HI-VPN/hi-server
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
hi-server/internal/logic/public/user/bindEmailWithVerificationLogic.go
shanshanzhong 6c370485d1
Some checks failed
Build docker and publish / build (20.15.1) (push) Failing after 8m1s
Details
fix gitea workflow path and runner label
2026-03-04 03:07:41 -08:00

173 lines
5.4 KiB
Go
Raw Blame History

package user
import (
"context"
"encoding/json"
"fmt"
"strings"
"time"
"github.com/perfect-panel/server/internal/config"
"github.com/perfect-panel/server/internal/model/user"
"github.com/perfect-panel/server/internal/svc"
"github.com/perfect-panel/server/internal/types"
"github.com/perfect-panel/server/pkg/constant"
"github.com/perfect-panel/server/pkg/jwt"
"github.com/perfect-panel/server/pkg/logger"
"github.com/perfect-panel/server/pkg/uuidx"
"github.com/perfect-panel/server/pkg/xerr"
"github.com/pkg/errors"
"gorm.io/gorm"
)
type BindEmailWithVerificationLogic struct {
logger.Logger
ctx context.Context
svcCtx *svc.ServiceContext
}
// NewBindEmailWithVerificationLogic Bind Email With Verification
func NewBindEmailWithVerificationLogic(ctx context.Context, svcCtx *svc.ServiceContext) *BindEmailWithVerificationLogic {
return &BindEmailWithVerificationLogic{
Logger: logger.WithContext(ctx),
ctx: ctx,
svcCtx: svcCtx,
}
}
func (l *BindEmailWithVerificationLogic) BindEmailWithVerification(req *types.BindEmailWithVerificationRequest) (*types.BindEmailWithVerificationResponse, error) {
req.Email = strings.ToLower(strings.TrimSpace(req.Email))
u, ok := l.ctx.Value(constant.CtxKeyUser).(*user.User)
if !ok {
return nil, errors.Wrapf(xerr.NewErrCode(xerr.InvalidAccess), "Invalid Access")
}
type payload struct {
Code string `json:"code"`
LastAt int64 `json:"lastAt"`
}
var verified bool
scenes := []string{constant.Security.String(), constant.Register.String()}
for _, scene := range scenes {
cacheKey := fmt.Sprintf("%s:%s:%s", config.AuthCodeCacheKey, scene, req.Email)
value, getErr := l.svcCtx.Redis.Get(l.ctx, cacheKey).Result()
if getErr != nil || value == "" {
continue
}
var p payload
if err := json.Unmarshal([]byte(value), &p); err != nil {
continue
}
if p.Code == req.Code && time.Now().Unix()-p.LastAt <= l.svcCtx.Config.VerifyCode.VerifyCodeExpireTime {
_ = l.svcCtx.Redis.Del(l.ctx, cacheKey).Err()
verified = true
break
}
}
if !verified {
return nil, errors.Wrapf(xerr.NewErrCode(xerr.VerifyCodeError), "code error or expired")
}
familyHelper := newFamilyBindingHelper(l.ctx, l.svcCtx)
currentEmailMethod, err := familyHelper.getUserEmailMethod(u.Id)
if err != nil {
return nil, err
}
if currentEmailMethod != nil {
if currentEmailMethod.AuthIdentifier == req.Email {
return nil, errors.Wrapf(xerr.NewErrCode(xerr.FamilyAlreadyBound), "email already bound to current user")
}
return nil, errors.Wrapf(xerr.NewErrCode(xerr.FamilyCrossBindForbidden), "email already bound to another account")
}
existingMethod, err := l.svcCtx.UserModel.FindUserAuthMethodByOpenID(l.ctx, "email", req.Email)
if err != nil {
if !errors.Is(err, gorm.ErrRecordNotFound) {
return nil, errors.Wrapf(xerr.NewErrCode(xerr.DatabaseQueryError), "query email bind status failed")
}
authInfo := &user.AuthMethods{
UserId: u.Id,
AuthType: "email",
AuthIdentifier: req.Email,
Verified: true,
}
if err = l.svcCtx.DB.Create(authInfo).Error; err != nil {
return nil, errors.Wrapf(xerr.NewErrCode(xerr.DatabaseInsertError), "bind email failed: %v", err)
}
token, err := l.refreshBindSessionToken(u.Id)
if err != nil {
return nil, err
}
return &types.BindEmailWithVerificationResponse{
Success: true,
Message: "email bound successfully",
Token: token,
UserId: u.Id,
}, nil
}
if existingMethod.UserId == u.Id {
return nil, errors.Wrapf(xerr.NewErrCode(xerr.FamilyAlreadyBound), "email already bound to current user")
}
if err = familyHelper.validateJoinFamily(existingMethod.UserId, u.Id); err != nil {
return nil, err
}
joinResult, err := familyHelper.joinFamily(existingMethod.UserId, u.Id, "bind_email_with_verification")
if err != nil {
return nil, err
}
token, err := l.refreshBindSessionToken(u.Id)
if err != nil {
return nil, err
}
return &types.BindEmailWithVerificationResponse{
Success: true,
Message: "joined family successfully",
Token: token,
UserId: u.Id,
FamilyJoined: true,
FamilyId: joinResult.FamilyId,
OwnerUserId: joinResult.OwnerUserId,
}, nil
}
func (l *BindEmailWithVerificationLogic) refreshBindSessionToken(userId int64) (string, error) {
sessionId, _ := l.ctx.Value(constant.CtxKeySessionID).(string)
if sessionId == "" {
sessionId = uuidx.NewUUID().String()
}
opts := []jwt.Option{
jwt.WithOption("UserId", userId),
jwt.WithOption("SessionId", sessionId),
}
if loginType, ok := l.ctx.Value(constant.CtxLoginType).(string); ok && loginType != "" {
opts = append(opts, jwt.WithOption("CtxLoginType", loginType))
}
if identifier, ok := l.ctx.Value(constant.CtxKeyIdentifier).(string); ok && identifier != "" {
opts = append(opts, jwt.WithOption("identifier", identifier))
}
token, err := jwt.NewJwtToken(
l.svcCtx.Config.JwtAuth.AccessSecret,
time.Now().Unix(),
l.svcCtx.Config.JwtAuth.AccessExpire,
opts...,
)
if err != nil {
return "", errors.Wrapf(xerr.NewErrCode(xerr.ERROR), "token generate error: %v", err.Error())
}
expire := time.Duration(l.svcCtx.Config.JwtAuth.AccessExpire) * time.Second
sessionIdCacheKey := fmt.Sprintf("%v:%v", config.SessionIdKey, sessionId)
if err = l.svcCtx.Redis.Set(l.ctx, sessionIdCacheKey, userId, expire).Err(); err != nil {
return "", errors.Wrapf(xerr.NewErrCode(xerr.ERROR), "set session id error: %v", err.Error())
}
return token, nil
}
Reference in New Issue View Git Blame Copy Permalink