Initial commit (code only without large binaries)

EdgeUser/internal/web/actions/actionutils/login_action.go

@@ -0,0 +1,135 @@
+// Copyright 2023 GoEdge CDN goedge.cdn@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package actionutils
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeUser/internal/oplogs"
+	"github.com/TeaOSLab/EdgeUser/internal/rpc"
+	"github.com/TeaOSLab/EdgeUser/internal/utils"
+	"github.com/TeaOSLab/EdgeUser/internal/web/actions/default/login/loginutils"
+	"github.com/TeaOSLab/EdgeUser/internal/web/helpers"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
+	"github.com/iwind/TeaGo/types"
+	stringutil "github.com/iwind/TeaGo/utils/string"
+	"github.com/xlzd/gotp"
+	"time"
+)
+
+var TokenSalt = stringutil.Rand(32)
+
+// LoginAction 登录动作
+type LoginAction struct {
+	ParentAction
+}
+
+// RunPost 提交
+func (this *LoginAction) RunPost(params struct {
+	Token    string
+	Username string
+	Password string
+	OtpCode  string
+	Remember bool
+
+	Must *actions.Must
+	Auth *helpers.UserShouldAuth
+	CSRF *CSRF
+}) {
+	params.Must.
+		Field("username", params.Username).
+		Require("请输入用户名").
+		Field("password", params.Password).
+		Require("请输入密码")
+
+	if params.Password == stringutil.Md5("") {
+		this.FailField("password", "请输入密码")
+	}
+
+	// 检查token
+	if len(params.Token) <= 32 {
+		this.Fail("请通过登录页面登录")
+	}
+	timestampString := params.Token[32:]
+	if stringutil.Md5(TokenSalt+timestampString) != params.Token[:32] {
+		this.FailField("refresh", "登录页面已过期，请刷新后重试")
+	}
+	timestamp := types.Int64(timestampString)
+	if timestamp < time.Now().Unix()-1800 {
+		this.FailField("refresh", "登录页面已过期，请刷新后重试")
+	}
+
+	rpcClient, err := rpc.SharedRPC()
+	if err != nil {
+		this.Fail("服务器出了点小问题：" + err.Error())
+		return
+	}
+	resp, err := rpcClient.UserRPC().LoginUser(rpcClient.Context(0), &pb.LoginUserRequest{
+		Username: params.Username,
+		Password: params.Password,
+	})
+	if err != nil {
+		err = dao.SharedLogDAO.CreateUserLog(rpcClient.Context(0), oplogs.LevelError, this.Request.URL.Path, "登录时发生系统错误："+err.Error(), loginutils.RemoteIP(&this.ActionObject))
+		if err != nil {
+			utils.PrintError(err)
+		}
+
+		Fail(this, err)
+	}
+
+	if !resp.IsOk {
+		err = dao.SharedLogDAO.CreateUserLog(rpcClient.Context(0), oplogs.LevelWarn, this.Request.URL.Path, "登录失败，用户名："+params.Username, loginutils.RemoteIP(&this.ActionObject))
+		if err != nil {
+			utils.PrintError(err)
+		}
+
+		this.Fail(resp.Message)
+	}
+
+	// 检查OTP
+	otpLoginResp, err := this.RPC().LoginRPC().FindEnabledLogin(this.UserContext(), &pb.FindEnabledLoginRequest{
+		UserId: resp.UserId,
+		Type:   "otp",
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if otpLoginResp.Login != nil && otpLoginResp.Login.IsOn {
+		loginParams := maps.Map{}
+		err = json.Unmarshal(otpLoginResp.Login.ParamsJSON, &loginParams)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		secret := loginParams.GetString("secret")
+		if gotp.NewDefaultTOTP(secret).Now() != params.OtpCode {
+			this.Fail("请输入正确的OTP动态密码")
+		}
+	}
+
+	var userId = resp.UserId
+	params.Auth.StoreUser(userId, params.Remember)
+
+	// 清理老的SESSION
+	var currentIP = loginutils.RemoteIP(&this.ActionObject)
+	_, err = this.RPC().LoginSessionRPC().ClearOldLoginSessions(this.UserContext(), &pb.ClearOldLoginSessionsRequest{
+		Sid: this.Session().Sid,
+		Ip:  currentIP,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	// 记录日志
+	err = dao.SharedLogDAO.CreateUserLog(rpcClient.Context(userId), oplogs.LevelInfo, this.Request.URL.Path, "成功登录系统，用户名："+params.Username, currentIP)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}