npm - free-be-account - Versions diffs - 0.0.25 → 0.0.26 - Mend

free-be-account 0.0.25 → 0.0.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/index.js CHANGED Viewed

@@ -959,7 +959,7 @@ module.exports = (app) => ({
                             }).then(async (user) => {
                                 if (!user) {
                                     // auto create new user
-                                    if (m.config.autoCreateNewUser && await app.modules['account'].verify(username, password)) {
+                                    if (m.config.autoCreateNewUser && await app.modules['account'].sms.verify(username, password)) {
                                         const valid_phone = (d) => {
                                             return /^(0|86|17951)?(13[0-9]|14[0-9]|15[0-9]|16[0-9]|17[0-9]|18[0-9]|19[0-9])[0-9]{8}$/.test(d);
                                         };
@@ -1106,7 +1106,12 @@ module.exports = (app) => ({
                 // update token in cookies
                 const token = req.cookies.token;
                 if (token) {
-                    res.cookie('token', token, { maxAge: app.config['cookieTimeout'] });
+                    res.cookie('token', token, {
+                        httpOnly: true,     // 防止 XSS 读取
+                        secure: true,       // 仅 HTTPS 传输
+                        sameSite: 'strict', // CSRF 防护
+                        maxAge: app.config['cookieTimeout'],
+                    });
                 }
                 // check for force reset pwd
@@ -1159,7 +1164,12 @@ module.exports = (app) => ({
                         token = await generate_new_access_token_pwd(app, req.user.id, access_token, null, req.user.isWx);
                     }
-                    res.cookie('token', token, { maxAge: app.config['cookieTimeout'] });
+                    res.cookie('token', token, {
+                        httpOnly: true,     // 防止 XSS 读取
+                        secure: true,       // 仅 HTTPS 传输
+                        sameSite: 'strict', // CSRF 防护
+                        maxAge: app.config['cookieTimeout'],
+                    });
                     res.addData({
                         Name: (req.user.Profile && req.user.Profile.Name) || req.user.PhoneNumber || req.user.UserName || '',

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "free-be-account",
-  "version": "0.0.25",
+  "version": "0.0.26",
   "main": "index.js",
   "license": "UNLICENSED",
   "repository": {

package/sms/index.js CHANGED Viewed

@@ -136,6 +136,9 @@ const _sms_lib = {
         }
     },
     submail,
+    submail_mail: {
+        send: submail.sendMail,
+    },
     tencent,
 }

package/sms/platforms/submail.js CHANGED Viewed

@@ -39,11 +39,14 @@ module.exports = {
             codeAndValue[k.templateParamName] = v;
         }
+        const tsResponse = await client.get('/service/timestamp');
+        const ts = (tsResponse && tsResponse.data && tsResponse.data.timestamp) || Math.floor(Date.now() / 1000);
         const requestBody = {
             appid: k.appid,          // 在 SUBMAIL 应用集成中创建的短信应用 ID
             to: p,                   // 收件人手机号码
             project: k.templateCode, // 模版 ID
-            timestamp: Math.floor(Date.now() / 1000),   // Timestamp UNIX 时间戳
+            timestamp: `${ts}`,      // Timestamp UNIX 时间戳
             sign_type: 'md5',        // md5 or sha1 or normal
             sign_version: 2,         // signature 加密计算方式(当 sign_version 传 2 时，vars 参数不参与加密计算)
         };
@@ -66,5 +69,42 @@ module.exports = {
         }).catch(() => {
             return false;
         });
-    }
+    },
+    sendMail: async function (k, p, v) {
+        if (!k || !k.appid || !k.appkey) {
+            throw new Error('Email parameters not configured correctly for platform (Submail)');
+        }
+        const tsResponse = await client.get('/service/timestamp');
+        const ts = (tsResponse && tsResponse.data && tsResponse.data.timestamp) || Math.floor(Date.now() / 1000);
+        const requestBody = {
+            appid: k.appid,          // 在 SUBMAIL 应用集成中创建的邮件应用 ID
+            from: k.from,                // 发件人邮箱地址
+            to: p,                       // 收件人邮箱地址
+            timestamp: `${ts}`,               // Timestamp UNIX 时间戳
+            sign_type: 'md5',            // md5 or sha1 or normal
+            sign_version: 2,             // signature 加密计算方式(当 sign_version 传 2 时，vars 参数不参与加密计算)
+        };
+        const signature = sign(k.appid, k.appkey, requestBody);
+        return await client.post('/mail/send', {
+            ...requestBody,
+            subject: typeof k.title === 'function' ? k.title(v) : k.title,         // 邮件标题
+            html: typeof k.template === 'function' ? k.template(v) : k.template,   // 邮件 HTML 内容
+            signature,                   // 应用密匙或数字签名
+        }).then(({data}) => {
+            if (data.status === 'success') {
+                return true;
+            } else {
+                console.error('Email send error:', data.msg);
+            }
+            return false;
+        }).catch((error) => {
+            console.error('Email send exception:', error);
+            return false;
+        });
+    },
 };