|
|
|
|
|
package auth
|
|
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
|
"cls-server/internal/application/crypto"
|
|
|
|
|
|
"cls-server/internal/application/user"
|
|
|
|
|
|
"cls-server/internal/domain/admin"
|
|
|
|
|
|
"cls-server/pkg/captchafx"
|
|
|
|
|
|
"cls-server/pkg/logger"
|
|
|
|
|
|
"cls-server/pkg/sms"
|
|
|
|
|
|
"context"
|
|
|
|
|
|
"errors"
|
|
|
|
|
|
"fmt"
|
|
|
|
|
|
"github.com/redis/go-redis/v9"
|
|
|
|
|
|
"math/rand"
|
|
|
|
|
|
"sync"
|
|
|
|
|
|
"time"
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
// RateLimiter 简单的限流器
|
|
|
|
|
|
type RateLimiter struct {
|
|
|
|
|
|
mu sync.Mutex
|
|
|
|
|
|
records map[string]time.Time
|
|
|
|
|
|
ttl time.Duration
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// NewRateLimiter 创建一个新的限流器
|
|
|
|
|
|
func NewRateLimiter(ttl time.Duration) *RateLimiter {
|
|
|
|
|
|
return &RateLimiter{
|
|
|
|
|
|
records: make(map[string]time.Time),
|
|
|
|
|
|
ttl: ttl,
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Allow 检查是否允许请求
|
|
|
|
|
|
func (r *RateLimiter) Allow(key string) (bool, time.Duration) {
|
|
|
|
|
|
r.mu.Lock()
|
|
|
|
|
|
defer r.mu.Unlock()
|
|
|
|
|
|
|
|
|
|
|
|
// 清理过期记录
|
|
|
|
|
|
now := time.Now()
|
|
|
|
|
|
for k, t := range r.records {
|
|
|
|
|
|
if now.Sub(t) > r.ttl {
|
|
|
|
|
|
delete(r.records, k)
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 检查是否存在记录
|
|
|
|
|
|
if lastTime, exists := r.records[key]; exists {
|
|
|
|
|
|
elapsed := now.Sub(lastTime)
|
|
|
|
|
|
if elapsed < r.ttl {
|
|
|
|
|
|
return false, r.ttl - elapsed
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 更新记录
|
|
|
|
|
|
r.records[key] = now
|
|
|
|
|
|
return true, 0
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
type CaptchaService struct {
|
|
|
|
|
|
rateLimiter *RateLimiter
|
|
|
|
|
|
rdb redis.Cmdable
|
|
|
|
|
|
captcha *captchafx.Captcha
|
|
|
|
|
|
sms sms.IsmsService
|
|
|
|
|
|
log logger.Logger
|
|
|
|
|
|
userService *user.UserService
|
|
|
|
|
|
adminRepo admin.AdminRepository
|
|
|
|
|
|
phoneEncrypt *crypto.PhoneEncryptionService
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
type SlideVerifyResp struct {
|
|
|
|
|
|
ThumbX int `json:"thumbX"`
|
|
|
|
|
|
ThumbY int `json:"thumbY"`
|
|
|
|
|
|
ThumbWidth int `json:"thumbWidth"`
|
|
|
|
|
|
ThumbHeight int `json:"thumbHeight"`
|
|
|
|
|
|
Image string `json:"image"`
|
|
|
|
|
|
Thumb string `json:"thumb"`
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// NewCaptchaService 创建验证码服务
|
|
|
|
|
|
func NewCaptchaService(rdb redis.Cmdable,
|
|
|
|
|
|
captcha *captchafx.Captcha,
|
|
|
|
|
|
log logger.New,
|
|
|
|
|
|
sms sms.IsmsService,
|
|
|
|
|
|
userService *user.UserService,
|
|
|
|
|
|
adminRepo admin.AdminRepository,
|
|
|
|
|
|
phoneEncrypt *crypto.PhoneEncryptionService) *CaptchaService {
|
|
|
|
|
|
// 创建自定义限流器,设置60秒的限流时间
|
|
|
|
|
|
rateLimiter := NewRateLimiter(60 * time.Second)
|
|
|
|
|
|
|
|
|
|
|
|
return &CaptchaService{
|
|
|
|
|
|
rdb: rdb,
|
|
|
|
|
|
log: log("cls:application:service:auth"),
|
|
|
|
|
|
sms: sms,
|
|
|
|
|
|
captcha: captcha,
|
|
|
|
|
|
userService: userService,
|
|
|
|
|
|
rateLimiter: rateLimiter,
|
|
|
|
|
|
adminRepo: adminRepo,
|
|
|
|
|
|
phoneEncrypt: phoneEncrypt,
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
func (c *CaptchaService) GenerateImageCaptcha(username string) (string, error) {
|
|
|
|
|
|
if username == "" {
|
|
|
|
|
|
return "", errors.New("")
|
|
|
|
|
|
}
|
|
|
|
|
|
_, b64, anwser, err := c.captcha.Math.Generate()
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
c.log.Error(err)
|
|
|
|
|
|
return "", nil
|
|
|
|
|
|
}
|
|
|
|
|
|
err = c.rdb.Set(context.Background(), fmt.Sprintf("%s-image-captcha", username), anwser, time.Second*60).Err()
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
c.log.Error(err.Error())
|
|
|
|
|
|
return "", nil
|
|
|
|
|
|
}
|
|
|
|
|
|
return b64, nil
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// abs 获取绝对值
|
|
|
|
|
|
func abs(n int) int {
|
|
|
|
|
|
if n < 0 {
|
|
|
|
|
|
return -n
|
|
|
|
|
|
}
|
|
|
|
|
|
return n
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// GenerateSmsCaptcha 生成短信验证码
|
|
|
|
|
|
func (c *CaptchaService) GenerateSmsCaptcha(username string) (*CaptchaResp, error) {
|
|
|
|
|
|
if username == "" {
|
|
|
|
|
|
return nil, errors.New("用户标识不能为空")
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
d, err := c.adminRepo.FindAdminByUsername(username)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
c.log.Error(err.Error())
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
phone, err := c.phoneEncrypt.Decrypt(d.Phone)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
c.log.Error(err.Error())
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
d = nil
|
|
|
|
|
|
t, err := c.checkLimit("sms-captcha:" + phone)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
c.log.Warnf("%s: 短信频率过高", phone)
|
|
|
|
|
|
return &CaptchaResp{
|
|
|
|
|
|
ResetAfter: int(t),
|
|
|
|
|
|
}, errors.New("发送过于频繁,请稍后再试")
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 3. 生成验证码
|
|
|
|
|
|
code := c.generateSmsCode()
|
|
|
|
|
|
|
|
|
|
|
|
// 4. 存储验证码
|
|
|
|
|
|
key := c.getSmsVerifyKey(username)
|
|
|
|
|
|
err = c.rdb.Set(context.Background(), key, code, 5*time.Minute).Err()
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
c.log.Error("存储验证码失败:", err)
|
|
|
|
|
|
return nil, errors.New("生成验证码失败")
|
|
|
|
|
|
}
|
|
|
|
|
|
fmt.Println("key:", key)
|
|
|
|
|
|
// 5. 发送短信
|
|
|
|
|
|
if err = c.sms.Send(code, phone); err != nil {
|
|
|
|
|
|
c.log.Error("发送短信失败:", err)
|
|
|
|
|
|
// 发送失败时删除验证码
|
|
|
|
|
|
_ = c.rdb.Del(context.Background(), key).Err()
|
|
|
|
|
|
return nil, errors.New("发送短信失败")
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return &CaptchaResp{
|
|
|
|
|
|
ResetAfter: int(t),
|
|
|
|
|
|
}, nil
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// generateSmsCode 生成6位数字验证码
|
|
|
|
|
|
func (c *CaptchaService) generateSmsCode() string {
|
|
|
|
|
|
return fmt.Sprintf("%06d", rand.Intn(1000000))
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// VerifySmsCaptcha 验证短信验证码
|
|
|
|
|
|
func (c *CaptchaService) VerifySmsCaptcha(username, captchaCode string) error {
|
|
|
|
|
|
if username == "" || captchaCode == "" {
|
|
|
|
|
|
return errors.New("参数不完整")
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 1. 获取存储的验证码
|
|
|
|
|
|
key := c.getSmsVerifyKey(username)
|
|
|
|
|
|
fmt.Println("校验key", key)
|
|
|
|
|
|
storedCode, err := c.rdb.Get(context.Background(), key).Result()
|
|
|
|
|
|
if err == redis.Nil {
|
|
|
|
|
|
return errors.New("验证码已过期或不存在")
|
|
|
|
|
|
}
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
c.log.Error("获取验证码失败:", err)
|
|
|
|
|
|
return errors.New("验证失败")
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 2. 验证码比对
|
|
|
|
|
|
if storedCode != captchaCode {
|
|
|
|
|
|
return errors.New("验证码错误")
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 3. 验证成功后删除验证码
|
|
|
|
|
|
err = c.rdb.Del(context.Background(), key).Err()
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
c.log.Error("删除验证码失败:", err)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// getSmsVerifyKey 生成短信验证码的Redis键
|
|
|
|
|
|
func (c *CaptchaService) getSmsVerifyKey(username string) string {
|
|
|
|
|
|
return fmt.Sprintf("%s-sms-captcha", username)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// checkLimit 检查频率限制
|
|
|
|
|
|
func (c *CaptchaService) checkLimit(key string) (time.Duration, error) {
|
|
|
|
|
|
// 检查 rateLimiter 是否已初始化
|
|
|
|
|
|
if c.rateLimiter == nil {
|
|
|
|
|
|
c.log.Warn("限流器未初始化,跳过频率限制检查")
|
|
|
|
|
|
// 如果限流器未初始化,默认允许通过
|
|
|
|
|
|
return 0, nil
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 尝试获取限流结果
|
|
|
|
|
|
allowed, retryAfter := c.rateLimiter.Allow(key)
|
|
|
|
|
|
if !allowed {
|
|
|
|
|
|
return retryAfter, errors.New("操作过于频繁,请稍后再试")
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return 0, nil
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// VerifyPhoneValid 验证手机号是否合法(中国大陆手机号)
|
|
|
|
|
|
func (c *CaptchaService) VerifyPhoneValid(phone string) error {
|
|
|
|
|
|
if phone == "" {
|
|
|
|
|
|
return errors.New("手机号不能为空")
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 1. 检查长度是否为11位
|
|
|
|
|
|
if len(phone) != 11 {
|
|
|
|
|
|
return errors.New("手机号必须为11位")
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 2. 检查是否全为数字
|
|
|
|
|
|
for _, c := range phone {
|
|
|
|
|
|
if c < '0' || c > '9' {
|
|
|
|
|
|
return errors.New("手机号只能包含数字")
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 3. 检查手机号前三位是否符合运营商规则
|
|
|
|
|
|
prefix := phone[:3]
|
|
|
|
|
|
|
|
|
|
|
|
// 移动号段:
|
|
|
|
|
|
// 134-139, 150-153, 157-159, 182-184, 187-188, 147, 178, 195, 198
|
|
|
|
|
|
// 165, 172, 185-186, 196, 197, 198
|
|
|
|
|
|
mobilePrefixes := map[string]bool{
|
|
|
|
|
|
"134": true, "135": true, "136": true, "137": true, "138": true, "139": true,
|
|
|
|
|
|
"150": true, "151": true, "152": true, "153": true, "157": true, "158": true,
|
|
|
|
|
|
"159": true, "182": true, "183": true, "184": true, "187": true, "188": true,
|
|
|
|
|
|
"147": true, "178": true, "195": true, "198": true, "165": true, "172": true,
|
|
|
|
|
|
"185": true, "186": true, "196": true, "197": true,
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 联通号段:
|
|
|
|
|
|
// 130-132, 155-156, 185-186, 176, 145, 166, 175, 171
|
|
|
|
|
|
unicomPrefixes := map[string]bool{
|
|
|
|
|
|
"130": true, "131": true, "132": true, "155": true, "156": true, "185": true,
|
|
|
|
|
|
"186": true, "176": true, "145": true, "166": true, "175": true, "171": true,
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 电信号段:
|
|
|
|
|
|
// 133, 153, 180-181, 189, 177, 173, 149, 191, 193, 199
|
|
|
|
|
|
telecomPrefixes := map[string]bool{
|
|
|
|
|
|
"133": true, "153": true, "180": true, "181": true, "189": true, "177": true,
|
|
|
|
|
|
"173": true, "149": true, "191": true, "193": true, "199": true,
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 广电号段:
|
|
|
|
|
|
// 192
|
|
|
|
|
|
radioPrefixes := map[string]bool{
|
|
|
|
|
|
"192": true,
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 虚拟运营商号段:
|
|
|
|
|
|
// 170, 171
|
|
|
|
|
|
virtualPrefixes := map[string]bool{
|
|
|
|
|
|
"170": true, "171": true,
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 检查是否属于任一运营商的号段
|
|
|
|
|
|
if !mobilePrefixes[prefix] && !unicomPrefixes[prefix] &&
|
|
|
|
|
|
!telecomPrefixes[prefix] && !radioPrefixes[prefix] &&
|
|
|
|
|
|
!virtualPrefixes[prefix] {
|
|
|
|
|
|
return errors.New("非法的手机号段")
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
|
}
|
