From 649d9c4ea62862525c8a5ee91875dc03fbb4a1a6 Mon Sep 17 00:00:00 2001
From: yystopf <yystopf@163.com>
Date: Wed, 28 Sep 2022 16:09:10 +0800
Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E=EF=BC=9A=E6=9B=B4=E6=94=B9?=
 =?UTF-8?q?=E9=82=AE=E7=AE=B1=E6=8E=A7=E5=88=B6=E5=99=A8=E6=96=B9=E6=B3=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../api/v1/users/users_controller.rb          | 74 +++++++++++++++++++
 app/controllers/concerns/api/user_helper.rb   |  5 ++
 app/mailers/user_mailer.rb                    |  4 +
 app/views/user_mailer/update_email.html.erb   | 61 +++++++++++++++
 4 files changed, 144 insertions(+)
 create mode 100644 app/controllers/api/v1/users/users_controller.rb
 create mode 100644 app/views/user_mailer/update_email.html.erb

diff --git a/app/controllers/api/v1/users/users_controller.rb b/app/controllers/api/v1/users/users_controller.rb
new file mode 100644
index 000000000..c59e869b5
--- /dev/null
+++ b/app/controllers/api/v1/users/users_controller.rb
@@ -0,0 +1,74 @@
+class Api::V1::Users::UsersController < Api::V1::BaseController
+
+  before_action :load_observe_user
+  before_action :check_auth_for_observe_user
+
+  def send_update_email_vefify_code 
+    code = %W(0 1 2 3 4 5 6 7 8 9)
+    verification_code = code.sample(6).join
+    mail = params[:email]
+
+    sign = Digest::MD5.hexdigest("#{OPENKEY}#{value}")
+    tip_exception(501, "请求不合理") if sign != params[:smscode]
+
+    # 60s内不能重复发送
+    send_email_limit_cache_key = "send_email_60_second_limit:#{mail}"
+    tip_exception(-1, '请勿频繁操作') if Rails.cache.exist?(send_email_limit_cache_key)
+    send_email_control = LimitForbidControl::SendEmailCode.new(mail)
+    tip_exception(-1, '邮件发送太频繁，请稍后再试') if send_email_control.forbid?
+    begin
+      UserMailer.update_email(mail, verification_code).deliver_now
+
+      Rails.cache.write(send_email_limit_cache_key, 1, expires_in: 1.minute)
+      send_email_control.increment!
+    rescue Exception => e
+      logger_error(e)
+      tip_exception(-2,"邮件发送失败，请稍后重试")
+    end
+    ver_params = {code_type: send_type, code: code, email: mail} 
+		data = VerificationCode.new(ver_params)
+    if data.save!
+      render_ok 
+    else 
+      tip_exception(-1, "创建数据失败")
+    end
+  end
+
+  def check_password 
+    password = params[:password]
+    return render_error("8~16位密码，支持字母数字和符号") unless password =~ CustomRegexp::PASSWORD
+    return render_error("密码错误") unless @observe_user.check_password?(password)
+    render_ok
+  end
+
+  def check_email
+    mail = strip(params[:email])
+    return render_error("邮件格式有误") unless mail =~ CustomRegexp::EMAIL
+  
+    exist_owner = Owner.find_by(mail: mail)
+    return render_error('邮箱已被使用') if exist_owner 
+    render_ok
+  end 
+
+  def check_email_verifi_code 
+    code = strip(params[:code])
+    mail = strip(params[:email])
+
+    return render_error("邮件格式有误") unless mail =~ CustomRegexp::EMAIL
+
+    verifi_code = VerificationCode.where(email: mail, code: code, code_type: 8).last
+
+    return render_error("验证码不正确") if verifi_code&.code != code
+    return render_error("验证码已失效") if !verifi_code&.effective?
+    render_ok
+  end
+
+  def change_email 
+    @result_object = Api::V1::Users::UpdateEmailService.call(@observe_user, params, current_user.gitea_token)
+    if @result_object
+      return render_ok 
+    else
+      return render_error('更改邮箱失败!') 
+    end
+  end
+end
\ No newline at end of file
diff --git a/app/controllers/concerns/api/user_helper.rb b/app/controllers/concerns/api/user_helper.rb
index e6156ea56..b7714be39 100644
--- a/app/controllers/concerns/api/user_helper.rb
+++ b/app/controllers/concerns/api/user_helper.rb
@@ -16,4 +16,9 @@ module Api::UserHelper
     end
     @observe_user
   end
+
+  # 是否具有查看用户或编辑用户的权限
+  def check_auth_for_observe_user 
+   return render_forbidden unless current_user.admin? || @observe_user.id == current_user.id
+  end
 end
\ No newline at end of file
diff --git a/app/mailers/user_mailer.rb b/app/mailers/user_mailer.rb
index acd34fbbd..21ed5b0d5 100644
--- a/app/mailers/user_mailer.rb
+++ b/app/mailers/user_mailer.rb
@@ -8,4 +8,8 @@ class UserMailer < ApplicationMailer
     mail(to: mail, subject: 'Gitink | 注册验证码')
   end
 
+  def update_email(mail, code)
+    @code = code
+    mail(to: mail, subject: 'Gitink | 更改邮箱验证码')
+  end
 end
diff --git a/app/views/user_mailer/update_email.html.erb b/app/views/user_mailer/update_email.html.erb
new file mode 100644
index 000000000..c93366e4a
--- /dev/null
+++ b/app/views/user_mailer/update_email.html.erb
@@ -0,0 +1,61 @@
+<html>
+<head>
+  <meta charset="utf-8">
+  <title>GitLink-验证码发送</title>
+  <style type="text/css">
+    /* 验证链接页面 */
+    body,h1,h2,h3,h4,h5,h6,hr,p,blockquote,dl,dt,dd,ul,ol,li,pre,form,fieldset,legend,button,input,textarea,th,td{ margin:0; padding:0;}
+    body,table,input,textarea,select,button { font-family: "微软雅黑","宋体"; font-size:12px;line-height:1.5; background:#eaebec;}
+    div,img,tr,td,table{ border:0;}
+    table,tr,td{border:0;}
+    ol,ul,li{ list-style-type:none}
+    .new_content{ background:#fff; width: 100%;}
+    .email-page-link{ }
+    .email-link-top{ }
+    .c_white{ color:#fff;}
+    .email-link-con{ }
+    .email-link-line{  }
+    .email-link-footer{ padding:15px; color:#333; line-height: 1.9; }
+    .c_grey02{ color: #888;}
+    .fb{ font-weight: normal;}
+    .f14{ }
+  </style>
+
+</head>
+
+<body style="background:#fff;">
+<div class="new_content">
+  <div style="width: 598px; background:#fff; margin:20px auto; font-size:14px; ">
+    <div style="height:50px; width: 578px; background:#46484c; padding:9px 10px 6px;border:1px solid #ddd; border-bottom:none;">
+      <a href="https://www.gitlink.org.cn">
+        <%= image_tag("logo.png", alt: "确实开源", width: '100', :style => "float:left; margin-top: 8px;") %>
+      </a>
+      <div style="clear:both; overflow:hidden;"></div>
+    </div>
+    <div style="width: 558px; border-left:1px solid #ddd;border-right:1px solid #ddd; background:#fff; padding:30px 20px; color:#333; line-height: 1.9;">
+      <p style="color:#333; font-size:16px; margin-bottom:15px;font-weight: bold">
+        您好！
+      </p>
+      <p style="color:#333;">
+        你正在进行GitLink邮箱更改操作，如非本人操作，请忽略。
+      </p>
+      <div  style="text-align: center;">
+        <div style="display:block; height: 45px; line-height:45px;padding:0 30px; width:100px; font-size: 20px;  font-weight: bold; background:#ffd9d9; color:#e72c37; margin:30px auto;">
+          <p><%= @code %></p>
+        </div>
+        <span style="font-weight: normal;color:#666;">
+            此邮件为系统所发，请勿直接回复。<br/>
+    要解决问题或了解您的帐户详情，您可以访问 <a href="https:///www.gitlink.org.cn/forums/1168/detail" style="font-weight: normal; color:#ff7500;">帮助中心</a>。
+            </span>
+      </div>
+      <p style="color:#666; margin-top:30px;">
+        如果您并未发过此请求，则可能是因为其他用户在注册时误输了您的邮件地址，而使您收到了这封邮件，那么您可以放心的忽略此邮件，无需进一步采取任何操作。
+      </p>
+    </div>
+    <div style="padding:20px; color:#333; line-height: 1.9;background:#46484c;border:1px solid #ddd; border-top:none; width: 558px;">
+      <a href="https:///www.gitlink.org.cn"  style="font-weight: normal; color:#fff;">www.gitlink.org.cn</a>
+    </div>
+  </div>
+</div>
+</body>
+</html>