From 2cde13eabbb77fc715c46454b2375e9c8c2393f3 Mon Sep 17 00:00:00 2001 From: yystopf Date: Thu, 29 Sep 2022 12:05:57 +0800 Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E=EF=BC=9A=E6=8E=A5=E5=8F=A3?= =?UTF-8?q?=E6=B5=8B=E8=AF=95=E4=BB=A5=E5=8F=8A=E5=8A=9F=E8=83=BD=E6=B5=8B?= =?UTF-8?q?=E8=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../api/v1/users/users_controller.rb | 76 ------------------- app/controllers/api/v1/users_controller.rb | 76 ++++++++++++++++++- app/controllers/concerns/api/user_helper.rb | 4 + .../api/v1/users/update_email_service.rb | 44 ++++++----- config/initializers/gitea_client.rb | 4 +- config/routes/api.rb | 10 ++- 6 files changed, 114 insertions(+), 100 deletions(-) delete mode 100644 app/controllers/api/v1/users/users_controller.rb diff --git a/app/controllers/api/v1/users/users_controller.rb b/app/controllers/api/v1/users/users_controller.rb deleted file mode 100644 index f62d4f86e..000000000 --- a/app/controllers/api/v1/users/users_controller.rb +++ /dev/null @@ -1,76 +0,0 @@ -class Api::V1::Users::UsersController < Api::V1::BaseController - - before_action :load_observe_user - before_action :check_auth_for_observe_user - - def send_vefify_code - code = %W(0 1 2 3 4 5 6 7 8 9) - verification_code = code.sample(6).join - mail = params[:email] - code_type = params[:code_type] - - sign = Digest::MD5.hexdigest("#{OPENKEY}#{value}") - tip_exception(501, "请求不合理") if sign != params[:smscode] - - # 60s内不能重复发送 - send_email_limit_cache_key = "send_email_60_second_limit:#{mail}" - tip_exception(-1, '请勿频繁操作') if Rails.cache.exist?(send_email_limit_cache_key) - send_email_control = LimitForbidControl::SendEmailCode.new(mail) - tip_exception(-1, '邮件发送太频繁,请稍后再试') if send_email_control.forbid? - begin - UserMailer.update_email(mail, verification_code).deliver_now - - Rails.cache.write(send_email_limit_cache_key, 1, expires_in: 1.minute) - send_email_control.increment! - rescue Exception => e - logger_error(e) - tip_exception(-2,"邮件发送失败,请稍后重试") - end - ver_params = {code_type: code_type, code: code, email: mail} - data = VerificationCode.new(ver_params) - if data.save! - render_ok - else - tip_exception(-1, "创建数据失败") - end - end - - def check_password - password = params[:password] - return render_error("8~16位密码,支持字母数字和符号") unless password =~ CustomRegexp::PASSWORD - return render_error("密码错误") unless @observe_user.check_password?(password) - render_ok - end - - def check_email - mail = strip(params[:email]) - return render_error("邮件格式有误") unless mail =~ CustomRegexp::EMAIL - - exist_owner = Owner.find_by(mail: mail) - return render_error('邮箱已被使用') if exist_owner - render_ok - end - - def check_email_verifi_code - code = strip(params[:code]) - mail = strip(params[:email]) - code_type = params[:code_type] - - return render_error("邮件格式有误") unless mail =~ CustomRegexp::EMAIL - - verifi_code = VerificationCode.where(email: mail, code: code, code_type: code_type).last - - return render_error("验证码不正确") if verifi_code&.code != code - return render_error("验证码已失效") if !verifi_code&.effective? - render_ok - end - - def change_email - @result_object = Api::V1::Users::UpdateEmailService.call(@observe_user, params, current_user.gitea_token) - if @result_object - return render_ok - else - return render_error('更改邮箱失败!') - end - end -end \ No newline at end of file diff --git a/app/controllers/api/v1/users_controller.rb b/app/controllers/api/v1/users_controller.rb index 55f5cfb22..37a41ff75 100644 --- a/app/controllers/api/v1/users_controller.rb +++ b/app/controllers/api/v1/users_controller.rb @@ -1,6 +1,78 @@ class Api::V1::UsersController < Api::V1::BaseController - def index - render_ok + before_action :load_observe_user + before_action :check_auth_for_observe_user + + def send_email_vefify_code + code = %W(0 1 2 3 4 5 6 7 8 9) + verification_code = code.sample(6).join + mail = params[:email] + code_type = params[:code_type] + + sign = Digest::MD5.hexdigest("#{OPENKEY}#{mail}") + Rails.logger.info sign + + tip_exception(501, "请求不合理") if sign != params[:smscode] + + # 60s内不能重复发送 + send_email_limit_cache_key = "send_email_60_second_limit:#{mail}" + tip_exception(-1, '请勿频繁操作') if Rails.cache.exist?(send_email_limit_cache_key) + send_email_control = LimitForbidControl::SendEmailCode.new(mail) + tip_exception(-1, '邮件发送太频繁,请稍后再试') if send_email_control.forbid? + begin + UserMailer.update_email(mail, verification_code).deliver_now + + Rails.cache.write(send_email_limit_cache_key, 1, expires_in: 1.minute) + send_email_control.increment! + rescue Exception => e + logger_error(e) + tip_exception(-2,"邮件发送失败,请稍后重试") + end + ver_params = {code_type: code_type, code: verification_code, email: mail} + data = VerificationCode.new(ver_params) + if data.save! + render_ok + else + tip_exception(-1, "创建数据失败") + end + end + + def check_password + password = params[:password] + return render_error("8~16位密码,支持字母数字和符号") unless password =~ CustomRegexp::PASSWORD + return render_error("密码错误") unless @observe_user.check_password?(password) + render_ok + end + + def check_email + mail = strip(params[:email]) + return render_error("邮件格式有误") unless mail =~ CustomRegexp::EMAIL + + exist_owner = Owner.find_by(mail: mail) + return render_error('邮箱已被使用') if exist_owner + render_ok + end + + def check_email_verify_code + code = strip(params[:code]) + mail = strip(params[:email]) + code_type = params[:code_type] + + return render_error("邮件格式有误") unless mail =~ CustomRegexp::EMAIL + + verifi_code = VerificationCode.where(email: mail, code: code, code_type: code_type).last + + return render_error("验证码不正确") if verifi_code&.code != code + return render_error("验证码已失效") if !verifi_code&.effective? + render_ok + end + + def update_email + @result_object = Api::V1::Users::UpdateEmailService.call(@observe_user, params, current_user.gitea_token) + if @result_object + return render_ok + else + return render_error('更改邮箱失败!') + end end end \ No newline at end of file diff --git a/app/controllers/concerns/api/user_helper.rb b/app/controllers/concerns/api/user_helper.rb index b7714be39..4c7b713fc 100644 --- a/app/controllers/concerns/api/user_helper.rb +++ b/app/controllers/concerns/api/user_helper.rb @@ -21,4 +21,8 @@ module Api::UserHelper def check_auth_for_observe_user return render_forbidden unless current_user.admin? || @observe_user.id == current_user.id end + + def strip(str) + str.to_s.strip.presence + end end \ No newline at end of file diff --git a/app/services/api/v1/users/update_email_service.rb b/app/services/api/v1/users/update_email_service.rb index 976f2195b..133693777 100644 --- a/app/services/api/v1/users/update_email_service.rb +++ b/app/services/api/v1/users/update_email_service.rb @@ -1,10 +1,11 @@ class Api::V1::Users::UpdateEmailService < ApplicationService include ActiveModel::Model - attr_reader :user, :token, :password, :mail, :old_mail, :code, :verify_code - attr_accessor :gitea_token + attr_reader :user, :token, :password, :mail, :old_mail, :code, :code_type, :verify_code + attr_accessor :gitea_data - validates :mail + validates :password, :code, :code_type, presence: true + validates :mail, presence: true, format: { with: CustomRegexp::EMAIL } def initialize(user, params, token =nil) @user = user @@ -13,25 +14,28 @@ class Api::V1::Users::UpdateEmailService < ApplicationService @mail = params[:email] @old_mail = user.mail @code = params[:code] - @verify_code = VerificationCode.where(email: @mail, code: @code, code_type: params[:code_type]).last + @code_type = params[:code_type] + @verify_code = VerificationCode.where(email: @mail, code: @code, code_type: @code_type).last end def call raise Error, errors.full_messages.join(",") unless valid? - raise Error, "密码不正确." if @user.check_password?(@password) - raise Error, "验证码不正确." if @verifi_code&.code != @code - raise Error, "验证码已失效." if !verifi_code&.effective? + raise Error, "密码不正确." unless @user.check_password?(@password) + raise Error, "验证码不正确." if @verify_code&.code != @code + raise Error, "验证码已失效." if !@verify_code&.effective? - ActiveRecord::Base.transaction do - change_user_email - excute_data_to_gitea - excute_remove_email_from_gitea - end + # begin + ActiveRecord::Base.transaction do + change_user_email + excute_data_to_gitea + excute_change_email_from_gitea + end - return gitea_data + return gitea_data - rescue - raise Error, "服务器错误,请联系系统管理员!" + # rescue + # raise Error, "服务器错误,请联系系统管理员!" + # end end private @@ -43,7 +47,7 @@ class Api::V1::Users::UpdateEmailService < ApplicationService def request_body { - email: @email, + email: @mail, login_name: @user.login, source_id: 0 } @@ -54,10 +58,12 @@ class Api::V1::Users::UpdateEmailService < ApplicationService end def excute_data_to_gitea - @gitea_token = $gitea_client.patch_admin_users_by_username(@user.login, {body: request_body.to_json}) + Rails.logger.info request_body + @gitea_data = $gitea_client.patch_admin_users_by_username(@user.login, {body: request_body.to_json}) end - def excute_remove_email_from_gitea - @gitea_token = $gitea_client.delete_user_emails({body: {emails: [@old_mail]}, query: request_params}) + def excute_change_email_from_gitea + $gitea_client.delete_user_emails({body: {emails: [@old_mail]}.to_json, query: request_params}) + $gitea_client.post_user_emails({body: {emails: [@mail]}.to_json, query: request_params}) end end \ No newline at end of file diff --git a/config/initializers/gitea_client.rb b/config/initializers/gitea_client.rb index 92706ffd8..c909cebf4 100644 --- a/config/initializers/gitea_client.rb +++ b/config/initializers/gitea_client.rb @@ -6,6 +6,6 @@ gitea_config = config[:gitea].symbolize_keys! $gitea_client = Gitea::Api::Client.new({ domain: gitea_config[:domain], base_url: gitea_config[:base_url], - username: gitea_config[:username], - password: gitea_config[:password] + username: gitea_config[:access_key_id], + password: gitea_config[:access_key_secret] }) \ No newline at end of file diff --git a/config/routes/api.rb b/config/routes/api.rb index d5f82ff7b..ab098b1dc 100644 --- a/config/routes/api.rb +++ b/config/routes/api.rb @@ -2,7 +2,15 @@ defaults format: :json do namespace :api do namespace :v1 do scope ':owner' do - resource :users, path: '/', only: [:show, :update, :edit, :destroy] + resource :users, path: '/', only: [:show, :update, :edit, :destroy] do + collection do + get :send_email_vefify_code + post :check_password + post :check_email + post :check_email_verify_code + patch :update_email + end + end scope module: :users do resources :projects, only: [:index] end