xJourney/api_user
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tmp

Browse Source
This commit is contained in:
lik
2026-06-12 08:59:48 +08:00
parent b3f933e30a
commit fba44ca015
2 changed files with 283 additions and 142 deletions
Download Patch File Download Diff File Expand all files Collapse all files

483
handler/users.js
View File

@@ -6,43 +6,298 @@ class HandlerUser {
constructor() { constructor() {
} }
// 获取微信的手机号码 // 生成 token
async wxGetPhoneNumber(ctx) { async genToken(uid) {
const crypto = await import("crypto");
const hash = crypto.createHash("md5");
hash.update(uid + Date.now() + Math.random());
return hash.digest("hex");
}
checkUserValid(user) {
const isTokenValid = user.security.token &&
user.security.tokenExpiry &&
new Date() < user.security.tokenExpiry;
return isTokenValid;
}
// 用户注册
async register(ctx) {
try { try {
const { code, appId } = ctx.request.body; const { userInfo } = ctx.request.body;
if (!code || !appId) { if (!userInfo) {
return ResponseUtil.badRequest(ctx, "缺少手机号凭证 code 或 appId"); return ResponseUtil.badRequest(ctx, "缺少用户信息");
} }
let app = config.app[appId]; const mobile = userInfo.profile?.mobile;
if (!app) { const passwd = userInfo.security?.passwd;
return ResponseUtil.badRequest(ctx, `未配置 appId: ${appId}`); if (!mobile) {
return ResponseUtil.badRequest(ctx, "缺少手机号");
}
if (!passwd) {
return ResponseUtil.badRequest(ctx, "缺少密码");
} }
// 获取access_token // 检查手机号是否已注册
const client_credential_url = `https://api.weixin.qq.com/cgi-bin/token?appid=${app.appid}&secret=${app.secret}&grant_type=client_credential`; const existingUser = await DBModel.User.findOne({ "profile.mobile": mobile });
const fetch = (await import("node-fetch")).default; if (existingUser) {
let sessionRes = await fetch(client_credential_url); return ResponseUtil.error(ctx, "手机号已注册", null, 409);
const resp = await sessionRes.json();
if (!resp.access_token) {
return ResponseUtil.internalError(ctx, "获取微信 access_token 失败");
} }
// 获取phoneNumber // 生成随机盐值
const phoneUrl = `https://api.weixin.qq.com/wxa/business/getuserphonenumber?access_token=${resp.access_token}`; const crypto = await import("crypto");
const phoneRes = await fetch(phoneUrl, { const salt = crypto.randomBytes(8).toString("hex");
method: 'POST',
headers: { 'Content-Type': 'application/json' }, // MD5 加密密码
body: JSON.stringify({ code: code }) const hash = crypto.createHash("md5");
hash.update(passwd + salt);
const encryptedPasswd = hash.digest("hex");
// 构建新用户,结构同 UserSchema
const newUser = {
profile: userInfo.profile,
security: {
passwd: encryptedPasswd,
passwdSalt: salt,
},
location: {
province: userInfo.location?.province || '',
city: userInfo.location?.city || '',
district: userInfo.location?.district || '',
},
addresses: userInfo.addresses || [],
social: {
wechat: {
}
},
status: {
account: "normal",
},
app: userInfo.app || {},
};
const user = await DBModel.User.setUser(newUser);
if (!user) {
return ResponseUtil.internalError(ctx, "注册失败");
}
// 生成 token
const token = await this.genToken(user._id.toString());
user.security.token = token;
user.security.tokenExpiry = new Date(Date.now() + 15 * 24 * 60 * 60 * 1000);
await user.save();
// 安全起见删除密码相关字段
const safeUser = user.toObject();
delete safeUser.security?.passwd;
delete safeUser.security?.passwdSalt;
return ResponseUtil.success(ctx, { user: safeUser }, "注册成功");
} catch (err) {
return ResponseUtil.internalError(ctx, err.message);
}
}
// 手机号码登录
async signin(ctx) {
try {
const { mobile, passwd } = ctx.request.body;
if (!mobile) {
return ResponseUtil.badRequest(ctx, "缺少手机号");
}
if (!passwd) {
return ResponseUtil.badRequest(ctx, "缺少密码");
}
// 查找用户
let user = await DBModel.User.findOne({ "profile.mobile": mobile });
if (!user) {
return ResponseUtil.unauthorized(ctx, "用户不存在");
}
// 校验密码MD5 加密比对)
const crypto = await import("crypto");
const hash = crypto.createHash("md5");
hash.update(passwd + (user.security.passwdSalt || ""));
const encryptedPasswd = hash.digest("hex");
if (user.security.passwd !== encryptedPasswd) {
return ResponseUtil.unauthorized(ctx, "密码错误");
}
// 检查账户状态
if (user.status.account === "lock") {
return ResponseUtil.forbidden(ctx, "账户已被锁定");
}
// 生成/更新 token
const isTokenValid = user.security.token &&
user.security.tokenExpiry &&
new Date() < user.security.tokenExpiry;
if (!isTokenValid) {
const token = await this.genToken(user._id.toString());
user.security.token = token;
}
user.security.tokenExpiry = new Date(Date.now() + 15 * 24 * 60 * 60 * 1000);
await user.save();
// 安全起见删除密码相关字段
const safeUser = user.toObject();
delete safeUser.security?.passwd;
delete safeUser.security?.passwdSalt;
return ResponseUtil.success(ctx, { user: safeUser }, "登录成功");
} catch (err) {
return ResponseUtil.internalError(ctx, err.message);
}
}
// 退出登录
async signout(ctx) {
const token = ctx.request.body?.token
|| ctx.request.query?.token
|| ctx.header?.authorization
|| ctx.header?.token;
if (!token) {
return ResponseUtil.badRequest(ctx, "缺少 token");
}
const user = await DBModel.User.findOne({ "security.token": token });
if (user) {
user.security.token = null;
user.security.tokenExpiry = null;
await user.save();
}
return ResponseUtil.success(ctx, null, "退出登录成功");
}
// 获取用户信息
async userInfo(ctx) {
try {
const { token, userId } = ctx.request.body;
if (!token && !userId) {
return ResponseUtil.badRequest(ctx, "缺少 token 或 userId");
}
let user = null;
if (token) {
user = await DBModel.User.findOne({ "security.token": token });
}
else {
user = await DBModel.User.findOne({ "_id": userId });
}
if (!user) {
return ResponseUtil.unauthorized(ctx, "用户未登录或 token 无效");
}
const isTokenValid = user.security.token &&
user.security.tokenExpiry &&
new Date() < user.security.tokenExpiry;
if (!isTokenValid) {
return ResponseUtil.unauthorized(ctx, "登录已过期,请重新登录");
}
// 安全起见删除密码相关字段
delete user.security.passwd;
delete user.security.passwdSalt;
return ResponseUtil.success(ctx, { user }, "获取用户信息成功");
} catch (err) {
return ResponseUtil.internalError(ctx, err.message);
}
}
// update user
async updateUser(ctx) {
try {
const userInfo = ctx.request.body;
if (!userInfo) {
return ResponseUtil.badRequest(ctx, "缺少用户信息");
}
// 从 token 获取当前用户
const token = ctx.request.body?.token
|| ctx.request.query?.token
|| ctx.header?.authorization
|| ctx.header?.token;
if (!token) {
return ResponseUtil.badRequest(ctx, "缺少 token");
}
const user = await DBModel.User.findOne({ "security.token": token });
if (!user) {
return ResponseUtil.unauthorized(ctx, "用户未登录或 token 无效");
}
// 检查 token 是否过期
if (user.security.tokenExpiry && new Date() > user.security.tokenExpiry) {
return ResponseUtil.unauthorized(ctx, "登录已过期,请重新登录");
}
const updatedUser = await DBModel.User.updateFromUserInfo(
user._id,
userInfo
);
if (!updatedUser) {
return ResponseUtil.internalError(ctx, "更新用户失败");
}
// 安全起见删除密码相关字段
const safeUser = updatedUser.toObject();
delete safeUser.security?.passwd;
delete safeUser.security?.passwdSalt;
return ResponseUtil.success(ctx, { user: safeUser }, "更新成功");
} catch (err) {
return ResponseUtil.internalError(ctx, err.message);
}
}
// 获取用户列表
async userList(ctx) {
try {
const { page = 1, pageSize = 100 } = ctx.request.body;
// 从 token 获取当前用户
const token = ctx.request.body?.token
|| ctx.request.query?.token
|| ctx.header?.authorization
|| ctx.header?.token;
// 通过token获取用户
const user = await DBModel.User.findOne({ "security.token": token });
if (!user) {
return ResponseUtil.unauthorized(ctx, "用户未登录或 token 无效");
}
if (!('wxapp-escort-admin' in user.app)) {
return ResponseUtil.unauthorized(ctx, "用户无管理员权限");
}
const isTokenValid = user.security.token &&
user.security.tokenExpiry &&
new Date() < user.security.tokenExpiry;
if (!isTokenValid) {
return ResponseUtil.unauthorized(ctx, "登录已过期,请重新登录");
}
// 查询所有user.app包含wxapp-escort的用户
const users = await DBModel.User.find({ "app.wxapp-escort": { $exists: true } })
.skip((page - 1) * pageSize)
.limit(pageSize);
// 安全起见删除密码相关字段
users.forEach(u => {
delete u.security.passwd;
delete u.security.passwdSalt;
}); });
const phoneData = await phoneRes.json();
if (phoneData.errcode) {
return ResponseUtil.error(ctx, `获取手机号失败: ${phoneData.errmsg}`, null, 400);
}
// 从上图获取手机号 return ResponseUtil.success(ctx, { users }, "获取用户列表成功");
const phoneNumber = phoneData.phone_info?.phoneNumber;
return ResponseUtil.success(ctx, { phoneNumber }, "获取手机号成功");
} catch (err) { } catch (err) {
return ResponseUtil.internalError(ctx, err.message); return ResponseUtil.internalError(ctx, err.message);
} }
@@ -132,163 +387,47 @@ class HandlerUser {
} }
} }
// update user // 获取微信的手机号码
async updateUser(ctx) { async wxGetPhoneNumber(ctx) {
try { try {
const userInfo = ctx.request.body; const { code, appId } = ctx.request.body;
if (!userInfo) { if (!code || !appId) {
return ResponseUtil.badRequest(ctx, "缺少用户信息"); return ResponseUtil.badRequest(ctx, "缺少手机号凭证 code 或 appId");
} }
// 从 token 获取当前用户 let app = config.app[appId];
const token = ctx.request.body?.token if (!app) {
|| ctx.request.query?.token return ResponseUtil.badRequest(ctx, `未配置 appId: ${appId}`);
|| ctx.header?.authorization
|| ctx.header?.token;
if (!token) {
return ResponseUtil.badRequest(ctx, "缺少 token");
} }
const user = await DBModel.User.findOne({ "security.token": token }); // 获取access_token
if (!user) { const client_credential_url = `https://api.weixin.qq.com/cgi-bin/token?appid=${app.appid}&secret=${app.secret}&grant_type=client_credential`;
return ResponseUtil.unauthorized(ctx, "用户未登录或 token 无效"); const fetch = (await import("node-fetch")).default;
let sessionRes = await fetch(client_credential_url);
const resp = await sessionRes.json();
if (!resp.access_token) {
return ResponseUtil.internalError(ctx, "获取微信 access_token 失败");
} }
// 检查 token 是否过期 // 获取phoneNumber
if (user.security.tokenExpiry && new Date() > user.security.tokenExpiry) { const phoneUrl = `https://api.weixin.qq.com/wxa/business/getuserphonenumber?access_token=${resp.access_token}`;
return ResponseUtil.unauthorized(ctx, "登录已过期,请重新登录"); const phoneRes = await fetch(phoneUrl, {
} method: 'POST',
headers: { 'Content-Type': 'application/json' },
const updatedUser = await DBModel.User.updateFromUserInfo( body: JSON.stringify({ code: code })
user._id,
userInfo
);
if (!updatedUser) {
return ResponseUtil.internalError(ctx, "更新用户失败");
}
// 安全起见删除密码相关字段
const safeUser = updatedUser.toObject();
delete safeUser.security?.passwd;
delete safeUser.security?.passwdSalt;
return ResponseUtil.success(ctx, { user: safeUser }, "更新成功");
} catch (err) {
return ResponseUtil.internalError(ctx, err.message);
}
}
// 退出登录
async signout(ctx) {
const token = ctx.request.body?.token
|| ctx.request.query?.token
|| ctx.header?.authorization
|| ctx.header?.token;
if (!token) {
return ResponseUtil.badRequest(ctx, "缺少 token");
}
const user = await DBModel.User.findOne({ "security.token": token });
if (user) {
user.security.token = null;
user.security.tokenExpiry = null;
await user.save();
}
return ResponseUtil.success(ctx, null, "退出登录成功");
}
// 获取用户信息
async userInfo(ctx) {
try {
const { token, userId } = ctx.request.body;
if (!token && !userId) {
return ResponseUtil.badRequest(ctx, "缺少 token 或 userId");
}
let user = null;
if (token) {
user = await DBModel.User.findOne({ "security.token": token });
}
else {
user = await DBModel.User.findOne({ "_id": userId });
}
if (!user) {
return ResponseUtil.unauthorized(ctx, "用户未登录或 token 无效");
}
const isTokenValid = user.security.token &&
user.security.tokenExpiry &&
new Date() < user.security.tokenExpiry;
if (!isTokenValid) {
return ResponseUtil.unauthorized(ctx, "登录已过期,请重新登录");
}
// 安全起见删除密码相关字段
delete user.security.passwd;
delete user.security.passwdSalt;
return ResponseUtil.success(ctx, { user }, "获取用户信息成功");
} catch (err) {
return ResponseUtil.internalError(ctx, err.message);
}
}
// 获取用户列表
async userList(ctx) {
try {
const { page = 1, pageSize = 100 } = ctx.request.body;
// 从 token 获取当前用户
const token = ctx.request.body?.token
|| ctx.request.query?.token
|| ctx.header?.authorization
|| ctx.header?.token;
// 通过token获取用户
const user = await DBModel.User.findOne({ "security.token": token });
if (!user) {
return ResponseUtil.unauthorized(ctx, "用户未登录或 token 无效");
}
if (!('wxapp-escort-admin' in user.app)) {
return ResponseUtil.unauthorized(ctx, "用户无管理员权限");
}
const isTokenValid = user.security.token &&
user.security.tokenExpiry &&
new Date() < user.security.tokenExpiry;
if (!isTokenValid) {
return ResponseUtil.unauthorized(ctx, "登录已过期,请重新登录");
}
// 查询所有user.app包含wxapp-escort的用户
const users = await DBModel.User.find({ "app.wxapp-escort": { $exists: true } })
.skip((page - 1) * pageSize)
.limit(pageSize);
// 安全起见删除密码相关字段
users.forEach(u => {
delete u.security.passwd;
delete u.security.passwdSalt;
}); });
const phoneData = await phoneRes.json();
if (phoneData.errcode) {
return ResponseUtil.error(ctx, `获取手机号失败: ${phoneData.errmsg}`, null, 400);
}
return ResponseUtil.success(ctx, { users }, "获取用户列表成功"); // 从上图获取手机号
const phoneNumber = phoneData.phone_info?.phoneNumber;
return ResponseUtil.success(ctx, { phoneNumber }, "获取手机号成功");
} catch (err) { } catch (err) {
return ResponseUtil.internalError(ctx, err.message); return ResponseUtil.internalError(ctx, err.message);
} }
} }
// 生成 token
async genToken(uid) {
const crypto = await import("crypto");
const hash = crypto.createHash("md5");
hash.update(uid + Date.now() + Math.random());
return hash.digest("hex");
}
} }
export { HandlerUser }; export { HandlerUser };

10
routes/index.js
View File

@@ -11,14 +11,16 @@ class ApiRouter {
setupRoutes() { setupRoutes() {
const userRouter = new Router({ prefix: '/user' }); const userRouter = new Router({ prefix: '/user' });
userRouter.post('/wxgetphonenumber', this.handler.wxGetPhoneNumber.bind(this.handler)); userRouter.post('/register', this.handler.register.bind(this.handler));
userRouter.post('/wxsignin', this.handler.wxSignin.bind(this.handler)); userRouter.post('/signin', this.handler.signin.bind(this.handler));
userRouter.post('/update', this.handler.updateUser.bind(this.handler));
userRouter.post('/signout', this.handler.signout.bind(this.handler)); userRouter.post('/signout', this.handler.signout.bind(this.handler));
userRouter.post('/userInfo', this.handler.userInfo.bind(this.handler)); userRouter.post('/userInfo', this.handler.userInfo.bind(this.handler));
userRouter.post('/update', this.handler.updateUser.bind(this.handler));
userRouter.post('/list', this.handler.userList.bind(this.handler)); userRouter.post('/list', this.handler.userList.bind(this.handler));
userRouter.post('/wxsignin', this.handler.wxSignin.bind(this.handler));
userRouter.post('/wxgetphonenumber', this.handler.wxGetPhoneNumber.bind(this.handler));
this.router.use(userRouter.routes()); this.router.use(userRouter.routes());
this.printRoutes(this.router.stack); this.printRoutes(this.router.stack);