@ruiapp/rapid-core 0.1.27 → 0.1.29

package/dist/index.js

@@ -9,6 +9,7 @@ var qs = require('qs');
 var jsonwebtoken = require('jsonwebtoken');
 var crypto = require('crypto');
 var dayjs = require('dayjs');
+var bcrypt = require('bcrypt');
 var path = require('path');
 var fs = require('fs');
 var uuid = require('uuid');
@@ -19,6 +20,7 @@ var Router__default = /*#__PURE__*/_interopDefaultLegacy(Router);
 var qs__default = /*#__PURE__*/_interopDefaultLegacy(qs);
 var crypto__default = /*#__PURE__*/_interopDefaultLegacy(crypto);
 var dayjs__default = /*#__PURE__*/_interopDefaultLegacy(dayjs);
+var bcrypt__default = /*#__PURE__*/_interopDefaultLegacy(bcrypt);
 var path__default = /*#__PURE__*/_interopDefaultLegacy(path);
 var fs__default = /*#__PURE__*/_interopDefaultLegacy(fs);
 
@@ -2613,8 +2615,18 @@ class RapidServer {
         const rapidRequest = new RapidRequest(this, request);
         await rapidRequest.parseBody();
         const routeContext = new RouteContext(this, rapidRequest);
-        await this.#pluginManager.onPrepareRouteContext(routeContext);
-        await this.#buildedRoutes(routeContext, next);
+        try {
+            await this.#pluginManager.onPrepareRouteContext(routeContext);
+            await this.#buildedRoutes(routeContext, next);
+        }
+        catch (ex) {
+            this.#logger.error('handle request error:', ex);
+            routeContext.response.json({
+                error: {
+                    message: ex.message || ex,
+                },
+            }, 500);
+        }
         return routeContext.response.getResponse();
     }
     async beforeRunRouteActions(handlerContext) {
@@ -2772,32 +2784,32 @@ async function generateJwtSecretKey() {
     return encode(exportedKey);
 }
 
-const code$l = "listMetaModels";
-async function handler$l(plugin, ctx, options) {
+const code$n = "listMetaModels";
+async function handler$n(plugin, ctx, options) {
     const { applicationConfig } = ctx;
     ctx.output = { list: applicationConfig.models };
 }
 
 var listMetaModels = /*#__PURE__*/Object.freeze({
   __proto__: null,
-  code: code$l,
-  handler: handler$l
+  code: code$n,
+  handler: handler$n
 });
 
-const code$k = "listMetaRoutes";
-async function handler$k(plugin, ctx, options) {
+const code$m = "listMetaRoutes";
+async function handler$m(plugin, ctx, options) {
     const { applicationConfig } = ctx;
     ctx.output = { list: applicationConfig.routes };
 }
 
 var listMetaRoutes = /*#__PURE__*/Object.freeze({
   __proto__: null,
-  code: code$k,
-  handler: handler$k
+  code: code$m,
+  handler: handler$m
 });
 
-const code$j = "getMetaModelDetail";
-async function handler$j(plugin, ctx, options) {
+const code$l = "getMetaModelDetail";
+async function handler$l(plugin, ctx, options) {
     const { server, input } = ctx;
     const model = server.getModel(input);
     ctx.output = model;
@@ -2805,8 +2817,8 @@ async function handler$j(plugin, ctx, options) {
 
 var getMetaModelDetail = /*#__PURE__*/Object.freeze({
   __proto__: null,
-  code: code$j,
-  handler: handler$j
+  code: code$l,
+  handler: handler$l
 });
 
 /**
@@ -3158,9 +3170,9 @@ function transformFilterWithSubFilters(filter) {
     return filter;
 }
 
-const code$i = "findCollectionEntities";
-async function handler$i(plugin, ctx, options) {
-    await runCollectionEntityActionHandler(ctx, options, code$i, async (entityManager, input) => {
+const code$k = "findCollectionEntities";
+async function handler$k(plugin, ctx, options) {
+    await runCollectionEntityActionHandler(ctx, options, code$k, async (entityManager, input) => {
         input.filters = removeFiltersWithNullValue(input.filters);
         const entities = await entityManager.findEntities(input);
         const result = { list: entities };
@@ -3175,14 +3187,14 @@ async function handler$i(plugin, ctx, options) {
 
 var findCollectionEntities = /*#__PURE__*/Object.freeze({
   __proto__: null,
-  code: code$i,
-  handler: handler$i
+  code: code$k,
+  handler: handler$k
 });
 
-const code$h = "findCollectionEntityById";
-async function handler$h(plugin, ctx, options) {
+const code$j = "findCollectionEntityById";
+async function handler$j(plugin, ctx, options) {
     const { logger, server, input } = ctx;
-    logger.debug(`Running ${code$h} handler...`, { input });
+    logger.debug(`Running ${code$j} handler...`, { input });
     const { id } = input;
     const entityManager = server.getEntityManager(options.singularCode);
     const entity = await entityManager.findById(id);
@@ -3194,13 +3206,13 @@ async function handler$h(plugin, ctx, options) {
 
 var findCollectionEntityById = /*#__PURE__*/Object.freeze({
   __proto__: null,
-  code: code$h,
-  handler: handler$h
+  code: code$j,
+  handler: handler$j
 });
 
-const code$g = "countCollectionEntities";
-async function handler$g(plugin, ctx, options) {
-    await runCollectionEntityActionHandler(ctx, options, code$g, (entityManager, input) => {
+const code$i = "countCollectionEntities";
+async function handler$i(plugin, ctx, options) {
+    await runCollectionEntityActionHandler(ctx, options, code$i, (entityManager, input) => {
         input.filters = removeFiltersWithNullValue(input.filters);
         return entityManager.count(input);
     });
@@ -3208,16 +3220,16 @@ async function handler$g(plugin, ctx, options) {
 
 var countCollectionEntities = /*#__PURE__*/Object.freeze({
   __proto__: null,
-  code: code$g,
-  handler: handler$g
+  code: code$i,
+  handler: handler$i
 });
 
-const code$f = "createCollectionEntity";
-async function handler$f(plugin, ctx, options) {
+const code$h = "createCollectionEntity";
+async function handler$h(plugin, ctx, options) {
     const { logger, server, input } = ctx;
     const { defaultInput, fixedInput } = options;
     const mergedInput = mergeInput(defaultInput, input, fixedInput);
-    logger.debug(`Running ${code$f} handler...`, { defaultInput, fixedInput, mergedInput });
+    logger.debug(`Running ${code$h} handler...`, { defaultInput, fixedInput, mergedInput });
     const userId = ctx.routerContext.state?.userId;
     if (userId) {
         input.createdBy = userId;
@@ -3231,15 +3243,15 @@ async function handler$f(plugin, ctx, options) {
 
 var createCollectionEntity = /*#__PURE__*/Object.freeze({
   __proto__: null,
-  code: code$f,
-  handler: handler$f
+  code: code$h,
+  handler: handler$h
 });
 
-const code$e = "createCollectionEntitiesBatch";
-async function handler$e(plugin, ctx, options) {
+const code$g = "createCollectionEntitiesBatch";
+async function handler$g(plugin, ctx, options) {
     const { logger, server, input } = ctx;
     const { defaultInput, fixedInput } = options;
-    logger.debug(`Running ${code$e} handler...`, { defaultInput, fixedInput, input });
+    logger.debug(`Running ${code$g} handler...`, { defaultInput, fixedInput, input });
     const { entities } = input;
     if (!lodash.isArray(entities)) {
         throw new Error("input.entities should be an array.");
@@ -3262,16 +3274,16 @@ async function handler$e(plugin, ctx, options) {
 
 var createCollectionEntitiesBatch = /*#__PURE__*/Object.freeze({
   __proto__: null,
-  code: code$e,
-  handler: handler$e
+  code: code$g,
+  handler: handler$g
 });
 
-const code$d = "updateCollectionEntityById";
-async function handler$d(plugin, ctx, options) {
+const code$f = "updateCollectionEntityById";
+async function handler$f(plugin, ctx, options) {
     const { logger, server, input } = ctx;
     const { defaultInput, fixedInput } = options;
     const mergedInput = mergeInput(defaultInput, input, fixedInput);
-    logger.debug(`Running ${code$d} handler...`, { defaultInput, fixedInput, mergedInput });
+    logger.debug(`Running ${code$f} handler...`, { defaultInput, fixedInput, mergedInput });
     const entityManager = server.getEntityManager(options.singularCode);
     const output = await entityManager.updateEntityById({ id: mergedInput.id, entityToSave: mergedInput }, plugin);
     ctx.output = output;
@@ -3279,14 +3291,14 @@ async function handler$d(plugin, ctx, options) {
 
 var updateCollectionEntityById = /*#__PURE__*/Object.freeze({
   __proto__: null,
-  code: code$d,
-  handler: handler$d
+  code: code$f,
+  handler: handler$f
 });
 
-const code$c = "deleteCollectionEntityById";
-async function handler$c(plugin, ctx, options) {
+const code$e = "deleteCollectionEntityById";
+async function handler$e(plugin, ctx, options) {
     const { logger, server, input } = ctx;
-    logger.debug(`Running ${code$c} handler...`);
+    logger.debug(`Running ${code$e} handler...`);
     const entityManager = server.getEntityManager(options.singularCode);
     await entityManager.deleteById(input.id, plugin);
     ctx.status = 200;
@@ -3295,16 +3307,16 @@ async function handler$c(plugin, ctx, options) {
 
 var deleteCollectionEntityById = /*#__PURE__*/Object.freeze({
   __proto__: null,
-  code: code$c,
-  handler: handler$c
+  code: code$e,
+  handler: handler$e
 });
 
-const code$b = "addEntityRelations";
-async function handler$b(plugin, ctx, options) {
+const code$d = "addEntityRelations";
+async function handler$d(plugin, ctx, options) {
     const { logger, server, input } = ctx;
     const { defaultInput, fixedInput } = options;
     const mergedInput = mergeInput(defaultInput, input, fixedInput);
-    logger.debug(`Running ${code$b} handler...`, { defaultInput, fixedInput, mergedInput });
+    logger.debug(`Running ${code$d} handler...`, { defaultInput, fixedInput, mergedInput });
     const entityManager = server.getEntityManager(options.singularCode);
     await entityManager.addRelations(mergedInput, plugin);
     ctx.output = {};
@@ -3312,16 +3324,16 @@ async function handler$b(plugin, ctx, options) {
 
 var addEntityRelations = /*#__PURE__*/Object.freeze({
   __proto__: null,
-  code: code$b,
-  handler: handler$b
+  code: code$d,
+  handler: handler$d
 });
 
-const code$a = "removeEntityRelations";
-async function handler$a(plugin, ctx, options) {
+const code$c = "removeEntityRelations";
+async function handler$c(plugin, ctx, options) {
     const { logger, server, input } = ctx;
     const { defaultInput, fixedInput } = options;
     const mergedInput = mergeInput(defaultInput, input, fixedInput);
-    logger.debug(`Running ${code$a} handler...`, { defaultInput, fixedInput, mergedInput });
+    logger.debug(`Running ${code$c} handler...`, { defaultInput, fixedInput, mergedInput });
     const entityManager = server.getEntityManager(options.singularCode);
     await entityManager.removeRelations(mergedInput, plugin);
     ctx.output = {};
@@ -3329,16 +3341,16 @@ async function handler$a(plugin, ctx, options) {
 
 var removeEntityRelations = /*#__PURE__*/Object.freeze({
   __proto__: null,
-  code: code$a,
-  handler: handler$a
+  code: code$c,
+  handler: handler$c
 });
 
-const code$9 = "queryDatabase";
-async function handler$9(plugin, ctx, options) {
+const code$b = "queryDatabase";
+async function handler$b(plugin, ctx, options) {
     const { logger, server, input } = ctx;
     const { sql, querySingle, defaultInput, fixedInput } = options;
     const mergedInput = mergeInput(defaultInput, input, fixedInput);
-    logger.debug(`Running ${code$9} handler...`, { defaultInput, fixedInput, mergedInput });
+    logger.debug(`Running ${code$b} handler...`, { defaultInput, fixedInput, mergedInput });
     const result = await server.queryDatabaseObject(sql, mergedInput);
     if (querySingle) {
         ctx.output = lodash.first(result);
@@ -3350,8 +3362,8 @@ async function handler$9(plugin, ctx, options) {
 
 var queryDatabase = /*#__PURE__*/Object.freeze({
   __proto__: null,
-  code: code$9,
-  handler: handler$9
+  code: code$b,
+  handler: handler$b
 });
 
 /**
@@ -3522,17 +3534,17 @@ async function sendSourceResponse(proxyCtx, targetRes) {
     srcRes.body = targetRes.body;
 }
 
-const code$8 = "httpProxy";
-async function handler$8(plugin, ctx, options) {
+const code$a = "httpProxy";
+async function handler$a(plugin, ctx, options) {
     const { logger } = ctx;
-    logger.debug(`Running ${code$8} handler...`);
+    logger.debug(`Running ${code$a} handler...`);
     await doProxy(ctx.routerContext, options);
 }
 
 var httpProxy = /*#__PURE__*/Object.freeze({
   __proto__: null,
-  code: code$8,
-  handler: handler$8
+  code: code$a,
+  handler: handler$a
 });
 
 /**
@@ -3771,8 +3783,8 @@ async function generateSn$2(server, input) {
     return sequenceNumbers;
 }
 
-const code$7 = "generateSn";
-async function handler$7(plugin, ctx, options) {
+const code$9 = "generateSn";
+async function handler$9(plugin, ctx, options) {
     const { server, routerContext } = ctx;
     const input = ctx.input;
     if (options?.ruleCode) {
@@ -3789,8 +3801,8 @@ async function handler$7(plugin, ctx, options) {
 
 var generateSn$1 = /*#__PURE__*/Object.freeze({
   __proto__: null,
-  code: code$7,
-  handler: handler$7
+  code: code$9,
+  handler: handler$9
 });
 
 var pluginActionHandlers$2 = [
@@ -4180,8 +4192,55 @@ class WebhooksPlugin {
     }
 }
 
-const code$6 = "createSession";
-async function handler$6(plugin, ctx, options) {
+const code$8 = "changePassword";
+async function handler$8(plugin, ctx, options) {
+    const { server, input, routerContext } = ctx;
+    const { id, oldPassword, newPassword } = input;
+    const userId = routerContext.state.userId;
+    if (!userId) {
+        ctx.status = 401;
+        ctx.output = {
+            error: {
+                message: "You are not signed in."
+            }
+        };
+        return;
+    }
+    const userDataAccessor = server.getDataAccessor({
+        singularCode: "oc_user",
+    });
+    const user = await userDataAccessor.findOne({
+        filters: [
+            {
+                operator: "eq",
+                field: "id",
+                value: userId,
+            }
+        ]
+    });
+    if (!user) {
+        throw new Error("User not found.");
+    }
+    const isMatch = await bcrypt__default["default"].compare(oldPassword, user.password);
+    if (!isMatch) {
+        throw new Error("旧密码错误。");
+    }
+    const saltRounds = 10;
+    const passwordHash = await bcrypt__default["default"].hash(newPassword, saltRounds);
+    await userDataAccessor.updateById(user.id, {
+        password: passwordHash,
+    });
+    ctx.output = {};
+}
+
+var changePassword$1 = /*#__PURE__*/Object.freeze({
+  __proto__: null,
+  code: code$8,
+  handler: handler$8
+});
+
+const code$7 = "createSession";
+async function handler$7(plugin, ctx, options) {
     const { server, input, routerContext } = ctx;
     const { response } = routerContext;
     const { account, password } = input;
@@ -4198,7 +4257,11 @@ async function handler$6(plugin, ctx, options) {
         ]
     });
     if (!user) {
-        throw new Error("Wrong account or password.");
+        throw new Error("用户名或密码错误。");
+    }
+    const isMatch = await bcrypt__default["default"].compare(password, user.password);
+    if (!isMatch) {
+        throw new Error("用户名或密码错误。");
     }
     const secretKey = Buffer.from(server.config.jwtKey, "base64");
     const token = createJwt({
@@ -4220,12 +4283,12 @@ async function handler$6(plugin, ctx, options) {
 
 var createSession = /*#__PURE__*/Object.freeze({
   __proto__: null,
-  code: code$6,
-  handler: handler$6
+  code: code$7,
+  handler: handler$7
 });
 
-const code$5 = "deleteSession";
-async function handler$5(plugin, ctx, options) {
+const code$6 = "deleteSession";
+async function handler$6(plugin, ctx, options) {
     const { server, input, routerContext } = ctx;
     const { response } = routerContext;
     setCookie(response.headers, {
@@ -4238,12 +4301,12 @@ async function handler$5(plugin, ctx, options) {
 
 var deleteSession = /*#__PURE__*/Object.freeze({
   __proto__: null,
-  code: code$5,
-  handler: handler$5
+  code: code$6,
+  handler: handler$6
 });
 
-const code$4 = "getMyProfile";
-async function handler$4(plugin, ctx, options) {
+const code$5 = "getMyProfile";
+async function handler$5(plugin, ctx, options) {
     const { server, input, routerContext } = ctx;
     const userId = routerContext.state.userId;
     if (!userId) {
@@ -4272,15 +4335,50 @@ async function handler$4(plugin, ctx, options) {
 }
 
 var getMyProfile$2 = /*#__PURE__*/Object.freeze({
+  __proto__: null,
+  code: code$5,
+  handler: handler$5
+});
+
+const code$4 = "resetPassword";
+async function handler$4(plugin, ctx, options) {
+    const { server, input, routerContext } = ctx;
+    const { userId, password } = input;
+    const userDataAccessor = server.getDataAccessor({
+        singularCode: "oc_user",
+    });
+    const user = await userDataAccessor.findOne({
+        filters: [
+            {
+                operator: "eq",
+                field: "id",
+                value: userId,
+            }
+        ]
+    });
+    if (!user) {
+        throw new Error("User not found.");
+    }
+    const saltRounds = 10;
+    const passwordHash = await bcrypt__default["default"].hash(password, saltRounds);
+    await userDataAccessor.updateById(user.id, {
+        password: passwordHash,
+    });
+    ctx.output = {};
+}
+
+var resetPassword$1 = /*#__PURE__*/Object.freeze({
   __proto__: null,
   code: code$4,
   handler: handler$4
 });
 
 var pluginActionHandlers$1 = [
+    changePassword$1,
     createSession,
     deleteSession,
     getMyProfile$2,
+    resetPassword$1,
 ];
 
 var AccessToken = {
@@ -4342,6 +4440,20 @@ var pluginModels = [
     AccessToken,
 ];
 
+var changePassword = {
+    namespace: "auth",
+    name: "auth.changePassword",
+    code: "auth.changePassword",
+    type: "RESTful",
+    method: "POST",
+    endpoint: "/changePassword",
+    actions: [
+        {
+            code: "changePassword",
+        },
+    ],
+};
+
 var getMyProfile$1 = {
     namespace: "auth",
     name: "auth.getMyProfile",
@@ -4356,6 +4468,20 @@ var getMyProfile$1 = {
     ],
 };
 
+var resetPassword = {
+    namespace: "auth",
+    name: "auth.resetPassword",
+    code: "auth.resetPassword",
+    type: "RESTful",
+    method: "POST",
+    endpoint: "/resetPassword",
+    actions: [
+        {
+            code: "resetPassword",
+        },
+    ],
+};
+
 var signin$1 = {
     namespace: "auth",
     name: "auth.signin",
@@ -4385,7 +4511,9 @@ var signout$1 = {
 };
 
 var pluginRoutes$1 = [
+    changePassword,
     getMyProfile$1,
+    resetPassword,
     signin$1,
     signout$1,
 ];

package/dist/plugins/auth/actionHandlers/changePassword.d.ts

@@ -0,0 +1,4 @@
+import { ActionHandlerContext } from "../../../core/actionHandler";
+import { RapidPlugin } from "../../../core/server";
+export declare const code = "changePassword";
+export declare function handler(plugin: RapidPlugin, ctx: ActionHandlerContext, options: any): Promise<void>;

package/dist/plugins/auth/actionHandlers/index.d.ts

@@ -1,5 +1,7 @@
+import * as changePassword from "./changePassword";
 import * as createSession from "./createSession";
 import * as deleteSession from "./deleteSession";
 import * as getMyProfile from "./getMyProfile";
-declare const _default: (typeof createSession | typeof deleteSession | typeof getMyProfile)[];
+import * as resetPassword from "./resetPassword";
+declare const _default: (typeof changePassword | typeof createSession | typeof deleteSession | typeof getMyProfile | typeof resetPassword)[];
 export default _default;

package/dist/plugins/auth/actionHandlers/resetPassword.d.ts

@@ -0,0 +1,4 @@
+import { ActionHandlerContext } from "../../../core/actionHandler";
+import { RapidPlugin } from "../../../core/server";
+export declare const code = "resetPassword";
+export declare function handler(plugin: RapidPlugin, ctx: ActionHandlerContext, options: any): Promise<void>;

package/dist/plugins/auth/routes/changePassword.d.ts

@@ -0,0 +1,12 @@
+declare const _default: {
+    namespace: string;
+    name: string;
+    code: string;
+    type: "RESTful";
+    method: "POST";
+    endpoint: string;
+    actions: {
+        code: string;
+    }[];
+};
+export default _default;

package/dist/plugins/auth/routes/index.d.ts

@@ -3,7 +3,7 @@ declare const _default: ({
     name: string;
     code: string;
     type: "RESTful";
-    method: "GET";
+    method: "POST";
     endpoint: string;
     actions: {
         code: string;
@@ -13,7 +13,7 @@ declare const _default: ({
     name: string;
     code: string;
     type: "RESTful";
-    method: "POST";
+    method: "GET";
     endpoint: string;
     actions: {
         code: string;

package/dist/plugins/auth/routes/resetPassword.d.ts

@@ -0,0 +1,12 @@
+declare const _default: {
+    namespace: string;
+    name: string;
+    code: string;
+    type: "RESTful";
+    method: "POST";
+    endpoint: string;
+    actions: {
+        code: string;
+    }[];
+};
+export default _default;

package/dist/server.d.ts

@@ -39,7 +39,7 @@ export declare class RapidServer implements IRpdServer {
     queryDatabaseObject(sql: string, params?: unknown[] | Record<string, unknown>): Promise<any[]>;
     tryQueryDatabaseObject(sql: string, params?: unknown[] | Record<string, unknown>): Promise<any[]>;
     get middlewares(): any[];
-    handleRequest(request: Request, next: Next): any;
+    handleRequest(request: Request, next: Next): Promise<Response>;
     beforeRunRouteActions(handlerContext: ActionHandlerContext): Promise<void>;
     beforeCreateEntity(model: RpdDataModel, options: CreateEntityOptions): Promise<void>;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ruiapp/rapid-core",
-  "version": "0.1.27",
+  "version": "0.1.29",
   "description": "",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -18,6 +18,7 @@
     "typescript": "^4.8.4"
   },
   "dependencies": {
+    "bcrypt": "^5.1.1",
     "dayjs": "^1.11.7",
     "jsonwebtoken": "^9.0.2",
     "koa-tree-router": "^0.12.1",

package/src/plugins/auth/actionHandlers/changePassword.ts

@@ -0,0 +1,58 @@
+import bcrypt from "bcrypt";
+import { ActionHandlerContext } from "~/core/actionHandler";
+import { RapidPlugin } from "~/core/server";
+
+export const code = "changePassword";
+
+export async function handler(
+  plugin: RapidPlugin,
+  ctx: ActionHandlerContext,
+  options: any,
+) {
+  const { server, input, routerContext } = ctx;
+  const { response } = routerContext;
+  const { id, oldPassword, newPassword } = input;
+
+  const userId = routerContext.state.userId;
+  if (!userId) {
+    ctx.status = 401;
+    ctx.output = {
+      error: {
+        message: "You are not signed in."
+      }
+    }
+    return;
+  }
+
+  const userDataAccessor = server.getDataAccessor({
+    singularCode: "oc_user",
+  });
+
+  const user = await userDataAccessor.findOne({
+    filters: [
+      {
+        operator: "eq",
+        field: "id",
+        value: userId,
+      }
+    ]
+  });
+
+  if (!user) {
+    throw new Error("User not found.");
+  }
+
+  const isMatch = await bcrypt.compare(oldPassword, user.password);
+  if (!isMatch) {
+    throw new Error("旧密码错误。");
+  }
+
+  const saltRounds = 10;
+  const passwordHash = await bcrypt.hash(newPassword, saltRounds);
+
+  await userDataAccessor.updateById(user.id, {
+    password: passwordHash,
+  });
+
+  ctx.output = {};
+}

package/src/plugins/auth/actionHandlers/createSession.ts

@@ -1,3 +1,4 @@
+import bcrypt from "bcrypt";
 import { setCookie } from "~/deno-std/http/cookie";
 import { createJwt } from "~/utilities/jwtUtility";
 import { ActionHandlerContext } from "~/core/actionHandler";
@@ -34,7 +35,12 @@ export async function handler(
   });
 
   if (!user) {
-    throw new Error("Wrong account or password.");
+    throw new Error("用户名或密码错误。");
+  }
+
+  const isMatch = await bcrypt.compare(password, user.password);
+  if (!isMatch) {
+    throw new Error("用户名或密码错误。");
   }
 
   const secretKey = Buffer.from(server.config.jwtKey, "base64");

package/src/plugins/auth/actionHandlers/index.ts

@@ -1,10 +1,14 @@
 import { IPluginActionHandler } from "~/core/actionHandler";
+import * as changePassword from "./changePassword";
 import * as createSession from "./createSession";
 import * as deleteSession from "./deleteSession";
 import * as getMyProfile from "./getMyProfile";
+import * as resetPassword from "./resetPassword";
 
 export default [
+  changePassword,
   createSession,
   deleteSession,
   getMyProfile,
+  resetPassword,
 ] satisfies IPluginActionHandler[];

package/src/plugins/auth/actionHandlers/resetPassword.ts

@@ -0,0 +1,42 @@
+import bcrypt from "bcrypt";
+import { ActionHandlerContext } from "~/core/actionHandler";
+import { RapidPlugin } from "~/core/server";
+
+export const code = "resetPassword";
+
+export async function handler(
+  plugin: RapidPlugin,
+  ctx: ActionHandlerContext,
+  options: any,
+) {
+  const { server, input, routerContext } = ctx;
+  const { response } = routerContext;
+  const { userId, password } = input;
+
+  const userDataAccessor = server.getDataAccessor({
+    singularCode: "oc_user",
+  });
+
+  const user = await userDataAccessor.findOne({
+    filters: [
+      {
+        operator: "eq",
+        field: "id",
+        value: userId,
+      }
+    ]
+  });
+
+  if (!user) {
+    throw new Error("User not found.");
+  }
+
+  const saltRounds = 10;
+  const passwordHash = await bcrypt.hash(password, saltRounds);
+
+  await userDataAccessor.updateById(user.id, {
+    password: passwordHash,
+  });
+
+  ctx.output = {};
+}

package/src/plugins/auth/routes/changePassword.ts

@@ -0,0 +1,15 @@
+import { RpdRoute } from "~/types";
+
+export default {
+  namespace: "auth",
+  name: "auth.changePassword",
+  code: "auth.changePassword",
+  type: "RESTful",
+  method: "POST",
+  endpoint: "/changePassword",
+  actions: [
+    {
+      code: "changePassword",
+    },
+  ],
+} satisfies RpdRoute;

package/src/plugins/auth/routes/index.ts

@@ -1,9 +1,13 @@
+import changePassword from "./changePassword";
 import getMyProfile from "./getMyProfile";
+import resetPassword from "./resetPassword";
 import signin from "./signin";
 import signout from "./signout";
 
 export default [
+  changePassword,
   getMyProfile,
+  resetPassword,
   signin,
   signout,
 ]

package/src/plugins/auth/routes/resetPassword.ts

@@ -0,0 +1,15 @@
+import { RpdRoute } from "~/types";
+
+export default {
+  namespace: "auth",
+  name: "auth.resetPassword",
+  code: "auth.resetPassword",
+  type: "RESTful",
+  method: "POST",
+  endpoint: "/resetPassword",
+  actions: [
+    {
+      code: "resetPassword",
+    },
+  ],
+} satisfies RpdRoute;

package/src/server.ts

@@ -312,10 +312,19 @@ export class RapidServer implements IRpdServer {
   async handleRequest(request: Request, next: Next) {
     const rapidRequest = new RapidRequest(this, request);
     await rapidRequest.parseBody();
-    const routeContext = new RouteContext(this, rapidRequest);
-    await this.#pluginManager.onPrepareRouteContext(routeContext);
+    const routeContext: RouteContext = new RouteContext(this, rapidRequest);
 
-    await this.#buildedRoutes(routeContext, next);
+    try {
+      await this.#pluginManager.onPrepareRouteContext(routeContext);
+      await this.#buildedRoutes(routeContext, next);
+    } catch (ex) {
+      this.#logger.error('handle request error:', ex)
+      routeContext.response.json({
+        error: {
+          message: ex.message || ex,
+        },
+      }, 500);
+    }
     return routeContext.response.getResponse();
   }