lora-project/server-api/route/api/account.js

237 lines
7.3 KiB
JavaScript
Raw Normal View History

2017-06-06 12:40:51 +00:00
/* eslint-disable no-throw-literal */
/* eslint-env es6 */
/* eslint-disable no-multi-str */
const Router = require('koa-router')
const router = new Router()
// import tools
const crypto = require('../../libs/crypto.js')
// const so = require('../../libs/storeObject')
const mongo = require('../../libs/mongo_model.js')
const mem = require('../../libs/memcache_lib')
const msgMng = require('./MsgManager')
2017-06-06 12:40:51 +00:00
const sendmail = require('../../libs/sendmail')
2017-06-01 14:37:51 +00:00
router
2017-06-05 06:41:32 +00:00
.post('/user', async(c, n) => {
2017-06-06 12:40:51 +00:00
let arr = c.request.body
if (!arr.data) throw 'CE0000'
if (!arr.data.account) throw 'CE0001'
if (!arr.data.password) throw 'CE00002'
if (!arr.data.name) throw 'CE0004'
if (!arr.data.email) throw 'CE0005'
try {
let query = 'select count(*) as c from ??.?? where `account` = ?'
let param = ['lora', 'user', arr.data.account]
let count = await c.syncQuery(query, param)
if (count.length === 0) throw 'SE0000'
if (count[0].c > 0) throw 'CE0006'
} catch (err) {
if (typeof err === 'string') throw err
c.serr = err
throw 'SE0000'
}
let uid = 0
try {
let query = 'insert into ??.?? (`account`, `password`, `name`, `email`) values (?, ?, ?, ?)'
let param = ['lora', 'user', arr.data.account, arr.data.password, arr.data.name, arr.data.email]
let indata = await c.syncQuery(query, param)
uid = indata.insertId
} catch (err) {
if (typeof err === 'string') throw err
c.serr = err
throw 'SE0001'
}
c.body = {
record: [{ uid }]
}
2017-06-04 13:38:14 +00:00
})
2017-06-05 06:41:32 +00:00
.get('/user/:uid', async(c, n) => {
2017-06-06 12:40:51 +00:00
if (!await mongo.Token.checkToken(c.token)) throw 'CE1000'
try {
let t = await mongo.Token.getToken(c.token)
if (t.object.uid !== c.params.uid) throw 'CE2000'
} catch (err) {
if (typeof err === 'string') throw err
c.serr = err
throw 'SE0000'
}
try {
let user = await c.syncQuery('select `uid`,`account`,`name`,`email` from ??.?? where `uid` = ?', ['lora', 'user', c.params.uid])
2017-06-04 13:38:14 +00:00
2017-06-06 12:40:51 +00:00
c.body = {
record: user
2017-06-04 13:38:14 +00:00
}
2017-06-06 12:40:51 +00:00
} catch (err) {
if (typeof err === 'string') throw err
c.serr = err
throw 'SE0000'
}
2017-06-04 13:38:14 +00:00
})
2017-06-05 06:41:32 +00:00
.put('/user/:uid', async(c, n) => {
2017-06-06 12:40:51 +00:00
if (!await mongo.Token.checkToken(c.token)) throw 'CE1000'
let arr = c.request.body
if (!arr.data) throw 'CE0000'
if (!arr.data.name) throw 'CE0004'
if (!arr.data.email) throw 'CE0005'
try {
let t = await mongo.Token.getToken(c.token)
if (t.object.uid !== c.params.uid) throw 'CE2000'
} catch (err) {
if (typeof err === 'string') throw err
c.serr = err
throw 'SE0000'
}
try {
let query = 'update ??.?? set \
2017-06-04 13:38:14 +00:00
`name` = ?, \
2017-06-06 12:40:51 +00:00
`email` = ?' + (arr.data.password ? ',' : '') + ' \
' + (arr.data.password ? '`password` = ?, ' : '') + ' \
2017-06-04 13:38:14 +00:00
where \
2017-06-06 12:40:51 +00:00
`uid` = ?'
let param = ['lora', 'user', arr.data.name, arr.data.email]
if (arr.data.password) param.push(crypto.genPassHash(arr.data.password))
param.push(c.params.uid)
await c.syncQuery(query, param)
} catch (err) {
if (typeof err === 'string') throw err
c.serr = err
throw 'SE0002'
}
c.body = { record: [] }
2017-06-04 13:38:14 +00:00
})
2017-06-05 06:41:32 +00:00
.post('/login', async(c, n) => {
2017-06-06 12:40:51 +00:00
let arr = c.request.body
if (!arr.data) throw 'CE0000'
if (!arr.data.account) throw 'CE0001'
if (!arr.data.password) throw 'CE0002'
try {
let user = await c.syncQuery('select `uid`,`account`,`password`,`name`,`email` from ??.?? where `account` = ?', ['lora', 'user', arr.data.account])
2017-06-02 10:07:25 +00:00
2017-06-06 12:40:51 +00:00
if (user.length === 0) throw 'CE0003'
2017-06-06 12:40:51 +00:00
if (!crypto.comparePass(arr.data.password, user[0].password)) throw 'CE0003'
delete user[0].password
2017-06-05 10:25:48 +00:00
c.body = {
2017-06-06 12:40:51 +00:00
record: user
}
} catch (err) {
if (typeof err === 'string') throw err
c.serr = err
throw 'SE0000'
}
let u = c.body.record[0]
let token = new mongo.Token({ object: u, expire: Date.now() + 86400000 })
token.save()
c.body.rt = {
token: {
id: token._id
2017-06-05 10:25:48 +00:00
}
2017-06-06 12:40:51 +00:00
}
})
.post('/forgotpass', async(c, n) => {
2017-06-06 12:40:51 +00:00
let arr = c.request.body
if (!arr.data) throw 'CE0000'
if (!arr.data.account) throw 'CE0001'
if (!arr.data.email) throw 'CE0005'
let user = []
try {
let query = 'select * from ??.?? where `account` = ? and `email` = ?'
let param = ['lora', 'user', arr.data.account, arr.data.email]
user = await c.syncQuery(query, param)
} catch (err) {
if (typeof err === 'string') throw err
c.serr = err
throw 'SE0001'
}
if (user.length === 0) throw 'CE0007'
let randomToken = crypto.random(10)
try {
await mem.setVal(randomToken, JSON.stringify(user[0]), 7200)
} catch (err) {
c.serr = err
throw 'SE0005'
}
try {
await sendmail(user[0].email, msgMng.getMailTemplate('forgotpass', c.headers['accept-language']), [randomToken])
} catch (err) {
if (typeof err === 'string') throw err
c.serr = err
throw 'SE0006'
}
c.body = {
record: []
}
2017-06-05 06:41:32 +00:00
})
.put('/resetpass', async(c, n) => {
2017-06-06 12:40:51 +00:00
let arr = c.request.body
if (!arr.data) throw 'CE0000'
if (!arr.data.account) throw 'CE0001'
if (arr.data.resettype !== 'pass' && arr.data.resettype !== 'token') throw 'CE0008'
if (arr.data.resettype === 'pass') {
if (!arr.data.password) throw 'CE0002'
} else {
if (!arr.data.token) throw 'CE0009'
}
if (!arr.data.newpass) throw 'CE0002'
if (arr.data.resettype === 'token') {
try {
let data = await mem.getVal(arr.data.token)
if (!data) throw 'CE1000'
let dataJson = JSON.parse(data)
if (dataJson.account !== arr.data.account) throw 'CE1000'
} catch (err) {
if (typeof err === 'string') throw err
c.serr = err
throw 'CE1000'
}
} else {
if (!await mongo.Token.checkToken(c.headers['x-auth-token'] || '')) throw 'CE1000'
let token = await mongo.Token.getToken(c.headers['x-auth-token'] || '')
if (token.object.account !== arr.data.account) throw 'CE2000'
try {
let query = 'select `password` from ??.?? where `account` = ?'
let param = ['lora', 'user', arr.data.account]
let data = await c.syncQuery(query, param)
if (data.length === 0) throw 'CE0007'
if (!crypto.comparePass(arr.data.password, data[0].password)) throw 'CE0010'
} catch (err) {
if (typeof err === 'string') throw err
c.serr = err
throw 'SE0001'
}
}
let newpass = crypto.genPassHash(arr.data.newpass)
try {
let query = 'update ??.?? set `password` = ? where `account` = ?'
let param = ['lora', 'user', newpass, arr.data.account]
await c.syncQuery(query, param)
} catch (err) {
if (typeof err === 'string') throw err
c.serr = err
throw 'SE0002'
}
c.body = {
record: []
}
})
2017-06-05 06:41:32 +00:00
2017-06-06 12:40:51 +00:00
module.exports = router