auth.js 6.54 KB
/**
 * passport 验证策略注册
 * @author: jiangfeng<jeff.jiang@yoho.cn>
 * @date: 2016/5/31
 */

'use strict';
const _ = require('lodash');
const passport = require('passport');
const WeixinStrategy = require('passport-weixin');
const SinaStrategy = require('passport-sina').Strategy;
const LocalStrategy = require('passport-local').Strategy;
const QQStrategy = require('passport-qq').Strategy;
const DoubanStrategy = require('passport-douban').Strategy;
const RenrenStrategy = require('passport-renren').Strategy;
const AlipayStrategy = require('./models/passport-alipay').Strategy;

const md5 = require('md5');

const AuthHelper = require('./models/auth-helper');

const config = global.yoho.config;
const helpers = global.yoho.helpers;
const cookie = global.yoho.cookie;
const logger = global.yoho.logger;
const cache = global.yoho.cache;

let siteUrl = config.siteUrl.indexOf('//') === 0 ? 'http:' + config.siteUrl : config.siteUrl;


// 本地登录
passport.use(new LocalStrategy({
    usernameField: 'account',
    passwordField: 'password',
    passReqToCallback: true
}, (req, username, password, done) => {

    let area = req.body.area || '86';

    if (isNaN(_.parseInt(area)) || _.isEmpty(username) || _.isEmpty(password)) {
        logger.info(`【Passport Loginbad params, area:${area} account:${username} password:${password}`);
        return done({message: '登录参数错误'}, null);
    }

    let verifyEmail = helpers.verifyEmail(username);
    let verifyMobile = helpers.verifyAreaMobile(username, area);

    if (!verifyEmail && !verifyMobile) {
        logger.info(`【Passport Loginbad account, email:${verifyEmail} mobile:${verifyMobile}`);
        return done({message: '登录账号格式错误'}, null);
    }

    let expire = req.cookies['LE' + md5('_LOGIN_EXPIRE')];

    if (_.isEmpty(expire) || expire < (new Date()).getTime() / 1000) {
        return done({message: '页面停留时间过长,请刷新页面'}, null);
    }

    let verifyCode = req.body.captcha;

    if (verifyCode && verifyCode !== req.session.captcha) {
        return done({message: '验证码不正确或验证码过期', needCaptcha: true}, null);
    }

    let shoppingKey = cookie.getShoppingKey(req);

    let account = req.body.account;
    let ip = req.ip;

    let errorLoginKey = 'account_errorlogin_' + account;
    let accountKey = 'account_signin_' + account;
    let ipKey = 'ip_signin_' + ip;

    let cacheGet = [cache.get(errorLoginKey), cache.get(accountKey), cache.get(ipKey)];

    Promise.all(cacheGet).then(times => {
        let errLoginTimes = _.parseInt(times[0]) || 0;
        let accountTimes = _.parseInt(times[1]) || 0;
        let ipTimes = _.parseInt(times[2]) || 0;

        if (accountTimes >= 10) {
            done({message: '您的账号已被暂时锁定,请稍后再试'}, null);
        } else if (ipTimes >= 100) {
            done({message: '您尝试的次数过多,账号已被暂时锁定,请稍后再试'}, null);
        } else {
            return AuthHelper.signin(area, username, password, shoppingKey).then((result) => {
                if (result.code && result.code === 200 && result.data.uid) {
                    cache.del(errorLoginKey);

                    done(null, result.data);
                } else {
                    errLoginTimes = errLoginTimes + 1;
                    accountTimes = accountTimes + 1;
                    ipTimes = ipTimes + 1;
                    cache.set(errorLoginKey, errLoginTimes);
                    cache.set(accountKey, accountTimes, 1800);
                    cache.set(ipKey, ipTimes, 3600);

                    // 再次校验
                    if (ipTimes >= 100) {
                        done({message: '您尝试的次数过多,账号已被暂时锁定,请稍后再试'}, null);
                    } else if (accountTimes >= 10) {
                        done({message: '您的账号已被暂时锁定,请稍后再试'}, null);
                    } else if (errLoginTimes >= 3) {
                        done({
                            message: `您输入的密码及账户名不匹配,
                            是否<a href="${helpers.urlFormat('/passport/back/index')}" target="_blank">忘记密码?</a>`,
                            needCaptcha: true
                        });
                    } else {
                        done({
                            message: `您输入的密码及账户名不匹配,
                            是否<a href="${helpers.urlFormat('/passport/back/index')}" target="_blank">忘记密码?</a>`,
                            needCaptcha: false
                        });
                    }
                }
            });
        }
    }).catch(e => {
        logger.error('call the signin service fail,', e);
        done('登录失败,请稍后重试', null);
    });

}));

/**
 * wechat登录
 */

passport.use('wechat', new WeixinStrategy({
    clientID: config.thirdLogin.wechat.appID,
    clientSecret: config.thirdLogin.wechat.appSecret,
    callbackURL: `${siteUrl}/passport/login/wechat/callback`,
    requireState: true,
    scope: 'snsapi_login'
}, (accessToken, refreshToken, profile, done) => {
    done(null, profile);
}));

// sina 登录
passport.use('sina', new SinaStrategy({
    clientID: '3739328910',
    clientSecret: '9d44cded26d048e23089e5e975c93df1',
    callbackURL: `${siteUrl}/passport/login/sina/callback`,
    requireState: false
}, (accessToken, refreshToken, profile, done) => {
    done(null, profile);
}));

// qq 登录
passport.use('qq', new QQStrategy({
    clientID: '100229394',
    clientSecret: 'c0af9c29e0900813028c2ccb42021792',
    callbackURL: `${siteUrl}/passport/login/qq/callback`,
    requireState: false
}, (accessToken, refreshToken, profile, done) => {
    done(null, profile);
}));

// alipay 登录
passport.use('alipay', new AlipayStrategy({
    partner: '2088701661478015',
    key: 'kcxawi9bb07mzh0aq2wcirsf9znusobw',
    return_url: `${siteUrl}/passport/login/alipay/callback`
}, (profile, done) => {
    done(null, profile);
}));

// douban 登录
passport.use('douban', new DoubanStrategy({
    clientID: '03b4e36bf13dc75a0b1eaa43d3b9560e',
    clientSecret: 'f16d5913e8610672',
    callbackURL: `${siteUrl}/passport/autosign/doubanback`
}, (accessToken, refreshToken, profile, done) => {
    done(null, profile);
}));

// renren 登录
passport.use('renren', new RenrenStrategy({
    clientID: '783130c654c94a77ace97054ae266019',
    clientSecret: '05e430de8c1e40d3a1f39ca8d3f8252c',
    callbackURL: `${siteUrl}/passport/login/renren/callback`
}, (accessToken, refreshToken, profile, done) => {
    done(null, profile);
}));