// Copyright 2023 GoEdge CDN goedge.cdn@gmail.com. All rights reserved. Official site: https://goedge.cn . package actionutils import ( "encoding/json" "github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao" "github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb" "github.com/TeaOSLab/EdgeUser/internal/oplogs" "github.com/TeaOSLab/EdgeUser/internal/rpc" "github.com/TeaOSLab/EdgeUser/internal/utils" "github.com/TeaOSLab/EdgeUser/internal/web/actions/default/login/loginutils" "github.com/TeaOSLab/EdgeUser/internal/web/helpers" "github.com/iwind/TeaGo/actions" "github.com/iwind/TeaGo/maps" "github.com/iwind/TeaGo/types" stringutil "github.com/iwind/TeaGo/utils/string" "github.com/xlzd/gotp" "time" ) var TokenSalt = stringutil.Rand(32) // LoginAction 登录动作 type LoginAction struct { ParentAction } // RunPost 提交 func (this *LoginAction) RunPost(params struct { Token string Username string Password string OtpCode string Remember bool Must *actions.Must Auth *helpers.UserShouldAuth CSRF *CSRF }) { params.Must. Field("username", params.Username). Require("请输入用户名"). Field("password", params.Password). Require("请输入密码") if params.Password == stringutil.Md5("") { this.FailField("password", "请输入密码") } // 检查token if len(params.Token) <= 32 { this.Fail("请通过登录页面登录") } timestampString := params.Token[32:] if stringutil.Md5(TokenSalt+timestampString) != params.Token[:32] { this.FailField("refresh", "登录页面已过期,请刷新后重试") } timestamp := types.Int64(timestampString) if timestamp < time.Now().Unix()-1800 { this.FailField("refresh", "登录页面已过期,请刷新后重试") } rpcClient, err := rpc.SharedRPC() if err != nil { this.Fail("服务器出了点小问题:" + err.Error()) return } resp, err := rpcClient.UserRPC().LoginUser(rpcClient.Context(0), &pb.LoginUserRequest{ Username: params.Username, Password: params.Password, }) if err != nil { err = dao.SharedLogDAO.CreateUserLog(rpcClient.Context(0), oplogs.LevelError, this.Request.URL.Path, "登录时发生系统错误:"+err.Error(), loginutils.RemoteIP(&this.ActionObject)) if err != nil { utils.PrintError(err) } Fail(this, err) } if !resp.IsOk { err = dao.SharedLogDAO.CreateUserLog(rpcClient.Context(0), oplogs.LevelWarn, this.Request.URL.Path, "登录失败,用户名:"+params.Username, loginutils.RemoteIP(&this.ActionObject)) if err != nil { utils.PrintError(err) } this.Fail(resp.Message) } // 检查OTP otpLoginResp, err := this.RPC().LoginRPC().FindEnabledLogin(this.UserContext(), &pb.FindEnabledLoginRequest{ UserId: resp.UserId, Type: "otp", }) if err != nil { this.ErrorPage(err) return } if otpLoginResp.Login != nil && otpLoginResp.Login.IsOn { loginParams := maps.Map{} err = json.Unmarshal(otpLoginResp.Login.ParamsJSON, &loginParams) if err != nil { this.ErrorPage(err) return } secret := loginParams.GetString("secret") if gotp.NewDefaultTOTP(secret).Now() != params.OtpCode { this.Fail("请输入正确的OTP动态密码") } } var userId = resp.UserId params.Auth.StoreUser(userId, params.Remember) // 清理老的SESSION var currentIP = loginutils.RemoteIP(&this.ActionObject) _, err = this.RPC().LoginSessionRPC().ClearOldLoginSessions(this.UserContext(), &pb.ClearOldLoginSessionsRequest{ Sid: this.Session().Sid, Ip: currentIP, }) if err != nil { this.ErrorPage(err) return } // 记录日志 err = dao.SharedLogDAO.CreateUserLog(rpcClient.Context(userId), oplogs.LevelInfo, this.Request.URL.Path, "成功登录系统,用户名:"+params.Username, currentIP) if err != nil { this.ErrorPage(err) return } this.Success() }