fe / yohobuywap-node · Commits

Go to a project

Authored by 陈轩
Commit 52a193e96699b93e8809d1cb6773c15ab1711d27 1 parent 43500895

短信登陆密码优化

Inline Side-by-side
Showing 7 changed files with 130 additions and 42 deletions
/* eslint no-unused-vars: ["error", { "args": "none" }] */
'use strict';
const _ = require('lodash');
const helpers = global.yoho.helpers;
const cookie = global.yoho.cookie;
const RegService = require('../models/reg-service');
const PhoneService = require('../models/phone-service');
const AuthHelper = require('../models/auth-helper');
const captchaService = require('../models/captcha-service');
// constrant
const CODE_REQUIRED = '请输入校验码';
... ... @@ -23,7 +25,7 @@ exports.beforeIn = (req, res, next) => {
});
if (!req.xhr && req.user.uid) {
return res.redirect(req.cookies.refer);
return res.redirect(req.cookies.refer || '/');
}
next();
... ... @@ -31,6 +33,12 @@ exports.beforeIn = (req, res, next) => {
// 短信登录 第一步: 展现页面
const _step1 = (req, res, next) => {
_.set(req.session, 'smsLogin.step', 1);
if (req.session.smsLogin.count == null) { // eslint-disable-line
req.session.smsLogin.count = 5;
}
let template = 'sms/login';
let viewData = {
module: 'passport',
... ... @@ -38,6 +46,7 @@ const _step1 = (req, res, next) => {
title: '手机短信登录',
isPassportPage: true,
headerText: '手机号码快捷登录',
captchaUrl: helpers.urlFormat('/passport/sms_login/captcha.png', {t: Date.now()}),
areaCode: '+86', // 默认的区号
countrys: RegService.getAreaData() // 地区信息列表
};
... ... @@ -58,7 +67,7 @@ const _step2 = (req, res, next) => {
title: '手机短信登录',
isPassportPage: true,
headerText: '手机号码快捷登录',
canResend: interval < Date.now(),
countdown: Math.ceil((interval - Date.now()) / 1000),
mobile,
area
};
... ... @@ -83,7 +92,7 @@ const _step3 = (req, res, next) => {
// 短信 登录
exports.loginPage = (req, res, next) => {
let step = Number(req.query.step) || 1;
let smsLoginStep = req.session.smsLoginStep || 1;
let smsLoginStep = _.get(req.session, 'smsLogin.step', 1);
if (step === 2 && smsLoginStep !== 2) {
return res.redirect(req.path);
... ... @@ -109,23 +118,54 @@ exports.loginPage = (req, res, next) => {
exports.tokenBefore = (req, res, next) => {
let area = req.query.area = (req.query.area || '').trim();
let mobile = req.query.mobile = (req.query.mobile || '').trim();
let step = _.get(req.session, 'smsLogin.step');
let count = _.get(req.session, 'smsLogin.count');
let interval = _.get(req.session, 'smsLogin.interval');
if (!req.xhr) {
if (!req.xhr && !req.session.smsLogin) {
return next(404);
}
if (req.session.smsLogin && req.session.smsLogin.interval > Date.now()) {
if ([area, mobile].some(val => val === '')) {
return res.json({
code: 429,
message: TOO_MANY
code: 401,
message: '请求参数,无法处理'
});
}
// step1 要 校验图形验证码
if (step === 1) {
let captcha1 = _.get(req.session, 'smsLogin.captcha');
let captcha2 = (req.query.captcha || '').trim();
if ([area, mobile].some(val => val === '')) {
if (captcha1 !== captcha2) {
return res.json({
code: 400,
message: VERIFY_ERROR
});
}
}
let now = Date.now();
// 重发次数用完了, 回冻结5min
// 1. 过了冻结期, count 重设为 5次
// 2. 没过冻结期, end
// 没有用完, 判断是否请求太频繁
if (!count) {
if (interval > now) {
return res.json({
code: 400,
message: TOO_MANY,
during: Math.ceil((interval - now) / 1000)
});
} else {
_.set(req.session, 'smsLogin.count', 5);
}
} else if (interval > now) {
return res.json({
code: 401,
message: '请求参数,无法处理'
code: 429,
message: TOO_MANY
});
}
... ... @@ -139,12 +179,18 @@ exports.token = (req, res, next) => {
PhoneService.sendSMS(mobile, area, 1).then(result => {
if (result.code === 200) {
req.session.smsLogin = {
interval: Date.now() + 60 * 1000, // 重发验证码 间隔: 60s
area,
mobile
};
req.session.smsLoginStep = 2; // 进入短信登录 step2
_.set(req.session, 'smsLogin.step', 2);
_.set(req.session, 'smsLogin.area', area);
_.set(req.session, 'smsLogin.mobile', mobile);
--req.session.smsLogin.count;
if (!req.session.smsLogin.count) {
_.set(req.session, 'smsLogin.interval', Date.now() + 5 * 60 * 1000);
} else {
_.set(req.session, 'smsLogin.interval', Date.now() + 60 * 1000);
}
result.redirect = '/passport/sms_login?step=2';
res.json(result);
... ... @@ -157,8 +203,9 @@ exports.token = (req, res, next) => {
exports.checkBefore = (req, res, next) => {
let code = req.query.code = (req.query.code || '').trim();
let step = _.get(req.session, 'smsLogin.step');
if (!req.xhr && req.session.smsLoginStep !== 2) {
if (!req.xhr && step !== 2) {
return next(404);
}
... ... @@ -214,7 +261,7 @@ exports.check = (req, res, next) => {
// 手机号码 没注册
if (r1.data.is_register !== 'Y') {
redirect = '/passport/sms_login?step=3';
req.session.smsLoginStep = 3;
_.set(req.session, 'smsLogin.step', 3);
res.json({
code: 200,
... ... @@ -247,7 +294,6 @@ exports.check = (req, res, next) => {
});
delete req.session.smsLogin;
delete req.session.smsLoginStep;
})
.catch(error => {
res.json(error);
... ... @@ -259,7 +305,9 @@ exports.check = (req, res, next) => {
// AJAX 短信登录 设置密码 in step3
exports.password = (req, res, next) => {
if (req.session.smsLoginStep !== 3) {
let step = _.get(req.session, 'smsLogin.step');
if (step !== 3) {
return next();
}
... ... @@ -269,9 +317,8 @@ exports.password = (req, res, next) => {
message: BAD_PASSWORD
};
let smsLogin = req.session.smsLogin || {};
let mobile = smsLogin.mobile;
let area = smsLogin.area;
let mobile = _.get(req.session, 'smsLogin.mobile');
let area = _.get(req.session, 'smsLogin.area');
let password = (req.body.password || '').trim();
let smsCode = +req.body.smsCode || 0;
... ... @@ -306,11 +353,23 @@ exports.password = (req, res, next) => {
res.json({
code: 200,
message: LOGIN_SUCCSS,
redirect: req.cookies.refer
redirect: req.cookies.refer || '/'
});
delete req.session.smsLogin;
delete req.session.smsLoginStep;
}).catch(next);
};
/**
* 生成 校验码
*/
exports.genCaptcha = (req, res) => {
let captcha = captchaService.generateCaptcha(90, 52, 4);
_.set(req.session, 'smsLogin.captcha', captcha.text);
res.type('png')
.set('Cache-Control', 'no-cache')
.status(200)
.send(captcha.image);
};
... ...
... ... @@ -36,15 +36,16 @@ router.get('/passport/international', login.common.beforeLogin, login.local.inte
router.post('/passport/login/auth', login.local.login);
// SMS 短信
// router.use('/passport/sms_login', login.common.beforeLogin, smsLogin.beforeIn);
// router.get('/passport/sms_login', smsLogin.loginPage);
// router.get('/passport/sms_login/token.json',
// smsLogin.tokenBefore,
// smsLogin.token); // only ajax;
// router.get('/passport/sms_login/check.json',
// smsLogin.checkBefore,
// smsLogin.check); // only ajax
// router.post('/passport/sms_login/password.json', smsLogin.password);
router.use('/passport/sms_login', login.common.beforeLogin, smsLogin.beforeIn);
router.get('/passport/sms_login', smsLogin.loginPage);
router.get('/passport/sms_login/token.json',
smsLogin.tokenBefore,
smsLogin.token); // only ajax;
router.get('/passport/sms_login/check.json',
smsLogin.checkBefore,
smsLogin.check); // only ajax
router.post('/passport/sms_login/password.json', smsLogin.password);
router.get('/passport/sms_login/captcha.png', smsLogin.genCaptcha);
// 微信登录
router.get('/passport/login/wechat', login.common.beforeLogin, login.wechat.login);
... ...
... ... @@ -15,5 +15,5 @@
<input type="hidden" name="area" id="area" value="{{area}}">
</div>
<script>
var canResend = {{canResend}};
var countdown = {{countdown}};
</script>
\ No newline at end of file
... ...
... ... @@ -7,6 +7,10 @@
<input id="phone-num" class="input phone-num" type="text" placeholder="手机号">
<button class="clear-input" type="button"></button>
</div>
<div class="passport-captcha row">
<input type="text">
<div class="passport-captcha-img"><img src="{{captchaUrl}}" alt=""></div>
</div>
<button id="btn-next" class="btn btn-next disable row" disabled>获取短信验证码</button>
</div>
</div>
\ No newline at end of file
... ...
... ... @@ -68,7 +68,7 @@ module.exports = {
port: '4444' // influxdb port
},
console: {
level: 'error',
level: 'debug',
colorize: 'all',
prettyPrint: true
}
... ...
... ... @@ -22,8 +22,8 @@ page = {
init: function() {
this.domInit();
this.bindEvents();
if (!window.canResend) {
this.countDown();
if (window.countdown > 0) {
this.countDown(window.countdown);
}
},
... ... @@ -72,11 +72,14 @@ page = {
});
},
countDown: function() {
countDown: function(during) {
var self = this;
var second = this.time;
if (this.timerId) {
if (during) {
clearInterval(this.timerId);
second = during;
} else if (this.timerId) {
return;
}
... ... @@ -116,6 +119,8 @@ page = {
if (res.code === 200) {
self.countDown();
return;
} else {
res.during && (self.countDown(res.during));
}
tip.show(res.message);
... ...
... ... @@ -6,7 +6,10 @@ var $countrySelect,
$areaCode,
$nextBtn,
$resetBtn,
$captcha,
$captchaPNG,
$phoneNum;
var page;
require('js/common');
... ... @@ -25,6 +28,8 @@ page = {
$nextBtn = $('#btn-next');
$phoneNum = $('#phone-num');
$resetBtn = $('.clear-input');
$captcha = $('.passport-captcha input');
$captchaPNG = $('.passport-captcha-img img');
},
bindEvent: function() {
var self = this;
... ... @@ -36,6 +41,12 @@ page = {
self.toggleNextBtn();
});
$captcha.on('input', function() {
self.toggleNextBtn();
});
$captchaPNG.on('click', $.proxy(this.refreshCapatch, this));
$nextBtn.on('click', function() {
self.goNext();
});
... ... @@ -51,7 +62,7 @@ page = {
// 切换$nextBtn disable状态
toggleNextBtn: function() {
var bool = Boolean($.trim($phoneNum.val()));
var bool = Boolean($.trim($phoneNum.val())) && Boolean($.trim($captcha.val()));
$nextBtn
.toggleClass('disable', !bool)
... ... @@ -60,10 +71,16 @@ page = {
$resetBtn.toggle(bool);
},
refreshCapatch: function() {
$captchaPNG.attr('src', '/passport/sms_login/captcha.png?t=' + Date.now());
},
// 提交按钮
goNext: function() {
var self = this;
var areaCode = $countrySelect.val();
var phone = $.trim($phoneNum.val());
var captcha = $.trim($captcha.val());
if ($nextBtn.prop('disabled')) {
return;
... ... @@ -77,7 +94,8 @@ page = {
$nextBtn.prop('disabled', true);
$.get('/passport/sms_login/token.json', {
area: areaCode.replace('+', ''),
mobile: phone
mobile: phone,
captcha: captcha
})
.done(function(data) {
if (data.code === 200) {
... ... @@ -85,6 +103,7 @@ page = {
$nextBtn.off();
location.href = data.redirect;
} else {
self.refreshCapatch();
tip.show(data.message);
}
})
... ...