yapi/server/controllers/user.js

552 lines
17 KiB
JavaScript
Raw Normal View History

2017-07-27 19:49:26 +08:00
import userModel from '../models/user.js';
import yapi from '../yapi.js';
import baseController from './base.js';
import request from 'request';
import common from '../utils/commons.js';
2017-07-05 17:59:53 +08:00
2017-07-28 17:29:17 +08:00
import interfaceModel from '../models/interface.js'
import groupModel from '../models/group.js'
import projectModel from '../models/project.js'
2017-07-10 20:51:04 +08:00
const jwt = require('jsonwebtoken');
2017-07-07 12:04:14 +08:00
class userController extends baseController {
constructor(ctx) {
2017-07-27 19:49:26 +08:00
super(ctx);
this.Model = yapi.getInst(userModel);
2017-07-06 18:25:53 +08:00
}
2017-07-10 11:11:35 +08:00
/**
2017-07-11 18:22:20 +08:00
* 用户登录接口
2017-07-10 11:11:35 +08:00
* @interface /user/login
* @method POST
* @category user
* @foldnumber 10
2017-07-11 18:22:20 +08:00
* @param {String} email email名称不能为空
2017-07-10 11:11:35 +08:00
* @param {String} password 密码不能为空
* @returns {Object}
* @example ./api/user/login.json
*/
async login(ctx) { //登录
2017-07-11 12:12:43 +08:00
let userInst = yapi.getInst(userModel); //创建user实体
let email = ctx.request.body.email;
2017-07-10 11:11:35 +08:00
let password = ctx.request.body.password;
if (!email) {
return ctx.body = yapi.commons.resReturn(null, 400, 'email不能为空');
2017-07-05 17:59:53 +08:00
}
if (!password) {
return ctx.body = yapi.commons.resReturn(null, 400, '密码不能为空');
2017-07-10 20:51:04 +08:00
}
2017-07-11 12:12:43 +08:00
let result = await userInst.findByEmail(email);
if (!result) {
return ctx.body = yapi.commons.resReturn(null, 404, '该用户不存在');
} else if (yapi.commons.generatePassword(password, result.passsalt) === result.password) {
2017-07-27 19:49:26 +08:00
this.setLoginCookie(result._id, result.passsalt);
2017-07-11 18:22:20 +08:00
return ctx.body = yapi.commons.resReturn({
2017-07-13 16:13:47 +08:00
username: result.username,
2017-07-11 18:22:20 +08:00
uid: result._id,
email: result.email,
add_time: result.add_time,
2017-07-27 18:00:43 +08:00
up_time: result.up_time,
server_ip: yapi.WEBCONFIG.server_ip
2017-07-11 18:22:20 +08:00
}, 0, 'logout success...');
} else {
2017-07-11 12:12:43 +08:00
return ctx.body = yapi.commons.resReturn(null, 405, '密码错误');
2017-07-05 17:59:53 +08:00
}
2017-07-06 18:25:53 +08:00
}
2017-07-06 20:55:02 +08:00
2017-07-11 18:22:20 +08:00
/**
* 退出登录接口
* @interface /user/logout
* @method GET
* @category user
* @foldnumber 10
* @returns {Object}
* @example ./api/user/logout.json
*/
async logout(ctx) {
2017-07-11 16:50:17 +08:00
ctx.cookies.set('_yapi_token', null);
ctx.cookies.set('_yapi_uid', null);
ctx.body = yapi.commons.resReturn('ok');
}
2017-07-28 17:29:17 +08:00
2017-07-12 17:01:27 +08:00
/**
* 第三方登录需要提供一个request方法和 token字段暂时只支持qunar第三方
* @return {email: String, username: String}
*/
thirdQunarLogin() {
2017-07-12 17:01:27 +08:00
return {
request: (token) => {
return new Promise((resolve, reject) => {
request('http://qsso.corp.qunar.com/api/verifytoken.php?token=' + token, function (error, response, body) {
2017-07-12 17:01:27 +08:00
if (!error && response.statusCode == 200) {
let result = JSON.parse(body);
if (result && result.ret === true) {
2017-07-12 17:01:27 +08:00
let ret = {
email: result.userId + '@qunar.com',
username: result.data.userInfo.name
2017-07-27 19:49:26 +08:00
};
resolve(ret);
} else {
2017-07-27 19:49:26 +08:00
reject(result);
}
2017-07-12 17:01:27 +08:00
}
2017-07-27 19:49:26 +08:00
reject(error);
});
});
2017-07-12 17:01:27 +08:00
},
tokenField: 'token'
2017-07-27 19:49:26 +08:00
};
2017-07-12 17:01:27 +08:00
}
async loginByToken(ctx) {
2017-07-12 17:01:27 +08:00
let config = this.thirdQunarLogin();
let token = ctx.request.body[config.tokenField] || ctx.request.query[config.tokenField];
try {
2017-07-12 17:01:27 +08:00
let ret = await config.request(token);
let login = await this.handleThirdLogin(ret.email, ret.username);
2017-07-27 19:49:26 +08:00
if (login === true) {
2017-07-12 17:01:27 +08:00
yapi.commons.log('login success');
2017-07-27 19:49:26 +08:00
ctx.redirect('/');
2017-07-12 17:01:27 +08:00
}
} catch (e) {
2017-07-27 19:49:26 +08:00
yapi.commons.log(e.message, 'error');
ctx.redirect('/');
2017-07-12 17:01:27 +08:00
}
}
async handleThirdLogin(email, username) {
let user, data, passsalt;
2017-07-27 19:49:26 +08:00
let userInst = yapi.getInst(userModel);
try {
2017-07-12 17:01:27 +08:00
user = await userInst.findByEmail(email);
2017-07-27 19:49:26 +08:00
if (!user || !user._id) {
2017-07-12 17:01:27 +08:00
passsalt = yapi.commons.randStr();
data = {
username: username,
password: yapi.commons.generatePassword(passsalt, passsalt),
email: email,
passsalt: passsalt,
role: 'member',
add_time: yapi.commons.time(),
up_time: yapi.commons.time()
2017-07-27 19:49:26 +08:00
};
2017-07-12 17:01:27 +08:00
user = await userInst.save(data);
2017-07-24 11:24:08 +08:00
yapi.commons.sendMail({
2017-07-25 15:42:05 +08:00
to: email,
contents: `<h3>亲爱的用户:</h3><p>您好感谢使用YApi,系统检测您是第一次用Qsso账号登录YApi服务,您的Email是 ${email} ,初始化密码为:${passsalt}</p>`
2017-07-27 19:49:26 +08:00
});
2017-07-12 17:01:27 +08:00
}
2017-07-27 19:49:26 +08:00
this.setLoginCookie(user._id, user.passsalt);
2017-07-12 17:01:27 +08:00
return true;
} catch (e) {
2017-07-27 19:49:26 +08:00
console.error('third_login:', e.message); // eslint-disable-line
2017-07-12 17:01:27 +08:00
return false;
}
}
2017-07-13 16:13:47 +08:00
/**
* 修改用户密码
* @interface /user/change_password
* @method POST
* @category user
* @param {Number} uid 用户ID
* @param {Number} [old_password] 旧密码, 非admin用户必须传
* @param {Number} password 新密码
* @return {Object}
* @example ./api/user/change_password.json
2017-07-13 16:13:47 +08:00
*/
async changePassword(ctx) {
2017-07-12 17:01:27 +08:00
let params = ctx.request.body;
let userInst = yapi.getInst(userModel);
2017-07-18 19:47:38 +08:00
if (!params.uid) {
return ctx.body = yapi.commons.resReturn(null, 400, 'uid不能为空');
}
if (!params.password) {
return ctx.body = yapi.commons.resReturn(null, 400, '密码不能为空');
}
if (this.getRole() !== 'admin' && params.uid != this.getUid()) {
2017-07-12 17:01:27 +08:00
return ctx.body = yapi.commons.resReturn(null, 402, '没有权限');
}
if (this.getRole() !== 'admin') {
if (!params.old_password) {
return ctx.body = yapi.commons.resReturn(null, 400, '旧密码不能为空');
}
let user = await userInst.findById(params.uid);
if (yapi.commons.generatePassword(params.old_password, user.passsalt) !== user.password) {
return ctx.body = yapi.commons.resReturn(null, 402, '旧密码错误');
}
}
2017-07-12 17:01:27 +08:00
let passsalt = yapi.commons.randStr();
let data = {
up_time: yapi.commons.time(),
password: yapi.commons.generatePassword(params.password, passsalt),
2017-07-12 17:01:27 +08:00
passsalt: passsalt
};
try {
let result = await userInst.update(params.uid, data);
2017-07-12 17:01:27 +08:00
ctx.body = yapi.commons.resReturn(result);
} catch (e) {
2017-07-12 17:01:27 +08:00
ctx.body = yapi.commons.resReturn(null, 401, e.message);
}
}
2017-07-27 19:49:26 +08:00
async forgetPassword() { }
2017-07-12 20:47:20 +08:00
2017-07-27 19:49:26 +08:00
async resetPassword() { }
2017-07-12 17:01:27 +08:00
setLoginCookie(uid, passsalt) {
let token = jwt.sign({ uid: uid }, passsalt, { expiresIn: '7 days' });
2017-07-27 19:49:26 +08:00
2017-07-12 17:01:27 +08:00
this.ctx.cookies.set('_yapi_token', token, {
expires: yapi.commons.expireDate(7),
httpOnly: true
2017-07-27 19:49:26 +08:00
});
2017-07-12 17:01:27 +08:00
this.ctx.cookies.set('_yapi_uid', uid, {
expires: yapi.commons.expireDate(7),
httpOnly: true
2017-07-27 19:49:26 +08:00
});
2017-07-12 17:01:27 +08:00
}
2017-07-11 18:22:20 +08:00
/**
* 用户注册接口
* @interface /user/reg
* @method POST
* @category user
* @foldnumber 10
* @param {String} email email名称不能为空
* @param {String} password 密码不能为空
* @param {String} [username] 用户名
* @returns {Object}
* @example ./api/user/login.json
*/
async reg(ctx) { //注册
2017-07-27 19:49:26 +08:00
let userInst = yapi.getInst(userModel);
2017-07-06 18:25:53 +08:00
let params = ctx.request.body; //获取请求的参数,检查是否存在用户名和密码
2017-07-26 14:22:59 +08:00
params = yapi.commons.handleParams(params, {
username: 'string',
password: 'string',
email: 'string'
2017-07-27 19:49:26 +08:00
});
2017-07-26 14:22:59 +08:00
if (!params.email) {
return ctx.body = yapi.commons.resReturn(null, 400, '邮箱不能为空');
2017-07-10 20:51:04 +08:00
}
2017-07-27 19:49:26 +08:00
if (!params.password) {
return ctx.body = yapi.commons.resReturn(null, 400, '密码不能为空');
2017-07-10 20:51:04 +08:00
}
2017-07-27 19:49:26 +08:00
let checkRepeat = await userInst.checkRepeat(params.email);//然后检查是否已经存在该用户
if (checkRepeat > 0) {
return ctx.body = yapi.commons.resReturn(null, 401, '该email已经注册');
2017-07-10 20:51:04 +08:00
}
2017-07-11 12:12:43 +08:00
let passsalt = yapi.commons.randStr();
2017-07-05 17:59:53 +08:00
let data = {
2017-07-06 18:25:53 +08:00
username: params.username,
2017-07-11 12:12:43 +08:00
password: yapi.commons.generatePassword(params.password, passsalt),//加密
2017-07-06 18:25:53 +08:00
email: params.email,
2017-07-11 12:12:43 +08:00
passsalt: passsalt,
2017-07-11 16:50:17 +08:00
role: 'member',
2017-07-05 17:59:53 +08:00
add_time: yapi.commons.time(),
up_time: yapi.commons.time()
2017-07-27 19:49:26 +08:00
};
if (!data.username) {
2017-07-12 20:47:20 +08:00
data.username = data.email.substr(0, data.email.indexOf('@'));
}
2017-07-27 19:49:26 +08:00
try {
2017-07-06 18:25:53 +08:00
let user = await userInst.save(data);
2017-07-27 19:49:26 +08:00
this.setLoginCookie(user._id, user.passsalt);
2017-07-11 18:22:20 +08:00
ctx.body = yapi.commons.resReturn({
uid: user._id,
email: user.email,
2017-07-12 20:47:20 +08:00
username: user.username,
2017-07-11 18:22:20 +08:00
add_time: user.add_time,
up_time: user.up_time,
2017-07-12 17:01:27 +08:00
role: 'member'
2017-07-11 18:22:20 +08:00
});
2017-07-11 16:50:17 +08:00
yapi.commons.sendMail({
2017-07-25 15:42:05 +08:00
to: user.email,
2017-07-24 11:24:08 +08:00
contents: `<h3>亲爱的用户:</h3><p>您好感谢使用YApi,您的账号 ${params.email} 已经注册成功</p>`
2017-07-27 19:49:26 +08:00
});
} catch (e) {
2017-07-06 20:55:02 +08:00
ctx.body = yapi.commons.resReturn(null, 401, e.message);
2017-07-05 17:59:53 +08:00
}
2017-07-06 18:25:53 +08:00
}
2017-07-11 18:22:20 +08:00
/**
* 获取用户列表
* @interface /user/list
* @method GET
* @category user
* @foldnumber 10
2017-07-18 16:37:28 +08:00
* @param {Number} [page] 分页页码
* @param {Number} [limit] 分页大小,默认为10条
2017-07-11 18:22:20 +08:00
* @returns {Object}
* @example
*/
2017-07-27 19:49:26 +08:00
async list(ctx) {
2017-07-18 16:37:28 +08:00
let page = ctx.request.query.page || 1,
limit = ctx.request.query.limit || 10;
2017-07-27 19:49:26 +08:00
2017-07-18 16:37:28 +08:00
const userInst = yapi.getInst(userModel);
try {
let user = await userInst.listWithPaging(page, limit);
let count = await userInst.listCount();
2017-07-18 15:13:47 +08:00
return ctx.body = yapi.commons.resReturn({
total: Math.ceil(count / limit),
2017-07-18 16:37:28 +08:00
list: user
2017-07-18 15:13:47 +08:00
});
2017-07-27 19:49:26 +08:00
} catch (e) {
return ctx.body = yapi.commons.resReturn(null, 402, e.message);
2017-07-05 17:59:53 +08:00
}
2017-07-06 18:25:53 +08:00
}
2017-07-11 18:22:20 +08:00
/**
2017-07-12 17:01:27 +08:00
* 获取用户个人信息
2017-07-12 12:22:10 +08:00
* @interface /user/find
2017-07-11 18:22:20 +08:00
* @method GET
* @param id 用户uid
* @category user
* @foldnumber 10
* @returns {Object}
* @example
*/
async findById(ctx) { //根据id获取用户信息
try {
2017-07-27 19:49:26 +08:00
let userInst = yapi.getInst(userModel);
let id = ctx.request.query.id;
2017-07-27 19:49:26 +08:00
2017-07-18 19:47:38 +08:00
if (!id) {
return ctx.body = yapi.commons.resReturn(null, 400, 'uid不能为空');
}
2017-07-27 19:49:26 +08:00
2017-07-07 12:04:14 +08:00
let result = await userInst.findById(id);
2017-07-27 19:49:26 +08:00
if (!result) {
return ctx.body = yapi.commons.resReturn(null, 402, '不存在的用户');
2017-07-18 17:15:29 +08:00
}
2017-07-27 19:49:26 +08:00
return ctx.body = yapi.commons.resReturn({
uid: result._id,
username: result.username,
email: result.email,
role: result.role,
add_time: result.add_time,
up_time: result.up_time
});
2017-07-27 19:49:26 +08:00
} catch (e) {
return ctx.body = yapi.commons.resReturn(null, 402, e.message);
2017-07-06 18:25:53 +08:00
}
}
2017-07-11 18:22:20 +08:00
/**
2017-07-12 12:22:10 +08:00
* 删除用户,只有admin用户才有此权限
2017-07-11 18:22:20 +08:00
* @interface /user/del
* @method POST
* @param id 用户uid
* @category user
* @foldnumber 10
* @returns {Object}
* @example
*/
async del(ctx) { //根据id删除一个用户
2017-07-27 19:49:26 +08:00
try {
if (this.getRole() !== 'admin') {
2017-07-11 16:50:17 +08:00
return ctx.body = yapi.commons.resReturn(null, 402, 'Without permission.');
}
2017-07-27 19:49:26 +08:00
let userInst = yapi.getInst(userModel);
2017-07-06 18:25:53 +08:00
let id = ctx.request.body.id;
2017-07-27 19:49:26 +08:00
2017-07-18 19:47:38 +08:00
if (!id) {
return ctx.body = yapi.commons.resReturn(null, 400, 'uid不能为空');
}
2017-07-27 19:49:26 +08:00
2017-07-06 18:25:53 +08:00
let result = await userInst.del(id);
2017-07-27 19:49:26 +08:00
2017-07-05 17:59:53 +08:00
ctx.body = yapi.commons.resReturn(result);
} catch (e) {
ctx.body = yapi.commons.resReturn(null, 402, e.message);
2017-07-05 17:59:53 +08:00
}
2017-07-06 18:25:53 +08:00
}
2017-07-11 18:22:20 +08:00
2017-07-12 17:01:27 +08:00
/**
* 更新用户个人信息
* @interface /user/update
* @method POST
* @param uid 用户uid
* @param [role] 用户角色,只有管理员有权限修改
* @param [username] String
* @param [email] String
2017-07-12 17:01:27 +08:00
* @category user
* @foldnumber 10
* @returns {Object}
* @example
*/
2017-07-27 19:49:26 +08:00
async update(ctx) { //更新用户信息
try {
let params = ctx.request.body;
2017-07-27 19:49:26 +08:00
2017-07-26 14:22:59 +08:00
params = yapi.commons.handleParams(params, {
username: 'string',
email: 'string'
2017-07-27 19:49:26 +08:00
});
if (this.getRole() !== 'admin' && params.uid != this.getUid()) {
return ctx.body = yapi.commons.resReturn(null, 401, '没有权限');
}
2017-07-27 19:49:26 +08:00
let userInst = yapi.getInst(userModel);
let id = params.uid;
2017-07-27 19:49:26 +08:00
2017-07-18 19:47:38 +08:00
if (!id) {
return ctx.body = yapi.commons.resReturn(null, 400, 'uid不能为空');
}
2017-07-18 15:50:07 +08:00
2017-07-27 19:49:26 +08:00
let data = {
2017-07-12 17:01:27 +08:00
up_time: yapi.commons.time()
};
2017-07-27 19:49:26 +08:00
if (this.getRole() === 'admin') {
params.role && (data.role = params.role);
}
2017-07-27 19:49:26 +08:00
params.username && (data.username = params.username);
params.email && (data.email = params.email);
2017-07-12 17:01:27 +08:00
if (data.email) {
2017-07-12 17:01:27 +08:00
var checkRepeat = await userInst.checkRepeat(data.email);//然后检查是否已经存在该用户
if (checkRepeat > 0) {
return ctx.body = yapi.commons.resReturn(null, 401, '该email已经注册');
2017-07-12 17:01:27 +08:00
}
}
let result = await userInst.update(id, data);
2017-07-28 17:29:17 +08:00
2017-07-05 17:59:53 +08:00
ctx.body = yapi.commons.resReturn(result);
} catch (e) {
ctx.body = yapi.commons.resReturn(null, 402, e.message);
2017-07-05 17:59:53 +08:00
}
}
/**
* 模糊搜索用户名或者email
* @interface /user/search
* @method GET
* @category user
* @foldnumber 10
* @param {String} q
* @return {Object}
2017-07-14 17:00:30 +08:00
* @example ./api/user/search.json
*/
async search(ctx) {
const { q } = ctx.request.query;
if (!q) {
return ctx.body = yapi.commons.resReturn(void 0, 400, 'No keyword.');
}
if (!yapi.commons.validateSearchKeyword(q)) {
return ctx.body = yapi.commons.resReturn(void 0, 400, 'Bad query.');
}
let queryList = await this.Model.search(q);
let rules = [
{
key: '_id',
alias: 'uid'
},
2017-07-19 13:58:12 +08:00
'username',
'email',
'role',
{
key: 'add_time',
alias: 'addTime'
},
{
key: 'up_time',
alias: 'upTime'
}
];
let filteredRes = common.filterRes(queryList, rules);
2017-07-27 19:49:26 +08:00
console.log(queryList); // eslint-disable-line
2017-07-19 13:58:12 +08:00
return ctx.body = yapi.commons.resReturn(filteredRes, 0, 'ok');
}
2017-07-28 17:29:17 +08:00
/**
* 根据路由id获取面包屑数据
* @interface /user/nav
* @method GET
* @category user
* @foldnumber 10
* @param {String} type 可选group|interface|project
* @param {Number} id
* @return {Object}
* @example ./api/user/nav.json
*/
async nav(ctx) {
let { id, type } = ctx.request.query;
let result = {};
try {
if (type === 'interface') {
let interfaceInst = yapi.getInst(interfaceModel);
let interfaceData = await interfaceInst.get(id)
result["interface_id"] = interfaceData._id;
result["interface_name"] = interfaceData.path;
type = 'project';
id = interfaceData.project_id;
}
if (type === 'project') {
let projectInst = yapi.getInst(projectModel);
let projectData = await projectInst.get(id);
result["project_id"] = projectData._id;
result["project_name"] = projectData.prd_host + projectData.basepath;
type = 'group';
id = projectData.group_id
}
if (type === 'group') {
let groupInst = yapi.getInst(groupModel);
let groupData = await groupInst.get(id);
result["group_id"] = groupData._id;
result["group_name"] = groupData.group_name;
}
return ctx.body = yapi.commons.resReturn(result)
}
catch (e) {
return ctx.body = yapi.commons.resReturn(result, 422, e.message)
}
}
2017-07-06 18:25:53 +08:00
}
module.exports = userController;