AccountController.go 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437
  1. package controllers
  2. import (
  3. "regexp"
  4. "strings"
  5. "time"
  6. "net/url"
  7. "github.com/lifei6671/mindoc/mail"
  8. "github.com/astaxie/beego"
  9. "github.com/astaxie/beego/logs"
  10. "github.com/lifei6671/gocaptcha"
  11. "github.com/lifei6671/mindoc/conf"
  12. "github.com/lifei6671/mindoc/models"
  13. "github.com/lifei6671/mindoc/utils"
  14. )
  15. // AccountController 用户登录与注册
  16. type AccountController struct {
  17. BaseController
  18. }
  19. // Login 用户登录
  20. func (c *AccountController) Login() {
  21. c.Prepare()
  22. c.TplName = "account/login.tpl"
  23. if member, ok := c.GetSession(conf.LoginSessionName).(models.Member); ok && member.MemberId > 0 {
  24. u := c.GetString("url")
  25. if u == "" {
  26. u = c.Ctx.Request.Header.Get("Referer")
  27. }
  28. if u == "" {
  29. u = conf.URLFor("HomeController.Index")
  30. }
  31. c.Redirect(u,302)
  32. }
  33. var remember CookieRemember
  34. // 如果 Cookie 中存在登录信息
  35. if cookie, ok := c.GetSecureCookie(conf.GetAppKey(), "login"); ok {
  36. if err := utils.Decode(cookie, &remember); err == nil {
  37. if member, err := models.NewMember().Find(remember.MemberId); err == nil {
  38. c.SetMember(*member)
  39. c.LoggedIn(false)
  40. c.StopRun()
  41. }
  42. }
  43. }
  44. if c.Ctx.Input.IsPost() {
  45. account := c.GetString("account")
  46. password := c.GetString("password")
  47. captcha := c.GetString("code")
  48. isRemember := c.GetString("is_remember")
  49. // 如果开启了验证码
  50. if v, ok := c.Option["ENABLED_CAPTCHA"]; ok && strings.EqualFold(v, "true") {
  51. v, ok := c.GetSession(conf.CaptchaSessionName).(string)
  52. if !ok || !strings.EqualFold(v, captcha) {
  53. c.JsonResult(6001, "验证码不正确")
  54. }
  55. }
  56. member, err := models.NewMember().Login(account, password)
  57. if err == nil {
  58. member.LastLoginTime = time.Now()
  59. member.Update()
  60. c.SetMember(*member)
  61. if strings.EqualFold(isRemember, "yes") {
  62. remember.MemberId = member.MemberId
  63. remember.Account = member.Account
  64. remember.Time = time.Now()
  65. v, err := utils.Encode(remember)
  66. if err == nil {
  67. c.SetSecureCookie(conf.GetAppKey(), "login", v,time.Now().Add(time.Hour * 24 * 30).Unix())
  68. }
  69. }
  70. u,_ := url.PathUnescape(c.GetString("url"))
  71. if u == "" {
  72. u = c.Ctx.Request.Header.Get("Referer")
  73. }
  74. if u == "" {
  75. u = conf.URLFor("HomeController.Index")
  76. }
  77. c.JsonResult(0, "ok", u)
  78. } else {
  79. logs.Error("用户登录 =>", err)
  80. c.JsonResult(500, "账号或密码错误", nil)
  81. }
  82. }else{
  83. u,_ := url.PathUnescape(c.GetString("url"))
  84. if u == "" {
  85. u = c.Ctx.Request.Header.Get("Referer")
  86. }
  87. if u == "" {
  88. u = conf.URLFor("HomeController.Index")
  89. }
  90. c.Data["url"] = url.PathEscape(u)
  91. }
  92. }
  93. // 登录成功后的操作,如重定向到原始请求页面
  94. func (c *AccountController) LoggedIn(isPost bool) interface{} {
  95. turl := c.GetString("url")
  96. if !isPost {
  97. // 检查是否存在 turl 参数,如果有则重定向至 turl 处,否则进入 Home 页面
  98. if turl == "" {
  99. turl = conf.URLFor("HomeController.Index")
  100. }
  101. c.Redirect(turl, 302)
  102. return nil
  103. } else {
  104. var data struct {
  105. TURL string `json:"url"`
  106. }
  107. data.TURL = turl
  108. return data
  109. }
  110. }
  111. // 用户注册
  112. func (c *AccountController) Register() {
  113. c.TplName = "account/register.tpl"
  114. //如果用户登录了,则跳转到网站首页
  115. if member, ok := c.GetSession(conf.LoginSessionName).(models.Member); ok && member.MemberId > 0 {
  116. c.Redirect(conf.URLFor("HomeController.Index"),302)
  117. }
  118. // 如果没有开启用户注册
  119. if v, ok := c.Option["ENABLED_REGISTER"]; ok && !strings.EqualFold(v, "true") {
  120. c.Abort("404")
  121. }
  122. if c.Ctx.Input.IsPost() {
  123. account := c.GetString("account")
  124. password1 := c.GetString("password1")
  125. password2 := c.GetString("password2")
  126. email := c.GetString("email")
  127. captcha := c.GetString("code")
  128. if ok, err := regexp.MatchString(conf.RegexpAccount, account); account == "" || !ok || err != nil {
  129. c.JsonResult(6001, "账号只能由英文字母数字组成,且在3-50个字符")
  130. }
  131. if l := strings.Count(password1, ""); password1 == "" || l > 50 || l < 6 {
  132. c.JsonResult(6002, "密码必须在6-50个字符之间")
  133. }
  134. if password1 != password2 {
  135. c.JsonResult(6003, "确认密码不正确")
  136. }
  137. if ok, err := regexp.MatchString(conf.RegexpEmail, email); !ok || err != nil || email == "" {
  138. c.JsonResult(6004, "邮箱格式不正确")
  139. }
  140. // 如果开启了验证码
  141. if v, ok := c.Option["ENABLED_CAPTCHA"]; ok && strings.EqualFold(v, "true") {
  142. v, ok := c.GetSession(conf.CaptchaSessionName).(string)
  143. if !ok || !strings.EqualFold(v, captcha) {
  144. c.JsonResult(6001, "验证码不正确")
  145. }
  146. }
  147. member := models.NewMember()
  148. if _, err := member.FindByAccount(account); err == nil && member.MemberId > 0 {
  149. c.JsonResult(6005, "账号已存在")
  150. }
  151. member.Account = account
  152. member.Password = password1
  153. member.Role = conf.MemberGeneralRole
  154. member.Avatar = conf.GetDefaultAvatar()
  155. member.CreateAt = 0
  156. member.Email = email
  157. member.Status = 0
  158. if err := member.Add(); err != nil {
  159. c.JsonResult(6006, "注册失败,请联系系统管理员处理")
  160. }
  161. c.JsonResult(0, "ok", member)
  162. }
  163. }
  164. // 找回密码
  165. func (c *AccountController) FindPassword() {
  166. c.TplName = "account/find_password_setp1.tpl"
  167. mail_conf := conf.GetMailConfig()
  168. if c.Ctx.Input.IsPost() {
  169. email := c.GetString("email")
  170. captcha := c.GetString("code")
  171. if email == "" {
  172. c.JsonResult(6005, "邮箱地址不能为空")
  173. }
  174. if !mail_conf.EnableMail {
  175. c.JsonResult(6004, "未启用邮件服务")
  176. }
  177. // 如果开启了验证码
  178. if v, ok := c.Option["ENABLED_CAPTCHA"]; ok && strings.EqualFold(v, "true") {
  179. v, ok := c.GetSession(conf.CaptchaSessionName).(string)
  180. if !ok || !strings.EqualFold(v, captcha) {
  181. c.JsonResult(6001, "验证码不正确")
  182. }
  183. }
  184. member, err := models.NewMember().FindByFieldFirst("email", email)
  185. if err != nil {
  186. c.JsonResult(6006, "邮箱不存在")
  187. }
  188. if member.Status != 0 {
  189. c.JsonResult(6007, "账号已被禁用")
  190. }
  191. if member.AuthMethod == conf.AuthMethodLDAP {
  192. c.JsonResult(6011, "当前用户不支持找回密码")
  193. }
  194. count, err := models.NewMemberToken().FindSendCount(email, time.Now().Add(-1*time.Hour), time.Now())
  195. if err != nil {
  196. beego.Error(err)
  197. c.JsonResult(6008, "发送邮件失败")
  198. }
  199. if count > mail_conf.MailNumber {
  200. c.JsonResult(6008, "发送次数太多,请稍候再试")
  201. }
  202. member_token := models.NewMemberToken()
  203. member_token.Token = string(utils.Krand(32, utils.KC_RAND_KIND_ALL))
  204. member_token.Email = email
  205. member_token.MemberId = member.MemberId
  206. member_token.IsValid = false
  207. if _, err := member_token.InsertOrUpdate(); err != nil {
  208. c.JsonResult(6009, "邮件发送失败")
  209. }
  210. data := map[string]interface{}{
  211. "SITE_NAME": c.Option["SITE_NAME"],
  212. "url": conf.URLFor("AccountController.FindPassword", "token", member_token.Token, "mail", email),
  213. "BaseUrl": c.BaseUrl(),
  214. }
  215. body, err := c.ExecuteViewPathTemplate("account/mail_template.tpl", data)
  216. if err != nil {
  217. beego.Error(err)
  218. c.JsonResult(6003, "邮件发送失败")
  219. }
  220. go func(mailConf *conf.SmtpConf, email string, body string) {
  221. mailConfig := &mail.SMTPConfig{
  222. Username: mailConf.SmtpUserName,
  223. Password: mailConf.SmtpPassword,
  224. Host: mailConf.SmtpHost,
  225. Port: mailConf.SmtpPort,
  226. Secure: mailConf.Secure,
  227. Identity:"",
  228. }
  229. beego.Info(mailConfig)
  230. c := mail.NewSMTPClient(mailConfig)
  231. m := mail.NewMail()
  232. m.AddFrom(mailConf.FormUserName)
  233. m.AddFromName(mailConf.FormUserName)
  234. m.AddSubject("找回密码")
  235. m.AddHTML(body)
  236. m.AddTo(email)
  237. if e := c.Send(m); e != nil {
  238. beego.Error("发送邮件失败:" + e.Error())
  239. } else {
  240. beego.Info("邮件发送成功:" + email)
  241. }
  242. //auth := smtp.PlainAuth(
  243. // "",
  244. // mail_conf.SmtpUserName,
  245. // mail_conf.SmtpPassword,
  246. // mail_conf.SmtpHost,
  247. //)
  248. //
  249. //mime := "MIME-version: 1.0;\nContent-Type: text/html; charset=\"UTF-8\";\n\n"
  250. //subject := "Subject: 找回密码!\n"
  251. //
  252. //err = smtp.SendMail(
  253. // mail_conf.SmtpHost+":"+strconv.Itoa(mail_conf.SmtpPort),
  254. // auth,
  255. // mail_conf.FormUserName,
  256. // []string{email},
  257. // []byte(subject+mime+"\n"+body),
  258. //)
  259. //if err != nil {
  260. // beego.Error("邮件发送失败 => ", email, err)
  261. //}
  262. }(mail_conf, email, body)
  263. c.JsonResult(0, "ok", conf.URLFor("AccountController.Login"))
  264. }
  265. token := c.GetString("token")
  266. mail := c.GetString("mail")
  267. if token != "" && mail != "" {
  268. member_token, err := models.NewMemberToken().FindByFieldFirst("token", token)
  269. if err != nil {
  270. beego.Error(err)
  271. c.Data["ErrorMessage"] = "邮件已失效"
  272. c.TplName = "errors/error.tpl"
  273. return
  274. }
  275. sub_time := member_token.SendTime.Sub(time.Now())
  276. if !strings.EqualFold(member_token.Email, mail) || sub_time.Minutes() > float64(mail_conf.MailExpired) || !member_token.ValidTime.IsZero() {
  277. c.Data["ErrorMessage"] = "验证码已过期,请重新操作。"
  278. c.TplName = "errors/error.tpl"
  279. return
  280. }
  281. c.Data["Email"] = member_token.Email
  282. c.Data["Token"] = member_token.Token
  283. c.TplName = "account/find_password_setp2.tpl"
  284. }
  285. }
  286. // 校验邮件并修改密码
  287. func (c *AccountController) ValidEmail() {
  288. c.Prepare()
  289. password1 := c.GetString("password1")
  290. password2 := c.GetString("password2")
  291. captcha := c.GetString("code")
  292. token := c.GetString("token")
  293. mail := c.GetString("mail")
  294. if password1 == "" {
  295. c.JsonResult(6001, "密码不能为空")
  296. }
  297. if l := strings.Count(password1, ""); l < 6 || l > 50 {
  298. c.JsonResult(6001, "密码不能为空且必须在6-50个字符之间")
  299. }
  300. if password2 == "" {
  301. c.JsonResult(6002, "确认密码不能为空")
  302. }
  303. if password1 != password2 {
  304. c.JsonResult(6003, "确认密码输入不正确")
  305. }
  306. if captcha == "" {
  307. c.JsonResult(6004, "验证码不能为空")
  308. }
  309. v, ok := c.GetSession(conf.CaptchaSessionName).(string)
  310. if !ok || !strings.EqualFold(v, captcha) {
  311. c.JsonResult(6001, "验证码不正确")
  312. }
  313. mail_conf := conf.GetMailConfig()
  314. member_token, err := models.NewMemberToken().FindByFieldFirst("token", token)
  315. if err != nil {
  316. beego.Error(err)
  317. c.JsonResult(6007, "邮件已失效")
  318. }
  319. sub_time := member_token.SendTime.Sub(time.Now())
  320. if !strings.EqualFold(member_token.Email, mail) || sub_time.Minutes() > float64(mail_conf.MailExpired) || !member_token.ValidTime.IsZero() {
  321. c.JsonResult(6008, "验证码已过期,请重新操作。")
  322. }
  323. member, err := models.NewMember().Find(member_token.MemberId)
  324. if err != nil {
  325. beego.Error(err)
  326. c.JsonResult(6005, "用户不存在")
  327. }
  328. hash, err := utils.PasswordHash(password1)
  329. if err != nil {
  330. beego.Error(err)
  331. c.JsonResult(6006, "保存密码失败")
  332. }
  333. member.Password = hash
  334. err = member.Update("password")
  335. member_token.ValidTime = time.Now()
  336. member_token.IsValid = true
  337. member_token.InsertOrUpdate()
  338. if err != nil {
  339. beego.Error(err)
  340. c.JsonResult(6006, "保存密码失败")
  341. }
  342. c.JsonResult(0, "ok", conf.URLFor("AccountController.Login"))
  343. }
  344. // Logout 退出登录
  345. func (c *AccountController) Logout() {
  346. c.SetMember(models.Member{})
  347. c.SetSecureCookie(conf.GetAppKey(), "login", "", -3600)
  348. u := c.Ctx.Request.Header.Get("Referer")
  349. c.Redirect(conf.URLFor("AccountController.Login","url",u), 302)
  350. }
  351. // 验证码
  352. func (c *AccountController) Captcha() {
  353. c.Prepare()
  354. captchaImage, err := gocaptcha.NewCaptchaImage(140, 40, gocaptcha.RandLightColor())
  355. if err != nil {
  356. beego.Error(err)
  357. c.Abort("500")
  358. }
  359. captchaImage.DrawNoise(gocaptcha.CaptchaComplexLower)
  360. // captchaImage.DrawTextNoise(gocaptcha.CaptchaComplexHigh)
  361. txt := gocaptcha.RandText(4)
  362. c.SetSession(conf.CaptchaSessionName, txt)
  363. captchaImage.DrawText(txt)
  364. // captchaImage.Drawline(3);
  365. captchaImage.DrawBorder(gocaptcha.ColorToRGB(0x17A7A7A))
  366. // captchaImage.DrawHollowLine()
  367. captchaImage.SaveImage(c.Ctx.ResponseWriter, gocaptcha.ImageFormatJpeg)
  368. c.StopRun()
  369. }