@kne/fastify-account 1.0.0-alpha.17 → 1.0.0-alpha.19

package/libs/models/request-log.js

@@ -0,0 +1,39 @@
+module.exports = ({ DataTypes }) => {
+  return {
+    model: {
+      userId: {
+        type: DataTypes.UUID,
+        allowNull: false
+      },
+      tenantId: {
+        type: DataTypes.UUID
+      },
+      type: {
+        type: DataTypes.STRING,
+        comment: 'user,tenant,admin'
+      },
+      applicationId: {
+        type: DataTypes.UUID
+      },
+      action: {
+        type: DataTypes.STRING
+      },
+      summary: {
+        type: DataTypes.TEXT
+      }
+    },
+    options: {
+      indexes: [
+        {
+          fields: ['user_id', 'type']
+        },
+        {
+          fields: ['tenant_id', 'type']
+        },
+        {
+          fields: ['action', 'type']
+        }
+      ]
+    }
+  };
+};

package/libs/services/account.js

@@ -14,7 +14,7 @@ function userNameIsEmail(username) {
 
 module.exports = fp(async (fastify, options) => {
   const { models, services } = fastify.account;
-  const login = async ({ username, password, ip }) => {
+  const login = async ({ username, password, ip, appName }) => {
     const isEmail = userNameIsEmail(username);
     const user = await models.user.findOne({
       where: Object.assign(
@@ -40,9 +40,13 @@ module.exports = fp(async (fastify, options) => {
 
     await passwordAuthentication({ accountId: user.userAccountId, password });
 
+    const application = appName && (await services.application.getApplicationByCode({ code: appName }));
+
     await models.loginLog.create({
       userId: user.uuid,
-      ip
+      ip,
+      currentTenantId: user.currentTenantId,
+      applicationId: application?.id
     });
 
     return {
@@ -51,22 +55,25 @@ module.exports = fp(async (fastify, options) => {
     };
   };
 
+  const resetPassword = async ({ password, userId }) => {
+    const userInfo = await services.user.getUserInstance({ id: userId });
+    const account = await models.userAccount.create(
+      Object.assign({}, await passwordEncryption(password), {
+        belongToUserId: userInfo.uuid
+      })
+    );
+
+    await userInfo.update({ userAccountId: account.uuid });
+  };
+
+  const resetPasswordByToken = async ({ password, token }) => {
+    const { name } = await verificationJWTCodeValidate({ token });
+    const user = await services.user.getUserInstanceByName({ name, status: [0, 1] });
+    await resetPassword({ password, userId: user.uuid });
+  };
+
   const modifyPassword = async ({ email, phone, oldPwd, newPwd }) => {
-    const user = await models.user.findOne({
-      where: Object.assign(
-        {},
-        email
-          ? {
-              email
-            }
-          : {
-              phone
-            },
-        {
-          status: 1
-        }
-      )
-    });
+    const user = await services.user.getUserInstanceByName({ name: email || phone, status: 1 });
     if (!user) {
       throw new Error('新用户密码只能初始化一次');
     }
@@ -111,30 +118,9 @@ module.exports = fp(async (fastify, options) => {
     return hash.digest('hex');
   };
 
-  const resetPassword = async ({ password, token }) => {
-    const { name } = await verificationJWTCodeValidate({ token });
-
-    const isEmail = userNameIsEmail(name);
-
-    const userInfo = await models.user.findOne({
-      where: isEmail ? { email: name } : { phone: name }
-    });
-    if (!userInfo) {
-      throw new Error('用户不存在');
-    }
-    const account = await models.userAccount.create(
-      Object.assign({}, await passwordEncryption(password), {
-        belongToUserId: userInfo.uuid
-      })
-    );
-
-    await userInfo.update({ userAccountId: account.uuid });
-  };
-
   const register = async ({ avatar, nickname, gender, birthday, description, phone, email, code, password, status, invitationCode }) => {
     const type = phone ? 0 : 1;
-
-    if (!(await verificationCodeValidate({ name: type === 0 ? phone : email, type, code }))) {
+    if (!(await verificationCodeValidate({ name: type === 0 ? phone : email, type: 0, code }))) {
       throw new Error('验证码不正确或者已经过期');
     }
 
@@ -173,9 +159,12 @@ module.exports = fp(async (fastify, options) => {
     return code;
   };
 
-  const sendVerificationCode = async ({ name, type, messageType }) => {
+  const sendVerificationCode = async ({ name, type }) => {
+    // messageType: 0:短信验证码，1:邮件验证码 type: 0:注册,2:登录,4:验证租户管理员,5:忘记密码
     const code = await generateVerificationCode({ name, type });
+    const isEmail = userNameIsEmail(name);
     // 这里写发送逻辑
+    await options.sendMessage({ name, type, messageType: isEmail ? 1 : 0, props: { code } });
     return code;
   };
 
@@ -200,10 +189,12 @@ module.exports = fp(async (fastify, options) => {
     return isPass;
   };
 
-  const sendJWTVerificationCode = async ({ name, type, messageType }) => {
+  const sendJWTVerificationCode = async ({ name, type }) => {
     const code = await generateVerificationCode({ name, type });
     const token = fastify.jwt.sign({ name, type, code });
+    const isEmail = userNameIsEmail(name);
     // 这里写发送逻辑
+    await options.sendMessage({ name, type, messageType: isEmail ? 1 : 0, props: { token } });
     return token;
   };
 
@@ -227,6 +218,7 @@ module.exports = fp(async (fastify, options) => {
     verificationJWTCodeValidate,
     passwordEncryption,
     passwordAuthentication,
-    resetPassword
+    resetPassword,
+    resetPasswordByToken
   };
 });

package/libs/services/application.js

@@ -116,7 +116,7 @@ module.exports = fp(async (fastify, options) => {
     }
   };
 
-  const getApplicationList = async ({ tenantId }) => {
+  const getApplicationList = async ({ tenantId, appName }) => {
     const query = {};
     if (tenantId) {
       const tenant = await services.tenant.getTenant({ id: tenantId });
@@ -130,6 +130,9 @@ module.exports = fp(async (fastify, options) => {
         [fastify.sequelize.Sequelize.Op.in]: tenantApplications.map(({ applicationId }) => applicationId)
       };
     }
+    if (appName) {
+      query['code'] = appName;
+    }
     const list = await models.application.findAll({
       where: query
     });

package/libs/services/permission.js

@@ -68,52 +68,75 @@ module.exports = fp(async (fastify, options) => {
     });
   };
 
+  const importPermissionsToApplication = async ({ applicationId, permissions }) => {
+    const permissionsPidMapping = groupBy(permissions, 'pid');
+    const pidMapping = {};
+    for (let pid of await Promise.all(Object.keys(permissionsPidMapping).sort())) {
+      const targetPid = pid === '0' ? 0 : pidMapping[pid];
+      await Promise.all(
+        permissionsPidMapping[pid].map(async item => {
+          const originPermission = await models.permission.findOne({
+            where: {
+              pid: targetPid,
+              code: item.code,
+              applicationId
+            }
+          });
+          if (originPermission) {
+            pidMapping[item.id] = originPermission.id;
+            return;
+          }
+          const newPermission = await services.permission.addPermission({
+            applicationId,
+            pid: targetPid,
+            code: item.code,
+            name: item.name,
+            type: item.type,
+            isModule: item.isModule,
+            isMust: item.isMust,
+            description: item.description
+          });
+          pidMapping[item.id] = newPermission.id;
+        })
+      );
+    }
+  };
+
   const parsePermissionListJSON = async ({ file }) => {
     const data = JSON.parse(await file.toBuffer());
     await Promise.all(
       data.map(async application => {
         const { permissions, ...other } = application;
-        const app = await services.application.getApplicationByCode({ code: application.code });
-
+        let app = await services.application.getApplicationByCode({ code: application.code });
         if (!app) {
-          const newApplication = await services.application.addApplication(other);
-          const permissionsPidMapping = groupBy(permissions, 'pid');
-          const addPermissions = async (pid, applicationId) =>
-            await Promise.all(
-              (get(permissionsPidMapping, pid) || []).map(async ({ id, ...permissionProps }) => {
-                const permission = await services.permission.addPermission(Object.assign({}, permissionProps, { applicationId, pid }));
-                await addPermissions(permission.id, applicationId);
-              })
-            );
-          await addPermissions(0, newApplication.uuid);
-        } else {
-          const permissionsPidMapping = groupBy(permissions, 'pid');
-          const addPermissions = async (pid, applicationId, importPid) => {
-            await Promise.all(
-              (get(permissionsPidMapping, importPid || pid) || []).map(async ({ id, ...permissionProps }) => {
-                const current = await models.permission.findOne({ where: { code: permissionProps.code, pid } });
-                if (current) {
-                  await addPermissions(current.id, applicationId, id);
-                } else {
-                  const permission = await services.permission.addPermission(Object.assign({}, permissionProps, { applicationId, pid }));
-                  await addPermissions(permission.id, applicationId);
-                }
-              })
-            );
-          };
-          await addPermissions(0, app.uuid);
+          app = await services.application.addApplication(other);
         }
+        await services.permission.importPermissionsToApplication({ applicationId: app.uuid, permissions });
         return app;
       })
     );
     return data;
   };
 
-  const exportPermissionList = async ({ applicationIds, tenantId }) => {
+  const copyPermissions = async ({ applicationId, originApplicationId }) => {
+    if (applicationId === originApplicationId) {
+      throw new Error('复制对象不能和自己相同');
+    }
+    await services.application.getApplication({ id: originApplicationId });
+    await services.application.getApplication({ id: applicationId });
+    const permissions = await models.permission.findAll({
+      where: { applicationId: originApplicationId }
+    });
+    await services.permission.importPermissionsToApplication({ applicationId, permissions });
+  };
+
+  const exportPermissionList = async ({ applicationIds }) => {
     return await Promise.all(
       (applicationIds || []).map(async applicationId => {
         let application = await services.application.getApplication({ id: applicationId });
-        application.permissions = await services.permission.getPermissionList({ applicationId, tenantId });
+        application.permissions = await models.permission.findAll({
+          where: { applicationId }
+        });
         return application;
       })
     );
@@ -274,13 +297,17 @@ module.exports = fp(async (fastify, options) => {
     }
   };
 
-  const saveRolePermissionList = async ({ roleId, applications, permissions }) => {
+  const saveRolePermissionList = async ({ roleId, tenantId, applications, permissions }) => {
     const role = await models.tenantRole.findByPk(roleId);
     if (!role) {
       throw new Error('角色不存在');
     }
 
-    const tenantId = role.tenantId;
+    if (tenantId && role.tenantId !== tenantId) {
+      throw new Error('数据已过期，请刷新页面后重试');
+    }
+
+    tenantId = role.tenantId;
 
     await services.tenant.getTenant({ id: tenantId });
 
@@ -399,11 +426,16 @@ module.exports = fp(async (fastify, options) => {
     return { applications, permissions };
   };
 
-  const getRolePermissionList = async ({ roleId }) => {
+  const getRolePermissionList = async ({ roleId, tenantId }) => {
     const role = await models.tenantRole.findByPk(roleId);
     if (!role) {
       throw new Error('角色不存在');
     }
+
+    if (tenantId && role.tenantId !== tenantId) {
+      throw new Error('数据已过期，请刷新页面后重试');
+    }
+
     const applications = await models.tenantRoleApplication.findAll({
       where: { roleId: role.id, tenantId: role.tenantId }
     });
@@ -423,6 +455,9 @@ module.exports = fp(async (fastify, options) => {
     saveTenantPermissionList,
     saveRolePermissionList,
     getTenantPermissionList,
-    getRolePermissionList
+    getRolePermissionList,
+    parsePermissionListJSON,
+    copyPermissions,
+    importPermissionsToApplication
   };
 });

package/libs/services/request-log.js

@@ -0,0 +1,19 @@
+const fp = require('fastify-plugin');
+module.exports = fp(async (fastify, options) => {
+  const { models, services } = fastify.account;
+
+  const addRequestLog = async ({ userInfo, type, tenantId, appName, action, summary }) => {
+    const application = appName && (await services.application.getApplicationByCode({ code: appName }));
+    await models.requestLog.create({
+      userId: userInfo.id,
+      tenantId,
+      applicationId: application?.id,
+      type,
+      action,
+      summary
+    });
+    return {};
+  };
+
+  services.requestLog = { addRequestLog };
+});

package/libs/services/tenant-org.js

@@ -1,7 +1,7 @@
 const fp = require('fastify-plugin');
 module.exports = fp(async (fastify, options) => {
   const { models, services } = fastify.account;
-
+  const { Op } = fastify.sequelize.Sequelize;
   const getTenantOrgInstance = async ({ id }) => {
     const tenantOrg = await models.tenantOrg.findByPk(id, {
       where: {
@@ -37,21 +37,30 @@ module.exports = fp(async (fastify, options) => {
     });
   };
 
-  const saveTenantOrg = async ({ id, ...otherInfo }) => {
+  const saveTenantOrg = async ({ id, tenantId, ...otherInfo }) => {
     const tenantOrg = await getTenantOrgInstance({ id });
+    if (tenantId && tenantOrg.tenantId !== tenantId) {
+      throw new Error('数据已过期，请刷新页面后重试');
+    }
     if (
       await models.tenantOrg.count({
         where: {
           name: otherInfo.name,
           pid: otherInfo.pid,
-          tenantId: otherInfo.tenantId
+          [Op.not]: {
+            id
+          }
         }
       })
     ) {
       throw new Error('组织名称在同一父组织下有重复');
     }
 
-    ['name', 'enName', 'tenantId', 'pid'].forEach(name => {
+    if (otherInfo.pid === tenantOrg.id) {
+      throw new Error('不能用自己作为自己的父节点');
+    }
+
+    ['name', 'enName', 'pid'].forEach(name => {
       if (otherInfo[name]) {
         tenantOrg[name] = otherInfo[name];
       }
@@ -63,11 +72,15 @@ module.exports = fp(async (fastify, options) => {
   const deleteTenantOrg = async ({ id, tenantId }) => {
     const tenantOrg = await getTenantOrgInstance({ id });
 
-    const { rows } = await models.tenantOrg.findAndCountAll({
-      where: { tenantId, pid: id }
+    if (tenantId && tenantOrg.tenantId !== tenantId) {
+      throw new Error('数据已过期，请刷新页面后重试');
+    }
+
+    const count = await models.tenantOrg.count({
+      where: { tenantId: tenantOrg.tenantId, pid: id }
     });
 
-    if (rows?.length) {
+    if (count > 0) {
       throw new Error('组织下有用户或子组织无法删除');
     }
 

package/libs/services/tenant-role.js

@@ -42,9 +42,13 @@ module.exports = fp(async (fastify, options) => {
     });
   };
 
-  const saveTenantRole = async ({ id, ...otherInfo }) => {
+  const saveTenantRole = async ({ id, tenantId, ...otherInfo }) => {
     const tenantRole = await getTenantRoleInstance({ id });
 
+    if (tenantId && tenantRole.tenantId !== tenantId) {
+      throw new Error('数据已过期，请刷新页面后重试');
+    }
+
     ['name', 'description'].forEach(name => {
       if (otherInfo[name]) {
         tenantRole[name] = otherInfo[name];
@@ -54,9 +58,13 @@ module.exports = fp(async (fastify, options) => {
     await tenantRole.save();
   };
 
-  const removeTenantRole = async ({ id }) => {
+  const removeTenantRole = async ({ id, tenantId }) => {
     const tenantRole = await getTenantRoleInstance({ id });
 
+    if (tenantId && tenantRole.tenantId !== tenantId) {
+      throw new Error('数据已过期，请刷新页面后重试');
+    }
+
     await services.tenantUser.checkTenantRoleUsed({ tenantRoleId: tenantRole.id });
 
     if (tenantRole.type === 1) {

package/libs/services/tenant-user.js

@@ -92,7 +92,8 @@ module.exports = fp(async (fastify, options) => {
     const user = await services.user.getUser(authenticatePayload);
     const tenantUserList = await models.tenantUser.findAll({
       where: {
-        userId: user.id
+        userId: user.id,
+        status: 0
       }
     });
 
@@ -137,12 +138,19 @@ module.exports = fp(async (fastify, options) => {
     return currentTenantUser;
   };
 
-  const getTenantUserByUserId = async user => {
+  const getTenantUserByUserId = async ({ userInfo: user, appName }) => {
     if (!user.currentTenantId) {
       throw new Unauthorized('没有找到当前绑定租户');
     }
+
     const tenant = await services.tenant.getTenant({ id: user.currentTenantId });
 
+    const tenantApplications = await services.application.getApplicationList({ tenantId: tenant.id, appName });
+
+    if (appName && !tenantApplications.some(item => item.code === appName)) {
+      throw Unauthorized('当前租户没有开通该应用权限');
+    }
+
     const tenantUser = await models.tenantUser.findOne({
       attributes: ['uuid', 'avatar', 'name', 'description', 'phone', 'email'],
       include: [
@@ -181,11 +189,15 @@ module.exports = fp(async (fastify, options) => {
     const tenantRoleIds = tenantUser.tenantRoles.map(({ id }) => id);
     tenantRoleIds.push(defaultTenant.id);
 
-    const { userPermissionList } = await getTenantUserPermissionList({ tenantRoleIds });
+    const { userPermissionList, applications: roleApplications } = await getTenantUserPermissionList({ tenantRoleIds });
     if (!tenantUser) {
       throw new Error('当前租户用户不存在或者已经被关闭');
     }
 
+    if (appName && !roleApplications.some(item => item.code === appName)) {
+      throw Unauthorized('当前用户没有开通该应用权限');
+    }
+
     const outputTenantUser = Object.assign({}, tenantUser.get({ plain: true }), { id: tenantUser.uuid });
     outputTenantUser.tenantOrgs = outputTenantUser?.tenantOrgs.map(({ id, name }) => ({ id, name }));
     outputTenantUser.tenantRoles = outputTenantUser?.tenantRoles.map(({ id, name }) => ({ id, name }));
@@ -194,7 +206,7 @@ module.exports = fp(async (fastify, options) => {
       tenantUser: Object.assign({}, outputTenantUser, {
         permissions: userPermissionList
       }),
-      user
+      userInfo: user
     };
   };
 

package/libs/services/user.js

@@ -2,6 +2,12 @@ const fp = require('fastify-plugin');
 const { Unauthorized } = require('http-errors');
 const get = require('lodash/get');
 const pick = require('lodash/pick');
+const isNil = require('lodash/isNil');
+
+function userNameIsEmail(username) {
+  return /^([a-zA-Z0-9_.-])+@(([a-zA-Z0-9-])+\.)+([a-zA-Z0-9]{2,4})+$/.test(username);
+}
+
 module.exports = fp(async (fastify, options) => {
   const { models, services } = fastify.account;
 
@@ -19,6 +25,27 @@ module.exports = fp(async (fastify, options) => {
     return user;
   };
 
+  const getUserInstanceByName = async ({ name, status }) => {
+    const isEmail = userNameIsEmail(name);
+    const query = {};
+    if (!isNil(status)) {
+      query['status'] = Array.isArray(status)
+        ? {
+            [fastify.sequelize.Sequelize.Op.or]: status
+          }
+        : status;
+    }
+    const user = await models.user.findOne({
+      where: Object.assign({}, isEmail ? { email: name } : { phone: name }, query)
+    });
+
+    if (!user) {
+      throw new Error('用户不存在');
+    }
+
+    return user;
+  };
+
   const getUser = async authenticatePayload => {
     if (!(authenticatePayload && authenticatePayload.id)) {
       throw new Unauthorized();
@@ -127,7 +154,12 @@ module.exports = fp(async (fastify, options) => {
     });
     return {
       pageData: rows.map(item => {
-        return Object.assign({}, item.get({ pain: true }), { id: item.uuid });
+        return Object.assign({}, item.get({ pain: true }), {
+          id: item.uuid,
+          tenants: item.tenants.map(({ uuid, name }) => {
+            return { id: uuid, name };
+          })
+        });
       }),
       totalCount: count
     };
@@ -136,6 +168,7 @@ module.exports = fp(async (fastify, options) => {
   services.user = {
     getUser,
     getUserInstance,
+    getUserInstanceByName,
     saveUser,
     accountIsExists,
     addUser,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kne/fastify-account",
-  "version": "1.0.0-alpha.17",
+  "version": "1.0.0-alpha.19",
   "description": "fastify的用户管理账号等实现",
   "main": "index.js",
   "scripts": {