free-be-account 0.0.1

package/routers/uc/phone/route.js

@@ -0,0 +1,72 @@
+const express = require(require('path').resolve('./') + "/node_modules/express");
+const router = express.Router();
+
+// change phone number
+router.put('/',
+    async (req, res, next) => {
+        if (!req.body.ophone || !req.body.phone) {
+            res.makeError(300, 'Phone number is incorrect!', router.mdl);
+            return next('route');
+        }
+
+        const ophone = res.app.modules.account.utils.crypto.encoder.desDecode(req.body.ophone, res.app.modules.account.config.desKey);
+
+        if (ophone !== req.user.PhoneNumber || ophone.length < 11) {
+            res.makeError(300, 'Phone number is incorrect!', router.mdl);
+            return next('route');
+        }
+
+
+        if (!req.body.phone || req.body.phone.length < 11) {
+            res.makeError(301, 'New phone number is incorrect!', router.mdl);
+            return next('route');
+        }
+
+        // update phone number
+        req.user.PhoneNumber = res.app.modules.account.utils.crypto.encoder.desDecode(req.body.phone, res.app.modules.account.config.desKey);
+
+        const oResult = await res.Module('sms').verify(ophone, req.body.ocode);
+        if (!oResult) {
+            res.makeError(400, 'Verification code for the old phone is incorrect!', router.mdl);
+            await res.app.cache.del(ophone);
+            await res.app.cache.del(req.user.PhoneNumber);
+            return next('route');
+        }
+
+        const result = await res.Module('sms').verify(req.user.PhoneNumber, req.body.code);
+        if (!result) {
+            res.makeError(405, 'Verification code for the new phone is incorrect!', router.mdl);
+            await res.app.cache.del(ophone);
+            await res.app.cache.del(req.user.PhoneNumber);
+            return next('route');
+        }
+
+        // update password
+        if (req.body.Password) {
+            const password = res.app.modules.account.utils.crypto.encoder.desDecode(req.body.Password, res.app.modules.account.config.desKey);
+            if (password) {
+                req.user.Password = res.app.modules.account.utils.encryptPwd(password, res.app.modules.account.config.pwdEncryptMethod || 'md5');
+            }
+        }
+
+        const existPhone = await res.app.models.account.countDocuments({ PhoneNumber: req.user.PhoneNumber });
+        if (existPhone) {
+            res.makeError(402, 'Phone number is already in use!', router.mdl);
+            return next('route');
+        }
+
+        req.user.Profile = req.user.Profile || {};
+        req.user.Profile.Mobile = req.user.PhoneNumber;
+        // if user name is the old phone number, set it to the new phone number
+        if (req.user.UserName === ophone) {
+            req.user.UserName = req.user.PhoneNumber;
+        }
+
+        // update db
+        await req.user.save();
+
+        return next();
+    }
+);
+
+module.exports = router;

package/routers/uc/pwd/index.js

@@ -0,0 +1,4 @@
+module.exports = {
+    title: '修改密码',
+    description: '',
+};

package/routers/uc/pwd/route.js

@@ -0,0 +1,41 @@
+const express = require(require('path').resolve('./') + "/node_modules/express");
+const router = express.Router();
+
+// change password
+router.put('/',
+    async (req, res, next) => {
+        if (!req.body.phone) {
+            res.makeError(300, 'Phone number is incorrect!', router.mdl);
+            return next('route');
+        }
+
+        const phone = res.app.modules.account.utils.crypto.encoder.desDecode(req.body.phone, res.app.modules.account.config.desKey);
+
+        if (phone !== req.user.PhoneNumber || phone.length < 11) {
+            res.makeError(301, 'Phone number is incorrect!', router.mdl);
+            return next('route');
+        }
+
+        const result = await res.Module('sms').verify(phone, req.body.code);
+        // app.logger.debug(cache.exportJson());
+
+        if (!result) {
+            res.makeError(402, 'Verification code is incorrect!', router.mdl);
+            return next('route');
+        }
+
+        // update password
+        if (!req.body.Password) {
+            res.makeError(403, 'Please provide the password!', router.mdl);
+            return next('route');
+        }
+        const password = res.app.modules.account.utils.crypto.encoder.desDecode(req.body.Password, res.app.modules.account.config.desKey);
+
+        req.user.Password = res.app.modules.account.utils.encryptPwd(password, res.app.modules.account.config.pwdEncryptMethod || 'md5');
+        await req.user.save();
+
+        return next();
+    }
+);
+
+module.exports = router;

package/routers/uc/sub/index.js

@@ -0,0 +1,4 @@
+module.exports = {
+    title: 'module-uc-sub-title',
+    description: 'module-uc-sub-description',
+};

package/routers/uc/sub/route.js

@@ -0,0 +1,158 @@
+const path = require('path');
+const express = require(path.resolve('./') + "/node_modules/express");
+const router = express.Router();
+
+const subAccountFilters = [
+    {
+        Name: 'LastUpdateDate',
+        Type: 'DateRange',
+        Label: '更新日期',
+        Placeholder: '请选择',
+    },
+    {
+        Name: 'Enabled',
+        Type: 'Select',
+        Label: '激活状态',
+        Placeholder: '请选择',
+        Options: [
+            {
+                Label: '已激活',
+                Value: true,
+            },
+            {
+                Label: '未激活',
+                Value: false,
+            },
+        ],
+    },
+    {
+        Name: 'Profile.Name',
+        Type: 'String',
+        Label: '姓名',
+    },
+    {
+        Name: 'Profile.Title',
+        Type: 'String',
+        Label: '职务',
+    },
+    {
+        Name: 'PhoneNumber',
+        Type: 'String',
+        Label: '手机号',
+    },
+];
+// sub account list
+router.get('/', (req, res, next) => {
+    res.locals.filter = {
+        Parent: req.user.id
+    }
+
+    res.locals.filter = Object.assign({}, res.app.modules['core-modules'].generateQueryFilter(subAccountFilters, req.query), res.locals.filter);
+
+    res.locals.fields = [
+        'id',
+        'LastUpdateDate',
+        'Profile',
+        'Enabled',
+    ];
+
+    return next();
+}, router.FindDocuments('account', false, async (req, res) => {
+    // add summary
+    res.locals.data.summary = {};
+    res.locals.data.summary.enabled = await res.app.models['account'].countDocuments({ Parent: req.user.id, Enabled: true });
+    res.locals.data.summary.disabled = await res.app.models['account'].countDocuments({ Parent: req.user.id, Enabled: false });
+
+    res.locals.data.Filters = subAccountFilters;
+}));
+
+// create sub accousnt
+router.post('/',
+    (req, res, next) => {
+        req.body.Parent = req.user.id;
+        req.body.Enabled = true;
+        // req.body.Permission = req.body.Permission || req.user.Permission;
+        // cannot change permission of sub account yet, just assign the same permission with the current account
+        req.body.Permission = req.user.Permission;
+        res.app.modules.account.utils.clearPermission(req.body.Permission);
+
+        // also same Org (but should check whether we have Org module??)
+        if (req.user.Org) req.body.Org = req.user.Org;
+
+        // TODO: should not set status here as we don't have this field yet (which was added in passport)
+        req.body.Status = '1';
+
+        // TODO: check permission, should not be bigger than the main account
+
+        // password
+        if (req.body.Password) {
+            const password = res.app.modules.account.utils.crypto.encoder.desDecode(req.body.Password, res.app.modules.account.config.desKey);
+            req.body.Password = res.app.modules.account.utils.encryptPwd(password, res.app.modules.account.config.pwdEncryptMethod || 'md5');
+        }
+        return next();
+    },
+    router.CreateDocument('account')
+);
+
+// specified sub account list
+router.get('/:id', (req, res, next) => {
+    res.locals.filter = {
+        Parent: req.user.id,
+        id: req.params.id
+    }
+
+    res.locals.fields = [
+        'id',
+        'Profile',
+        'Enabled',
+        'PhoneNumber',
+        // 'Permission'
+    ];
+
+    return next();
+}, router.FindDocuments('account', false, (req, res) => {
+    if (res.locals.data && res.locals.data.total) {
+        res.locals.data = res.locals.data.docs[0];
+    }
+}));
+
+// update sub account
+router.put('/:id',
+    (req, res, next) => {
+        res.locals.filter = {
+            Parent: req.user.id,
+            id: req.params.id
+        }
+
+        res.locals.fields = [
+            'Profile',
+            'PhoneNumber',
+            'Password',
+            'Enabled'
+        ];
+
+        if (req.body.Password) {
+            const password = res.app.modules.account.utils.crypto.encoder.desDecode(req.body.Password, res.app.modules.account.config.desKey);
+            req.body.Password = res.app.modules.account.utils.encryptPwd(password, res.app.modules.account.config.pwdEncryptMethod || 'md5');
+        }
+
+        // TODO: check permission, should not be bigger than the main account
+
+        return next();
+    },
+    router.UpdateDocument('account')
+);
+
+// delete sub account
+router.delete('/:id',
+    (req, res, next) => {
+        res.locals.filter = {
+            Parent: req.user.id,
+            id: req.params.id
+        }
+        return next();
+    },
+    router.DeleteDocument('account')
+);
+
+module.exports = router;

package/sms/index.js

@@ -0,0 +1,134 @@
+const AliyunCore = require('@alicloud/pop-core');
+
+function _generateMSG (f = '4n') {
+    if (typeof f !== 'string' || f.length < 2) {
+        f = '4n';
+    }
+
+    let mLength = 0,
+        mUseNumber = false,
+        mUseChar = false;
+
+    for (let i = 0; i < f.length; i += 1) {
+        const fi = f[i].toLowerCase();
+
+        switch (fi) {
+            case 'n':
+                mUseNumber = true;
+                break;
+            case 'c':
+                mUseChar = true;
+                break;
+            default:
+                mLength = mLength || Number(fi) || 0;
+        }
+    }
+
+    mLength = mLength || 4;
+    if (!mUseNumber && !mUseChar) {
+        mUseNumber = true;
+    }
+
+    let charList = '';
+    if (mUseNumber) charList = charList.concat('1234567890');
+    if (mUseChar) charList = charList.concat('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ');
+
+    let msgValue = '';
+    for (let i = 0; i < mLength; i += 1) {
+        msgValue += charList[Math.floor(Math.random() * charList.length)]
+    }
+
+    return msgValue;
+}
+
+const _sms_lib = {
+    aliyun: {
+        send: async function (k, p, v) {
+            if (!k || !k.accessKeyId || !k.secret || !k.signName || !k.templateCode || !k.templateParamName) {
+                throw new Error('SMS parameters not configured correctly for platform (Aliyun)');
+            }
+            var client = new AliyunCore({
+                accessKeyId: k.accessKeyId,
+                accessKeySecret: k.secret,
+                endpoint: 'https://dysmsapi.aliyuncs.com',
+                apiVersion: '2017-05-25'
+            });
+
+            var codeAndValue = {};
+            codeAndValue[k.templateParamName] = v;
+
+            var params = {
+                "PhoneNumbers": p,
+                "SignName": k.signName,
+                "TemplateCode": k.templateCode,
+                "TemplateParam": JSON.stringify(codeAndValue)
+            }
+
+            // params[k.templateParamName] = v;
+
+            var requestOption = {
+                method: 'POST'
+            };
+
+            const result = await client.request('SendSms', params, requestOption);
+
+            return result && result.Code && result.Code === 'OK';
+        }
+    },
+    eis: {
+        send: async function () {
+            return true;
+        }
+    }
+}
+
+module.exports = (app) => ({
+    send: async function (p, value, c = true, t = 'default') {
+        const keys = app.config.account.sms[t] || app.config.account.sms;
+        if (keys.platform) {
+            // if the cached code still there, we should not re-send!
+            if (await app.cache.get(p)) {
+                throw new Error('Cannot send too frequently!');
+            }
+            if (_sms_lib[keys.platform]) {
+                let sent = true;
+                const v = keys.fixedCode || value;
+
+                try {
+                    sent = await _sms_lib[keys.platform].send(keys, p, v);
+                } catch (ex) {
+                    app.logger.error(JSON.stringify(ex));
+                    return false;
+                }
+                if (sent) {
+                    if (c) {
+                        const cTime = keys.cacheTime || (5 * 60 * 1000)
+                        await app.cache.put(p, v, cTime);
+                    }
+                    return true;
+                } else {
+                    return false;
+                }
+            } else {
+                throw new Error(`SMS platform ${keys.platform} is not supported yet!`);
+            }
+        } else {
+            throw new Error('SMS platform not configured!');
+        }
+    },
+    /**
+     * 
+     * @param {String} p Phone number 
+     * @param {String} f Random pattern, should be like '4nc', 4 means length, n means incude Numbers, c means include Chars.
+     * @param {Boolean} c Cache or not
+     * @param {String} t template, the key in the sms config
+     */
+    sendRandom: async function (p, f, c = true, t = 'default') {
+        let v = _generateMSG(f);
+        return await this.send(p, v, c, t);
+    },
+    verify: async function (p, v) {
+        const cached = await app.cache.get(p);
+        return cached === v;
+    }
+})

package/test/index.js

@@ -0,0 +1 @@
+// each module should have test script for itself.

package/utils.js

@@ -0,0 +1,209 @@
+const crypto = require('./crypto');
+
+const specialNames = [
+    'Scope'
+];
+
+const EncryptOptions = {
+    saltLength: 16,
+    sha1Iteration: 1024
+}
+
+/**
+ *
+ * Translate permission object into path list
+ * 
+ * @param {*} perm 
+ * @param {*} k 
+ */
+function getPermissionPathList(perm, n = '') {
+    const ret = [];
+
+    if (perm && typeof perm === 'object') {
+        if (n) ret.push(n);
+
+        Object.keys(perm).forEach(k => {
+            getPermissionPathList(perm[k], k).forEach(p => {
+                ret.push(`${n}/${p}`);
+            })
+        })
+    }
+
+    return ret;
+}
+
+function clearPermission(perm) {
+    // remove unused fields from permisson object
+    // invalid: all values are not object, and all names are in the specified list
+    function clearP(p) {
+
+        if (typeof p !== 'object') {
+            return false;
+        }
+
+        Object.keys(p).forEach(s => {
+            if (specialNames.indexOf(s) >= 0) return;
+
+            if (!clearP(p[s])) {
+                delete p[s];
+            }
+        });
+
+        // TODO: add a field if nothing here, otherwise the db will not save it??? should be fixed!!
+        if (Object.keys(p).length <= 0) {
+            p.has = true;
+        }
+
+        return true;
+    }
+
+    return clearP(perm);
+}
+
+function verifyPassword(pwd, storedPwd, method = 'md5') {
+    let verified = false;
+    let methods = [];
+
+    if (typeof method === 'string') {
+        methods.push(method);
+    } else if (Array.isArray(method)) {
+        methods = method;
+    }
+
+    for (let i = 0; i < methods.length; i += 1) {
+        const m = methods[i];
+        switch (m) {
+            case 'md5':
+                verified = verified || (crypto.MD5(pwd) === storedPwd);
+                break;
+            case 'sha1':
+                verified = verified || (crypto.sha1(pwd, storedPwd.substr(0, EncryptOptions.saltLength), EncryptOptions.sha1Iteration).toString() === storedPwd.substr(EncryptOptions.saltLength));
+                break;
+            case 'bcrypt':
+                verified = verified || crypto.bcryptVerify(pwd, storedPwd);
+                break;
+            default:
+                verified = verified || (pwd === storedPwd);
+        }
+
+        if (verified) return verified;
+    }
+
+    return verified;
+}
+
+function getClearPwd(pwd, key){
+    if(!pwd) return undefined;
+
+    return crypto.encoder.desDecode(pwd.substr(EncryptOptions.saltLength), key);
+}
+
+function encryptPwd(pwd, method) {
+    let theMethod = [];
+
+    if (typeof method === 'string') {
+        theMethod = method;
+    } else if (Array.isArray(method)) {
+        theMethod = method[0];
+    }
+
+    let salt;
+    if (theMethod === 'sha1') {
+        salt = crypto.generateSalt(EncryptOptions.saltLength / 2);
+    }
+
+    switch (theMethod) {
+        case 'md5':
+            return crypto.MD5(pwd);
+        case 'sha1':
+            return `${salt}${crypto.sha1(pwd, salt.toString(), EncryptOptions.sha1Iteration)}`;
+        case 'bcrypt':
+            return crypto.bcrypt(pwd);
+        default:
+            throw 'Unknown password encrypt method!'
+    }
+}
+
+async function saveServiceList (app, clean=false) {
+    // add app.serviceList into db if not yet
+    const checkService = async (perm, parent, pt) => {
+        if (!perm || typeof perm !== 'object') return;
+
+        for (let i = 0; i < Object.keys(perm).length; i += 1) {
+            const p = Object.keys(perm)[i];
+
+            // TODO: notify user if they are creating permission with these names
+            if (['title', 'description', 'scope', 'label'].indexOf(p.toLowerCase()) >= 0) continue;
+
+            let newCreated;
+            const existCount = await app.models['permission'].countDocuments({ Name: p, Path: `${pt}/${p}` });
+            if (existCount <= 0) {
+                const newDoc = {
+                    Name: p,
+                    Title: perm[p].title,
+                    Description: typeof perm[p].description === 'string' ? perm[p].description : JSON.stringify(perm[p].description),
+                    Index: i + 1,
+                    Path: `${pt}/${p}`
+                };
+                if (parent) newDoc.Parent = parent;
+
+                newCreated = await app.models.permission.create(newDoc);
+            } else {
+                newCreated = (await app.models['permission'].findOne({ Name: p, Path: `${pt}/${p}`}));
+                
+                // update
+                newCreated.Title = perm[p].title;
+                newCreated.Description = typeof perm[p].description === 'string' ? perm[p].description : JSON.stringify(perm[p].description);
+                if(parent) newCreated.Parent = parent;
+                newCreated.Index = i + 1;
+                await newCreated.save();
+            }
+
+            if (newCreated) {
+                await checkService(perm[p], newCreated.id, `${pt}/${p}`);
+            }
+        }
+    };
+
+    // clear all built-in permissions first
+    if(clean){
+        const userCreatedList = await app.models.permission.find({ BuiltIn: false });
+        if(userCreatedList && userCreatedList.length > 0){
+            const uclIds = [];
+            const addParentId = async (p) => {
+                if(!p) return;
+
+                const parent = await app.models.permission.findOne({id: p});
+
+                if(parent && uclIds.indexOf(parent.id) < 0){
+                    uclIds.push(parent.id);
+                }
+
+                await addParentId(parent.Parent);
+            }
+            for (let i = 0; i < userCreatedList.length; i += 1) {
+                const ucli = userCreatedList[i];
+            
+                uclIds.push(ucli.id);
+
+                await addParentId(ucli.Parent);
+            }
+
+            // remove all built-in
+            await app.models.permission.remove({id: {$nin: uclIds}});
+        }
+    }
+
+    const serviceList = app.ctx.serviceList();
+    await checkService(serviceList, undefined, '');
+}
+
+module.exports = {
+    clearPermission,
+    getPermissionPathList,
+    verifyPassword,
+    encryptPwd,
+    getClearPwd,
+    crypto,
+    saveServiceList,
+}