237 lines
7.3 KiB
JavaScript
237 lines
7.3 KiB
JavaScript
/* eslint-disable no-throw-literal */
|
|
/* eslint-env es6 */
|
|
/* eslint-disable no-multi-str */
|
|
const Router = require('koa-router')
|
|
const router = new Router()
|
|
|
|
// import tools
|
|
const crypto = require('../../libs/crypto.js')
|
|
// const so = require('../../libs/storeObject')
|
|
const mongo = require('../../libs/mongo_model.js')
|
|
const mem = require('../../libs/memcache_lib')
|
|
const msgMng = require('./MsgManager')
|
|
const sendmail = require('../../libs/sendmail')
|
|
|
|
router
|
|
.post('/user', async(c, n) => {
|
|
let arr = c.request.body
|
|
if (!arr.data) throw 'CE0000'
|
|
if (!arr.data.account) throw 'CE0001'
|
|
if (!arr.data.password) throw 'CE00002'
|
|
if (!arr.data.name) throw 'CE0004'
|
|
if (!arr.data.email) throw 'CE0005'
|
|
|
|
try {
|
|
let query = 'select count(*) as c from ??.?? where `account` = ?'
|
|
let param = ['lora', 'user', arr.data.account]
|
|
let count = await c.syncQuery(query, param)
|
|
if (count.length === 0) throw 'SE0000'
|
|
if (count[0].c > 0) throw 'CE0006'
|
|
} catch (err) {
|
|
if (typeof err === 'string') throw err
|
|
c.serr = err
|
|
throw 'SE0000'
|
|
}
|
|
|
|
let uid = 0
|
|
try {
|
|
let query = 'insert into ??.?? (`account`, `password`, `name`, `email`) values (?, ?, ?, ?)'
|
|
let param = ['lora', 'user', arr.data.account, arr.data.password, arr.data.name, arr.data.email]
|
|
let indata = await c.syncQuery(query, param)
|
|
uid = indata.insertId
|
|
} catch (err) {
|
|
if (typeof err === 'string') throw err
|
|
c.serr = err
|
|
throw 'SE0001'
|
|
}
|
|
|
|
c.body = {
|
|
record: [{ uid }]
|
|
}
|
|
})
|
|
.get('/user/:uid', async(c, n) => {
|
|
if (!await mongo.Token.checkToken(c.token)) throw 'CE1000'
|
|
try {
|
|
let t = await mongo.Token.getToken(c.token)
|
|
if (t.object.uid !== c.params.uid) throw 'CE2000'
|
|
} catch (err) {
|
|
if (typeof err === 'string') throw err
|
|
c.serr = err
|
|
throw 'SE0000'
|
|
}
|
|
|
|
try {
|
|
let user = await c.syncQuery('select `uid`,`account`,`name`,`email` from ??.?? where `uid` = ?', ['lora', 'user', c.params.uid])
|
|
|
|
c.body = {
|
|
record: user
|
|
}
|
|
} catch (err) {
|
|
if (typeof err === 'string') throw err
|
|
c.serr = err
|
|
throw 'SE0000'
|
|
}
|
|
})
|
|
.put('/user/:uid', async(c, n) => {
|
|
if (!await mongo.Token.checkToken(c.token)) throw 'CE1000'
|
|
let arr = c.request.body
|
|
if (!arr.data) throw 'CE0000'
|
|
if (!arr.data.name) throw 'CE0004'
|
|
if (!arr.data.email) throw 'CE0005'
|
|
try {
|
|
let t = await mongo.Token.getToken(c.token)
|
|
if (t.object.uid !== c.params.uid) throw 'CE2000'
|
|
} catch (err) {
|
|
if (typeof err === 'string') throw err
|
|
c.serr = err
|
|
throw 'SE0000'
|
|
}
|
|
|
|
try {
|
|
let query = 'update ??.?? set \
|
|
`name` = ?, \
|
|
`email` = ?' + (arr.data.password ? ',' : '') + ' \
|
|
' + (arr.data.password ? '`password` = ?, ' : '') + ' \
|
|
where \
|
|
`uid` = ?'
|
|
let param = ['lora', 'user', arr.data.name, arr.data.email]
|
|
if (arr.data.password) param.push(crypto.genPassHash(arr.data.password))
|
|
param.push(c.params.uid)
|
|
|
|
await c.syncQuery(query, param)
|
|
} catch (err) {
|
|
if (typeof err === 'string') throw err
|
|
c.serr = err
|
|
throw 'SE0002'
|
|
}
|
|
|
|
c.body = { record: [] }
|
|
})
|
|
.post('/login', async(c, n) => {
|
|
let arr = c.request.body
|
|
if (!arr.data) throw 'CE0000'
|
|
if (!arr.data.account) throw 'CE0001'
|
|
if (!arr.data.password) throw 'CE0002'
|
|
try {
|
|
let user = await c.syncQuery('select `uid`,`account`,`password`,`name`,`email` from ??.?? where `account` = ?', ['lora', 'user', arr.data.account])
|
|
|
|
if (user.length === 0) throw 'CE0003'
|
|
|
|
if (!crypto.comparePass(arr.data.password, user[0].password)) throw 'CE0003'
|
|
|
|
delete user[0].password
|
|
|
|
c.body = {
|
|
record: user
|
|
}
|
|
} catch (err) {
|
|
if (typeof err === 'string') throw err
|
|
c.serr = err
|
|
throw 'SE0000'
|
|
}
|
|
|
|
let u = c.body.record[0]
|
|
let token = new mongo.Token({ object: u, expire: Date.now() + 86400000 })
|
|
token.save()
|
|
c.body.rt = {
|
|
token: {
|
|
id: token._id
|
|
}
|
|
}
|
|
})
|
|
.post('/forgotpass', async(c, n) => {
|
|
let arr = c.request.body
|
|
if (!arr.data) throw 'CE0000'
|
|
if (!arr.data.account) throw 'CE0001'
|
|
if (!arr.data.email) throw 'CE0005'
|
|
|
|
let user = []
|
|
try {
|
|
let query = 'select * from ??.?? where `account` = ? and `email` = ?'
|
|
let param = ['lora', 'user', arr.data.account, arr.data.email]
|
|
user = await c.syncQuery(query, param)
|
|
} catch (err) {
|
|
if (typeof err === 'string') throw err
|
|
c.serr = err
|
|
throw 'SE0001'
|
|
}
|
|
if (user.length === 0) throw 'CE0007'
|
|
|
|
let randomToken = crypto.random(10)
|
|
try {
|
|
await mem.setVal(randomToken, JSON.stringify(user[0]), 7200)
|
|
} catch (err) {
|
|
c.serr = err
|
|
throw 'SE0005'
|
|
}
|
|
|
|
try {
|
|
await sendmail(user[0].email, msgMng.getMailTemplate('forgotpass', c.headers['accept-language']), [randomToken])
|
|
} catch (err) {
|
|
if (typeof err === 'string') throw err
|
|
c.serr = err
|
|
throw 'SE0006'
|
|
}
|
|
|
|
c.body = {
|
|
record: []
|
|
}
|
|
})
|
|
.put('/resetpass', async(c, n) => {
|
|
let arr = c.request.body
|
|
if (!arr.data) throw 'CE0000'
|
|
if (!arr.data.account) throw 'CE0001'
|
|
if (arr.data.resettype !== 'pass' && arr.data.resettype !== 'token') throw 'CE0008'
|
|
if (arr.data.resettype === 'pass') {
|
|
if (!arr.data.password) throw 'CE0002'
|
|
} else {
|
|
if (!arr.data.token) throw 'CE0009'
|
|
}
|
|
if (!arr.data.newpass) throw 'CE0002'
|
|
|
|
if (arr.data.resettype === 'token') {
|
|
try {
|
|
let data = await mem.getVal(arr.data.token)
|
|
if (!data) throw 'CE1000'
|
|
let dataJson = JSON.parse(data)
|
|
if (dataJson.account !== arr.data.account) throw 'CE1000'
|
|
} catch (err) {
|
|
if (typeof err === 'string') throw err
|
|
c.serr = err
|
|
throw 'CE1000'
|
|
}
|
|
} else {
|
|
if (!await mongo.Token.checkToken(c.headers['x-auth-token'] || '')) throw 'CE1000'
|
|
let token = await mongo.Token.getToken(c.headers['x-auth-token'] || '')
|
|
if (token.object.account !== arr.data.account) throw 'CE2000'
|
|
try {
|
|
let query = 'select `password` from ??.?? where `account` = ?'
|
|
let param = ['lora', 'user', arr.data.account]
|
|
let data = await c.syncQuery(query, param)
|
|
if (data.length === 0) throw 'CE0007'
|
|
if (!crypto.comparePass(arr.data.password, data[0].password)) throw 'CE0010'
|
|
} catch (err) {
|
|
if (typeof err === 'string') throw err
|
|
c.serr = err
|
|
throw 'SE0001'
|
|
}
|
|
}
|
|
|
|
let newpass = crypto.genPassHash(arr.data.newpass)
|
|
try {
|
|
let query = 'update ??.?? set `password` = ? where `account` = ?'
|
|
let param = ['lora', 'user', newpass, arr.data.account]
|
|
await c.syncQuery(query, param)
|
|
} catch (err) {
|
|
if (typeof err === 'string') throw err
|
|
c.serr = err
|
|
throw 'SE0002'
|
|
}
|
|
|
|
c.body = {
|
|
record: []
|
|
}
|
|
})
|
|
|
|
module.exports = router
|