186-template-175
/
mini-starter
forked from 155-template-138/mini-starter


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247
							import { DataSource, Repository } from 'typeorm';
import { UserEntity } from '@d8d/user-module';
import { FileService } from '@d8d/file-module';
import { JWTUtil, redisUtil } from '@d8d/shared-utils';
import axios from 'axios';
import process from 'node:process'

export class MiniAuthService {
  private userRepository: Repository<UserEntity>;
  private fileService: FileService;

  constructor(dataSource: DataSource) {
    this.userRepository = dataSource.getRepository(UserEntity);
    this.fileService = new FileService(dataSource);
  }

  async miniLogin(code: string): Promise<{ token: string; user: UserEntity; isNewUser: boolean }> {
    // 1. 通过code获取openid和session_key
    console.debug("miniLogin：code"+code);
    let data = code.split(",");
    let openid = "";
    if(data.length==2){
      openid = data[1];
      code = data[0];
    }
    console.debug("openid")
    if(openid!=""){
      

      const openidInfo= {
        openid: openid
      };

      let user = await this.createMiniUser(openidInfo);
      // 3. 保存sessionKey到Redis
      let sessionKey = await redisUtil.getSessionKeyByOpenid(openid) ;

      await redisUtil.setSessionKey(user.id,sessionKey || '');
      let token = this.generateToken(user);
      let isNewUser = false;
      return { token, user, isNewUser };
    }else{

      // 1. 通过code获取openid和session_key
      const openidInfo = await this.getOpenIdByCode(code);

      // 2. 查找或创建用户
      let user = await this.userRepository.findOne({
        where: { openid: openidInfo.openid }
      });

      let isNewUser = false;
      let token = "";

      if (!user) {
        // 自动注册新用户
        user = await this.createMiniUserNoId(openidInfo);
        isNewUser = true;
        token = openid;
        await redisUtil.setSessionKeyByOpenid(openid, openidInfo.session_key);
      }else{
        // 3. 保存sessionKey到Redis
        await redisUtil.setSessionKey(user.id, openidInfo.session_key);
        token = this.generateToken(user);
        // isNewUser = true;
      }

      return { token,user, isNewUser };
    }
  }

  async updateUserProfile(userId: number, profile: { nickname?: string; avatarUrl?: string }): Promise<UserEntity> {
    const user = await this.userRepository.findOne({
      where: { id: userId },
      relations: ['avatarFile']
    });

    if (!user) throw new Error('用户不存在');

    if (profile.nickname) user.nickname = profile.nickname;

    // 处理头像：如果用户没有头像且提供了小程序头像URL，则下载保存
    if (profile.avatarUrl && !user.avatarFileId) {
      try {
        const avatarFileId = await this.downloadAndSaveAvatar(profile.avatarUrl, userId);
        if (avatarFileId) {
          user.avatarFileId = avatarFileId;
        }
      } catch (error) {
        // 头像下载失败不影响主要功能
        console.error('头像下载失败:', error);
      }
    }

    return await this.userRepository.save(user);
  }

  private async getOpenIdByCode(code: string): Promise<{ openid: string; unionid?: string; session_key: string }> {
    const appId = process.env.WX_MINI_APP_ID;
    const appSecret = process.env.WX_MINI_APP_SECRET;
    console.log("appId")
    console.log(appId)
    console.log(appSecret)
    if (!appId || !appSecret) {
      throw new Error('微信小程序配置缺失');
    }

    const url = `https://api.weixin.qq.com/sns/jscode2session?appid=${appId}&secret=${appSecret}&js_code=${code}&grant_type=authorization_code`;

    try {
      const response = await axios.get(url, { timeout: 10000 });

      if (response.data.errcode) {
        throw new Error(`微信API错误: ${response.data.errmsg}`);
      }

      return {
        openid: response.data.openid,
        unionid: response.data.unionid,
        session_key: response.data.session_key
      };
    } catch (error) {
      if (axios.isAxiosError(error)) {
        throw new Error('微信服务器连接失败');
      }
      throw error;
    }
  }

  private async createMiniUser(openidInfo: { openid: string; unionid?: string }): Promise<UserEntity> {
    const user = this.userRepository.create({
      username: `wx_${Date.now()}_${Math.random().toString(36).substr(2, 6)}`,
      password: '', // 小程序用户不需要密码
      openid: openidInfo.openid,
      unionid: openidInfo.unionid,
      nickname: '微信用户',
      registrationSource: 'miniapp',
      isDisabled: 0,
      isDeleted: 0
    });

    return await this.userRepository.save(user);
  }

  private async createMiniUserNoId(openidInfo: { openid: string; unionid?: string }): Promise<UserEntity> {
    const user = this.userRepository.create({
      username: `wx_${Date.now()}_${Math.random().toString(36).substr(2, 6)}`,
      password: '', // 小程序用户不需要密码
      openid: openidInfo.openid,
      unionid: openidInfo.unionid,
      nickname: '微信用户',
      registrationSource: 'miniapp',
      isDisabled: 0,
      isDeleted: 0
    });
     
    // await this.userRepository.save(user);
    return user;
  }

  private async downloadAndSaveAvatar(avatarUrl: string, userId: number): Promise<number | null> {
    try {
      const result = await this.fileService.downloadAndSaveFromUrl(
        avatarUrl,
        {
          uploadUserId: userId,
          customPath: `avatars/`,
          mimeType: 'image/jpeg'
        },
        { timeout: 10000 }
      );

      return result.file.id;
    } catch (error) {
      console.error('下载保存头像失败:', error);
      return null;
    }
  }

  private generateToken(user: UserEntity): string {
    return JWTUtil.generateToken({
      id: user.id,
      username: user.username,
      roles: user.roles,
      openid: user.openid || undefined
    });
  }

  /**
   * 解密小程序加密的手机号
   */
  async decryptPhoneNumber(encryptedData: string, iv: string, sessionKey: string): Promise<string> {
    console.debug('手机号解密请求:', { encryptedData, iv, sessionKey });

    // 参数验证
    if (!encryptedData || !iv || !sessionKey) {
      throw { code: 400, message: '加密数据或初始向量不能为空' };
    }

    try {
      // 使用Node.js内置crypto模块进行AES-128-CBC解密
      // 微信小程序手机号解密算法：AES-128-CBC，PKCS#7填充
      const crypto = await import('node:crypto');

      // 创建解密器
      const decipher = crypto.createDecipheriv(
        'aes-128-cbc',
        Buffer.from(sessionKey, 'base64'),
        Buffer.from(iv, 'base64')
      );

      // 设置自动PKCS#7填充
      decipher.setAutoPadding(true);

      // 解密数据
      let decrypted = decipher.update(Buffer.from(encryptedData, 'base64'));
      decrypted = Buffer.concat([decrypted, decipher.final()]);

      // 解析解密后的JSON数据
      const decryptedStr = decrypted.toString('utf8');
      const phoneData = JSON.parse(decryptedStr);

      // 验证解密结果
      if (!phoneData.phoneNumber || typeof phoneData.phoneNumber !== 'string') {
        throw new Error('解密数据格式不正确');
      }

      console.debug('手机号解密成功:', { phoneNumber: phoneData.phoneNumber });
      return phoneData.phoneNumber;

    } catch (error) {
      console.error('手机号解密失败:', error);

      // 根据错误类型返回相应的错误信息
      if (error instanceof SyntaxError) {
        throw { code: 400, message: '解密数据格式错误' };
      } else if (error instanceof Error && error.message?.includes('wrong final block length')) {
        throw { code: 400, message: '解密数据长度不正确' };
      } else if (error instanceof Error && error.message?.includes('bad decrypt')) {
        throw { code: 400, message: '解密失败，请检查sessionKey是否正确' };
      } else {
        const errorMessage = error instanceof Error ? error.message : '未知错误';
        throw { code: 400, message: '手机号解密失败: ' + errorMessage };
      }
    }
  }
}