修改token生成方法，加入version

2023-08-10 13:43:27 +08:00 · 2023-08-10 13:43:27 +08:00 · a021e4431c
commit a021e4431c
parent d0e8679527
10 changed files with 99 additions and 52 deletions
--- a/.env.development
+++ b/.env.development
@ -8,7 +8,7 @@ API_TOKEN_EXPIRESIN=1d
 GOOGLE_OAUTH_CLIENT="53206975661-asnf3qe4bg29p8h981pgf099osvrjbme.apps.googleusercontent.com"
 GOOGLE_OAUTH_CLIENT2="53206975661-ih3r0ubph3rqejdq97b029difbrk2bqj.apps.googleusercontent.com"
 GOOGLE_OAUTH_CLIENT_IOS="53206975661-qan0rnefniegjv53ohild375pv0p7ekd.apps.googleusercontent.com"
-DB_MAIN=mongodb://localhost/wallet-development
+DB_MAIN=mongodb://192.168.100.22/wallet-development

 EMAIL_VERIFY_URL="https://wallet.cebggame.com"
 EMAIL_SERVER='http://127.0.0.1:3087'
--- a/src/api.server.ts
+++ b/src/api.server.ts
@ -43,6 +43,7 @@ export class ApiServer {
      expiresIn: config.api.token_expiresIn,
    })
    if (process.env.NODE_ENV !== 'production') {
+      mongoose.set('debug', true)
      this.server.register(require('@fastify/cors'), {})
    }
  }
--- a/src/controllers/apple.controller.ts
+++ b/src/controllers/apple.controller.ts
@ -34,7 +34,12 @@ class AppleController extends BaseController {
    if (payload.name) data.nickname = payload.name
    if (payload.picture) data.avatar = payload.picture
    let user = await Account.insertOrUpdate({ plat: PlatEnum.APPLE, openId }, data)
-    const ztoken = await res.jwtSign({ id: user.id, openid: openId, plat: PlatEnum.APPLE })
+    const ztoken = await res.jwtSign({
+      id: user.id,
+      openid: user.openId,
+      version: user.accountVersion || 0,
+      plat: PlatEnum.APPLE,
+    })
    return { token: ztoken }
  }

--- a/src/controllers/facebook.controller.ts
+++ b/src/controllers/facebook.controller.ts
@ -39,7 +39,12 @@ class FacebookController extends BaseController {
    if (infoRes['name']) user.nickname = infoRes['name']
    if (infoRes['email']) user.email = infoRes['email']
    let account = await Account.insertOrUpdate({ plat: PlatEnum.FACEBOOK, openId }, user)
-    const ztoken = await res.jwtSign({ id: account.id, openid: openId, plat: PlatEnum.FACEBOOK })
+    const ztoken = await res.jwtSign({
+      id: account.id,
+      openid: user.openId,
+      version: user.accountVersion || 0,
+      plat: PlatEnum.FACEBOOK,
+    })
    return { token: ztoken }
  }
 }
--- a/src/controllers/google.controller.ts
+++ b/src/controllers/google.controller.ts
@ -0,0 +1,59 @@
+import BaseController, { ROLE_ANON } from 'common/base.controller'
+import { ZError } from 'common/ZError'
+import { role, router } from 'decorators/router'
+
+import { OAuth2Client } from 'google-auth-library'
+import { Account, PlatEnum } from 'modules/Account'
+import { customAlphabet } from 'nanoid'
+
+const nanoid = customAlphabet('1234567890abcdef', 10)
+const GOOGLE_OAUTH_ISS = 'https://accounts.google.com'
+const GOOGLE_OAUTH_ISS1 = 'accounts.google.com'
+const IOS_TEST = '53206975661-0d6q9pqljn84n9l63gm0to1ulap9cbk4.apps.googleusercontent.com'
+
+class GoogleController extends BaseController {
+  @role(ROLE_ANON)
+  @router('post /wallet/login/google')
+  async checkGoogleJwt(req, res) {
+    const { token } = req.params
+    const CLIENT_ID = process.env.GOOGLE_OAUTH_CLIENT
+    const CLIENT_ID2 = process.env.GOOGLE_OAUTH_CLIENT2
+    const CLIENT_ID_IOS = process.env.GOOGLE_OAUTH_CLIENT_IOS
+    const client = new OAuth2Client(CLIENT_ID)
+    const ticket = await client.verifyIdToken({
+      idToken: token,
+      audience: [CLIENT_ID, CLIENT_ID2, CLIENT_ID_IOS, IOS_TEST], // Specify the CLIENT_ID of the app that accesses the backend
+      // Or, if multiple clients access the backend:
+      //[CLIENT_ID_1, CLIENT_ID_2, CLIENT_ID_3]
+    })
+    const payload = ticket.getPayload()
+    if (!(payload.iss === GOOGLE_OAUTH_ISS || payload.iss === GOOGLE_OAUTH_ISS1)) {
+      throw new ZError(10, 'id token error')
+    }
+    if (
+      payload.aud !== CLIENT_ID &&
+      payload.aud !== CLIENT_ID2 &&
+      payload.aud !== CLIENT_ID_IOS &&
+      payload.aud !== IOS_TEST
+    ) {
+      throw new ZError(11, 'client id mismatch')
+    }
+    const openId = payload.sub
+    let data: any = {}
+    if (payload.email) data.email = payload.email
+    if (process.env.NODE_ENV !== 'development') {
+      if (payload.email_verified !== undefined) data.emailVerified = payload.email_verified
+    }
+    if (payload.locale) data.locale = payload.locale
+    if (payload.name) data.nickname = payload.name
+    if (payload.picture) data.avatar = payload.picture
+    let user = await Account.insertOrUpdate({ plat: PlatEnum.GOOGLE, openId }, data)
+    const ztoken = await res.jwtSign({
+      id: user.id,
+      openid: user.openId,
+      version: user.accountVersion || 0,
+      plat: PlatEnum.GOOGLE,
+    })
+    return { token: ztoken }
+  }
+}
--- a/src/controllers/mail.controller.ts
+++ b/src/controllers/mail.controller.ts
@ -37,7 +37,12 @@ class MailController extends BaseController {
    if (!record.verifyPassword(password)) {
      throw new ZError(13, 'password error')
    }
-    const token = await res.jwtSign({ id: record.id, openid: record.openId, plat: PlatEnum.EMAIL })
+    const token = await res.jwtSign({
+      id: record.id,
+      openid: record.openId,
+      version: record.accountVersion || 0,
+      plat: PlatEnum.EMAIL,
+    })
    return { token: token }
  }

--- a/src/controllers/main.controllers.ts
+++ b/src/controllers/main.controllers.ts
@ -1,15 +1,7 @@
 import BaseController, { ROLE_ANON } from 'common/base.controller'
 import { ZError } from 'common/ZError'
 import { role, router } from 'decorators/router'
-
-import { OAuth2Client } from 'google-auth-library'
-import { Account, PlatEnum } from 'modules/Account'
-import { customAlphabet } from 'nanoid'
-
-const nanoid = customAlphabet('1234567890abcdef', 10)
-const GOOGLE_OAUTH_ISS = 'https://accounts.google.com'
-const GOOGLE_OAUTH_ISS1 = 'accounts.google.com'
-const IOS_TEST = '53206975661-0d6q9pqljn84n9l63gm0to1ulap9cbk4.apps.googleusercontent.com'
+import { Account } from 'modules/Account'

 class MainController extends BaseController {
  @role(ROLE_ANON)
@ -19,43 +11,10 @@ class MainController extends BaseController {
    return {}
  }

-  @role(ROLE_ANON)
-  @router('post /wallet/login/google')
-  async checkGoogleJwt(req, res) {
-    const { token } = req.params
-    const CLIENT_ID = process.env.GOOGLE_OAUTH_CLIENT
-    const CLIENT_ID2 = process.env.GOOGLE_OAUTH_CLIENT2
-    const CLIENT_ID_IOS = process.env.GOOGLE_OAUTH_CLIENT_IOS
-    const client = new OAuth2Client(CLIENT_ID)
-    const ticket = await client.verifyIdToken({
-      idToken: token,
-      audience: [CLIENT_ID, CLIENT_ID2, CLIENT_ID_IOS, IOS_TEST], // Specify the CLIENT_ID of the app that accesses the backend
-      // Or, if multiple clients access the backend:
-      //[CLIENT_ID_1, CLIENT_ID_2, CLIENT_ID_3]
-    })
-    const payload = ticket.getPayload()
-    if (!(payload.iss === GOOGLE_OAUTH_ISS || payload.iss === GOOGLE_OAUTH_ISS1)) {
-      throw new ZError(10, 'id token error')
-    }
-    if (
-      payload.aud !== CLIENT_ID &&
-      payload.aud !== CLIENT_ID2 &&
-      payload.aud !== CLIENT_ID_IOS &&
-      payload.aud !== IOS_TEST
-    ) {
-      throw new ZError(11, 'client id mismatch')
-    }
-    const openId = payload.sub
-    let data: any = {}
-    if (payload.email) data.email = payload.email
-    if (process.env.NODE_ENV !== 'development') {
-      if (payload.email_verified !== undefined) data.emailVerified = payload.email_verified
-    }
-    if (payload.locale) data.locale = payload.locale
-    if (payload.name) data.nickname = payload.name
-    if (payload.picture) data.avatar = payload.picture
-    let user = await Account.insertOrUpdate({ plat: PlatEnum.GOOGLE, openId }, data)
-    const ztoken = await res.jwtSign({ id: user.id, openid: openId, plat: PlatEnum.GOOGLE })
-    return { token: ztoken }
+  @router('post /wallet/account/reset')
+  async resetAccount(req, res) {
+    const user = req.user
+    await user.updateOne({ $inc: { accountVersion: 1 } })
+    return {}
  }
 }
--- a/src/controllers/tiktok.controller.ts
+++ b/src/controllers/tiktok.controller.ts
@ -23,7 +23,12 @@ class TiktokController extends BaseController {
    user.refreshTokenExpire = now + result.data['refresh_expires_in'] - EXPIRE_REDUCE_SECOND
    user.scope = result.data['scope']
    let account = await Account.insertOrUpdate({ plat: PlatEnum.TIKTOK, openId }, user)
-    const ztoken = await res.jwtSign({ id: account.id, openid: openId, plat: PlatEnum.TIKTOK })
+    const ztoken = await res.jwtSign({
+      id: account.id,
+      openid: user.openId,
+      version: user.accountVersion || 0,
+      plat: PlatEnum.TIKTOK,
+    })
    return { token: ztoken }
  }
  @router('post /wallet/tiktok/accesstoken')
--- a/src/controllers/wallet.controller.ts
+++ b/src/controllers/wallet.controller.ts
@ -66,6 +66,11 @@ class WalletController extends BaseController {
    return {}
  }

+  @router('post /wallet/rest')
+  async resetWalletInfo(req, res) {
+    return {}
+  }
+
  @router('post /wallet/collection')
  async uploadUserCollection(req, res) {
    let user = req.user
--- a/src/modules/Account.ts
+++ b/src/modules/Account.ts
@ -102,6 +102,9 @@ class AccountClass extends BaseModule {

  @prop()
  public emailVerifyTime?: number
+  // 用于标识该账号是否已经重置过
+  @prop({ default: 0 })
+  public accountVersion: number

  public static async findByEmail(this: ReturnModelType<typeof AccountClass>, email) {
    return this.findOne({ email, plat: PlatEnum.EMAIL }).exec()