@steedos/accounts 3.0.0-beta.99 → 3.0.0

package/src/rest-express/endpoints/login.ts

@@ -1,55 +1,58 @@
 /*
  * @Author: baozhoutao@steedos.com
  * @Date: 2022-03-28 09:35:34
- * @LastEditors: baozhoutao@steedos.com
- * @LastEditTime: 2023-09-18 17:57:53
- * @Description: 
+ * @LastEditors: 孙浩林 sunhaolin@steedos.com
+ * @LastEditTime: 2025-09-12 14:08:55
+ * @Description:
  */
-import * as express from 'express';
-import * as requestIp from 'request-ip';
-import { AccountsServer, generateRandomToken } from '../../server';
-import { getUserAgent } from '../utils/get-user-agent';
-import { sendError } from '../utils/send-error';
-import { setAuthCookies } from '../utils/steedos-auth';
-import isMobile from 'ismobilejs';
-import { getObject } from '@steedos/objectql';
-import { db } from '../../db';
-import { getFirstSpace } from './spaces';
+import * as express from "express";
+import { getClientIp } from "../utils/getClientIp";
+import { AccountsServer, generateRandomToken } from "../../server";
+import { getUserAgent } from "../utils/get-user-agent";
+import { sendError } from "../utils/send-error";
+import { setAuthCookies } from "../utils/steedos-auth";
+import isMobile from "ismobilejs";
+import { getObject } from "@steedos/objectql";
+import { db } from "../../db";
+import { getFirstSpace } from "./spaces";
 
-export const login = (accountsServer: AccountsServer) => async (
-  req: express.Request,
-  res: express.Response
-) => {
-  let userAgent = getUserAgent(req) || '';
-  const ip = requestIp.getClientIp(req);
-  let status = 'success';
-  let message = '';
-  let result: any = null;
-  try {
-    result = await accountsServer.loginWithService('password', req.body, {
-      ip,
-      userAgent
-    });
-    if(result._next){
-      return res.json(result);
-    }
-
-    setAuthCookies(req, res, result.user._id, result.token, result.tokens.accessToken);
+export const login =
+  (accountsServer: AccountsServer) =>
+  async (req: express.Request, res: express.Response) => {
+    let userAgent = getUserAgent(req) || "";
+    const ip = getClientIp(req);
+    let status = "success";
+    let message = "";
+    let result: any = null;
     try {
-      if(result && result.user){
-        delete result.user['services']
+      result = await accountsServer.loginWithService("password", req.body, {
+        ip,
+        userAgent,
+      });
+      if (result._next) {
+        return res.json(result);
       }
-    } catch (error) {
-      
-    }
-    res.json(result);
-    return;
-  } catch (err) {
-    console.log(err)
-    status = 'fail';
-    message = err.message;
-    sendError(res, {message: err.message});
-  } finally {
+
+      setAuthCookies(
+        req,
+        res,
+        result.user._id,
+        result.token,
+        result.tokens.accessToken,
+      );
+      try {
+        if (result && result.user) {
+          delete result.user["services"];
+        }
+      } catch (error) {}
+      res.json(result);
+      return;
+    } catch (err) {
+      console.log(err);
+      status = "fail";
+      message = err.message;
+      sendError(res, { message: err.message });
+    } finally {
       let is_phone = false;
       let is_tablet = false;
       if (userAgent) {
@@ -64,25 +67,27 @@ export const login = (accountsServer: AccountsServer) => async (
       const space = await getFirstSpace(accountsServer);
 
       let remote_user = null;
-      if(!result){
-        let foundUser: any | null = await accountsServer.getServices()["password"].foundUser(req.body.user);
-        remote_user = foundUser?foundUser._id:null
-      }else{
-        remote_user = result?.user?._id
+      if (!result) {
+        let foundUser: any | null = await accountsServer
+          .getServices()
+          ["password"].foundUser(req.body.user);
+        remote_user = foundUser ? foundUser._id : null;
+      } else {
+        remote_user = result?.user?._id;
       }
 
-      if(space){
+      if (space) {
         // 记录登录日志, 不记录密码.
-        const { password, ...data} = req.body;
-        await getObject('operation_logs').insert({
-          name: '登录',
-          type: 'login',
+        const { password, ...data } = req.body;
+        await getObject("operation_logs").insert({
+          name: "登录",
+          type: "login",
           remote_user: remote_user,
           remote_addr: ip,
           http_user_agent: userAgent,
           is_mobile: is_phone,
           is_tablet,
-          object: 'users',
+          object: "users",
           status: status,
           create: new Date(),
           space: space._id,
@@ -90,9 +95,9 @@ export const login = (accountsServer: AccountsServer) => async (
           data: JSON.stringify(data),
           related_to: {
             o: "users",
-            ids: [remote_user]
-          }
-        })
+            ids: [remote_user],
+          },
+        });
       }
-  }
-}
+    }
+  };

package/src/rest-express/endpoints/logout.ts

@@ -11,7 +11,7 @@ import { AccountsServer } from "../../server";
 import { sendError } from "../utils/send-error";
 import { clearAuthCookies } from "../utils/steedos-auth";
 import { getObject } from "@steedos/objectql";
-import * as requestIp from "request-ip";
+import { getClientIp } from "../utils/getClientIp";
 import { getUserAgent } from "../utils/get-user-agent";
 import isMobile from "ismobilejs";
 import { getSteedosSchema } from "@steedos/objectql";
@@ -37,7 +37,7 @@ export const logout =
       //sendError(res, err);
     } finally {
       let userAgent = getUserAgent(req) || "";
-      const ip = requestIp.getClientIp(req);
+      const ip = getClientIp(req);
       let status = "success";
       let message = "";
       let is_phone = false;

package/src/rest-express/endpoints/oauth/provider-callback.ts

@@ -1,46 +1,53 @@
-import * as express from 'express';
-import * as requestIp from 'request-ip';
-import { AccountsServer } from '../../../server';
-import { getUserAgent } from '../../utils/get-user-agent';
-import { sendError } from '../../utils/send-error';
-import { AccountsExpressOptions } from '../../types';
+/*
+ * @Author: 孙浩林 sunhaolin@steedos.com
+ * @Date: 2025-02-17 09:39:59
+ * @LastEditors: 孙浩林 sunhaolin@steedos.com
+ * @LastEditTime: 2025-09-12 14:29:52
+ * @FilePath: /steedos-platform-3.0/packages/accounts/src/rest-express/endpoints/oauth/provider-callback.ts
+ * @Description:
+ */
+import * as express from "express";
+import { getClientIp } from "../../utils/getClientIp";
+import { AccountsServer } from "../../../server";
+import { getUserAgent } from "../../utils/get-user-agent";
+import { sendError } from "../../utils/send-error";
+import { AccountsExpressOptions } from "../../types";
 
 interface RequestWithSession extends express.Request {
   session: any;
 }
 
-export const providerCallback = (
-  accountsServer: AccountsServer,
-  options?: AccountsExpressOptions
-) => async (req: express.Request, res: express.Response) => {
-  try {
-    const userAgent = getUserAgent(req);
-    const ip = requestIp.getClientIp(req);
-    const loggedInUser = await accountsServer.loginWithService(
-      'oauth',
-      {
-        ...(req.params || {}),
-        ...(req.query || {}),
-        ...(req.body || {}),
-        ...((req as RequestWithSession).session || {}),
-      },
-      { ip, userAgent }
-    );
+export const providerCallback =
+  (accountsServer: AccountsServer, options?: AccountsExpressOptions) =>
+  async (req: express.Request, res: express.Response) => {
+    try {
+      const userAgent = getUserAgent(req);
+      const ip = getClientIp(req);
+      const loggedInUser = await accountsServer.loginWithService(
+        "oauth",
+        {
+          ...(req.params || {}),
+          ...(req.query || {}),
+          ...(req.body || {}),
+          ...((req as RequestWithSession).session || {}),
+        },
+        { ip, userAgent },
+      );
 
-    if (options && options.onOAuthSuccess) {
-      options.onOAuthSuccess(req, res, loggedInUser);
-    }
+      if (options && options.onOAuthSuccess) {
+        options.onOAuthSuccess(req, res, loggedInUser);
+      }
 
-    if (options && options.transformOAuthResponse) {
-      res.json(options.transformOAuthResponse(loggedInUser));
-    } else {
-      res.json(loggedInUser);
-    }
-  } catch (err) {
-    if (options && options.onOAuthError) {
-      options.onOAuthError(req, res, err);
-    }
+      if (options && options.transformOAuthResponse) {
+        res.json(options.transformOAuthResponse(loggedInUser));
+      } else {
+        res.json(loggedInUser);
+      }
+    } catch (err) {
+      if (options && options.onOAuthError) {
+        options.onOAuthError(req, res, err);
+      }
 
-    sendError(res, err);
-  }
-};
+      sendError(res, err);
+    }
+  };

package/src/rest-express/endpoints/password/change-password.ts

@@ -1,8 +1,8 @@
 /*
  * @Author: baozhoutao@steedos.com
  * @Date: 2022-05-19 11:38:30
- * @LastEditors: baozhoutao@steedos.com
- * @LastEditTime: 2023-09-18 17:58:22
+ * @LastEditors: 孙浩林 sunhaolin@steedos.com
+ * @LastEditTime: 2025-09-12 14:29:58
  * @Description:
  */
 import * as express from "express";
@@ -11,7 +11,7 @@ import { sendError } from "../../utils/send-error";
 import { getSteedosConfig, getObject } from "@steedos/objectql";
 import { hashPassword } from "../../../password/utils";
 
-import * as requestIp from "request-ip";
+import { getClientIp } from "../../utils/getClientIp";
 import { getUserAgent } from "../../utils/get-user-agent";
 import isMobile from "ismobilejs";
 import { db } from "../../../db";
@@ -59,7 +59,7 @@ export const changePassword =
         );
 
         const userAgent = getUserAgent(req);
-        const ip = requestIp.getClientIp(req);
+        const ip = getClientIp(req);
         let is_phone = false;
         let is_tablet = false;
         if (userAgent) {

package/src/rest-express/endpoints/refresh-access-token.ts

@@ -1,25 +1,24 @@
-import * as express from 'express';
-import * as requestIp from 'request-ip';
-import { AccountsServer } from '../../server';
-import { getUserAgent } from '../utils/get-user-agent';
-import { sendError } from '../utils/send-error';
+import * as express from "express";
+import { getClientIp } from "../utils/getClientIp";
+import { AccountsServer } from "../../server";
+import { getUserAgent } from "../utils/get-user-agent";
+import { sendError } from "../utils/send-error";
 
-export const refreshAccessToken = (accountsServer: AccountsServer) => async (
-  req: express.Request,
-  res: express.Response
-) => {
-  try {
-    const { accessToken, refreshToken } = req.body;
-    const userAgent = getUserAgent(req);
-    const ip = requestIp.getClientIp(req);
-    const refreshedSession = await accountsServer.refreshTokens(
-      accessToken,
-      refreshToken,
-      ip,
-      userAgent
-    );
-    res.json(refreshedSession);
-  } catch (err) {
-    sendError(res, err);
-  }
-};
+export const refreshAccessToken =
+  (accountsServer: AccountsServer) =>
+  async (req: express.Request, res: express.Response) => {
+    try {
+      const { accessToken, refreshToken } = req.body;
+      const userAgent = getUserAgent(req);
+      const ip = getClientIp(req);
+      const refreshedSession = await accountsServer.refreshTokens(
+        accessToken,
+        refreshToken,
+        ip,
+        userAgent,
+      );
+      res.json(refreshedSession);
+    } catch (err) {
+      sendError(res, err);
+    }
+  };

package/src/rest-express/endpoints/service-authenticate.ts

@@ -1,76 +1,95 @@
-import * as express from 'express';
-import * as requestIp from 'request-ip';
-import { AccountsServer } from '../../server';
-import { getUserAgent } from '../utils/get-user-agent';
-import { sendError } from '../utils/send-error';
-import { setAuthCookies, hashStampedToken } from '../utils/steedos-auth';
-import { db } from '../../db';
-import * as _ from 'lodash';
-import { getUserSpace } from '../utils/users'
+import * as express from "express";
+import { getClientIp } from "../utils/getClientIp";
+import { AccountsServer } from "../../server";
+import { getUserAgent } from "../utils/get-user-agent";
+import { sendError } from "../utils/send-error";
+import { setAuthCookies, hashStampedToken } from "../utils/steedos-auth";
+import { db } from "../../db";
+import * as _ from "lodash";
+import { getUserSpace } from "../utils/users";
 
-export const serviceAuthenticate = (accountsServer: AccountsServer) => async (
-  req: express.Request,
-  res: express.Response
-) => {
-  try {
-    const serviceName = req.params.service;
-    let userAgent = getUserAgent(req) || '';
-    const ip = requestIp.getClientIp(req);
-    const email = req.body.user.email;
-    const spaceId = req.body.spaceId;
-    let services: any = accountsServer.getServices();
-    let db = services[serviceName].db;
+export const serviceAuthenticate =
+  (accountsServer: AccountsServer) =>
+  async (req: express.Request, res: express.Response) => {
+    try {
+      const serviceName = req.params.service;
+      let userAgent = getUserAgent(req) || "";
+      const ip = getClientIp(req);
+      const email = req.body.user.email;
+      const spaceId = req.body.spaceId;
+      let services: any = accountsServer.getServices();
+      let db = services[serviceName].db;
 
-    if(email && email.indexOf("@") < 0){
-      req.body.user.username = email
-    }
+      if (email && email.indexOf("@") < 0) {
+        req.body.user.username = email;
+      }
 
-    const loggedInUser: any = await accountsServer.loginWithService(serviceName, req.body, {
-      ip,
-      userAgent
-    });
+      const loggedInUser: any = await accountsServer.loginWithService(
+        serviceName,
+        req.body,
+        {
+          ip,
+          userAgent,
+        },
+      );
 
-    //获取user session
-    let session:any = await accountsServer.findSessionByAccessToken(loggedInUser.tokens.accessToken)
+      //获取user session
+      let session: any = await accountsServer.findSessionByAccessToken(
+        loggedInUser.tokens.accessToken,
+      );
 
-    //获取用户有效的工作区Id，并且写入Sessions中
-    let validSpaceId = await getUserSpace(session.userId, spaceId);
-    if(validSpaceId){
-      userAgent = `${userAgent} Space/${validSpaceId}`
-      db.updateSession(loggedInUser.sessionId, {
-        ip,
-        userAgent});
-    }
+      //获取用户有效的工作区Id，并且写入Sessions中
+      let validSpaceId = await getUserSpace(session.userId, spaceId);
+      if (validSpaceId) {
+        userAgent = `${userAgent} Space/${validSpaceId}`;
+        db.updateSession(loggedInUser.sessionId, {
+          ip,
+          userAgent,
+        });
+      }
 
-    //确认用户密码是否过期
-    let user = await db.collection.findOne({_id: session.userId}, { password_expired: 1 })
+      //确认用户密码是否过期
+      let user = await db.collection.findOne(
+        { _id: session.userId },
+        { password_expired: 1 },
+      );
 
-    //创建Meteor token
-    let authToken = null;
-    let stampedAuthToken = {
-      token: session.token,
-      when: new Date
-    };
-    authToken = stampedAuthToken.token;
-    let hashedToken = hashStampedToken(stampedAuthToken);
-    let _user = await db.collection.findOne({_id: session.userId}, { services:1 })
-    if(!_user['services']){
-      _user['services'] = {}
-    }
-    if (!_user['services']['resume']) {
-      _user['services']['resume'] = {loginTokens: []}
-    }
-    if (!_user['services']['resume']['loginTokens']) {
-      _user['services']['resume']['loginTokens'] = [];
-    }
-    _user['services']['resume']['loginTokens'].push(hashedToken)
-    let data = { services: _user['services'] }
-    await db.collection.updateOne({_id: session.userId}, {$set: data});
-    // 设置cookies
-    setAuthCookies(req, res, session.userId, authToken, loggedInUser.tokens.accessToken, validSpaceId);
+      //创建Meteor token
+      let authToken = null;
+      let stampedAuthToken = {
+        token: session.token,
+        when: new Date(),
+      };
+      authToken = stampedAuthToken.token;
+      let hashedToken = hashStampedToken(stampedAuthToken);
+      let _user = await db.collection.findOne(
+        { _id: session.userId },
+        { services: 1 },
+      );
+      if (!_user["services"]) {
+        _user["services"] = {};
+      }
+      if (!_user["services"]["resume"]) {
+        _user["services"]["resume"] = { loginTokens: [] };
+      }
+      if (!_user["services"]["resume"]["loginTokens"]) {
+        _user["services"]["resume"]["loginTokens"] = [];
+      }
+      _user["services"]["resume"]["loginTokens"].push(hashedToken);
+      let data = { services: _user["services"] };
+      await db.collection.updateOne({ _id: session.userId }, { $set: data });
+      // 设置cookies
+      setAuthCookies(
+        req,
+        res,
+        session.userId,
+        authToken,
+        loggedInUser.tokens.accessToken,
+        validSpaceId,
+      );
 
-    res.json(loggedInUser);
-  } catch (err) {
-    sendError(res, err);
-  }
-};
+      res.json(loggedInUser);
+    } catch (err) {
+      sendError(res, err);
+    }
+  };

package/src/rest-express/endpoints/update-session.ts

@@ -1,46 +1,54 @@
-import * as express from 'express';
-import * as requestIp from 'request-ip';
-import { AccountsServer } from '../../server';
-import { getUserAgent } from '../utils/get-user-agent';
-import { sendError } from '../utils/send-error';
-import { setAuthCookies, getAuthTokenCookie } from '../utils/steedos-auth';
-import { db } from '../../db';
-import { getUserSpace } from '../utils/users'
-import * as _ from 'lodash';
+import * as express from "express";
+import { getClientIp } from "../utils/getClientIp";
+import { AccountsServer } from "../../server";
+import { getUserAgent } from "../utils/get-user-agent";
+import { sendError } from "../utils/send-error";
+import { setAuthCookies, getAuthTokenCookie } from "../utils/steedos-auth";
+import { db } from "../../db";
+import { getUserSpace } from "../utils/users";
+import * as _ from "lodash";
 
-export const updateSession = (accountsServer: AccountsServer) => async (
-  req: express.Request,
-  res: express.Response
-) => {
-  try {
-    const userId = (req as any).user._id;
-    const serviceName = req.params.service;
-    let userAgent = getUserAgent(req) || '';
-    const ip = requestIp.getClientIp(req);
-    let services: any = accountsServer.getServices();
-    let db = services[serviceName].db;
-    const spaceId = req.body.spaceId;
-    let accessToken = req.body.accessToken;
-    let session:any = await accountsServer.findSessionByAccessToken(accessToken)
+export const updateSession =
+  (accountsServer: AccountsServer) =>
+  async (req: express.Request, res: express.Response) => {
+    try {
+      const userId = (req as any).user._id;
+      const serviceName = req.params.service;
+      let userAgent = getUserAgent(req) || "";
+      const ip = getClientIp(req);
+      let services: any = accountsServer.getServices();
+      let db = services[serviceName].db;
+      const spaceId = req.body.spaceId;
+      let accessToken = req.body.accessToken;
+      let session: any =
+        await accountsServer.findSessionByAccessToken(accessToken);
 
-    if(!session){
-      throw new Error('Invalid accessToken');
-    }
+      if (!session) {
+        throw new Error("Invalid accessToken");
+      }
 
-    //获取用户有效的工作区Id，并且写入Sessions中
-    let validSpaceId = await getUserSpace(userId, spaceId);
-    if(validSpaceId){
-      userAgent = `${userAgent} Space/${validSpaceId}`
-      db.updateSession(session.id, {
-        ip,
-        userAgent});
-    }
-    
-    // 设置cookies
-    setAuthCookies(req, res, session.userId, getAuthTokenCookie(req, res), accessToken, validSpaceId);
+      //获取用户有效的工作区Id，并且写入Sessions中
+      let validSpaceId = await getUserSpace(userId, spaceId);
+      if (validSpaceId) {
+        userAgent = `${userAgent} Space/${validSpaceId}`;
+        db.updateSession(session.id, {
+          ip,
+          userAgent,
+        });
+      }
 
-    res.json({});
-  } catch (err) {
-    sendError(res, err);
-  }
-};
+      // 设置cookies
+      setAuthCookies(
+        req,
+        res,
+        session.userId,
+        getAuthTokenCookie(req, res),
+        accessToken,
+        validSpaceId,
+      );
+
+      res.json({});
+    } catch (err) {
+      sendError(res, err);
+    }
+  };

package/src/rest-express/utils/getClientIp.ts

@@ -0,0 +1,25 @@
+/*
+ * @Author: 孙浩林 sunhaolin@steedos.com
+ * @Date: 2025-09-12 14:05:36
+ * @LastEditors: 孙浩林 sunhaolin@steedos.com
+ * @LastEditTime: 2025-09-12 14:08:08
+ * @FilePath: /steedos-platform-3.0/packages/accounts/src/rest-express/utils/getClientIp.ts
+ * @Description:
+ */
+
+import * as requestIp from "request-ip";
+
+export const getClientIp = (req) => {
+  let ip = requestIp.getClientIp(req);
+  // 去掉 IPv6 前缀 ::ffff:
+  if (ip && ip.startsWith("::ffff:")) {
+    ip = ip.substring(7);
+  }
+
+  // IPv6 localhost 映射
+  if (ip === "::1") {
+    ip = "127.0.0.1";
+  }
+
+  return ip;
+};