package auth import ( "context" "fmt" "net/http" "math/rand" "strings" "time" "bdrp-server/app/main/model" "bdrp-server/common/xerr" jwtx "bdrp-server/common/jwt" "bdrp-server/pkg/lzkit/crypto" "github.com/pkg/errors" "bdrp-server/app/main/api/internal/svc" "bdrp-server/app/main/api/internal/types" "bdrp-server/pkg/captcha" openapi "github.com/alibabacloud-go/darabonba-openapi/v2/client" dysmsapi "github.com/alibabacloud-go/dysmsapi-20170525/v3/client" "github.com/alibabacloud-go/tea-utils/v2/service" "github.com/alibabacloud-go/tea/tea" "github.com/zeromicro/go-zero/core/logx" ) type SendSmsLogic struct { logx.Logger ctx context.Context svcCtx *svc.ServiceContext } func NewSendSmsLogic(ctx context.Context, svcCtx *svc.ServiceContext) *SendSmsLogic { return &SendSmsLogic{ Logger: logx.WithContext(ctx), ctx: ctx, svcCtx: svcCtx, } } func (l *SendSmsLogic) SendSms(req *types.SendSmsReq) error { cfg := l.svcCtx.Config.Captcha // captcha 开关:仅控制是否做图形校验;关闭时不校验,短信照常发送 if cfg.Enable { if err := captcha.VerifyWithRequest(captcha.Config{ AccessKeyID: cfg.AccessKeyID, AccessKeySecret: cfg.AccessKeySecret, EndpointURL: cfg.EndpointURL, SceneID: cfg.SceneID, }, req.CaptchaVerifyParam, l.ctx); err != nil { return err } } // 默认action类型:当未传入时,默认为login,便于小程序环境兼容 action := req.ActionType if action == "" { action = "login" } if action == "cancelAccount" { if err := l.verifyCancelAccountSmsCaller(req); err != nil { return err } } secretKey := l.svcCtx.Config.Encrypt.SecretKey encryptedMobile, err := crypto.EncryptMobile(req.Mobile, secretKey) if err != nil { return errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "短信发送, 加密手机号失败: %v", err) } // 检查手机号是否在一分钟内已发送过验证码 limitCodeKey := fmt.Sprintf("limit:%s:%s", action, encryptedMobile) exists, err := l.svcCtx.Redis.Exists(limitCodeKey) if err != nil { return errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "短信发送, 读取redis缓存失败: %s", encryptedMobile) } if exists { // 如果 Redis 中已经存在标记,说明在 1 分钟内请求过,返回错误 return errors.Wrapf(xerr.NewErrMsg("一分钟内不能重复发送验证码"), "短信发送, 手机号1分钟内重复请求发送验证码: %s", encryptedMobile) } code := fmt.Sprintf("%06d", rand.New(rand.NewSource(time.Now().UnixNano())).Intn(1000000)) // 发送短信 smsResp, err := l.sendSmsRequest(req.Mobile, code) if err != nil { return errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "短信发送, 调用阿里客户端失败: %v", err) } if *smsResp.Body.Code != "OK" { return errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "短信发送, 阿里客户端响应失败: %s", *smsResp.Body.Message) } codeKey := fmt.Sprintf("%s:%s", action, encryptedMobile) // 将验证码保存到 Redis,设置过期时间 err = l.svcCtx.Redis.Setex(codeKey, code, l.svcCtx.Config.VerifyCode.ValidTime) // 验证码有效期5分钟 if err != nil { return errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "短信发送, 验证码设置过期时间失败: %v", err) } // 在 Redis 中设置 1 分钟的标记,限制重复请求 err = l.svcCtx.Redis.Setex(limitCodeKey, code, 60) // 标记 1 分钟内不能重复请求 if err != nil { return errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "短信发送, 验证码设置限制重复请求失败: %v", err) } return nil } // CreateClient 创建阿里云短信客户端 func (l *SendSmsLogic) CreateClient() (*dysmsapi.Client, error) { config := &openapi.Config{ AccessKeyId: &l.svcCtx.Config.VerifyCode.AccessKeyID, AccessKeySecret: &l.svcCtx.Config.VerifyCode.AccessKeySecret, } config.Endpoint = tea.String(l.svcCtx.Config.VerifyCode.EndpointURL) return dysmsapi.NewClient(config) } // sendSmsRequest 发送短信请求 func (l *SendSmsLogic) sendSmsRequest(mobile, code string) (*dysmsapi.SendSmsResponse, error) { // 初始化阿里云短信客户端 cli, err := l.CreateClient() if err != nil { return nil, err } request := &dysmsapi.SendSmsRequest{ SignName: tea.String(l.svcCtx.Config.VerifyCode.SignName), TemplateCode: tea.String(l.svcCtx.Config.VerifyCode.TemplateCode), PhoneNumbers: tea.String(mobile), TemplateParam: tea.String(fmt.Sprintf("{\"code\":\"%s\"}", code)), } runtime := &service.RuntimeOptions{} return cli.SendSmsWithOptions(request, runtime) } // verifyCancelAccountSmsCaller 注销验证码:须携带与 Jwt 一致的登录态,且手机号与当前账号绑定一致 func (l *SendSmsLogic) verifyCancelAccountSmsCaller(req *types.SendSmsReq) error { var authz string if hr, ok := l.ctx.Value(captcha.HTTPRequestContextKey).(*http.Request); ok && hr != nil { authz = strings.TrimSpace(hr.Header.Get("Authorization")) } if authz == "" { return errors.Wrapf(xerr.NewErrCode(xerr.TOKEN_EXPIRE_ERROR), "请先登录后再获取注销验证码") } tokenStr := strings.TrimSpace(authz) if len(tokenStr) > 7 && strings.EqualFold(tokenStr[:7], "Bearer ") { tokenStr = strings.TrimSpace(tokenStr[7:]) } claims, err := jwtx.ParseJwtToken(tokenStr, l.svcCtx.Config.JwtAuth.AccessSecret) if err != nil { return errors.Wrapf(xerr.NewErrCode(xerr.TOKEN_EXPIRE_ERROR), "登录已失效,请重新登录") } if claims.UserType != model.UserTypeNormal { return errors.Wrapf(xerr.NewErrMsg("当前账号类型不支持注销验证码"), "cancelAccount sms") } user, err := l.svcCtx.UserModel.FindOne(l.ctx, claims.UserId) if err != nil { if errors.Is(err, model.ErrNotFound) { return errors.Wrapf(xerr.NewErrCode(xerr.USER_NOT_FOUND), "用户不存在") } return errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询用户失败: %v", err) } if user.CancelledAt.Valid { return errors.Wrapf(xerr.NewErrCode(xerr.USER_CANCELLED), "账号已注销") } if user.Disable == 1 { return errors.Wrapf(xerr.NewErrCode(xerr.USER_DISABLED), "账号已被封禁") } if !user.Mobile.Valid || user.Mobile.String == "" { return errors.Wrapf(xerr.NewErrMsg("请先绑定手机号后再注销账号"), "cancelAccount sms, 未绑定手机") } enc, err := crypto.EncryptMobile(req.Mobile, l.svcCtx.Config.Encrypt.SecretKey) if err != nil { return errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "加密手机号失败: %v", err) } if enc != user.Mobile.String { return errors.Wrapf(xerr.NewErrMsg("手机号与当前登录账号不一致"), "cancelAccount sms mobile mismatch") } return nil }