bdrp-server/app/main/api/internal/logic/auth/sendsmslogic.go

package auth

import (
	"context"
	"fmt"
	"net/http"
	"math/rand"
	"strings"
	"time"

	"bdrp-server/app/main/model"
	"bdrp-server/common/xerr"
	jwtx "bdrp-server/common/jwt"
	"bdrp-server/pkg/lzkit/crypto"

	"github.com/pkg/errors"

	"bdrp-server/app/main/api/internal/svc"
	"bdrp-server/app/main/api/internal/types"
	"bdrp-server/pkg/captcha"

	openapi "github.com/alibabacloud-go/darabonba-openapi/v2/client"
	dysmsapi "github.com/alibabacloud-go/dysmsapi-20170525/v3/client"
	"github.com/alibabacloud-go/tea-utils/v2/service"
	"github.com/alibabacloud-go/tea/tea"
	"github.com/zeromicro/go-zero/core/logx"
)

type SendSmsLogic struct {
	logx.Logger
	ctx    context.Context
	svcCtx *svc.ServiceContext
}

func NewSendSmsLogic(ctx context.Context, svcCtx *svc.ServiceContext) *SendSmsLogic {
	return &SendSmsLogic{
		Logger: logx.WithContext(ctx),
		ctx:    ctx,
		svcCtx: svcCtx,
	}
}

func (l *SendSmsLogic) SendSms(req *types.SendSmsReq) error {
	cfg := l.svcCtx.Config.Captcha
	// captcha 开关：仅控制是否做图形校验；关闭时不校验，短信照常发送
	if cfg.Enable {
		if err := captcha.VerifyWithRequest(captcha.Config{
			AccessKeyID:     cfg.AccessKeyID,
			AccessKeySecret: cfg.AccessKeySecret,
			EndpointURL:     cfg.EndpointURL,
			SceneID:         cfg.SceneID,
		}, req.CaptchaVerifyParam, l.ctx); err != nil {
			return err
		}
	}
	// 默认action类型：当未传入时，默认为login，便于小程序环境兼容
	action := req.ActionType
	if action == "" {
		action = "login"
	}
	if action == "cancelAccount" {
		if err := l.verifyCancelAccountSmsCaller(req); err != nil {
			return err
		}
	}
	secretKey := l.svcCtx.Config.Encrypt.SecretKey
	encryptedMobile, err := crypto.EncryptMobile(req.Mobile, secretKey)
	if err != nil {
		return errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "短信发送, 加密手机号失败: %v", err)
	}
	// 检查手机号是否在一分钟内已发送过验证码
	limitCodeKey := fmt.Sprintf("limit:%s:%s", action, encryptedMobile)
	exists, err := l.svcCtx.Redis.Exists(limitCodeKey)
	if err != nil {
		return errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "短信发送, 读取redis缓存失败: %s", encryptedMobile)
	}

	if exists {
		// 如果 Redis 中已经存在标记，说明在 1 分钟内请求过，返回错误
		return errors.Wrapf(xerr.NewErrMsg("一分钟内不能重复发送验证码"), "短信发送, 手机号1分钟内重复请求发送验证码: %s", encryptedMobile)
	}

	code := fmt.Sprintf("%06d", rand.New(rand.NewSource(time.Now().UnixNano())).Intn(1000000))

	// 发送短信
	smsResp, err := l.sendSmsRequest(req.Mobile, code)
	if err != nil {
		return errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "短信发送, 调用阿里客户端失败: %v", err)
	}
	if *smsResp.Body.Code != "OK" {
		return errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "短信发送, 阿里客户端响应失败: %s", *smsResp.Body.Message)
	}
	codeKey := fmt.Sprintf("%s:%s", action, encryptedMobile)
	// 将验证码保存到 Redis，设置过期时间
	err = l.svcCtx.Redis.Setex(codeKey, code, l.svcCtx.Config.VerifyCode.ValidTime) // 验证码有效期5分钟
	if err != nil {
		return errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "短信发送, 验证码设置过期时间失败: %v", err)
	}
	// 在 Redis 中设置 1 分钟的标记，限制重复请求
	err = l.svcCtx.Redis.Setex(limitCodeKey, code, 60) // 标记 1 分钟内不能重复请求
	if err != nil {
		return errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "短信发送, 验证码设置限制重复请求失败: %v", err)
	}
	return nil
}

// CreateClient 创建阿里云短信客户端
func (l *SendSmsLogic) CreateClient() (*dysmsapi.Client, error) {
	config := &openapi.Config{
		AccessKeyId:     &l.svcCtx.Config.VerifyCode.AccessKeyID,
		AccessKeySecret: &l.svcCtx.Config.VerifyCode.AccessKeySecret,
	}
	config.Endpoint = tea.String(l.svcCtx.Config.VerifyCode.EndpointURL)
	return dysmsapi.NewClient(config)
}

// sendSmsRequest 发送短信请求
func (l *SendSmsLogic) sendSmsRequest(mobile, code string) (*dysmsapi.SendSmsResponse, error) {
	// 初始化阿里云短信客户端
	cli, err := l.CreateClient()
	if err != nil {
		return nil, err
	}

	request := &dysmsapi.SendSmsRequest{
		SignName:      tea.String(l.svcCtx.Config.VerifyCode.SignName),
		TemplateCode:  tea.String(l.svcCtx.Config.VerifyCode.TemplateCode),
		PhoneNumbers:  tea.String(mobile),
		TemplateParam: tea.String(fmt.Sprintf("{\"code\":\"%s\"}", code)),
	}
	runtime := &service.RuntimeOptions{}
	return cli.SendSmsWithOptions(request, runtime)
}

// verifyCancelAccountSmsCaller 注销验证码：须携带与 Jwt 一致的登录态，且手机号与当前账号绑定一致
func (l *SendSmsLogic) verifyCancelAccountSmsCaller(req *types.SendSmsReq) error {
	var authz string
	if hr, ok := l.ctx.Value(captcha.HTTPRequestContextKey).(*http.Request); ok && hr != nil {
		authz = strings.TrimSpace(hr.Header.Get("Authorization"))
	}
	if authz == "" {
		return errors.Wrapf(xerr.NewErrCode(xerr.TOKEN_EXPIRE_ERROR), "请先登录后再获取注销验证码")
	}
	tokenStr := strings.TrimSpace(authz)
	if len(tokenStr) > 7 && strings.EqualFold(tokenStr[:7], "Bearer ") {
		tokenStr = strings.TrimSpace(tokenStr[7:])
	}
	claims, err := jwtx.ParseJwtToken(tokenStr, l.svcCtx.Config.JwtAuth.AccessSecret)
	if err != nil {
		return errors.Wrapf(xerr.NewErrCode(xerr.TOKEN_EXPIRE_ERROR), "登录已失效，请重新登录")
	}
	if claims.UserType != model.UserTypeNormal {
		return errors.Wrapf(xerr.NewErrMsg("当前账号类型不支持注销验证码"), "cancelAccount sms")
	}
	user, err := l.svcCtx.UserModel.FindOne(l.ctx, claims.UserId)
	if err != nil {
		if errors.Is(err, model.ErrNotFound) {
			return errors.Wrapf(xerr.NewErrCode(xerr.USER_NOT_FOUND), "用户不存在")
		}
		return errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询用户失败: %v", err)
	}
	if user.CancelledAt.Valid {
		return errors.Wrapf(xerr.NewErrCode(xerr.USER_CANCELLED), "账号已注销")
	}
	if user.Disable == 1 {
		return errors.Wrapf(xerr.NewErrCode(xerr.USER_DISABLED), "账号已被封禁")
	}
	if !user.Mobile.Valid || user.Mobile.String == "" {
		return errors.Wrapf(xerr.NewErrMsg("请先绑定手机号后再注销账号"), "cancelAccount sms, 未绑定手机")
	}
	enc, err := crypto.EncryptMobile(req.Mobile, l.svcCtx.Config.Encrypt.SecretKey)
	if err != nil {
		return errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "加密手机号失败: %v", err)
	}
	if enc != user.Mobile.String {
		return errors.Wrapf(xerr.NewErrMsg("手机号与当前登录账号不一致"), "cancelAccount sms mobile mismatch")
	}
	return nil
}