Pchen0
/
ic-ctbu-backend


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100
							const { v4: uuidv4 } = require('uuid')
const API = require("../../lib/API")
const bcryptjs = require('bcryptjs')
const { BaseStdResponse } = require("../../BaseStdResponse")
const db = require("../../plugin/DataBase/db")
const Redis = require('../../plugin/DataBase/Redis')

// 用户登录
class Login extends API {
    constructor() {
        super();

        this.setMethod("POST");
        this.setPath("/User/Login");
    }

    async onRequest(req, res) {
        let { username, password, captcha, id } = req.body;

        if ([username, password, captcha, id].some(value => value === '' || value === null || value === undefined)) {
            res.json({
                ...BaseStdResponse.MISSING_PARAMETER
            });
            return;
        }

        password = atob(password);

        try {
            const code = await Redis.get(`captcha:${id}`);
            if (!code || code != captcha.toLowerCase())
                return res.json({
                    ...BaseStdResponse.ERR,
                    msg: '验证码错误或已过期！'
                })
            Redis.del(`captcha:${id}`);
        } catch (err) {
            this.logger.error(`验证图片验证码失败！${err.stack}`);
            return res.json({
                ...BaseStdResponse.DATABASE_ERR,
                msg: '验证失败！'
            })
        }

        let sql = 'SELECT * FROM users WHERE username = ?';
        let rows = await db.query(sql, [username]);

        if (!rows || rows.length !== 1 || !rows[0].password|| !bcryptjs.compareSync(password, rows[0].password))
            return res.json({
                ...BaseStdResponse.ERR,
                msg: '用户名或密码错误'
            })

        if (Number(rows[0].is_banned) === 1)
            return res.json({
                ...BaseStdResponse.ERR,
                msg: '账号已被封禁，如有疑问请邮件联系：service@xxoo365.top'
            })

        const session = uuidv4()
        await Redis.set(`userSession:${rows[0].uuid}`, session, {
            EX: 2592000
        })

        res.json({
            ...BaseStdResponse.OK,
            data: {
                uuid: rows[0].uuid,
                username: rows[0].username,
                session,
                roles: rows[0].permission || [],
                vip: rows[0].vip,
                ic_count: rows[0].ic_count,
                lepao_count: rows[0].lepao_count,
                crouse_count: rows[0].crouse_count,
                avatar: rows[0].avatar,
                email: rows[0].email
            }
        })

        const time = new Date().getTime()
        sql = 'UPDATE users SET lastTime = ? WHERE id = ?';
        await db.query(sql, [time, rows[0].id]);

        try {
            let ip = req.headers['x-forwarded-for']?.split(',')[0].trim() || req.connection?.remoteAddress || ''
            if (ip.startsWith('::ffff:'))
                ip = ip.replace('::ffff:', '')
            const userAgent = req.headers['user-agent']
            await db.query(
                'INSERT INTO login_history (uuid, time, deviceInfo, type, ip) VALUES (?, ?, ?, ?, ?)',
                [rows[0].uuid, time, { ua: userAgent }, 'password', ip]
            )
        } catch (err) {
            this.logger.error(`写入登录记录失败！${err}`)
        }
    }
}

module.exports.Login = Login;