free-be-account 0.0.15 → 0.0.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/index.js +91 -37
  2. package/package.json +6 -6
  3. package/routers/mgmt/route.js +7 -11
package/index.js CHANGED
@@ -205,6 +205,10 @@ module.exports = (app) => ({
205
205
  accountDefaultPassword: '12345678',
206
206
  accountDefaultPasswordRandom: false,
207
207
  accountDefaultPasswordRandomLength: 6,
208
+
209
+ autoCreateNewUser: false,
210
+ recoverNoSamePwd: false,
211
+
208
212
  // accountDefaultPermissions: [
209
213
  // // could from system config
210
214
  // // {
@@ -227,6 +231,7 @@ module.exports = (app) => ({
227
231
 
228
232
  dataScopes: [],
229
233
  permissionControls: [],
234
+ smsFormat: '6n',
230
235
  captcha: {
231
236
  cache: 5 * 60 * 1000,
232
237
  login: false,
@@ -1007,16 +1012,28 @@ module.exports = (app) => ({
1007
1012
  // permission control
1008
1013
  app.use(async (req, res, next) => {
1009
1014
  // permission control
1010
- if (!await m.hasPermission(req, m)) {
1011
- const whiteList = ((m.config && m.config['whiteList']) || []).concat([`${app.config['baseUrl'] || ''}/login`]);
1012
- for (let i = 0; i < whiteList.length; i += 1) {
1013
- const wl = whiteList[i];
1014
-
1015
- if (typeof wl === 'string' && wl.toLowerCase() === req.originalUrl.toLowerCase()) return next();
1015
+ let inWhiteList = false;
1016
+ const whiteList = ((m.config && m.config['whiteList']) || []).concat([`${app.config['baseUrl'] || ''}/login`]);
1017
+ for (let i = 0; i < whiteList.length; i += 1) {
1018
+ const wl = whiteList[i];
1019
+
1020
+ if (typeof wl === 'string' && wl.toLowerCase() === req.originalUrl.toLowerCase()) {
1021
+ inWhiteList = true;
1022
+ break;
1023
+ }
1016
1024
 
1017
- if (typeof wl === 'object' && new RegExp(wl).test(req.originalUrl)) return next();
1025
+ if (typeof wl === 'object' && new RegExp(wl).test(req.originalUrl)) {
1026
+ inWhiteList = true;
1027
+ break;
1018
1028
  }
1029
+ }
1019
1030
 
1031
+ if (inWhiteList) {
1032
+ await m.hasPermission(req, m)
1033
+ return next();
1034
+ }
1035
+
1036
+ if (!await m.hasPermission(req, m)) {
1020
1037
  if (req.user && req.user.id) {
1021
1038
  await res.endWithErr(400, 401);
1022
1039
  }
@@ -1033,30 +1050,18 @@ module.exports = (app) => ({
1033
1050
  if (token) {
1034
1051
  res.cookie('token', token, { maxAge: app.config['cookieTimeout'] });
1035
1052
  }
1036
-
1037
- return next();
1038
- });
1039
1053
 
1040
- // check for force reset pwd
1041
- app.use(async (req, res, next) => {
1054
+ // check for force reset pwd
1042
1055
  const resetP = m.config && m.config['forceResetPwd'];
1043
1056
 
1044
- if(resetP) {
1045
- if (req.user && req.user.id) {
1046
- const updateAt = req.user.PwdUpdatedAt || req.user.CreatedDate || req.user.LastUpdateDate;
1047
- const pastP = new Date() - updateAt;
1057
+ if(resetP && req.user && req.user.id) {
1058
+ const updateAt = req.user.PwdUpdatedAt || req.user.CreatedDate || req.user.LastUpdateDate;
1059
+ const pastP = new Date() - updateAt;
1048
1060
 
1049
- if(pastP > (resetP * 24 * 3600 * 1000)) {
1050
- await res.endWithErr(403, 'RSTPWD');
1051
- } else {
1052
- return next();
1053
- }
1054
- }
1055
- else {
1056
- await res.endWithErr(401);
1061
+ if(pastP > (resetP * 24 * 3600 * 1000)) {
1062
+ await res.makeError(403, 'RSTPWD');
1063
+ return next('route');
1057
1064
  }
1058
-
1059
- return;
1060
1065
  }
1061
1066
 
1062
1067
  return next();
@@ -1263,16 +1268,52 @@ module.exports = (app) => ({
1263
1268
  }
1264
1269
  }
1265
1270
 
1266
- const existPhone = await res.app.models.account.countDocuments({ PhoneNumber: phone });
1267
- if (existPhone) {
1268
- res.makeError(404, 'The phone number was used already!', m);
1269
- return next('route');
1271
+ const valid_phone = (d) => {
1272
+ return /^(0|86|17951)?(13[0-9]|14[0-9]|15[0-9]|16[0-9]|17[0-9]|18[0-9]|19[0-9])[0-9]{8}$/.test(d);
1273
+ };
1274
+ const valid_email = (d) => {
1275
+ // eslint-disable-next-line no-useless-escape
1276
+ return /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/.test(d);
1277
+ }
1278
+
1279
+ const userPhoneEmail = {};
1280
+ let isPhone = false;
1281
+ let isEmail = false;
1282
+
1283
+ if (valid_phone(phone)) {
1284
+ userPhoneEmail.PhoneNumber = phone;
1285
+ isPhone = true;
1286
+ } else if (valid_email(phone)) {
1287
+ isEmail = true;
1288
+ userPhoneEmail.UserName = phone;
1289
+ userPhoneEmail['Profile'] = {
1290
+ Email: phone
1291
+ };
1292
+ } else {
1293
+ userPhoneEmail.UserName = phone;
1294
+ }
1295
+
1296
+ if (isPhone) {
1297
+ const existPhone = await res.app.models.account.countDocuments({ PhoneNumber: phone });
1298
+ if (existPhone) {
1299
+ res.makeError(404, 'The phone number was used already!', m);
1300
+ return next('route');
1301
+ }
1302
+ }
1303
+
1304
+ if (isEmail) {
1305
+ const existPhone = await res.app.models.account.countDocuments({ 'Profile.Email': phone });
1306
+ if (existPhone) {
1307
+ res.makeError(405, 'The email address was used already!', m);
1308
+ return next('route');
1309
+ }
1270
1310
  }
1271
1311
 
1272
1312
  // only create with specified fields
1273
1313
  res.locals.body = {
1274
1314
  Saved: true,
1275
- PhoneNumber: phone,
1315
+ // PhoneNumber: phone,
1316
+ ...userPhoneEmail,
1276
1317
  Password: encryptPwd(password, m.config.pwdEncryptMethod || 'md5')
1277
1318
  }
1278
1319
 
@@ -1323,18 +1364,31 @@ module.exports = (app) => ({
1323
1364
  }
1324
1365
 
1325
1366
  // only create with specified fields
1326
- if (m.config.recoverNoSamePwd && verifyPassword(password, req.user.Password, m.config.pwdEncryptMethod || 'md5')) {
1327
- res.makeError(406, 'New password cannot be the same as the old one!', m);
1328
- return next('route');
1367
+ if (m.config.recoverNoSamePwd) {
1368
+ let oldPwd = req.user && req.user.Password;
1369
+ if (!oldPwd) {
1370
+ const theUser = await res.app.models.account.findOne({$or: [
1371
+ { PhoneNumber: phone },
1372
+ { 'Profile.Email': phone },
1373
+ ]});
1374
+
1375
+ oldPwd = theUser && theUser.Password;
1376
+ }
1377
+
1378
+ if (oldPwd && verifyPassword(password, oldPwd, m.config.pwdEncryptMethod || 'md5')) {
1379
+ res.makeError(406, 'New password cannot be the same as the old one!', m);
1380
+ return next('route');
1381
+ }
1329
1382
  }
1330
1383
 
1331
1384
  res.locals.body = {
1332
1385
  Password: encryptPwd(password, m.config.pwdEncryptMethod || 'md5'),
1333
1386
  }
1334
1387
 
1335
- res.locals.filter = {
1336
- PhoneNumber: phone
1337
- }
1388
+ res.locals.filter = {$or: [
1389
+ { PhoneNumber: phone },
1390
+ { 'Profile.Email': phone },
1391
+ ]}
1338
1392
 
1339
1393
  return next();
1340
1394
  },
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "free-be-account",
3
- "version": "0.0.15",
3
+ "version": "0.0.16",
4
4
  "main": "index.js",
5
5
  "license": "UNLICENSED",
6
6
  "repository": {
@@ -9,14 +9,14 @@
9
9
  },
10
10
  "dependencies": {
11
11
  "@alicloud/pop-core": "^1.7.13",
12
- "axios": "^1.4.0",
13
- "bcrypt": "^5.1.0",
14
- "crypto-js": "^4.1.1",
12
+ "axios": "^1.6.8",
13
+ "bcrypt": "^5.1.1",
14
+ "crypto-js": "^4.2.0",
15
15
  "js-md5": "^0.7.3",
16
- "nodemailer": "^6.9.2",
16
+ "nodemailer": "^6.9.13",
17
17
  "passport": "^0.6.0",
18
18
  "passport-local": "^1.0.0",
19
19
  "svg-captcha": "^1.4.0",
20
- "uuid": "^9.0.0"
20
+ "uuid": "^9.0.1"
21
21
  }
22
22
  }
package/routers/mgmt/route.js CHANGED
@@ -4,26 +4,26 @@ const router = express.Router();
4
4
  const { AccountAuditStatus } = require('../../enum');
5
5
  const { clearPermission, encryptPwd, crypto } = require('../../utils');
6
6
 
7
- // TODO: i18n translate
8
7
  const accountFilters = [
8
+ {
9
+ Name: 'id',
10
+ Type: 'String',
11
+ Info: {
12
+ Separate: true,
13
+ },
14
+ },
9
15
  {
10
16
  Name: 'LastUpdateDate',
11
17
  Type: 'DateRange',
12
- Label: '更新日期',
13
- Placeholder: '请选择',
14
18
  },
15
19
  {
16
20
  Name: 'Enabled',
17
21
  Type: 'Select',
18
- Label: '激活状态',
19
- Placeholder: '请选择',
20
22
  Options: [
21
23
  {
22
- Label: '已激活',
23
24
  Value: true,
24
25
  },
25
26
  {
26
- Label: '未激活',
27
27
  Value: false,
28
28
  },
29
29
  ],
@@ -31,22 +31,18 @@ const accountFilters = [
31
31
  {
32
32
  Name: 'Profile.Name',
33
33
  Type: 'String',
34
- Label: '姓名',
35
34
  },
36
35
  {
37
36
  Name: 'Profile.Title',
38
37
  Type: 'String',
39
- Label: '职务',
40
38
  },
41
39
  {
42
40
  Name: 'PhoneNumber',
43
41
  Type: 'String',
44
- Label: '手机号',
45
42
  },
46
43
  {
47
44
  Name: 'UserName',
48
45
  Type: 'String',
49
- Label: '用户名',
50
46
  },
51
47
  ];
52
48