更新两步验证逻辑

back/api/auth.ts

@@ -151,15 +151,13 @@ export default (app: Router) => {
     celebrate({
       body: Joi.object({
         code: Joi.string().required(),
-        username: Joi.string().required(),
-        password: Joi.string().required(),
       }),
     }),
     async (req: Request, res: Response, next: NextFunction) => {
       const logger: Logger = Container.get('logger');
       try {
         const authService = Container.get(AuthService);
-        const data = await authService.twoFactorLogin(req.body, req);
+        const data = await authService.twoFactorLogin(req.body);
         res.send(data);
       } catch (e) {
         logger.error('🔥 error: %o', e);

back/services/auth.ts

@@ -23,7 +23,7 @@ export default class AuthService {
     }
 
     let { username, password } = payloads;
-    const content = fs.readFileSync(config.authConfigFile, 'utf8');
+    const content = this.getAuthInfo();
     const timestamp = Date.now();
     if (content) {
       const {
@@ -34,8 +34,7 @@ export default class AuthService {
         lastip,
         lastaddr,
         twoFactorActived,
-        twoFactorChecked,
-      } = JSON.parse(content);
+      } = content;
 
       if (
         (cUsername === 'admin' && cPassword === 'adminadmin') ||
@@ -45,21 +44,7 @@ export default class AuthService {
         return this.initAuthInfo();
       }
 
-      if (twoFactorActived && !twoFactorChecked) {
-        return {
-          code: 420,
-          message: '请输入两步验证token',
-        };
-      }
-
       if (retries > 2 && Date.now() - lastlogon < Math.pow(3, retries) * 1000) {
-        fs.writeFileSync(
-          config.authConfigFile,
-          JSON.stringify({
-            ...JSON.parse(content),
-            twoFactorChecked: false,
-          }),
-        );
         return {
           code: 410,
           message: `失败次数过多，请${Math.round(
@@ -79,34 +64,31 @@ export default class AuthService {
           expiresIn: 60 * 60 * 24 * expiration,
           algorithm: 'HS384',
         });
-        fs.writeFileSync(
-          config.authConfigFile,
-          JSON.stringify({
-            ...JSON.parse(content),
-            token,
-            lastlogon: timestamp,
-            retries: 0,
-            lastip: ip,
-            lastaddr: address,
-            twoFactorChecked: false,
-          }),
-        );
-        return {
-          code: 200,
-          data: { token, lastip, lastaddr, lastlogon, retries },
-        };
+        this.updateAuthInfo(content, {
+          token,
+          lastlogon: timestamp,
+          retries: twoFactorActived ? retries : 0,
+          lastip: ip,
+          lastaddr: address,
+        });
+        if (twoFactorActived) {
+          return {
+            code: 420,
+            message: '请输入两步验证token',
+          };
+        } else {
+          return {
+            code: 200,
+            data: { token, lastip, lastaddr, lastlogon, retries },
+          };
+        }
       } else {
-        fs.writeFileSync(
-          config.authConfigFile,
-          JSON.stringify({
-            ...JSON.parse(content),
-            retries: retries + 1,
-            lastlogon: timestamp,
-            lastip: ip,
-            lastaddr: address,
-            twoFactorChecked: false,
-          }),
-        );
+        this.updateAuthInfo(content, {
+          retries: retries + 1,
+          lastlogon: timestamp,
+          lastip: ip,
+          lastaddr: address,
+        });
         return { code: 400, message: config.authError };
       }
     } else {
@@ -158,21 +140,22 @@ export default class AuthService {
     return isValid;
   }
 
-  public async twoFactorLogin({ username, password, code }, req) {
+  public async twoFactorLogin({ code }) {
     const authInfo = this.getAuthInfo();
+    const { token, lastip, lastaddr, lastlogon, retries, twoFactorSecret } =
+      authInfo;
     const isValid = authenticator.verify({
       token: code,
-      secret: authInfo.twoFactorSecret,
+      secret: twoFactorSecret,
     });
     if (isValid) {
-      this.updateAuthInfo(authInfo, { twoFactorChecked: true });
-      return this.login({ username, password }, req);
+      this.updateAuthInfo(authInfo, { retries: 0 });
+      return {
+        code: 200,
+        data: { token, lastip, lastaddr, lastlogon, retries },
+      };
     } else {
-      const { ip, address } = await getNetIp(req);
-      this.updateAuthInfo(authInfo, {
-        lastip: ip,
-        lastaddr: address,
-      });
+      this.updateAuthInfo(authInfo, { retries: retries + 1 });
       return { code: 430, message: '验证失败' };
     }
   }