|
@@ -7,6 +7,7 @@ |
|
@@ -7,6 +7,7 @@ |
7
|
const Promise = require('bluebird');
|
7
|
const Promise = require('bluebird');
|
8
|
const co = Promise.coroutine;
|
8
|
const co = Promise.coroutine;
|
9
|
const helpers = global.yoho.helpers;
|
9
|
const helpers = global.yoho.helpers;
|
|
|
10
|
+const logger = global.yoho.logger;
|
10
|
const _ = require('lodash');
|
11
|
const _ = require('lodash');
|
11
|
|
12
|
|
12
|
const crypto = global.yoho.crypto;
|
13
|
const crypto = global.yoho.crypto;
|
|
@@ -270,22 +271,31 @@ const auditCheckStatus = (uid, checkType, step) => { |
|
@@ -270,22 +271,31 @@ const auditCheckStatus = (uid, checkType, step) => { |
270
|
* 校验进入第二步
|
271
|
* 校验进入第二步
|
271
|
* @param type $checkCode
|
272
|
* @param type $checkCode
|
272
|
* @param type $uid
|
273
|
* @param type $uid
|
|
|
274
|
+ * @param type MaxTime
|
273
|
* @return boolean
|
275
|
* @return boolean
|
274
|
*/
|
276
|
*/
|
275
|
-const checkCode = (ckCode, uid) => {
|
277
|
+const checkCode = (ckCode, uid, time) => {
|
|
|
278
|
+ time = parseInt(`0${time}`, 10) || 86400000;
|
|
|
279
|
+
|
|
|
280
|
+ try {
|
276
|
// checkCode里空格用+替换
|
281
|
// checkCode里空格用+替换
|
277
|
let code = decodeURIComponent(ckCode);
|
282
|
let code = decodeURIComponent(ckCode);
|
278
|
let checkStr = crypto.decrypt('yoho9646abcdefgh', code);
|
283
|
let checkStr = crypto.decrypt('yoho9646abcdefgh', code);
|
279
|
|
284
|
|
280
|
let checkInfo = checkStr.split('_'),
|
285
|
let checkInfo = checkStr.split('_'),
|
281
|
checkUid = checkInfo[0],
|
286
|
checkUid = checkInfo[0],
|
282
|
- timeDiff = Date.parse(new Date()) - checkInfo[1]; // 时间差,秒 24h 86400
|
287
|
+ timeDiff = Date.parse(new Date()) - checkInfo[1]; // 时间差,秒 24h 86400000
|
283
|
|
288
|
|
284
|
- if (checkStr.indexOf('completeverify') > 0 && String(checkUid) === String(uid) && timeDiff <= 86400) {
|
289
|
+ if (checkStr.indexOf('completeverify') > 0 && String(checkUid) === String(uid) && timeDiff <= time) {
|
285
|
return true;
|
290
|
return true;
|
286
|
} else {
|
291
|
} else {
|
287
|
return false;
|
292
|
return false;
|
288
|
}
|
293
|
}
|
|
|
294
|
+ } catch (e) { // eslint-disable-line
|
|
|
295
|
+ logger.error(`account checkCode decrypt error [checkCode]:${ckCode}`);
|
|
|
296
|
+
|
|
|
297
|
+ return false;
|
|
|
298
|
+ }
|
289
|
};
|
299
|
};
|
290
|
|
300
|
|
291
|
/**
|
301
|
/**
|
|
@@ -776,8 +786,25 @@ const identityMobile = (req) => { |
|
@@ -776,8 +786,25 @@ const identityMobile = (req) => { |
776
|
const sendMobileMsg = (req, uid) => {
|
786
|
const sendMobileMsg = (req, uid) => {
|
777
|
return co(function*() {
|
787
|
return co(function*() {
|
778
|
let mobile = req.body.mobile || '',
|
788
|
let mobile = req.body.mobile || '',
|
|
|
789
|
+ _code = req.body.checkCode,
|
779
|
resqData = {code: 400};
|
790
|
resqData = {code: 400};
|
780
|
|
791
|
|
|
|
792
|
+ // 发送验证码前置数据校验
|
|
|
793
|
+ if (!_code) {
|
|
|
794
|
+ let verifyInfo = yield accountApi.getVerifyInfo(uid);
|
|
|
795
|
+
|
|
|
796
|
+ mobile = _.get(verifyInfo, 'data.mobile', '');
|
|
|
797
|
+ if (!mobile) {
|
|
|
798
|
+ return Object.assign(resqData, {
|
|
|
799
|
+ message: '数据验证错误'
|
|
|
800
|
+ });
|
|
|
801
|
+ }
|
|
|
802
|
+ } else if (!checkCode(_code, uid)) {
|
|
|
803
|
+ return Object.assign(resqData, {
|
|
|
804
|
+ message: '数据验证错误'
|
|
|
805
|
+ });
|
|
|
806
|
+ }
|
|
|
807
|
+
|
781
|
let mobileInfo = handleMobile(mobile);
|
808
|
let mobileInfo = handleMobile(mobile);
|
782
|
|
809
|
|
783
|
resqData = yield accountApi.sendMobileMsg(uid, mobileInfo.mobile, mobileInfo.area);
|
810
|
resqData = yield accountApi.sendMobileMsg(uid, mobileInfo.mobile, mobileInfo.area);
|
|
@@ -792,22 +819,37 @@ const checkMobileMsg = (req, uid) => { |
|
@@ -792,22 +819,37 @@ const checkMobileMsg = (req, uid) => { |
792
|
return co(function*() {
|
819
|
return co(function*() {
|
793
|
let mobile = req.body.mobile || '',
|
820
|
let mobile = req.body.mobile || '',
|
794
|
code = req.body.code || '',
|
821
|
code = req.body.code || '',
|
795
|
- resqData;
|
822
|
+ _code = req.body.checkCode,
|
|
|
823
|
+ resqData = {code: 400};
|
|
|
824
|
+
|
|
|
825
|
+ // 校验验证码前置数据校验
|
|
|
826
|
+ if (!_code) {
|
|
|
827
|
+ let verifyInfo = yield accountApi.getVerifyInfo(uid);
|
|
|
828
|
+
|
|
|
829
|
+ mobile = _.get(verifyInfo, 'data.mobile', '');
|
|
|
830
|
+ if (!mobile) {
|
|
|
831
|
+ return Object.assign(resqData, {
|
|
|
832
|
+ message: '数据验证错误'
|
|
|
833
|
+ });
|
|
|
834
|
+ }
|
|
|
835
|
+ } else if (!checkCode(_code, uid)) {
|
|
|
836
|
+ return Object.assign(resqData, {
|
|
|
837
|
+ message: '数据验证错误'
|
|
|
838
|
+ });
|
|
|
839
|
+ }
|
796
|
|
840
|
|
797
|
if (mobile === '') {
|
841
|
if (mobile === '') {
|
798
|
- resqData = {
|
|
|
799
|
- code: 400,
|
842
|
+ Object.assign(resqData, {
|
800
|
message: '手机号为空',
|
843
|
message: '手机号为空',
|
801
|
data: ''
|
844
|
data: ''
|
802
|
- };
|
845
|
+ });
|
803
|
return resqData;
|
846
|
return resqData;
|
804
|
}
|
847
|
}
|
805
|
if (code === '') {
|
848
|
if (code === '') {
|
806
|
- resqData = {
|
|
|
807
|
- code: 400,
|
849
|
+ Object.assign(resqData, {
|
808
|
message: '验证码为空',
|
850
|
message: '验证码为空',
|
809
|
data: ''
|
851
|
data: ''
|
810
|
- };
|
852
|
+ });
|
811
|
return resqData;
|
853
|
return resqData;
|
812
|
}
|
854
|
}
|
813
|
let mobileInfo = handleMobile(mobile);
|
855
|
let mobileInfo = handleMobile(mobile);
|
|
@@ -817,7 +859,11 @@ const checkMobileMsg = (req, uid) => { |
|
@@ -817,7 +859,11 @@ const checkMobileMsg = (req, uid) => { |
817
|
let ckCode = crypto.encryption('yoho9646abcdefgh', uid + '_' + Date.parse(new Date()) + '_' +
|
859
|
let ckCode = crypto.encryption('yoho9646abcdefgh', uid + '_' + Date.parse(new Date()) + '_' +
|
818
|
mobileInfo.mobile + mobileInfo.area + 'completeverify');
|
860
|
mobileInfo.mobile + mobileInfo.area + 'completeverify');
|
819
|
|
861
|
|
820
|
- resqData.data = encodeURIComponent(ckCode);
|
862
|
+
|
|
|
863
|
+ Object.assign(resqData, {
|
|
|
864
|
+ code: 200,
|
|
|
865
|
+ data: encodeURIComponent(ckCode)
|
|
|
866
|
+ });
|
821
|
}
|
867
|
}
|
822
|
return resqData;
|
868
|
return resqData;
|
823
|
})();
|
869
|
})();
|
|
@@ -833,6 +879,15 @@ const sendEmail = (req) => { |
|
@@ -833,6 +879,15 @@ const sendEmail = (req) => { |
833
|
email = req.body.email || '',
|
879
|
email = req.body.email || '',
|
834
|
resqData = {code: 400};
|
880
|
resqData = {code: 400};
|
835
|
|
881
|
|
|
|
882
|
+ let verifyInfo = yield accountApi.getVerifyInfo(uid);
|
|
|
883
|
+
|
|
|
884
|
+ email = _.get(verifyInfo, 'data.email', '');
|
|
|
885
|
+ if (!email) {
|
|
|
886
|
+ return Object.assign(resqData, {
|
|
|
887
|
+ message: '数据验证错误'
|
|
|
888
|
+ });
|
|
|
889
|
+ }
|
|
|
890
|
+
|
836
|
let ckCode = crypto.encryption('yoho9646abcdefgh', uid + '_' + Date.parse(new Date()) +
|
891
|
let ckCode = crypto.encryption('yoho9646abcdefgh', uid + '_' + Date.parse(new Date()) +
|
837
|
'_' + email + checkType + 'completeverify');
|
892
|
'_' + email + checkType + 'completeverify');
|
838
|
|
893
|
|
|
@@ -864,7 +919,16 @@ const checkEmail = (req) => { |
|
@@ -864,7 +919,16 @@ const checkEmail = (req) => { |
864
|
const modifyPwd = (req, params) => {
|
919
|
const modifyPwd = (req, params) => {
|
865
|
return co(function*() {
|
920
|
return co(function*() {
|
866
|
let uid = params.uid,
|
921
|
let uid = params.uid,
|
867
|
- newPwd = params.newPwd || '';
|
922
|
+ newPwd = params.newPwd || '',
|
|
|
923
|
+ _code = params.checkCode;
|
|
|
924
|
+
|
|
|
925
|
+ // 前置数据校验
|
|
|
926
|
+ if (!_code || !checkCode(_code, uid, 600000)) {
|
|
|
927
|
+ return {
|
|
|
928
|
+ code: 400,
|
|
|
929
|
+ message: '数据验证错误'
|
|
|
930
|
+ };
|
|
|
931
|
+ }
|
868
|
|
932
|
|
869
|
let resqData = yield accountApi.modifyPwd(uid, newPwd);
|
933
|
let resqData = yield accountApi.modifyPwd(uid, newPwd);
|
870
|
|
934
|
|
|
@@ -879,8 +943,17 @@ const modifyMobile = (req, uid) => { |
|
@@ -879,8 +943,17 @@ const modifyMobile = (req, uid) => { |
879
|
return co(function*() {
|
943
|
return co(function*() {
|
880
|
let mobile = req.body.mobile || '',
|
944
|
let mobile = req.body.mobile || '',
|
881
|
code = req.body.code || '',
|
945
|
code = req.body.code || '',
|
|
|
946
|
+ _code = req.body.checkCode,
|
882
|
resqData = {code: 400};
|
947
|
resqData = {code: 400};
|
883
|
|
948
|
|
|
|
949
|
+ // 校验验证码前置数据校验
|
|
|
950
|
+ // 校验checkCode,有效时间10分钟(checkCode在调改接口前获取,考虑网络延时,服务器间的时间差,设置10分钟)
|
|
|
951
|
+ if (!_code || !checkCode(_code, uid, 600000)) {
|
|
|
952
|
+ return Object.assign(resqData, {
|
|
|
953
|
+ message: '数据验证错误'
|
|
|
954
|
+ });
|
|
|
955
|
+ }
|
|
|
956
|
+
|
884
|
if (mobile === '') {
|
957
|
if (mobile === '') {
|
885
|
resqData = {
|
958
|
resqData = {
|
886
|
code: 400,
|
959
|
code: 400,
|
|
@@ -937,8 +1010,16 @@ const modifyEmail = (req) => { |
|
@@ -937,8 +1010,16 @@ const modifyEmail = (req) => { |
937
|
return co(function*() {
|
1010
|
return co(function*() {
|
938
|
let uid = req.user.uid,
|
1011
|
let uid = req.user.uid,
|
939
|
email = req.body.email || '',
|
1012
|
email = req.body.email || '',
|
|
|
1013
|
+ _code = req.body.checkCode,
|
940
|
resqData = {code: 400};
|
1014
|
resqData = {code: 400};
|
941
|
|
1015
|
|
|
|
1016
|
+ // 前置数据校验
|
|
|
1017
|
+ if (!_code || !checkCode(_code, uid, 600000)) {
|
|
|
1018
|
+ return Object.assign(resqData, {
|
|
|
1019
|
+ message: '数据验证错误'
|
|
|
1020
|
+ });
|
|
|
1021
|
+ }
|
|
|
1022
|
+
|
942
|
let check = yield accountApi.checkVerifyEmail(uid, email);
|
1023
|
let check = yield accountApi.checkVerifyEmail(uid, email);
|
943
|
|
1024
|
|
944
|
if (check.code === 200) {
|
1025
|
if (check.code === 200) {
|