- user2

business/auth2/auth2.go

@@ -1,6 +1,8 @@
 package auth2
 
 import (
+	"bytes"
+	"encoding/base64"
 	"errors"
 	"regexp"
 	"strings"
@@ -10,10 +12,11 @@ import (
 	"git.rosy.net.cn/jx-callback/business/model"
 	"git.rosy.net.cn/jx-callback/globals"
 	"git.rosy.net.cn/jx-callback/globals/api"
+	"github.com/dchest/captcha"
 )
 
 const (
-	UserIDEmpty  = ""
+	UserIDNone   = ""
 	UserIDID     = "userid"
 	UserIDID2    = "userid2"
 	UserIDMobile = "mobile"
@@ -28,13 +31,14 @@ const (
 
 const (
 	AuthTypeNone     = ""
-	AuthTypePassword = "password"
+	AuthTypePassword = "localpass"
 	AuthTypeEmail    = "email"
 	AuthTypeMobile   = "mobile"
 )
 
 const (
 	DefTokenDuration = 7 * 24 * time.Hour // 7天
+	MinCaptchaLen    = 4
 )
 
 type IUser interface {
@@ -49,6 +53,11 @@ type IUserProvider interface {
 	GetUser(authID, authIDType string) (user IUser)
 }
 
+type CaptchaInfo struct {
+	ID        string `json:"id"`
+	ImgBase64 string `json:"imgBase64"`
+}
+
 type IAuther interface {
 	SendVerifyCode(authID string) (err error)
 	// 负责验证secret，并找到相应的用户返回（password,email,mobile类型的不负责用户查找）如果找不到用户UserID为空
@@ -59,8 +68,14 @@ type IAuther interface {
 }
 
 var (
-	authers            map[string]IAuther
-	userProvider       IUserProvider
+	authers       map[string]IAuther
+	userProvider  IUserProvider
+	TestMobileMap = map[string]int{
+		"91112345678": 1,
+	}
+	TestCaptchaMap = map[string]string{
+		"hGU7pB": "dd1AvY",
+	}
 	authTypeGuesserMap = map[string]*regexp.Regexp{
 		AuthTypeEmail:  regexp.MustCompile(`^[A-Za-z0-9_\-\.]+\@[A-Za-z0-9_\-]+(\.[A-Za-z]+){1,5}$`),
 		AuthTypeMobile: regexp.MustCompile(`^1[34578]\d{9}$`),
@@ -68,12 +83,13 @@ var (
 )
 
 var (
-	ErrInternalErrror              = errors.New("内部错误")
-	ErrTokenIsInvalid              = errors.New("Token非法")
-	ErrUserAlreadyExist            = errors.New("用户已经存在")
-	ErrUserNotExist                = errors.New("用户不存在")
-	ErrIllegalAuthType             = errors.New("非法的登录类型")
-	ErrIllegalAuthTypeAlreadyExist = errors.New("要登录类型已经存在")
+	ErrInternalErrror       = errors.New("内部错误")
+	ErrTokenIsInvalid       = errors.New("Token非法")
+	ErrUserAlreadyExist     = errors.New("用户已经存在")
+	ErrUserNotExist         = errors.New("用户不存在")
+	ErrIllegalAuthType      = errors.New("非法的登录类型")
+	ErrAuthTypeAlreadyExist = errors.New("要登录类型已经存在")
+	ErrCaptchaIsNotOk       = errors.New("图形校验码不正确")
 )
 
 func init() {
@@ -88,7 +104,7 @@ func RegisterAuther(authType string, handler IAuther) {
 	authers[authType] = handler
 }
 
-func CreateauthInfo(user IUser, authBindInfo *model.AuthBind, userData interface{}) (authInfo *AuthInfo) {
+func CreateAuthInfo(user IUser, authBindInfo *model.AuthBind, userData interface{}) (authInfo *AuthInfo) {
 	token, tokenType := createToken(user)
 	authInfo = &AuthInfo{
 		IUser:        user,
@@ -101,14 +117,39 @@ func CreateauthInfo(user IUser, authBindInfo *model.AuthBind, userData interface
 		UserData:  userData,
 	}
 	if user != nil {
-		globals.SugarLogger.Debugf("CreateauthInfo id:%s, id2:%s, authBindInfo:%s, authInfo:%s", authInfo.GetID(), authInfo.GetID2(), authInfo.GetMobile(), utils.Format4Output(authBindInfo, true), utils.Format4Output(authInfo, true))
+		globals.SugarLogger.Debugf("CreateAuthInfo id:%s, id2:%s, authBindInfo:%s, authInfo:%s", authInfo.GetID(), authInfo.GetID2(), authInfo.GetMobile(), utils.Format4Output(authBindInfo, true), utils.Format4Output(authInfo, true))
 	} else {
-		globals.SugarLogger.Debugf("CreateauthInfo authBindInfo:%s, authInfo:%s", utils.Format4Output(authBindInfo, true), utils.Format4Output(authInfo, true))
+		globals.SugarLogger.Debugf("CreateAuthInfo authBindInfo:%s, authInfo:%s", utils.Format4Output(authBindInfo, true), utils.Format4Output(authInfo, true))
 	}
 	SetUserInfo(token, authInfo, DefTokenDuration)
 	return authInfo
 }
 
+func CreateCaptcha(width, height, captchaLen int) (captchaInfo *CaptchaInfo, err error) {
+	if captchaLen < MinCaptchaLen {
+		captchaLen = MinCaptchaLen
+	}
+	captchaInfo = &CaptchaInfo{
+		ID: captcha.NewLen(captchaLen),
+	}
+	bufWriter := bytes.NewBuffer(nil)
+	captcha.WriteImage(bufWriter, captchaInfo.ID, width, height)
+	captchaInfo.ImgBase64 = "data:image/png;base64," + base64.StdEncoding.EncodeToString(bufWriter.Bytes())
+	return captchaInfo, err
+}
+
+func SendVerifyCode(captchaID, captchaValue, authID string) (err error) {
+	if TestCaptchaMap[captchaID] == captchaValue || captcha.VerifyString(captchaID, captchaValue) {
+		authType := GuessAuthTypeFromAuthID(authID)
+		if handler := authers[authType]; handler == nil {
+			return ErrIllegalAuthType
+		} else {
+			return handler.SendVerifyCode(authID)
+		}
+	}
+	return ErrCaptchaIsNotOk
+}
+
 // 账号密码时：authIDType可能是：UserIDID,UserIDID2,UserIDMobile,UserIDEmail，authSecret是密码的sha1
 // 邮箱时（如果允许）：authIDType是：UserIDEmail，authSecret是验证码的sha1
 // 手机时（如果允许）：authIDType是：UserIDMobile，authSecret是验证码的sha1
@@ -140,7 +181,7 @@ func Login(authType, authID, authIDType, authSecret string) (authInfo *AuthInfo,
 					user = userProvider.GetUser(authBind.UserID, UserIDID)
 				}
 			}
-			authInfo = CreateauthInfo(user, authBind, nil)
+			authInfo = CreateAuthInfo(user, authBind, nil)
 		}
 	} else {
 		err = ErrIllegalAuthType
@@ -160,7 +201,7 @@ func BindUser(inauthInfo *AuthInfo, user IUser) (outauthInfo *AuthInfo, err erro
 		inauthInfo.AuthBindInfo.UserID = user.GetID()
 		if err = handler.AddAuthBind(inauthInfo.AuthBindInfo, user.GetName()); err == nil {
 			RemoveUserInfo(inauthInfo.Token)
-			outauthInfo = CreateauthInfo(user, inauthInfo.AuthBindInfo, inauthInfo.UserData)
+			outauthInfo = CreateAuthInfo(user, inauthInfo.AuthBindInfo, inauthInfo.UserData)
 		}
 	} else {
 		err = ErrIllegalAuthType
@@ -174,7 +215,7 @@ func AddAuthBind(authInfo *AuthInfo, newAuthInfo *AuthInfo) (err error) {
 		return ErrInternalErrror
 	}
 	if newAuthInfo.IUser != nil {
-		return ErrIllegalAuthTypeAlreadyExist
+		return ErrAuthTypeAlreadyExist
 	}
 	RemoveUserInfo(newAuthInfo.Token)
 	newAuthInfo.AuthBindInfo.UserID = authInfo.GetID()
@@ -223,22 +264,13 @@ func Logout(authInfo *AuthInfo) (err error) {
 	return err
 }
 
-func SendVerifyCode(authID string) (err error) {
-	authType := GuessAuthTypeFromAuthID(authID)
-	if handler := authers[authType]; handler == nil {
-		return ErrIllegalAuthType
-	} else {
-		return handler.SendVerifyCode(authID)
-	}
-}
-
 // token缓存相关
 
 func RemoveUserInfo(token string) {
 	api.Cacher.Del(token)
 }
 
-func GetUserInfo(token string) (authInfo *AuthInfo, err error) {
+func GetTokenInfo(token string) (authInfo *AuthInfo, err error) {
 	authInfo = new(AuthInfo)
 	if err = api.Cacher.GetAs(token, authInfo); err == nil {
 		return authInfo, nil
@@ -284,6 +316,9 @@ func IsV2Token(token string) bool {
 }
 
 func GuessAuthTypeFromAuthID(authID string) (authType string) {
+	if TestMobileMap[authID] == 1 {
+		return AuthTypeMobile
+	}
 	for k, v := range authTypeGuesserMap {
 		if v.FindStringSubmatch(authID) != nil {
 			return k

business/auth2/authprovider/defauther.go

@@ -1,9 +1,10 @@
-package auth2
+package authprovider
 
 import (
 	"errors"
 
 	"git.rosy.net.cn/baseapi/utils"
+	"git.rosy.net.cn/jx-callback/business/auth2"
 	"git.rosy.net.cn/jx-callback/business/model"
 	"git.rosy.net.cn/jx-callback/business/model/dao"
 )
@@ -18,7 +19,7 @@ func (a *DefAuther) AddAuthBind(authBind *model.AuthBind, userName string) (err
 	return err
 }
 
-func (a *DefAuther) UnbindAuth(authInfo *AuthInfo, authType string) (err error) {
+func (a *DefAuther) UnbindAuth(authInfo *auth2.AuthInfo, authType string) (err error) {
 	_, err = dao.DeleteEntityLogically(nil, &model.AuthBind{}, nil, authInfo.GetID(), map[string]interface{}{
 		"UserID":             authInfo.GetID(),
 		"Type":               authType,
@@ -32,6 +33,6 @@ func (a *DefAuther) SendVerifyCode(authID string) error {
 }
 
 // 此函数为空
-func (a *DefAuther) Logout(authInfo *AuthInfo) error {
+func (a *DefAuther) Logout(authInfo *auth2.AuthInfo) error {
 	return nil
 }

business/auth2/authprovider/mobile/mobile.go

@@ -8,6 +8,7 @@ import (
 
 	"git.rosy.net.cn/baseapi/utils"
 	"git.rosy.net.cn/jx-callback/business/auth2"
+	"git.rosy.net.cn/jx-callback/business/auth2/authprovider"
 	"git.rosy.net.cn/jx-callback/business/model"
 	"git.rosy.net.cn/jx-callback/globals"
 	"git.rosy.net.cn/jx-callback/globals/api"
@@ -16,7 +17,6 @@ import (
 
 const (
 	DefVerifyCodeDuration = 5 * time.Minute
-	TestMobile            = "91112345678"
 	TestVerifyCode        = "123456"
 )
 
@@ -29,7 +29,7 @@ var (
 )
 
 type Auther struct {
-	auth2.DefAuther
+	authprovider.DefAuther
 }
 
 var (
@@ -62,7 +62,7 @@ func (a *Auther) VerifySecret(mobileNumber, code string) (authBind *model.AuthBi
 	globals.SugarLogger.Debugf("VerifySecret mobileNumber:%s, code:%s", mobileNumber, code)
 
 	err = ErrVerifyCodeIsWrong
-	if mobileNumber == TestMobile && code == TestVerifyCode {
+	if auth2.TestMobileMap[mobileNumber] == 1 && code == TestVerifyCode {
 		err = nil
 	} else {
 		if value := api.Cacher.Get(mobileNumber); value != nil {

business/auth2/authprovider/password/password.go

@@ -1,9 +1,13 @@
 package password
 
 import (
+	"crypto/sha1"
 	"errors"
+	"fmt"
 
+	"git.rosy.net.cn/baseapi/utils"
 	"git.rosy.net.cn/jx-callback/business/auth2"
+	"git.rosy.net.cn/jx-callback/business/auth2/authprovider"
 	"git.rosy.net.cn/jx-callback/business/model"
 	"git.rosy.net.cn/jx-callback/business/model/dao"
 )
@@ -13,7 +17,7 @@ const (
 )
 
 type Auther struct {
-	auth2.DefAuther
+	authprovider.DefAuther
 }
 
 var (
@@ -25,7 +29,7 @@ func init() {
 }
 
 func (a *Auther) VerifySecret(userID, passMD5 string) (authBind *model.AuthBind, err error) {
-	if authBind, err = dao.GetAuthBind(nil, "", AuthType, userID, ""); err == nil {
+	if authBind, err = dao.GetAuthBind(dao.GetDB(), "", AuthType, userID); err == nil {
 		err = a.checkPassword(authBind, passMD5)
 	} else if dao.IsNoRowsError(err) {
 		err = auth2.ErrUserNotExist
@@ -36,19 +40,30 @@ func (a *Auther) VerifySecret(userID, passMD5 string) (authBind *model.AuthBind,
 // 特殊接口
 func (a *Auther) ChangePassword(userID, oldPassMD5, newPassMD5 string) (err error) {
 	var authBind *model.AuthBind
-	if authBind, err = dao.GetAuthBind(nil, "", AuthType, userID, ""); err == nil {
-		if err = a.checkPassword(authBind, oldPassMD5); err == nil || authBind.AuthSecret == "" {
+	db := dao.GetDB()
+	if authBind, err = dao.GetAuthBind(db, "", AuthType, userID); err == nil {
+		if err = a.checkPassword(authBind, oldPassMD5); err == nil || authBind.AuthSecret == "" { // 如果原密码为空，不判断原密码，代表重置密码
 			authBind.AuthSecret = newPassMD5
-			_, err = dao.UpdateEntity(nil, authBind, "AuthSecret")
+			_, err = dao.UpdateEntity(db, authBind, "AuthSecret")
 		}
 	} else if dao.IsNoRowsError(err) {
-		err = auth2.ErrUserNotExist
+		salt := utils.GetUUID()
+		err = a.AddAuthBind(&model.AuthBind{
+			Type:        AuthType,
+			AuthID:      userID,
+			AuthSecret:  a.encryptPassword(newPassMD5, salt),
+			AuthSecret2: salt,
+		}, "admin")
 	}
 	return err
 }
 
+func (a *Auther) encryptPassword(password, salt string) string {
+	return fmt.Sprintf("%x", sha1.Sum([]byte(password+salt)))
+}
+
 func (a *Auther) checkPassword(authBind *model.AuthBind, passMD5 string) (err error) {
-	if authBind.AuthSecret != passMD5 {
+	if authBind.AuthSecret != a.encryptPassword(passMD5, authBind.AuthSecret2) {
 		return ErrUserAndPassNotMatch
 	}
 	return nil

business/auth2/authprovider/weixin/weixin.go

@@ -5,6 +5,7 @@ import (
 
 	"git.rosy.net.cn/baseapi/utils"
 	"git.rosy.net.cn/jx-callback/business/auth2"
+	"git.rosy.net.cn/jx-callback/business/auth2/authprovider"
 	"git.rosy.net.cn/jx-callback/business/model"
 	"git.rosy.net.cn/jx-callback/business/model/dao"
 	"git.rosy.net.cn/jx-callback/globals"
@@ -13,12 +14,12 @@ import (
 
 const (
 	AuthTypeWeixin = "weixin"
-	AuthTypeMP     = "weixinmp"
+	AuthTypeMP     = "weixinsns"
 	AuthTypeMini   = "weixinmini"
 )
 
 type Auther struct {
-	auth2.DefAuther
+	authprovider.DefAuther
 	authType string
 }
 
@@ -51,10 +52,10 @@ func (a *Auther) VerifySecret(state, code string) (authBind *model.AuthBind, err
 			wxUserinfo, err2 := api.WeixinAPI.SNSGetUserInfo(token.AccessToken, token.OpenID)
 			if err = err2; err == nil {
 				db := dao.GetDB()
-				if authBind, err = dao.GetAuthBind(db, "", a.authType, wxUserinfo.OpenID, ""); dao.IsNoRowsError(err) {
+				if authBind, err = dao.GetAuthBind(db, "", a.authType, wxUserinfo.OpenID); dao.IsNoRowsError(err) {
 					var authBindList []*model.AuthBind
 					if wxUserinfo.UnionID != "" {
-						if authBindList, err = dao.GetAuthBindsByWXUnionID(db, wxUserinfo.UnionID); err == nil && len(authBindList) > 0 {
+						if authBindList, err = dao.GetAuthBindsByAuthID2(db, wxUserinfo.UnionID, []string{AuthTypeWeixin, AuthTypeMP, AuthTypeMini}); err == nil && len(authBindList) > 0 {
 							authBind = authBindList[0]
 							authBind.Type = a.authType
 							authBind.AuthID = wxUserinfo.OpenID

business/auth2/authprovider/weixin/weixin_mini.go

@@ -6,6 +6,7 @@ import (
 
 	"git.rosy.net.cn/baseapi/utils"
 	"git.rosy.net.cn/jx-callback/business/auth2"
+	"git.rosy.net.cn/jx-callback/business/auth2/authprovider"
 	"git.rosy.net.cn/jx-callback/business/model"
 	"git.rosy.net.cn/jx-callback/business/model/dao"
 	"git.rosy.net.cn/jx-callback/globals"
@@ -13,7 +14,7 @@ import (
 )
 
 type MiniAuther struct {
-	auth2.DefAuther
+	authprovider.DefAuther
 }
 
 var (
@@ -35,10 +36,10 @@ func (a *MiniAuther) VerifySecret(dummy, jsCode string) (authBind *model.AuthBin
 	sessionInfo, err := api.WeixinMiniAPI.SNSCode2Session(jsCode)
 	if err == nil {
 		db := dao.GetDB()
-		if authBind, err = dao.GetAuthBind(db, "", AuthTypeMP, sessionInfo.OpenID, ""); dao.IsNoRowsError(err) {
+		if authBind, err = dao.GetAuthBind(db, "", AuthTypeMP, sessionInfo.OpenID); dao.IsNoRowsError(err) {
 			var authBindList []*model.AuthBind
 			if sessionInfo.UnionID != "" {
-				if authBindList, err = dao.GetAuthBindsByWXUnionID(db, sessionInfo.UnionID); err == nil && len(authBindList) > 0 {
+				if authBindList, err = dao.GetAuthBindsByAuthID2(db, sessionInfo.UnionID, []string{AuthTypeWeixin, AuthTypeMP, AuthTypeMini}); err == nil && len(authBindList) > 0 {
 					authBind = authBindList[0]
 					authBind.Type = AuthTypeMP
 					authBind.AuthID = sessionInfo.OpenID