优化代码

ZeroCatDev · Nov 17, 2024 · 6091fa1 · 6091fa1
1 parent 0b4bb67
commit 6091fa1
Show file tree

Hide file tree

Showing 7 changed files with 68 additions and 82 deletions.
diff --git a/server/lib/totpUtils.js b/server/lib/totpUtils.js
@@ -191,14 +191,58 @@ async function removeTotpToken(userId, totp_id) {
 
     return { status: "success", message: "验证器已删除", totp: result };
   } catch (error) {
-    return { status: "0", message: "无法删除验证器",error:error };
+    return { status: "0", message: "无法删除验证器", error: error };
   }
 }
 
+// TOTP validation middleware
+async function validateTotpToken(req, res, next) {
+  try {
+    // Extract TOTP token from query, body, or headers
+    const token =
+      req.query.totp_token ||
+      req.body.totp_token ||
+      req.headers["x-totp-token"];
+    console.log(token);
+    if (!res.locals.login) {
+      // 未登录，返回401 Unauthorized状态码
+      return res.status(401).send({ status: "0", msg: "请先登录以继续操作" });
+    }
+    if (!token) {
+      // If no token is provided, return a failure response
+      return res.status(400).json({
+        status: "error",
+        message: "令牌未提供",
+      });
+    }
+
+    // Check if the TOTP token is valid
+    const userId = res.locals.userid; // Assuming the user ID is available in the request (e.g., from authentication middleware)
+    const isValid = await isTotpTokenValid(userId, token);
+
+    if (isValid.valid === false) {
+      // If the token is invalid, return a failure response
+      return res.status(400).json({
+        status: "error",
+        message: "无法处理请求：" + isValid.message,
+      });
+    }
+
+    // If valid, move to the next middleware or route handler
+    next();
+  } catch (error) {
+    console.error("Error in TOTP validation middleware:", error);
+    return res.status(500).json({
+      status: "error",
+      message: "Internal server error during TOTP validation.",
+    });
+  }
+}
 module.exports = {
   isTotpTokenValid,
   isTotpTokenValidById,
   createTotpTokenForUser,
   enableTotpToken,
   removeTotpToken,
+  validateTotpToken,
 };
diff --git a/server/lib/validateTotpToken.js b/server/lib/validateTotpToken.js
diff --git a/server/lib/needlogin.js → server/middleware/auth.js b/server/lib/needlogin.js → server/middleware/auth.js
@@ -1,14 +1,10 @@
-const express = require("express");
-
-const app = express();
-
-// 登录检查中间件
-app.use((req, res, next) => {
+async function needlogin(req, res, next) {
   if (!res.locals.login) {
     // 未登录，返回401 Unauthorized状态码
     return res.status(401).send({ status: "0", msg: "请先登录以继续操作" });
   }
   next(); // 已登录，继续处理请求
-});
-
-module.exports = app;
+}
+module.exports = {
+  needlogin,
+};
diff --git a/server/router_account.js b/server/router_account.js
@@ -10,15 +10,15 @@ const {
   registrationTemplate,
   passwordResetTemplate,
 } = require("./services/emailTemplates");
-const needlogin = require("./lib/needlogin.js");
+const {  needlogin } = require("./middleware/auth.js");
 
 const {
   isTotpTokenValid,
   createTotpTokenForUser,
   enableTotpToken,
   removeTotpToken,
+  validateTotpToken
 } = require("./lib/totpUtils.js");
-const validateTotpToken = require("./lib/validateTotpToken.js"); // Import the middleware
 router.all("*", function (req, res, next) {
   next();
 });

diff --git a/server/router_projectlist.js b/server/router_projectlist.js
@@ -2,7 +2,7 @@ const configManager = require("./configManager");
 
 const express = require("express");
 const router = express.Router();
-const needlogin = require("./lib/needlogin.js");
+const {  needlogin } = require("./middleware/auth.js");
 
 const {
   userProjectlistAdd,

diff --git a/server/router_user.js b/server/router_user.js
@@ -1,12 +1,8 @@
 const configManager = require("./configManager.js");
 var express = require("express");
 var router = express["Router"]();
-var fs = require("fs");
-var jwt = require("jsonwebtoken");
 var DB = require("./lib/database.js");
-var I = require("./lib/global.js");
 let cryptojs = require("crypto-js");
-const needlogin = require("./lib/needlogin.js");
 
 
 router.all("*", function (req, res, next) {

diff --git a/views/index.ejs b/views/index.ejs
@@ -21,27 +21,22 @@
     <link href="<%= global.config['urls.static'] %>/font1.css" rel="stylesheet" />
 
     <mdui-layout-main>
-
-
-
       <mdui-list>
-        <% const config = JSON.parse(JSON.stringify(global.publicconfig)); %>
-        <% Object.entries(config).forEach(([key, value]) => { %>
-            <mdui-list-item
-                rounded
-                headline="<%= key %>"
-                description="<%= typeof value === 'object' ? JSON.stringify(value) : value %>"
-            ></mdui-list-item>
-        <% }); %>
-    </mdui-list>
-
-        <mdui-button variant="filled" href="<%= global.config['urls.frontend'] %>">立刻加入</mdui-button>
-        <mdui-button variant="elevated" href="#">了解更多</mdui-button><mdui-list>
-          <mdui-list-item icon="people" description="qq群号964979747" href="https://qm.qq.com/q/wn3TkPoZ5C" active
-            rounded>ZeroCat现由厚浪云提供支持</mdui-list-item>
-        </mdui-list>
-
-        </div>
+        <% const config=JSON.parse(JSON.stringify(global.publicconfig)); %>
+          <% Object.entries(config).forEach(([key, value])=> { %>
+            <mdui-list-item rounded headline="<%= key %>"
+              description="<%= typeof value === 'object' ? JSON.stringify(value) : value %>"></mdui-list-item>
+            <% }); %>
+      </mdui-list>
+      <mdui-button variant="filled" href="<%= global.config['urls.frontend'] %>">立刻加入</mdui-button>
+      <mdui-button variant="elevated" href="#">了解更多</mdui-button><mdui-list>
+        <!-- 判断feedback.qqgroup是否存在 -->
+        <% if (global.publicconfig['feedback.qq.group']) { %>
+        <mdui-list-item icon="people" description="qq群<%= global.config['feedback.qq.group'] %>" <% if (global.publicconfig['feedback.qq.link']) { %>href="<%= global.config['feedback.qq.link'] %>"<% } %> active
+          rounded><%= global.config['feedback.qq.description'] %></mdui-list-item>
+        <% } %>
+      </mdui-list>
+      </div>
     </mdui-layout-main>
   </mdui-layout>
 </body>