fumiama/paper-manager
1
0
Fork 0
mirror of https://github.com/fumiama/paper-manager.git synced 2026-06-29 23:30:43 +08:00
Code Activity

finish SecureSetting

Browse Source
This commit is contained in:
源文雨
2023-03-18 17:14:13 +08:00
parent a409325770
commit 78418429c1
8 changed files with 186 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
backend/api/main.go
View File

@@ -84,6 +84,66 @@ func init() {
} }
writeresult(w, codeSuccess, n, messageOk, typeSuccess) writeresult(w, codeSuccess, n, messageOk, typeSuccess)
}} }}
apimap["/api/setPassword"] = &apihandler{"POST", func(w http.ResponseWriter, r *http.Request) {
type setpasswordbody struct {
Token string `json:"token"`
Password string `json:"password"`
}
token := r.Header.Get("Authorization")
user := usertokens.Get(token)
if user == nil {
writeresult(w, codeError, nil, errInvalidToken.Error(), typeError)
return
}
var body setpasswordbody
defer r.Body.Close()
err := json.NewDecoder(r.Body).Decode(&body)
if err != nil {
writeresult(w, codeError, nil, err.Error(), typeError)
return
}
err = setUserPassword(*user.ID, body.Token, body.Password)
if err != nil {
writeresult(w, codeError, nil, err.Error(), typeError)
return
}
type message struct {
M string `json:"msg"`
}
writeresult(w, codeSuccess, &message{M: "成功, 请重新登录"}, messageOk, typeSuccess)
_ = logout(token)
}}
apimap["/api/setContact"] = &apihandler{"POST", func(w http.ResponseWriter, r *http.Request) {
type setcontactbody struct {
Token string `json:"token"`
Contact string `json:"contact"`
}
token := r.Header.Get("Authorization")
user := usertokens.Get(token)
if user == nil {
writeresult(w, codeError, nil, errInvalidToken.Error(), typeError)
return
}
var body setcontactbody
defer r.Body.Close()
err := json.NewDecoder(r.Body).Decode(&body)
if err != nil {
writeresult(w, codeError, nil, err.Error(), typeError)
return
}
err = setUserContact(*user.ID, body.Token, body.Contact)
if err != nil {
writeresult(w, codeError, nil, err.Error(), typeError)
return
}
user.Cont = hideContact(body.Contact)
type message struct {
M string `json:"msg"`
}
writeresult(w, codeSuccess, &message{M: "成功, 已将消息报告给课程组长"}, messageOk, typeSuccess)
}}
} }
// Handler serves all backend /api call // Handler serves all backend /api call

9
backend/api/upload.go
View File

@@ -7,6 +7,7 @@ import (
"os" "os"
"strconv" "strconv"
"strings" "strings"
"time"
"github.com/fumiama/imgsz" "github.com/fumiama/imgsz"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
@@ -69,24 +70,24 @@ func UploadHandler(w http.ResponseWriter, r *http.Request) {
writeresult(w, codeError, nil, err.Error(), typeError) writeresult(w, codeError, nil, err.Error(), typeError)
return return
} }
avf := userf + "avatar." + format avf := userf + "avatar" + time.Now().Format("_20060102_15_04_05") + "." + format
err = os.WriteFile(avf, data, 0644) err = os.WriteFile(avf, data, 0644)
if err != nil { if err != nil {
writeresult(w, codeError, nil, err.Error(), typeError) writeresult(w, codeError, nil, err.Error(), typeError)
return return
} }
err = global.UserDB.UpdateUserInfo(*user.ID, "", avf[6:], "") /*err = global.UserDB.UpdateUserInfo(*user.ID, "", avf[6:], "")
if err != nil { if err != nil {
writeresult(w, codeError, nil, err.Error(), typeError) writeresult(w, codeError, nil, err.Error(), typeError)
return return
} }
user.Avtr = avf[6:]
usertokens.Set(token, user)*/
writeresult(w, codeSuccess, &upload{ writeresult(w, codeSuccess, &upload{
Message: messageOk, Message: messageOk,
Code: codeSuccess, Code: codeSuccess,
URL: avf[6:], URL: avf[6:],
}, messageOk, typeSuccess) }, messageOk, typeSuccess)
user.Avtr = avf[6:]
usertokens.Set(token, user)
logrus.Infoln("[file.UploadHandler] save avatar to", avf[6:]) logrus.Infoln("[file.UploadHandler] save avatar to", avf[6:])
return return
} }

50
backend/api/user.go
View File

@@ -1,10 +1,13 @@
package api package api
import ( import (
"crypto/md5"
"encoding/hex"
"errors" "errors"
"strings" "strings"
"time" "time"
base14 "github.com/fumiama/go-base16384"
"github.com/fumiama/paper-manager/backend/global" "github.com/fumiama/paper-manager/backend/global"
) )
@@ -29,12 +32,7 @@ type getUserInfoResult struct {
Contact string `json:"contact"` Contact string `json:"contact"`
} }
func getUserInfo(token string) (*getUserInfoResult, error) { func hideContact(cont string) string {
user := usertokens.Get(token)
if user == nil {
return nil, errInvalidToken
}
cont := user.Cont
if len(cont) > 7 { if len(cont) > 7 {
sb := strings.Builder{} sb := strings.Builder{}
sb.WriteString(cont[:3]) sb.WriteString(cont[:3])
@@ -42,7 +40,15 @@ func getUserInfo(token string) (*getUserInfoResult, error) {
sb.WriteByte('*') sb.WriteByte('*')
} }
sb.WriteString(cont[len(cont)-4:]) sb.WriteString(cont[len(cont)-4:])
cont = sb.String() return sb.String()
}
return cont
}
func getUserInfo(token string) (*getUserInfoResult, error) {
user := usertokens.Get(token)
if user == nil {
return nil, errInvalidToken
} }
return &getUserInfoResult{ return &getUserInfoResult{
UserID: *user.ID, UserID: *user.ID,
@@ -59,7 +65,7 @@ func getUserInfo(token string) (*getUserInfoResult, error) {
Roles: []role{{RoleName: user.Role.Nick(), Value: user.Role.String()}}, Roles: []role{{RoleName: user.Role.Nick(), Value: user.Role.String()}},
Date: time.Unix(user.Date, 0).Format(chineseDateLayout), Date: time.Unix(user.Date, 0).Format(chineseDateLayout),
Last: time.Unix(user.Last, 0).Format(chineseDateLayout), Last: time.Unix(user.Last, 0).Format(chineseDateLayout),
Contact: cont, Contact: hideContact(user.Cont),
}, nil }, nil
} }
@@ -80,3 +86,31 @@ func getUsersCount(token string) (int, error) {
} }
return global.UserDB.GetUsersCount() return global.UserDB.GetUsersCount()
} }
func setUserPassword(id int, token, npwd string) error {
user, err := global.UserDB.GetUserByID(id)
if err != nil {
return err
}
h := md5.New()
h.Write(base14.StringToBytes(user.Pswd))
h.Write(base14.StringToBytes(npwd))
if token != hex.EncodeToString(h.Sum(make([]byte, 0, 16))) {
return errInvalidToken
}
return global.UserDB.UpdateUserPassword(id, npwd)
}
func setUserContact(id int, token, ncont string) error {
user, err := global.UserDB.GetUserByID(id)
if err != nil {
return err
}
h := md5.New()
h.Write(base14.StringToBytes(user.Cont))
h.Write(base14.StringToBytes(ncont))
if token != hex.EncodeToString(h.Sum(make([]byte, 0, 16))) {
return errInvalidToken
}
return global.UserDB.UpdateUserContact(id, ncont)
}

16
frontend/vben/src/api/sys/model/userModel.ts
View File

@@ -14,6 +14,22 @@ export interface ResetPasswordParams {
mobile: string mobile: string
} }
/**
* @description: Set password interface parameters
*/
export interface SetPasswordParams {
token: string
password: string
}
/**
* @description: Set Contact interface parameters
*/
export interface SetContactParams {
token: string
contact: string
}
/** /**
* @description: Register interface parameters * @description: Register interface parameters
*/ */

36
frontend/vben/src/api/sys/user.ts
View File

@@ -4,6 +4,8 @@ import {
LoginResultModel, LoginResultModel,
GetUserInfoModel, GetUserInfoModel,
ResetPasswordParams, ResetPasswordParams,
SetPasswordParams,
SetContactParams,
RegisterParams, RegisterParams,
ResetPasswordResultModel, ResetPasswordResultModel,
RegisterResultModel, RegisterResultModel,
@@ -17,6 +19,8 @@ enum Api {
Login = '/login', Login = '/login',
Logout = '/logout', Logout = '/logout',
ResetPassword = '/resetPassword', ResetPassword = '/resetPassword',
SetPassword = '/setPassword',
SetContact = '/setContact',
Register = '/register', Register = '/register',
GetUserInfo = '/getUserInfo', GetUserInfo = '/getUserInfo',
GetUsersCount = '/getUsersCount', GetUsersCount = '/getUsersCount',
@@ -54,6 +58,36 @@ export function resetPasswordApi(params: ResetPasswordParams, mode: ErrorMessage
) )
} }
/**
* @description: set password api, borrowing the ResetPasswordResultModel as they're the same
*/
export function setPasswordApi(params: SetPasswordParams, mode: ErrorMessageMode = 'modal') {
return defHttp.post<ResetPasswordResultModel>(
{
url: Api.SetPassword,
params,
},
{
errorMessageMode: mode,
},
)
}
/**
* @description: set contact api, borrowing the ResetPasswordResultModel as they're the same
*/
export function setContactApi(params: SetContactParams, mode: ErrorMessageMode = 'modal') {
return defHttp.post<ResetPasswordResultModel>(
{
url: Api.SetContact,
params,
},
{
errorMessageMode: mode,
},
)
}
/** /**
* @description: register api * @description: register api
*/ */
@@ -95,7 +129,7 @@ export function getUsersCount() {
}*/ }*/
export function doLogout() { export function doLogout() {
return defHttp.get({ url: Api.Logout }) return defHttp.get({ url: Api.Logout }, { errorMessageMode: 'none' })
} }
/*export function testRetry() { /*export function testRetry() {

4
frontend/vben/src/store/modules/user.ts
View File

@@ -143,9 +143,7 @@ export const useUserStore = defineStore({
if (this.getToken) { if (this.getToken) {
try { try {
await doLogout() await doLogout()
} catch { } catch {}
console.log('注销Token失败')
}
} }
this.setToken(undefined) this.setToken(undefined)
this.setSessionTimeout(false) this.setSessionTimeout(false)

17
frontend/vben/src/views/page/settings/contact/index.vue
View File

@@ -13,6 +13,9 @@
import { defineComponent } from 'vue' import { defineComponent } from 'vue'
import { PageWrapper } from '/@/components/Page' import { PageWrapper } from '/@/components/Page'
import { BasicForm, useForm } from '/@/components/Form' import { BasicForm, useForm } from '/@/components/Form'
import { setContactApi } from '/@/api/sys/user'
import { useMessage } from '/@/hooks/web/useMessage'
import md5 from 'md5'
import { formSchema } from './contact.data' import { formSchema } from './contact.data'
export default defineComponent({ export default defineComponent({
@@ -27,16 +30,18 @@
schemas: formSchema, schemas: formSchema,
}) })
const { createMessage } = useMessage()
async function handleSubmit() { async function handleSubmit() {
try { try {
const values = await validate() const values = await validate()
const { contactOld, contactNew } = values const { contactOld, contactNew } = values
const { msg } = await setContactApi({
// TODO custom api token: md5(contactOld + contactNew),
console.log(contactOld, contactNew) contact: contactNew,
// const { router } = useRouter() })
// router.push(pageEnum.BASE_LOGIN) createMessage.success(msg)
} catch (error) {} } catch (_) {}
} }
return { register, resetFields, handleSubmit } return { register, resetFields, handleSubmit }

23
frontend/vben/src/views/page/settings/password/index.vue
View File

@@ -13,12 +13,18 @@
import { defineComponent } from 'vue' import { defineComponent } from 'vue'
import { PageWrapper } from '/@/components/Page' import { PageWrapper } from '/@/components/Page'
import { BasicForm, useForm } from '/@/components/Form' import { BasicForm, useForm } from '/@/components/Form'
import { setPasswordApi } from '/@/api/sys/user'
import { useMessage } from '/@/hooks/web/useMessage'
import { useUserStore } from '/@/store/modules/user'
import { formSchema } from './pwd.data' import { formSchema } from './pwd.data'
import md5 from 'md5'
export default defineComponent({ export default defineComponent({
name: 'ChangePassword', name: 'ChangePassword',
components: { BasicForm, PageWrapper }, components: { BasicForm, PageWrapper },
setup() { setup() {
const { createMessage } = useMessage()
const [register, { validate, resetFields }] = useForm({ const [register, { validate, resetFields }] = useForm({
size: 'large', size: 'large',
baseColProps: { span: 24 }, baseColProps: { span: 24 },
@@ -31,12 +37,15 @@
try { try {
const values = await validate() const values = await validate()
const { passwordOld, passwordNew } = values const { passwordOld, passwordNew } = values
const { msg } = await setPasswordApi({
// TODO custom api token: md5(passwordOld + passwordNew),
console.log(passwordOld, passwordNew) password: passwordNew,
// const { router } = useRouter() })
// router.push(pageEnum.BASE_LOGIN) createMessage.success(msg)
} catch (error) {} useUserStore().logout(true)
} catch (error) {
createMessage.error((error as unknown as Error).message)
}
} }
return { register, resetFields, handleSubmit } return { register, resetFields, handleSubmit }