@kne/fastify-account 1.0.0-alpha.16 → 1.0.0-alpha.18

package/libs/models/request-log.js

@@ -0,0 +1,27 @@
+module.exports = ({ DataTypes }) => {
+  return {
+    model: {
+      userId: {
+        type: DataTypes.UUID, allowNull: false
+      }, tenantId: {
+        type: DataTypes.UUID
+      }, type: {
+        type: DataTypes.STRING, comment: 'user,tenant,admin'
+      }, applicationId: {
+        type: DataTypes.UUID
+      }, action: {
+        type: DataTypes.TEXT
+      }, summary: {
+        type: DataTypes.TEXT
+      }
+    }, options: {
+      indexes: [{
+        fields: ['user_id', 'type']
+      }, {
+        fields: ['tenant_id', 'type']
+      }, {
+        fields: ['action', 'type']
+      }]
+    }
+  };
+};

package/libs/models/verification-code.js

@@ -7,7 +7,8 @@ module.exports = ({ DataTypes }) => {
       },
       type: {
         type: DataTypes.INTEGER,
-        allowNull: false //0:手机注册,1:邮箱注册,2:手机登录,3:邮箱登录,4:验证租户管理员
+        allowNull: false,
+        comment: '0:注册,2:登录,4:验证租户管理员,5:忘记密码'
       },
       code: {
         type: DataTypes.STRING,
@@ -15,7 +16,8 @@ module.exports = ({ DataTypes }) => {
       },
       status: {
         type: DataTypes.INTEGER,
-        defaultValue: 0 //0:未验证,1:已验证,2:已过期
+        defaultValue: 0,
+        comment: '0:未验证,1:已验证,2:已过期'
       }
     }
   };

package/libs/services/account.js

@@ -14,7 +14,7 @@ function userNameIsEmail(username) {
 
 module.exports = fp(async (fastify, options) => {
   const { models, services } = fastify.account;
-  const login = async ({ username, password, ip }) => {
+  const login = async ({ username, password, ip, appName }) => {
     const isEmail = userNameIsEmail(username);
     const user = await models.user.findOne({
       where: Object.assign(
@@ -40,9 +40,13 @@ module.exports = fp(async (fastify, options) => {
 
     await passwordAuthentication({ accountId: user.userAccountId, password });
 
+    const application = appName && (await services.application.getApplicationByCode({ code: appName }));
+
     await models.loginLog.create({
       userId: user.uuid,
-      ip
+      ip,
+      currentTenantId: user.currentTenantId,
+      applicationId: application?.id
     });
 
     return {
@@ -51,6 +55,37 @@ module.exports = fp(async (fastify, options) => {
     };
   };
 
+  const resetPassword = async ({ password, userId }) => {
+    const userInfo = await services.user.getUserInstance({ id: userId });
+    const account = await models.userAccount.create(
+      Object.assign({}, await passwordEncryption(password), {
+        belongToUserId: userInfo.uuid
+      })
+    );
+
+    await userInfo.update({ userAccountId: account.uuid });
+  };
+
+  const resetPasswordByToken = async ({ password, token }) => {
+    const { name } = await verificationJWTCodeValidate({ token });
+    const user = await services.user.getUserInstanceByName({ name, status: [0, 1] });
+    await resetPassword({ password, userId: user.uuid });
+  };
+
+  const modifyPassword = async ({ email, phone, oldPwd, newPwd }) => {
+    const user = await services.user.getUserInstanceByName({ name: email || phone, status: 1 });
+    if (!user) {
+      throw new Error('新用户密码只能初始化一次');
+    }
+    if (oldPwd === newPwd) {
+      throw new Error('重置密码不能和初始化密码相同');
+    }
+    await passwordAuthentication({ accountId: user.userAccountId, password: oldPwd });
+    await resetPassword({ userId: user.uuid, password: newPwd });
+    user.status = 0;
+    await user.save();
+  };
+
   const passwordAuthentication = async ({ accountId, password }) => {
     const userAccount = await models.userAccount.findOne({
       where: {
@@ -83,39 +118,12 @@ module.exports = fp(async (fastify, options) => {
     return hash.digest('hex');
   };
 
-  const resetPassword = async ({ userId, password }) => {
-    const userInfo = await models.user.findOne({
-      where: { uuid: userId }
-    });
-    if (!userInfo) {
-      throw new Error('用户不存在');
-    }
-    const account = await models.userAccount.create(
-      Object.assign({}, await passwordEncryption(password), {
-        belongToUserId: userId
-      })
-    );
-
-    await userInfo.update({ userAccountId: account.uuid });
-  };
-
   const register = async ({ avatar, nickname, gender, birthday, description, phone, email, code, password, status, invitationCode }) => {
     const type = phone ? 0 : 1;
-    const verificationCode = await models.verificationCode.findOne({
-      where: {
-        name: type === 0 ? phone : email,
-        type,
-        code,
-        status: 1
-      }
-    });
-    if (!verificationCode) {
+    if (!(await verificationCodeValidate({ name: type === 0 ? phone : email, type: 0, code }))) {
       throw new Error('验证码不正确或者已经过期');
     }
 
-    verificationCode.status = 2;
-    await verificationCode.save();
-
     return await services.user.addUser({
       avatar,
       nickname,
@@ -129,30 +137,34 @@ module.exports = fp(async (fastify, options) => {
     });
   };
 
-  const sendEmailCode = async ({ email }) => {
+  const generateVerificationCode = async ({ name, type }) => {
     const code = generateRandom6DigitNumber();
-
-    // 这里写发送逻辑
-
     await models.verificationCode.update(
       {
         status: 2
       },
       {
         where: {
-          name: email,
-          type: 1,
+          name,
+          type,
           status: 0
         }
       }
     );
-
     await models.verificationCode.create({
-      name: email,
-      type: 1,
+      name,
+      type,
       code
     });
+    return code;
+  };
 
+  const sendVerificationCode = async ({ name, type }) => {
+    // messageType: 0:短信验证码，1:邮件验证码 type: 0:注册,2:登录,4:验证租户管理员,5:忘记密码
+    const code = await generateVerificationCode({ name, type });
+    const isEmail = userNameIsEmail(name);
+    // 这里写发送逻辑
+    await options.sendMessage({ name, type, messageType: isEmail ? 1 : 0, props: { code } });
     return code;
   };
 
@@ -177,42 +189,36 @@ module.exports = fp(async (fastify, options) => {
     return isPass;
   };
 
-  const sendSMSCode = async ({ phone }) => {
-    const code = generateRandom6DigitNumber();
-
+  const sendJWTVerificationCode = async ({ name, type }) => {
+    const code = await generateVerificationCode({ name, type });
+    const token = fastify.jwt.sign({ name, type, code });
+    const isEmail = userNameIsEmail(name);
     // 这里写发送逻辑
+    await options.sendMessage({ name, type, messageType: isEmail ? 1 : 0, props: { token } });
+    return token;
+  };
 
-    await models.verificationCode.update(
-      {
-        status: 2
-      },
-      {
-        where: {
-          name: phone,
-          type: 0,
-          status: 0
-        }
-      }
-    );
-
-    await models.verificationCode.create({
-      name: phone,
-      type: 0,
-      code
-    });
-
-    return code;
+  const verificationJWTCodeValidate = async ({ token }) => {
+    const { iat, name, type, code } = fastify.jwt.decode(token);
+    if (!(await verificationCodeValidate({ name, type, code }))) {
+      throw new Error('验证码不正确或者已经过期');
+    }
+    return { name, type, code };
   };
 
   services.account = {
     md5,
     login,
+    modifyPassword,
     register,
-    sendEmailCode,
-    sendSMSCode,
+    generateVerificationCode,
+    sendVerificationCode,
     verificationCodeValidate,
+    sendJWTVerificationCode,
+    verificationJWTCodeValidate,
     passwordEncryption,
     passwordAuthentication,
-    resetPassword
+    resetPassword,
+    resetPasswordByToken
   };
 });

package/libs/services/application.js

@@ -116,7 +116,7 @@ module.exports = fp(async (fastify, options) => {
     }
   };
 
-  const getApplicationList = async ({ tenantId }) => {
+  const getApplicationList = async ({ tenantId, appName }) => {
     const query = {};
     if (tenantId) {
       const tenant = await services.tenant.getTenant({ id: tenantId });
@@ -130,6 +130,9 @@ module.exports = fp(async (fastify, options) => {
         [fastify.sequelize.Sequelize.Op.in]: tenantApplications.map(({ applicationId }) => applicationId)
       };
     }
+    if (appName) {
+      query['code'] = appName;
+    }
     const list = await models.application.findAll({
       where: query
     });

package/libs/services/permission.js

@@ -81,7 +81,12 @@ module.exports = fp(async (fastify, options) => {
           const addPermissions = async (pid, applicationId) =>
             await Promise.all(
               (get(permissionsPidMapping, pid) || []).map(async ({ id, ...permissionProps }) => {
-                const permission = await services.permission.addPermission(Object.assign({}, permissionProps, { applicationId, pid }));
+                const permission = await services.permission.addPermission(
+                  Object.assign({}, permissionProps, {
+                    applicationId,
+                    pid
+                  })
+                );
                 await addPermissions(permission.id, applicationId);
               })
             );
@@ -95,7 +100,12 @@ module.exports = fp(async (fastify, options) => {
                 if (current) {
                   await addPermissions(current.id, applicationId, id);
                 } else {
-                  const permission = await services.permission.addPermission(Object.assign({}, permissionProps, { applicationId, pid }));
+                  const permission = await services.permission.addPermission(
+                    Object.assign({}, permissionProps, {
+                      applicationId,
+                      pid
+                    })
+                  );
                   await addPermissions(permission.id, applicationId);
                 }
               })
@@ -274,13 +284,17 @@ module.exports = fp(async (fastify, options) => {
     }
   };
 
-  const saveRolePermissionList = async ({ roleId, applications, permissions }) => {
+  const saveRolePermissionList = async ({ roleId, tenantId, applications, permissions }) => {
     const role = await models.tenantRole.findByPk(roleId);
     if (!role) {
       throw new Error('角色不存在');
     }
 
-    const tenantId = role.tenantId;
+    if (tenantId && role.tenantId !== tenantId) {
+      throw new Error('数据已过期，请刷新页面后重试');
+    }
+
+    tenantId = role.tenantId;
 
     await services.tenant.getTenant({ id: tenantId });
 
@@ -399,11 +413,16 @@ module.exports = fp(async (fastify, options) => {
     return { applications, permissions };
   };
 
-  const getRolePermissionList = async ({ roleId }) => {
+  const getRolePermissionList = async ({ roleId, tenantId }) => {
     const role = await models.tenantRole.findByPk(roleId);
     if (!role) {
       throw new Error('角色不存在');
     }
+
+    if (tenantId && role.tenantId !== tenantId) {
+      throw new Error('数据已过期，请刷新页面后重试');
+    }
+
     const applications = await models.tenantRoleApplication.findAll({
       where: { roleId: role.id, tenantId: role.tenantId }
     });

package/libs/services/request-log.js

@@ -0,0 +1,19 @@
+const fp = require('fastify-plugin');
+module.exports = fp(async (fastify, options) => {
+  const { models, services } = fastify.account;
+
+  const addRequestLog = async ({ userInfo, type, tenantId, appName, action, summary }) => {
+    const application = appName && (await services.application.getApplicationByCode({ code: appName }));
+    await models.requestLog.create({
+      userId: userInfo.id,
+      tenantId,
+      applicationId: application?.id,
+      type,
+      action,
+      summary
+    });
+    return {};
+  };
+
+  services.requestLog = { addRequestLog };
+});

package/libs/services/tenant-org.js

@@ -1,7 +1,7 @@
 const fp = require('fastify-plugin');
 module.exports = fp(async (fastify, options) => {
   const { models, services } = fastify.account;
-
+  const { Op } = fastify.sequelize.Sequelize;
   const getTenantOrgInstance = async ({ id }) => {
     const tenantOrg = await models.tenantOrg.findByPk(id, {
       where: {
@@ -37,21 +37,30 @@ module.exports = fp(async (fastify, options) => {
     });
   };
 
-  const saveTenantOrg = async ({ id, ...otherInfo }) => {
+  const saveTenantOrg = async ({ id, tenantId, ...otherInfo }) => {
     const tenantOrg = await getTenantOrgInstance({ id });
+    if (tenantId && tenantOrg.tenantId !== tenantId) {
+      throw new Error('数据已过期，请刷新页面后重试');
+    }
     if (
       await models.tenantOrg.count({
         where: {
           name: otherInfo.name,
           pid: otherInfo.pid,
-          tenantId: otherInfo.tenantId
+          [Op.not]: {
+            id
+          }
         }
       })
     ) {
       throw new Error('组织名称在同一父组织下有重复');
     }
 
-    ['name', 'enName', 'tenantId', 'pid'].forEach(name => {
+    if (otherInfo.pid === tenantOrg.id) {
+      throw new Error('不能用自己作为自己的父节点');
+    }
+
+    ['name', 'enName', 'pid'].forEach(name => {
       if (otherInfo[name]) {
         tenantOrg[name] = otherInfo[name];
       }
@@ -63,11 +72,15 @@ module.exports = fp(async (fastify, options) => {
   const deleteTenantOrg = async ({ id, tenantId }) => {
     const tenantOrg = await getTenantOrgInstance({ id });
 
-    const { rows } = await models.tenantOrg.findAndCountAll({
-      where: { tenantId, pid: id }
+    if (tenantId && tenantOrg.tenantId !== tenantId) {
+      throw new Error('数据已过期，请刷新页面后重试');
+    }
+
+    const count = await models.tenantOrg.count({
+      where: { tenantId: tenantOrg.tenantId, pid: id }
     });
 
-    if (rows?.length) {
+    if (count > 0) {
       throw new Error('组织下有用户或子组织无法删除');
     }
 

package/libs/services/tenant-role.js

@@ -42,9 +42,13 @@ module.exports = fp(async (fastify, options) => {
     });
   };
 
-  const saveTenantRole = async ({ id, ...otherInfo }) => {
+  const saveTenantRole = async ({ id, tenantId, ...otherInfo }) => {
     const tenantRole = await getTenantRoleInstance({ id });
 
+    if (tenantId && tenantRole.tenantId !== tenantId) {
+      throw new Error('数据已过期，请刷新页面后重试');
+    }
+
     ['name', 'description'].forEach(name => {
       if (otherInfo[name]) {
         tenantRole[name] = otherInfo[name];
@@ -54,9 +58,13 @@ module.exports = fp(async (fastify, options) => {
     await tenantRole.save();
   };
 
-  const removeTenantRole = async ({ id }) => {
+  const removeTenantRole = async ({ id, tenantId }) => {
     const tenantRole = await getTenantRoleInstance({ id });
 
+    if (tenantId && tenantRole.tenantId !== tenantId) {
+      throw new Error('数据已过期，请刷新页面后重试');
+    }
+
     await services.tenantUser.checkTenantRoleUsed({ tenantRoleId: tenantRole.id });
 
     if (tenantRole.type === 1) {

package/libs/services/tenant-user.js

@@ -92,7 +92,8 @@ module.exports = fp(async (fastify, options) => {
     const user = await services.user.getUser(authenticatePayload);
     const tenantUserList = await models.tenantUser.findAll({
       where: {
-        userId: user.id
+        userId: user.id,
+        status: 0
       }
     });
 
@@ -137,12 +138,19 @@ module.exports = fp(async (fastify, options) => {
     return currentTenantUser;
   };
 
-  const getTenantUserByUserId = async user => {
+  const getTenantUserByUserId = async ({ userInfo: user, appName }) => {
     if (!user.currentTenantId) {
       throw new Unauthorized('没有找到当前绑定租户');
     }
+
     const tenant = await services.tenant.getTenant({ id: user.currentTenantId });
 
+    const tenantApplications = await services.application.getApplicationList({ tenantId: tenant.id, appName });
+
+    if (appName && !tenantApplications.some(item => item.code === appName)) {
+      throw Unauthorized('当前租户没有开通该应用权限');
+    }
+
     const tenantUser = await models.tenantUser.findOne({
       attributes: ['uuid', 'avatar', 'name', 'description', 'phone', 'email'],
       include: [
@@ -181,11 +189,15 @@ module.exports = fp(async (fastify, options) => {
     const tenantRoleIds = tenantUser.tenantRoles.map(({ id }) => id);
     tenantRoleIds.push(defaultTenant.id);
 
-    const { userPermissionList } = await getTenantUserPermissionList({ tenantRoleIds });
+    const { userPermissionList, applications: roleApplications } = await getTenantUserPermissionList({ tenantRoleIds });
     if (!tenantUser) {
       throw new Error('当前租户用户不存在或者已经被关闭');
     }
 
+    if (appName && !roleApplications.some(item => item.code === appName)) {
+      throw Unauthorized('当前用户没有开通该应用权限');
+    }
+
     const outputTenantUser = Object.assign({}, tenantUser.get({ plain: true }), { id: tenantUser.uuid });
     outputTenantUser.tenantOrgs = outputTenantUser?.tenantOrgs.map(({ id, name }) => ({ id, name }));
     outputTenantUser.tenantRoles = outputTenantUser?.tenantRoles.map(({ id, name }) => ({ id, name }));
@@ -194,7 +206,7 @@ module.exports = fp(async (fastify, options) => {
       tenantUser: Object.assign({}, outputTenantUser, {
         permissions: userPermissionList
       }),
-      user
+      userInfo: user
     };
   };
 

package/libs/services/user.js

@@ -2,6 +2,12 @@ const fp = require('fastify-plugin');
 const { Unauthorized } = require('http-errors');
 const get = require('lodash/get');
 const pick = require('lodash/pick');
+const isNil = require('lodash/isNil');
+
+function userNameIsEmail(username) {
+  return /^([a-zA-Z0-9_.-])+@(([a-zA-Z0-9-])+\.)+([a-zA-Z0-9]{2,4})+$/.test(username);
+}
+
 module.exports = fp(async (fastify, options) => {
   const { models, services } = fastify.account;
 
@@ -19,6 +25,27 @@ module.exports = fp(async (fastify, options) => {
     return user;
   };
 
+  const getUserInstanceByName = async ({ name, status }) => {
+    const isEmail = userNameIsEmail(name);
+    const query = {};
+    if (!isNil(status)) {
+      query['status'] = Array.isArray(status)
+        ? {
+            [fastify.sequelize.Sequelize.Op.or]: status
+          }
+        : status;
+    }
+    const user = await models.user.findOne({
+      where: Object.assign({}, isEmail ? { email: name } : { phone: name }, query)
+    });
+
+    if (!user) {
+      throw new Error('用户不存在');
+    }
+
+    return user;
+  };
+
   const getUser = async authenticatePayload => {
     if (!(authenticatePayload && authenticatePayload.id)) {
       throw new Unauthorized();
@@ -127,7 +154,12 @@ module.exports = fp(async (fastify, options) => {
     });
     return {
       pageData: rows.map(item => {
-        return Object.assign({}, item.get({ pain: true }), { id: item.uuid });
+        return Object.assign({}, item.get({ pain: true }), {
+          id: item.uuid,
+          tenants: item.tenants.map(({ uuid, name }) => {
+            return { id: uuid, name };
+          })
+        });
       }),
       totalCount: count
     };
@@ -136,6 +168,7 @@ module.exports = fp(async (fastify, options) => {
   services.user = {
     getUser,
     getUserInstance,
+    getUserInstanceByName,
     saveUser,
     accountIsExists,
     addUser,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kne/fastify-account",
-  "version": "1.0.0-alpha.16",
+  "version": "1.0.0-alpha.18",
   "description": "fastify的用户管理账号等实现",
   "main": "index.js",
   "scripts": {