free-be-account 0.0.24 → 0.0.26
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +13 -3
- package/package.json +1 -1
- package/routers/mgmt/route.js +5 -1
- package/sms/index.js +3 -0
- package/sms/platforms/submail.js +42 -2
package/index.js
CHANGED
|
@@ -959,7 +959,7 @@ module.exports = (app) => ({
|
|
|
959
959
|
}).then(async (user) => {
|
|
960
960
|
if (!user) {
|
|
961
961
|
// auto create new user
|
|
962
|
-
if (m.config.autoCreateNewUser && await app.modules['account'].verify(username, password)) {
|
|
962
|
+
if (m.config.autoCreateNewUser && await app.modules['account'].sms.verify(username, password)) {
|
|
963
963
|
const valid_phone = (d) => {
|
|
964
964
|
return /^(0|86|17951)?(13[0-9]|14[0-9]|15[0-9]|16[0-9]|17[0-9]|18[0-9]|19[0-9])[0-9]{8}$/.test(d);
|
|
965
965
|
};
|
|
@@ -1106,7 +1106,12 @@ module.exports = (app) => ({
|
|
|
1106
1106
|
// update token in cookies
|
|
1107
1107
|
const token = req.cookies.token;
|
|
1108
1108
|
if (token) {
|
|
1109
|
-
res.cookie('token', token, {
|
|
1109
|
+
res.cookie('token', token, {
|
|
1110
|
+
httpOnly: true, // 防止 XSS 读取
|
|
1111
|
+
secure: true, // 仅 HTTPS 传输
|
|
1112
|
+
sameSite: 'strict', // CSRF 防护
|
|
1113
|
+
maxAge: app.config['cookieTimeout'],
|
|
1114
|
+
});
|
|
1110
1115
|
}
|
|
1111
1116
|
|
|
1112
1117
|
// check for force reset pwd
|
|
@@ -1159,7 +1164,12 @@ module.exports = (app) => ({
|
|
|
1159
1164
|
token = await generate_new_access_token_pwd(app, req.user.id, access_token, null, req.user.isWx);
|
|
1160
1165
|
}
|
|
1161
1166
|
|
|
1162
|
-
res.cookie('token', token, {
|
|
1167
|
+
res.cookie('token', token, {
|
|
1168
|
+
httpOnly: true, // 防止 XSS 读取
|
|
1169
|
+
secure: true, // 仅 HTTPS 传输
|
|
1170
|
+
sameSite: 'strict', // CSRF 防护
|
|
1171
|
+
maxAge: app.config['cookieTimeout'],
|
|
1172
|
+
});
|
|
1163
1173
|
|
|
1164
1174
|
res.addData({
|
|
1165
1175
|
Name: (req.user.Profile && req.user.Profile.Name) || req.user.PhoneNumber || req.user.UserName || '',
|
package/package.json
CHANGED
package/routers/mgmt/route.js
CHANGED
|
@@ -113,7 +113,8 @@ router.get('/:id',
|
|
|
113
113
|
'Org',
|
|
114
114
|
'Status',
|
|
115
115
|
'Permission',
|
|
116
|
-
'Labels'
|
|
116
|
+
'Labels',
|
|
117
|
+
'Secret',
|
|
117
118
|
];
|
|
118
119
|
|
|
119
120
|
return next();
|
|
@@ -207,6 +208,9 @@ router.post('/',
|
|
|
207
208
|
req.body.Password = encryptPwd(password, router.mdl.config.pwdEncryptMethod || 'md5');
|
|
208
209
|
}
|
|
209
210
|
|
|
211
|
+
// 随机生成appKey
|
|
212
|
+
req.body.Secret = crypto.randomPassword(32);
|
|
213
|
+
|
|
210
214
|
return next();
|
|
211
215
|
},
|
|
212
216
|
router.CreateDocument('account')
|
package/sms/index.js
CHANGED
package/sms/platforms/submail.js
CHANGED
|
@@ -39,11 +39,14 @@ module.exports = {
|
|
|
39
39
|
codeAndValue[k.templateParamName] = v;
|
|
40
40
|
}
|
|
41
41
|
|
|
42
|
+
const tsResponse = await client.get('/service/timestamp');
|
|
43
|
+
const ts = (tsResponse && tsResponse.data && tsResponse.data.timestamp) || Math.floor(Date.now() / 1000);
|
|
44
|
+
|
|
42
45
|
const requestBody = {
|
|
43
46
|
appid: k.appid, // 在 SUBMAIL 应用集成中创建的短信应用 ID
|
|
44
47
|
to: p, // 收件人手机号码
|
|
45
48
|
project: k.templateCode, // 模版 ID
|
|
46
|
-
timestamp:
|
|
49
|
+
timestamp: `${ts}`, // Timestamp UNIX 时间戳
|
|
47
50
|
sign_type: 'md5', // md5 or sha1 or normal
|
|
48
51
|
sign_version: 2, // signature 加密计算方式(当 sign_version 传 2 时,vars 参数不参与加密计算)
|
|
49
52
|
};
|
|
@@ -66,5 +69,42 @@ module.exports = {
|
|
|
66
69
|
}).catch(() => {
|
|
67
70
|
return false;
|
|
68
71
|
});
|
|
69
|
-
}
|
|
72
|
+
},
|
|
73
|
+
sendMail: async function (k, p, v) {
|
|
74
|
+
if (!k || !k.appid || !k.appkey) {
|
|
75
|
+
throw new Error('Email parameters not configured correctly for platform (Submail)');
|
|
76
|
+
}
|
|
77
|
+
|
|
78
|
+
const tsResponse = await client.get('/service/timestamp');
|
|
79
|
+
const ts = (tsResponse && tsResponse.data && tsResponse.data.timestamp) || Math.floor(Date.now() / 1000);
|
|
80
|
+
|
|
81
|
+
const requestBody = {
|
|
82
|
+
appid: k.appid, // 在 SUBMAIL 应用集成中创建的邮件应用 ID
|
|
83
|
+
from: k.from, // 发件人邮箱地址
|
|
84
|
+
to: p, // 收件人邮箱地址
|
|
85
|
+
timestamp: `${ts}`, // Timestamp UNIX 时间戳
|
|
86
|
+
sign_type: 'md5', // md5 or sha1 or normal
|
|
87
|
+
sign_version: 2, // signature 加密计算方式(当 sign_version 传 2 时,vars 参数不参与加密计算)
|
|
88
|
+
};
|
|
89
|
+
|
|
90
|
+
const signature = sign(k.appid, k.appkey, requestBody);
|
|
91
|
+
|
|
92
|
+
return await client.post('/mail/send', {
|
|
93
|
+
...requestBody,
|
|
94
|
+
subject: typeof k.title === 'function' ? k.title(v) : k.title, // 邮件标题
|
|
95
|
+
html: typeof k.template === 'function' ? k.template(v) : k.template, // 邮件 HTML 内容
|
|
96
|
+
signature, // 应用密匙或数字签名
|
|
97
|
+
}).then(({data}) => {
|
|
98
|
+
if (data.status === 'success') {
|
|
99
|
+
return true;
|
|
100
|
+
} else {
|
|
101
|
+
console.error('Email send error:', data.msg);
|
|
102
|
+
}
|
|
103
|
+
|
|
104
|
+
return false;
|
|
105
|
+
}).catch((error) => {
|
|
106
|
+
console.error('Email send exception:', error);
|
|
107
|
+
return false;
|
|
108
|
+
});
|
|
109
|
+
},
|
|
70
110
|
};
|