fe / yoho-blk · Files

Go to a project
auth.js 5.7 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 
/**
 * passport 验证策略注册
 * @author: jiangfeng<jeff.jiang@yoho.cn>
 * @date: 2016/5/31
 */

'use strict';
const _ = require('lodash');
const passport = require('passport');
const WeixinStrategy = require('passport-weixin');
const SinaStrategy = require('passport-sina').Strategy;
const LocalStrategy = require('passport-local').Strategy;
const QQStrategy = require('passport-qq').Strategy;
const AlipayStrategy = require('./models/passport-alipay').Strategy;

const md5 = require('md5');

const AuthHelper = require('./models/auth-helper');

const config = global.yoho.config;
const helpers = global.yoho.helpers;
const cookie = global.yoho.cookie;
const logger = global.yoho.logger;
const cache = global.yoho.cache;

let siteUrl = config.siteUrl.indexOf('//') === 0 ? 'http:' + config.siteUrl : config.siteUrl;


// 本地登录
passport.use(new LocalStrategy({
    usernameField: 'account',
    passwordField: 'password',
    passReqToCallback: true
}, (req, username, password, done) => {

    let area = req.body.area || '86';

    if (isNaN(parseInt(area, 0)) || _.isEmpty(username) || _.isEmpty(password)) {
        logger.info(`【Passport Loginbad params, area:${area} account:${username} password:${password}`);
        return done('登录参数错误', null);
    }

    let verifyEmail = helpers.verifyEmail(username);
    let verifyMobile = helpers.verifyAreaMobile(username, area);

    if (!verifyEmail && !verifyMobile) {
        logger.info(`【Passport Loginbad account, email:${verifyEmail} mobile:${verifyMobile}`);
        return done('登录账号格式错误', null);
    }

    let expire = req.cookies['LE' + md5('_LOGIN_EXPIRE')];

    if (_.isEmpty(expire) || expire < (new Date()).getTime() / 1000) {
        return done('页面停留时间过长,请刷新页面', null);
    }

    let shoppingKey = cookie.getShoppingKey(req);

    let account = req.body.account;
    let ip = req.ip;

    let errorLoginKey = 'account_errorlogin_' + account;
    let accountKey = 'account_signin_' + account;
    let ipKey = 'ip_signin_' + ip;

    let cacheGet = [cache.get(errorLoginKey), cache.get(accountKey), cache.get(ipKey)];

    Promise.all(cacheGet).then(times => {
        let errLoginTimes = parseInt(times[0], 0) || 0;
        let accountTimes = parseInt(times[1], 0) || 0;
        let ipTimes = parseInt(times[2], 0) || 0;

        console.log(errLoginTimes);

        if (accountTimes >= 10) {
            done({ message: '您的账号已被暂时锁定,请稍后再试' }, null);
        } else if (ipTimes >= 100) {
            done({ message: '您尝试的次数过多,账号已被暂时锁定,请稍后再试' }, null);
        } else {
            return AuthHelper.signin(area, username, password, shoppingKey).then((result) => {
                console.log(result);
                if (result.code && result.code === 200 && result.data.uid) {
                    cache.del(errorLoginKey);

                    done(null, result.data);
                } else {
                    errLoginTimes = errLoginTimes + 1;
                    accountTimes = accountTimes + 1;
                    ipTimes = ipTimes + 1;
                    cache.set(errorLoginKey, errLoginTimes);
                    cache.set(accountKey, accountTimes, 1800);
                    cache.set(ipKey, ipTimes, 3600);

                    // 再次校验
                    if (ipTimes >= 100) {
                        done({ message: '您尝试的次数过多,账号已被暂时锁定,请稍后再试' }, null);
                    } else if (accountTimes >= 10) {
                        done({ message: '您的账号已被暂时锁定,请稍后再试' }, null);
                    } else if (errLoginTimes >= 3) {
                        done({
                            message: `您输入的密码及账户名不匹配,
                            是否<a href="${helpers.urlFormat('/passport/back/index')}" target="_blank">忘记密码?</a>`,
                            needCaptcha: true
                        });
                    } else {
                        done({
                            message: `您输入的密码及账户名不匹配,
                            是否<a href="${helpers.urlFormat('/passport/back/index')}" target="_blank">忘记密码?</a>`,
                            needCaptcha: false
                        });
                    }
                }
            });
        }
    }).catch(e => {
        logger.error('call the signin service fail,', e);
        done('登录失败,请稍后重试', null);
    });

}));

/**
 * wechat登录
 */

passport.use('wechat', new WeixinStrategy({
    clientID: config.thirdLogin.wechat.appID,
    clientSecret: config.thirdLogin.wechat.appSecret,
    callbackURL: `${siteUrl}/passport/login/wechat/callback`,
    requireState: true,
    scope: 'snsapi_login'
}, (accessToken, refreshToken, profile, done) => {
    done(null, profile);
}));

// sina 登录
passport.use('sina', new SinaStrategy({
    clientID: '3739328910',
    clientSecret: '9d44cded26d048e23089e5e975c93df1',
    callbackURL: `${siteUrl}/passport/login/sina/callback`,
    requireState: false
}, (accessToken, refreshToken, profile, done) => {
    done(null, profile);
}));

// qq 登录
passport.use('qq', new QQStrategy({
    clientID: '100229394',
    clientSecret: 'c0af9c29e0900813028c2ccb42021792',
    callbackURL: `${siteUrl}/passport/login/qq/callback`,
    requireState: false
}, (accessToken, refreshToken, profile, done) => {
    done(null, profile);
}));

// alipay 登录
passport.use('alipay', new AlipayStrategy({
    partner: '2088701661478015',
    key: 'kcxawi9bb07mzh0aq2wcirsf9znusobw',
    callbackURL: `${siteUrl}/passport/login/alipay/callback`
}), (profile, done) => {
    done(null, profile);
});