完善了安全功能

2026-06-12 15:24:20 +08:00
parent fba44ca015
commit ddcf200de2
12 changed files with 904 additions and 207 deletions
--- a/models/schema/user.js
+++ b/models/schema/user.js
@@ -30,7 +30,10 @@ const UserSchema = mongoose.Schema(
      token: { type: String, index: true, sparse: true, comment: '认证令牌' },
      tokenExpiry: { type: Date, comment: '令牌过期时间' },
      failedLoginAttempts: { type: Number, default: 0, comment: '失败登录尝试次数' },
-      lockedUntil: { type: Date, comment: '账户锁定时间' },
+      lastLoginAt: { type: Date, comment: '最后登录时间' },
+      lastLoginIp: { type: String, comment: '最后登录IP' },
+      passwordResetToken: { type: String, sparse: true, comment: '密码重置令牌' },
+      passwordResetExpiry: { type: Date, comment: '密码重置令牌过期时间' },
    },

    // 位置信息 - 用户的省份、城市和区县
@@ -56,7 +59,6 @@ const UserSchema = mongoose.Schema(
    // 社交信息 - 用户的社交账号关联
    social: {
      wechat:{
-        account: { type: String, default: "", comment: '微信账号' },
        unionid: { type: String, index: true, unique: true, sparse: true, comment: '微信UnionID' },
      }
    },
@@ -270,7 +272,6 @@ UserSchema.statics.resetFailedLoginAttempts = async function (_id) {
      { _id },
      {
        'security.failedLoginAttempts': 0,
-        'security.lockedUntil': null,
        'meta.updatetime': Date.now()
      },
      { new: true }