perf: 登录支持双重认证

2025-04-17 22:34:21 +08:00 · 2025-04-17 22:34:21 +08:00 · 48aef25b3f
parent 8e50e5dee3
commit 48aef25b3f
16 changed files with 132 additions and 55 deletions
--- a/packages/libs/lib-server/src/basic/exception/auth-exception.ts
+++ b/packages/libs/lib-server/src/basic/exception/auth-exception.ts
@ -1,5 +1,6 @@
 import { Constants } from '../constants.js';
 import { BaseException } from './base-exception.js';
+import { TextException } from "./common-exception.js";
 /**
 * 授权异常
 */
@ -10,9 +11,9 @@ export class AuthException extends BaseException {
 }


-export class Need2FAException extends BaseException {
-  constructor(message?:string) {
-    super('Need2FAException', Constants.res.need2fa.code, message ? message : Constants.res.need2fa.message);
+export class Need2FAException extends TextException {
+  constructor(message:string,data:any) {
+    super('Need2FAException', Constants.res.need2fa.code, message ? message : Constants.res.need2fa.message,data);
  }
 }

--- a/packages/libs/lib-server/src/basic/exception/base-exception.ts
+++ b/packages/libs/lib-server/src/basic/exception/base-exception.ts
@ -3,9 +3,11 @@
 */
 export class BaseException extends Error {
  code: number;
-  constructor(name, code, message) {
+  data?:any
+  constructor(name, code, message,data?:any) {
    super(message);
    this.name = name;
    this.code = code;
+    this.data = data;
  }
 }
--- a/packages/libs/lib-server/src/basic/exception/common-exception.ts
+++ b/packages/libs/lib-server/src/basic/exception/common-exception.ts
@ -1,16 +1,23 @@
-import { Constants } from '../constants.js';
-import { BaseException } from './base-exception.js';
+import { Constants } from "../constants.js";
+import { BaseException } from "./base-exception.js";
+
 /**
 * 通用异常
 */
 export class CommonException extends BaseException {
  constructor(message) {
-    super('CommonException', Constants.res.error.code, message ? message : Constants.res.error.message);
+    super("CommonException", Constants.res.error.code, message ? message : Constants.res.error.message);
  }
 }

 export class CodeException extends BaseException {
  constructor(res: { code: number; message: string }) {
-    super('CodeException', res.code, res.message);
+    super("CodeException", res.code, res.message);
+  }
+}
+
+export class TextException extends BaseException {
+  constructor(name, code,message, data?) {
+    super(name, code, message, data);
  }
 }
--- a/packages/libs/lib-server/src/basic/result.ts
+++ b/packages/libs/lib-server/src/basic/result.ts
@ -2,14 +2,15 @@ export class Result<T> {
  code: number;
  msg: string;
  data: T;
+
  constructor(code, msg, data?) {
    this.code = code;
    this.msg = msg;
    this.data = data;
  }

-  static error(code = 1, msg) {
-    return new Result(code, msg);
+  static error(code = 1, msg, data?: any) {
+    return new Result(code, msg, data);
  }

  static success(msg, data?) {
--- a/packages/ui/certd-client/src/api/service.ts
+++ b/packages/ui/certd-client/src/api/service.ts
@ -3,6 +3,17 @@ import { get } from "lodash-es";
 import { errorLog, errorCreate } from "./tools";
 import { env } from "/src/utils/util.env";
 import { useUserStore } from "/@/store/user";
+
+export class CodeError extends Error {
+  code: number;
+  data?: any;
+  constructor(message: string, code: number, data?: any) {
+    super(message);
+    this.code = code;
+    this.data = data;
+  }
+}
+
 /**
 * @description 创建请求实例
 */
@ -56,12 +67,13 @@ function createService() {
            const errorMessage = dataAxios.msg || dataAxios.message || "未知错误";
            // @ts-ignore
            if (response?.config?.onError) {
-              // @ts-ignore
-              response.config.onError(new Error(errorMessage));
+              const err = new CodeError(errorMessage, dataAxios.code, dataAxios.data);
+              response.config.onError(err);
+              return;
            }
            //@ts-ignore
            const showErrorNotify = response?.config?.showErrorNotify;
-            errorCreate(`${errorMessage}: ${response.config.url}`, showErrorNotify);
+            errorCreate(`${errorMessage}: ${response.config.url}`, showErrorNotify, dataAxios);
            return dataAxios;
        }
      }
--- a/packages/ui/certd-client/src/api/tools.ts
+++ b/packages/ui/certd-client/src/api/tools.ts
@ -4,6 +4,7 @@
 * @param {String} defaultValue 默认值
 */
 import { uiContext } from "@fast-crud/fast-crud";
+import { CodeError } from "/@/api/service";

 export function parse(jsonString = "{}", defaultValue = {}) {
  let result = defaultValue;
@ -68,8 +69,8 @@ export function errorLog(error: any, notify = true) {
 * @description 创建一个错误
 * @param {String} msg 错误信息
 */
-export function errorCreate(msg: string, notify = true) {
-  const err = new Error(msg);
+export function errorCreate(msg: string, notify = true, data?: any) {
+  const err = new CodeError(msg, data.code, data.data);
  console.error("errorCreate", err);
  if (notify) {
    uiContext.get().notification.error({ message: err.message });
--- a/packages/ui/certd-client/src/router/source/modules/certd.ts
+++ b/packages/ui/certd-client/src/router/source/modules/certd.ts
@ -149,7 +149,7 @@ export const certdResources = [
            path: "/certd/mine/security",
            component: "/certd/mine/security/index.vue",
            meta: {
-              icon: "ion:locked-outline",
+              icon: "fluent:shield-keyhole-16-regular",
              auth: true,
              isMenu: true,
            },
--- a/packages/ui/certd-client/src/store/user/api.user.ts
+++ b/packages/ui/certd-client/src/store/user/api.user.ts
@ -66,3 +66,11 @@ export async function mine(): Promise<UserInfoRes> {
    method: "post",
  });
 }
+
+export async function loginByTwoFactor(data: any) {
+  return await request({
+    url: "/loginByTwoFactor",
+    method: "post",
+    data,
+  });
+}
--- a/packages/ui/certd-client/src/store/user/index.ts
+++ b/packages/ui/certd-client/src/store/user/index.ts
@ -51,7 +51,7 @@ export const useUserStore = defineStore({
    setUserInfo(info: UserInfoRes) {
      this.userInfo = info;
      const userStore = vbenUserStore();
-      userStore.setUserInfo(info);
+      userStore.setUserInfo(info as any);
      LocalStorage.set(USER_INFO_KEY, info);
    },
    resetState() {
@ -71,23 +71,18 @@ export const useUserStore = defineStore({
     * @description: login
     */
    async login(loginType: string, params: LoginReq | SmsLoginReq): Promise<any> {
-      try {
-        let loginRes: any = null;
-        if (loginType === "sms") {
-          loginRes = await UserApi.loginBySms(params as SmsLoginReq);
-        } else {
-          loginRes = await UserApi.login(params as LoginReq);
-        }
-
-        const { token, expire } = loginRes;
-        // save token
-        this.setToken(token, expire);
-        // get user info
-        return await this.onLoginSuccess(loginRes);
-      } catch (error) {
-        console.error(error);
-        return null;
+      let loginRes: any = null;
+      if (loginType === "sms") {
+        loginRes = await UserApi.loginBySms(params as SmsLoginReq);
+      } else {
+        loginRes = await UserApi.login(params as LoginReq);
      }
+      return await this.onLoginSuccess(loginRes);
+    },
+
+    async loginByTwoFactor(form: any) {
+      const loginRes = await UserApi.loginByTwoFactor(form);
+      return await this.onLoginSuccess(loginRes);
    },
    async getUserInfoAction(): Promise<UserInfoRes> {
      const userInfo = await UserApi.mine();
@ -100,9 +95,13 @@ export const useUserStore = defineStore({
    },

    async onLoginSuccess(loginData: any) {
+      const { token, expire } = loginData;
+      // save token
+      this.setToken(token, expire);
+      // get user info
      // await this.getUserInfoAction();
      // const userInfo = await this.getUserInfoAction();
-      mitter.emit("app.login", { token: loginData });
+      mitter.emit("app.login", { ...loginData });
      await router.replace("/");
    },

--- a/packages/ui/certd-client/src/views/certd/mine/security/index.vue
+++ b/packages/ui/certd-client/src/views/certd/mine/security/index.vue
@ -9,7 +9,14 @@
          <div class="flex mt-5">
            <a-switch v-model:checked="formState.authenticator.enabled" :disabled="!settingsStore.isPlus" @change="onAuthenticatorEnabledChanged" />

-            <a-button v-if="formState.authenticator.enabled && formState.authenticator.verified" :disabled="authenticatorOpenRef" size="small" class="ml-5" type="primary" @click="authenticatorForm.open = true">
+            <a-button
+              v-if="formState.authenticator.enabled && formState.authenticator.verified"
+              :disabled="authenticatorOpenRef || !settingsStore.isPlus"
+              size="small"
+              class="ml-5"
+              type="primary"
+              @click="authenticatorForm.open = true"
+            >
              重新绑定
            </a-button>

@ -53,7 +60,12 @@ defineOptions({
  name: "UserSecurity",
 });

-const formState = reactive<Partial<UserTwoFactorSetting>>({});
+const formState = reactive<Partial<UserTwoFactorSetting>>({
+  authenticator: {
+    enabled: false,
+    verified: false,
+  },
+});

 const authenticatorForm = reactive({
  qrcodeSrc: "",
--- a/packages/ui/certd-client/src/views/framework/login/index.vue
+++ b/packages/ui/certd-client/src/views/framework/login/index.vue
@ -1,6 +1,6 @@
 <template>
  <div class="main login-page">
-    <a-form ref="formRef" class="user-layout-login" name="custom-validation" :model="formState" v-bind="layout" @finish="handleFinish" @finish-failed="handleFinishFailed">
+    <a-form v-if="!twoFactor.loginId" ref="formRef" class="user-layout-login" name="custom-validation" :model="formState" v-bind="layout" @finish="handleFinish" @finish-failed="handleFinishFailed">
      <!--      <div class="login-title">登录</div>-->
      <a-tabs v-model:active-key="formState.loginType" :tab-bar-style="{ textAlign: 'center', borderBottom: 'unset' }">
        <a-tab-pane key="password" tab="密码登录" :disabled="sysPublicSettings.passwordLoginEnabled !== true">
@ -49,6 +49,23 @@
        <router-link v-if="hasRegisterTypeEnabled()" class="register" :to="{ name: 'register' }"> 注册 </router-link>
      </a-form-item>
    </a-form>
+    <a-form v-else ref="twoFactorFormRef" class="user-layout-login" :model="twoFactor" v-bind="layout">
+      <div class="mb-10 flex flex-center">请打开您的Authenticator APP，获取动态验证码。</div>
+      <a-form-item name="verifyCode">
+        <a-input v-model:value="twoFactor.verifyCode" placeholder="请输入动态验证码" allow-clear>
+          <template #prefix>
+            <fs-icon icon="ion:lock-closed-outline"></fs-icon>
+          </template>
+        </a-input>
+      </a-form-item>
+      <a-form-item>
+        <loading-button type="primary" size="large" html-type="button" class="login-button" :click="handleTwoFactorSubmit">OTP验证登录</loading-button>
+      </a-form-item>
+
+      <a-form-item class="user-login-other">
+        <a class="register" @click="twoFactor.loginId = null"> 返回 </a>
+      </a-form-item>
+    </a-form>
  </div>
 </template>
 <script lang="ts">
@ -113,11 +130,28 @@ export default defineComponent({
      },
    };

+    const twoFactor = reactive({
+      loginId: "",
+      verifyCode: "",
+    });
+
+    const handleTwoFactorSubmit = async () => {
+      await userStore.loginByTwoFactor(twoFactor);
+    };
+
    const handleFinish = async (values: any) => {
      loading.value = true;
      try {
        const loginType = formState.loginType;
        await userStore.login(loginType, toRaw(formState));
+      } catch (e: any) {
+        //@ts-ignore
+        if (e.code === 10020) {
+          //@ts-ignore
+          twoFactor.loginId = e.data;
+        } else {
+          throw e;
+        }
      } finally {
        loading.value = false;
      }
@ -150,6 +184,8 @@ export default defineComponent({
      isLoginError,
      sysPublicSettings,
      hasRegisterTypeEnabled,
+      twoFactor,
+      handleTwoFactorSubmit,
    };
  },
 });
--- a/packages/ui/certd-client/src/views/sys/settings/tabs/safe.vue
+++ b/packages/ui/certd-client/src/views/sys/settings/tabs/safe.vue
@ -4,8 +4,7 @@
      <h2>站点隐藏</h2>
      <a-form-item label="启用站点隐藏" :name="['hidden', 'enabled']" :required="true">
        <div class="flex">
-          <a-switch v-model:checked="formState.hidden.enabled" :disabled="!settingsStore.isPlus" />
-          <vip-button class="ml-5" mode="button"></vip-button>
+          <a-switch v-model:checked="formState.hidden.enabled" />
        </div>

        <div class="helper">
--- a/packages/ui/certd-server/src/controller/sys/settings/sys-safe-settings-controller.ts
+++ b/packages/ui/certd-server/src/controller/sys/settings/sys-safe-settings-controller.ts
@ -1,8 +1,7 @@
-import {ALL, Body, Controller, Inject, Post, Provide} from '@midwayjs/core';
-import {BaseController, SysSafeSetting} from '@certd/lib-server';
-import {cloneDeep} from 'lodash-es';
-import {SafeService} from "../../../modules/sys/settings/safe-service.js";
-import {isPlus} from "@certd/plus-core";
+import { ALL, Body, Controller, Inject, Post, Provide } from "@midwayjs/core";
+import { BaseController, SysSafeSetting } from "@certd/lib-server";
+import { cloneDeep } from "lodash-es";
+import { SafeService } from "../../../modules/sys/settings/safe-service.js";


 /**
@ -25,9 +24,6 @@ export class SysSettingsController extends BaseController {

  @Post("/save", { summary: "sys:settings:edit" })
  async safeSave(@Body(ALL) body: any) {
-    if (!isPlus()) {
-      throw new Error('本功能需要开通专业版')
-    }
    await this.safeService.saveSafeSetting(body);
    return this.ok({});
  }
--- a/packages/ui/certd-server/src/controller/user/login/login-controller.ts
+++ b/packages/ui/certd-server/src/controller/user/login/login-controller.ts
@ -63,7 +63,7 @@ export class LoginController extends BaseController {
  ) {

    const token = await this.loginService.loginByTwoFactor({
-      loginCode: body.loginCode,
+      loginId: body.loginId,
      verifyCode: body.verifyCode,
    });

--- a/packages/ui/certd-server/src/middleware/global-exception.ts
+++ b/packages/ui/certd-server/src/middleware/global-exception.ts
@ -1,7 +1,7 @@
 import { Provide } from '@midwayjs/core';
 import { IMidwayKoaContext, IWebMiddleware, NextFunction } from '@midwayjs/koa';
 import { logger } from '@certd/basic';
-import { Result } from '@certd/lib-server';
+import { Result, TextException } from "@certd/lib-server";

@Provide()
 export class GlobalExceptionMiddleware implements IWebMiddleware {
@ -14,12 +14,15 @@ export class GlobalExceptionMiddleware implements IWebMiddleware {
        await next();
        logger.info('请求完成:', url, Date.now() - startTime + 'ms');
      } catch (err) {
+        if(err instanceof TextException){
+          delete err.stack
+        }
        logger.error('请求异常:', url, Date.now() - startTime + 'ms', err);
        ctx.status = 200;
        if (err.code == null || typeof err.code !== 'number') {
          err.code = 1;
        }
-        ctx.body = Result.error(err.code, err.message);
+        ctx.body = Result.error(err.code, err.message,err.data);
      }
    };
  }
--- a/packages/ui/certd-server/src/modules/login/service/login-service.ts
+++ b/packages/ui/certd-server/src/modules/login/service/login-service.ts
@ -158,21 +158,21 @@ export class LoginService {
      //要检查
      const randomKey = utils.id.simpleNanoId(12)
      cache.set(`login_2fa_code:${randomKey}`, userId, {
-        ttl: 60 * 1000,
+        ttl: 60 * 1000 * 2,
      })
-      throw new Need2FAException('已开启多重认证，请在60秒内输入验证码')
+      throw new Need2FAException('已开启多重认证，请在2分钟内输入OPT验证码',randomKey)
    }

  }

-  async loginByTwoFactor(req: { loginCode: string; verifyCode: string }) {
+  async loginByTwoFactor(req: { loginId: string; verifyCode: string }) {
    //检查是否开启多重认证
    if (!isPlus()) {
      throw new Error('本功能需要开通专业版')
    }
-    const userId = cache.get(`login_2fa_code:${req.loginCode}`)
+    const userId = cache.get(`login_2fa_code:${req.loginId}`)
    if (!userId) {
-      throw new AuthException('登录状态已失效，请重新登录')
+      throw new AuthException('已超时，请返回重新登录')
    }
    await this.twoFactorService.verifyAuthenticatorCode(userId, req.verifyCode)