ -1,31 +1,37 @@
import { IsEnum, IsString, Length, ValidateIf } from 'class-validator';
export class LoginDto {
@IsEnum(['password', 'phone', 'email'], { message: '请求类型错误' })
type: 'password' | 'phone' | 'email';
// export class LoginDto {
// @IsEnum(['password', 'phone', 'email'], { message: '请求类型错误' })
// type: 'password' | 'phone' | 'email';
@ValidateIf((o) => o.type === 'password')
// @ValidateIf((o) => o.type === 'password')
// account?: string;
// @ValidateIf((o) => o.type === 'phone')
// @IsString({ message: '手机号必须输入' })
// @Length(11, 11, { message: '手机号异常' }) // 中国大陆11位数字
// phone?: string;
// @ValidateIf((o) => o.type === 'email')
// @IsString({ message: '邮箱必须输入' })
// @Length(6, 254, { message: '邮箱异常' }) // RFC 5321
// email?: string;
// @ValidateIf((o) => o.type === 'phone' || o.type === 'email')
// @IsString({ message: '验证码必须输入' })
// @Length(6, 6, { message: '验证码异常' }) // 6位数字
// code?: string;
// }
export class LoginByPasswordDto {
@IsString({ message: '账户必须输入' })
@Length(1, 254, { message: '账户异常' }) // 用户名、邮箱、手机号
account?: string;
identifier: string;
@ValidateIf((o) => o.type === 'password')
@IsString({ message: '密码必须输入' })
@Length(6, 32, { message: '密码异常' }) // 6-32位
password?: string;
@ValidateIf((o) => o.type === 'phone')
@IsString({ message: '手机号必须输入' })
@Length(11, 11, { message: '手机号异常' }) // 中国大陆11位数字
phone?: string;
@ValidateIf((o) => o.type === 'email')
@IsString({ message: '邮箱必须输入' })
@Length(6, 254, { message: '邮箱异常' }) // RFC 5321
email?: string;
@ValidateIf((o) => o.type === 'phone' || o.type === 'email')
@IsString({ message: '验证码必须输入' })
@Length(6, 6, { message: '验证码异常' }) // 6位数字
code?: string;
password: string;
}

11
apps/backend/src/auth/strategies/jwt.strategy.ts
View File

@@ -26,15 +26,14 @@ export class JwtStrategy extends PassportStrategy(Strategy, 'jwt') {
async validate(payload: any) {
const { userId, sessionId } = payload ?? {};
const isValidSession = await this.userSessionService.isSessionValid(
await this.userSessionService.isSessionValid(
userId,
sessionId,
);
if (!isValidSession) {
throw new UnauthorizedException('登录凭证已过期,请重新登录');
}
).catch((e) => {
throw new UnauthorizedException(`${e}`);
});
const user = await this.userService.findById(userId);
const user = await this.userService.findOne({ userId });
if (!user) {
throw new BadRequestException('用户不存在');
}

2
apps/backend/src/blog/blog.controller.ts
View File

@@ -100,7 +100,7 @@ export class BlogController {
throw new BadRequestException('作者关闭了该文章的评论功能');
}
const user = userId ? await this.userService.findById(userId) : null;
const user = userId ? await this.userService.findOne({ userId }) : null;
const ip = req.headers['x-forwarded-for'] || req.ip;
// 获取IP归属地

46
apps/backend/src/common/constants/error-codes.ts Normal file
View File

@@ -0,0 +1,46 @@
/**
* 全局业务错误码规范:
* - 每个模块分配一个 1000 起始的段(如 USER: -1000~1999, AUTH: -2000~2999
* - 代码结构:{ 模块名大写 }_{ 错误语义 }
*/
export const ErrorCode = {
// 通用错误0 ~ 999
COMMON_INTERNAL_ERROR: -1,
COMMON_INVALID_PARAM: -2,
COMMON_NOT_FOUND: -3,
// 用户模块1000 ~ 1999
USER_NOT_FOUND: -1001,
USER_ALREADY_EXISTS: -1002,
USER_ACCOUNT_DISABLED: -1003,
USER_FIND_OPTIONS_EMPTY: -1004,
USER_ACCOUNT_DEACTIVATED: -1005,
// 认证模块2000 ~ 2999
AUTH_INVALID_CREDENTIALS: -2001,
AUTH_SMS_CODE_EXPIRED: -2002,
AUTH_SMS_CODE_INCORRECT: -2003,
AUTH_PASSKEY_NOT_REGISTERED: -2004,
AUTH_SESSION_EXPIRED: -2005,
// 博客模块3000 ~ 3999
BLOG_NOT_FOUND: -3001,
BLOG_PERMISSION_DENIED: -3002,
// 验证模块4000 ~ 4999
VERIFICATION_CODE_EXPIRED: -4001,
VERIFICATION_CODE_INCORRECT: -4002,
// 通知模块5000 ~ 5999
NOTIFICATION_SEND_FAILED: -5001,
// 资源模块6000 ~ 6999
RESOURCE_UPLOAD_FAILED: -6001,
RESOURCE_NOT_FOUND: -6002,
// 管理员模块7000 ~ 7999
ADMIN_FORBIDDEN: -7001,
} as const;
export type ErrorCodeType = typeof ErrorCode[keyof typeof ErrorCode];

59
apps/backend/src/notification/notification.service.ts
View File

@@ -8,18 +8,18 @@ import Credential, { Config } from '@alicloud/credentials';
@Injectable()
export class NotificationService {
private dm: Dm20151123;
// private dm: Dm20151123;
constructor() {
const credentialsConfig = new Config({
type: 'access_key',
accessKeyId: process.env.ALIYUN_ACCESS_KEY_ID,
accessKeySecret: process.env.ALIYUN_ACCESS_KEY_SECRET,
});
const credential = new Credential(credentialsConfig);
const config = new $OpenApi.Config({ credential });
config.endpoint = 'dm.aliyuncs.com';
this.dm = new Dm20151123(config);
// const credentialsConfig = new Config({
// type: 'access_key',
// accessKeyId: process.env.ALIYUN_ACCESS_KEY_ID,
// accessKeySecret: process.env.ALIYUN_ACCESS_KEY_SECRET,
// });
// const credential = new Credential(credentialsConfig);
// const config = new $OpenApi.Config({ credential });
// config.endpoint = 'dm.aliyuncs.com';
// this.dm = new Dm20151123(config);
}
private getMailHtmlBody(option: { type: 'login-verify'; code: string }) {
@@ -86,27 +86,28 @@ export class NotificationService {
targetMail: string;
code: string;
}) {
const runtime = new $Util.RuntimeOptions({});
// const runtime = new $Util.RuntimeOptions({});
const singleSendMailRequest = new $Dm20151123.SingleSendMailRequest({
accountName: 'security@tonesc.cn',
addressType: 1,
replyToAddress: false,
toAddress: `${option.targetMail}`,
subject: '【特恩的日志】登陆验证码',
htmlBody: this.getMailHtmlBody({
type: 'login-verify',
code: option.code,
}),
textBody: '',
});
// const singleSendMailRequest = new $Dm20151123.SingleSendMailRequest({
// accountName: 'security@tonesc.cn',
// addressType: 1,
// replyToAddress: false,
// toAddress: `${option.targetMail}`,
// subject: '【特恩的日志】登陆验证码',
// htmlBody: this.getMailHtmlBody({
// type: 'login-verify',
// code: option.code,
// }),
// textBody: '',
// });
try {
await this.dm.singleSendMailWithOptions(singleSendMailRequest, runtime);
} catch (error) {
console.error(error);
throw new BadRequestException('邮件发送失败');
}
// try {
// await this.dm.singleSendMailWithOptions(singleSendMailRequest, runtime);
// } catch (error) {
// console.error(error);
// throw new BadRequestException('邮件发送失败');
// }
throw new Error('not implement')
}
/**

10
apps/backend/src/user/entities/user-session.entity.ts
View File

@@ -11,21 +11,17 @@ import {
@Index(['sessionId', 'userId'])
export class UserSession {
@PrimaryGeneratedColumn('uuid')
id: string;
@Column({ length: 36 })
sessionId: string;
@Column({ length: 36 })
userId: string;
@Column({ nullable: true })
disabledReason?: string;
@CreateDateColumn({ precision: 3 })
createdAt: Date;
@DeleteDateColumn({ nullable: true, precision: 3 })
deletedAt: Date;
}
/**
* 考虑是否使用sessionId代替id以节省存储空间
*/

10
apps/backend/src/user/entities/user.entity.ts
View File

@@ -95,3 +95,13 @@ export class User {
@Column({ type: 'jsonb', default: [] })
roles: RoleItem[];
}
export class UserPublicProfile {
userId: string;
nickname: string;
avatar: string | null;
email: string | null;
phone: string | null;
roles: RoleItem[];
createdAt: Date;
}

40
apps/backend/src/user/services/user-session.service.ts
View File

@@ -10,37 +10,43 @@ export class UserSessionService {
private readonly userSessionRepository: Repository<UserSession>,
) { }
async createSession(userId: string, sessionId: string): Promise<UserSession> {
async createSession(userId: string): Promise<UserSession> {
const session = this.userSessionRepository.create({
userId,
sessionId,
});
return await this.userSessionRepository.save(session);
return this.userSessionRepository.save(session);
}
async isSessionValid(userId: string, sessionId: string): Promise<boolean> {
/**
* @throws string 无效原因
*/
async isSessionValid(userId: string, sessionId: string): Promise<void> {
const session = await this.userSessionRepository.findOne({
where: {
userId,
sessionId,
deletedAt: null,
},
withDeleted: true,
});
return !!session;
if (session === null) {
throw '登陆凭证无效';
}
async invalidateSession(userId: string, sessionId: string): Promise<void> {
const session = await this.userSessionRepository.findOne({
where: {
userId,
sessionId,
deletedAt: null,
},
});
if (session.deletedAt !== null) {
throw session.disabledReason || '登陆凭证无效';
}
if (session) {
await this.userSessionRepository.softDelete(session.id);
}
return null;
}
async invalidateSession(userId: string, sessionId: string, reason?: string): Promise<void> {
await this.userSessionRepository.update(
{ userId, sessionId, deletedAt: null },
{
deletedAt: new Date(),
disabledReason: reason || null,
}
)
}
}

52
apps/backend/src/user/user.service.ts
View File

@@ -2,12 +2,14 @@ import {
BadRequestException,
ConflictException,
Injectable,
InternalServerErrorException,
} from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { User } from './entities/user.entity';
import { User, UserPublicProfile } from './entities/user.entity';
import { QueryFailedError, Repository } from 'typeorm';
import { createHash } from 'crypto';
import { v4 as uuid } from 'uuid';
import { BusinessException } from 'src/common/exceptions/business.exception';
type UserFindOptions = Partial<
Pick<User, 'userId' | 'username' | 'phone' | 'email'>
@@ -20,24 +22,52 @@ export class UserService {
private readonly userRepository: Repository<User>,
) { }
/**
* @deprecated 尽量不使用该方法
*/
async findOne(
options: UserFindOptions | UserFindOptions[],
additionalOptions?: { withDeleted?: boolean },
): Promise<User | null> {
if (Object.keys(options).length === 0) {
throw new BadRequestException('查询条件不能为空');
}
return this.userRepository.findOne({
where: options,
withDeleted: additionalOptions?.withDeleted || false,
if (Array.isArray(options)) {
if (options.length === 0) {
throw new BusinessException({
message: '查询条件不能为空',
});
}
const users = await this.userRepository.find({
where: options,
withDeleted: additionalOptions?.withDeleted ?? false,
take: 1,
});
return users[0] || null;
}
if (!options || typeof options !== 'object' || Object.keys(options).length === 0) {
throw new BusinessException({
message: '查询条件不能为空',
});
}
async findById(userId: string): Promise<User | null> {
return this.userRepository.findOne({
where: options,
withDeleted: additionalOptions?.withDeleted ?? false,
});
}
/**
* 仅包含用户可见字段
*/
async findById(userId: string): Promise<UserPublicProfile | null> {
return this.userRepository.findOne({
select: {
avatar: true,
createdAt: true,
email: true,
nickname: true,
username: true,
phone: true,
roles: true,
userId: true,
},
where: {
userId,
},

36
apps/backend/src/verification/verification.controller.ts
View File

@@ -13,22 +13,22 @@ import { Throttle, ThrottlerGuard } from '@nestjs/throttler';
export class VerificationController {
constructor(private readonly verificationService: VerificationService) { }
@Post('send')
@UseGuards(ThrottlerGuard)
@Throttle({ default: { limit: 20, ttl: 60000 } })
async sendVerificationCode(@Body() dto: SendVerificationCodeDto) {
switch (dto.type) {
case 'login':
switch (dto.targetType) {
case 'phone':
return this.verificationService.sendPhoneCode(dto.phone, dto.type);
case 'email':
return this.verificationService.sendEmailCode(dto.email, dto.type);
default:
throw new BadRequestException('不支持的目标类型');
}
default:
throw new BadRequestException('不支持的验证码类型');
}
}
// @Post('send')
// @UseGuards(ThrottlerGuard)
// @Throttle({ default: { limit: 20, ttl: 60000 } })
// async sendVerificationCode(@Body() dto: SendVerificationCodeDto) {
// switch (dto.type) {
// case 'login':
// switch (dto.targetType) {
// case 'phone':
// return this.verificationService.sendPhoneCode(dto.phone, dto.type);
// case 'email':
// return this.verificationService.sendEmailCode(dto.email, dto.type);
// default:
// throw new BadRequestException('不支持的目标类型');
// }
// default:
// throw new BadRequestException('不支持的验证码类型');
// }
// }
}

5
apps/backend/src/verification/verification.service.ts
View File

@@ -121,7 +121,10 @@ export class VerificationService {
return 0;
}
private generateCode() {
/**
* 生成100000999999的随机纯数字验证码
*/
private generateCode(): string {
return Math.floor(100000 + Math.random() * 900000).toString();
}
}