Pchen0
/
ic-ctbu-backend


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192
							const API = require("../../lib/API");
const db = require("../../plugin/DataBase/db");
const { BaseStdResponse } = require("../../BaseStdResponse");
const AccessControl = require("../../lib/AccessControl");
const bcryptjs = require('bcryptjs');

class ChangePassword extends API {
    constructor() {
        super();

        this.setMethod("POST");
        this.setPath("/User/ChangePassword");
    }

    CheckPassword(password) {
        if (password.length < 8 || password.length > 16) {
            return false;
        }

        const hasLetter = /[a-zA-Z]/.test(password);
        const hasNumber = /\d/.test(password);

        return hasLetter && hasNumber;
    }

    async onRequest(req, res) {
        try {
            let { uuid, session, oldpassword, password } = req.body;

            if ([uuid, session, password].some(value => value === '' || value === null || value === undefined)) {
                return res.json({
                    ...BaseStdResponse.MISSING_PARAMETER,
                    endpoint: 1513126
                });
            }

            // 检查 session 是否有效
            if (!await AccessControl.checkSession(uuid, session)) {
                return res.status(401).json({
                    ...BaseStdResponse.ACCESS_DENIED,
                    endpoint: 48153145
                });
            }

            password = atob(password);

            if (!this.CheckPassword(password))
                return res.json({
                    ...BaseStdResponse.ERR,
                    msg: '密码需在8到16位之间，且包含字母和数字'
                })

            if (oldpassword && oldpassword !== '') {
                oldpassword = atob(oldpassword);

                let sql = 'SELECT email, password FROM users WHERE uuid = ? AND password IS NULL';
                let rows = await db.query(sql, [uuid]);
                if (!rows || rows.length === 0)
                    return res.json({
                        ...BaseStdResponse.ERR,
                        msg: '暂时无法重设密码，请联系客服'
                    })

                if (oldpassword !== '' && !bcryptjs.compareSync(oldpassword, rows[0].password))
                    return res.json({
                        ...BaseStdResponse.ERR,
                        msg: '密码错误！'
                    })
            }

            const hashPassword = bcryptjs.hashSync(password, 10);
            let sql = 'UPDATE users SET password = ? WHERE uuid = ?';
            let result = await db.query(sql, [hashPassword, uuid]);

            if (result && result.affectedRows > 0) {
                res.json({
                    ...BaseStdResponse.OK
                });
            } else {
                res.json({ ...BaseStdResponse.ERR, endpoint: 7894378, msg: '操作失败！' });
            }
        } catch (error) {
            return res.json({
                ...BaseStdResponse.ERR,
                msg: '密码更新失败，请联系客服'
            })
        }

    }
}

module.exports.ChangePassword = ChangePassword;