TCG/tcg-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

优化

Browse Source
This commit is contained in:
yaoyanwei
2025-08-26 14:28:54 +08:00
parent 4b2bb35c20
commit 6fa45b8f74
4 changed files with 121 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

93
authorization/auth.controller.js
View File

@@ -3,15 +3,16 @@ const jwt = require('jsonwebtoken');
const crypto = require('crypto'); const crypto = require('crypto');
const config = require('../config.js'); const config = require('../config.js');
const jwtSecret = config.jwt_secret; const jwtSecret = config.jwt_secret;
const Activity = require("../activity/activity.model");
const UserModel = require('../users/users.model'); const UserModel = require('../users/users.model');
const UserTool = require('../users/users.tool'); const UserTool = require('../users/users.tool');
exports.Login = (req, res) => { exports.Login = (req, res) => {
try { try {
let refreshId = req.login.userId + jwtSecret; let refresh_id = req.login.userId + jwtSecret;
let refresh_key = crypto.randomBytes(16).toString('base64'); let refresh_key = crypto.randomBytes(16).toString('base64');
let refresh_hash = crypto.createHmac('sha512', refresh_key).update(refreshId).digest("base64"); let refresh_hash = crypto.createHmac('sha512', refresh_key).update(refresh_id).digest("base64");
req.login.refresh_key = refresh_key; req.login.refresh_key = refresh_key;
let access_token = jwt.sign(req.login, jwtSecret); let access_token = jwt.sign(req.login, jwtSecret);
@@ -20,7 +21,7 @@ exports.Login = (req, res) => {
var update = { refresh_key: refresh_key, proof_key: "", password_recovery_key: "", last_login_time: new Date(), last_online_time: new Date() }; var update = { refresh_key: refresh_key, proof_key: "", password_recovery_key: "", last_login_time: new Date(), last_online_time: new Date() };
UserModel.patch(req.login.userId, update); UserModel.patch(req.login.userId, update);
var odata = { var data = {
id: req.login.userId, id: req.login.userId,
username: req.login.username, username: req.login.username,
access_token: access_token, access_token: access_token,
@@ -32,13 +33,89 @@ exports.Login = (req, res) => {
version: config.version version: config.version
} }
return res.status(201).send(odata); return res.status(201).send(data);
} catch (err) { } catch (err) {
return res.status(500).send({ error: err }); return res.status(500).send({ error: err });
} }
}; };
exports.SteamLogin = async (req, res) => {
try {
if (!req.body.email || !req.body.username || !req.body.password) {
return res.status(400).send({ error: 'Invalid parameters' });
}
var email = req.body.email;
var username = req.body.username;
var password = req.body.password;
var user = await UserModel.getByUsername(username);
if (!user) {
user = {};
user.username = username;
user.email = email;
user.permission_level = 1;
user.validation_level = 0;
user.coins = config.start_coins;
user.elo = config.start_elo;
user.xp = 0;
user.account_create_time = new Date();
user.last_login_time = new Date();
user.last_online_time = new Date();
user.email_confirm_key = UserTool.generateID(20);
UserTool.setUserPassword(user, password);
//Create user
var user_created = await UserModel.create(user);
if (!user_created)
return res.status(500).send({ error: "Unable to create user" });
//Send confirm email
UserTool.sendEmailConfirmKey(user_created, user.email, user.email_confirm_key);
// Activity Log -------------
var act = await Activity.LogActivity("register", user.username, { username: user.username, email: user.email });
if (!act) return res.status(500).send({ error: "Failed to log activity!!" });
}
var login = {
userId: user.id,
username: user.username,
email: user.email,
permission_level: user.permission_level,
validation_level: user.validation_level,
provider: email ? 'email' : 'username',
}
let refresh_id = login.userId + jwtSecret;
let refresh_key = crypto.randomBytes(16).toString('base64');
let refresh_hash = crypto.createHmac('sha512', refresh_key).update(refresh_id).digest("base64");
login.refresh_key = refresh_key;
let access_token = jwt.sign(login, jwtSecret);
//Delete some keys for security, empty keys are never valid, also update login time
UserModel.patch(login.userId, { refresh_key: refresh_key, proof_key: "", password_recovery_key: "", last_login_time: new Date(), last_online_time: new Date() });
var data = {
id: login.userId,
username: login.username,
access_token: access_token,
refresh_token: refresh_hash,
permission_level: login.permission_level,
validation_level: login.validation_level,
duration: config.jwt_expiration,
server_time: new Date(),
version: config.version
}
return res.status(201).send(data);
} catch (err) {
console.error(err);
return res.status(500).send({ error: err });
}
};
exports.KeepOnline = async (req, res, next) => { exports.KeepOnline = async (req, res, next) => {
var token = req.jwt; var token = req.jwt;
@@ -61,8 +138,7 @@ exports.ValidateToken = async(req, res, next) => {
return res.status(200).send(data); return res.status(200).send(data);
}; };
exports.CreateProof = async(req, res) => exports.CreateProof = async (req, res) => {
{
var userId = req.jwt.userId; var userId = req.jwt.userId;
var user = await UserModel.getById(userId); var user = await UserModel.getById(userId);
@@ -75,8 +151,7 @@ exports.CreateProof = async(req, res) =>
return res.status(200).send({ proof: user.proof_key }); return res.status(200).send({ proof: user.proof_key });
} }
exports.ValidateProof = async(req, res) => exports.ValidateProof = async (req, res) => {
{
var username = req.params.username; var username = req.params.username;
var proof = req.params.proof; var proof = req.params.proof;

4
authorization/auth.routes.js
View File

@@ -16,6 +16,10 @@ exports.route = function (app) {
AuthController.Login AuthController.Login
]); ]);
app.post('/auth/steam', app.auth_limiter, [
AuthController.SteamLogin
]);
app.get('/auth/keep',[ app.get('/auth/keep',[
AuthTool.isValidJWT, AuthTool.isValidJWT,
AuthController.KeepOnline AuthController.KeepOnline

8
config.js
View File

@@ -1,7 +1,7 @@
module.exports = { module.exports = {
version: "1.13", version: "1.13",
port: 80, port: 8080,
port_https: 443, port_https: 443,
api_title: "TCG Engine API", //Display name api_title: "TCG Engine API", //Display name
api_url: "", //If you set the URL, will block all direct IP access, or wrong url access, leave blank to allow all url access api_url: "", //If you set the URL, will block all direct IP access, or wrong url access, leave blank to allow all url access
@@ -26,9 +26,9 @@ module.exports = {
}, },
//Mongo Connection //Mongo Connection
mongo_user: "", mongo_user: "mongodb",
mongo_pass: "", mongo_pass: "WFSWiBkLPLZTzw7s",
mongo_host: "127.0.0.1", mongo_host: "192.168.1.99",
mongo_port: "27017", mongo_port: "27017",
mongo_db: "tcgengine", mongo_db: "tcgengine",

2
tools/validator.tool.js
View File

@@ -18,7 +18,7 @@ Validator.validateUsername = function(username){
return false; return false;
//Cant have some special characters, must be letters or digits and start with a letter //Cant have some special characters, must be letters or digits and start with a letter
var regex = /^[a-zA-Z][a-zA-Z\d]+$/; var regex = /^[a-zA-Z0-9_]+$/;
if(!regex.test(username)) if(!regex.test(username))
return false; return false;