| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200 |
- import { DataSource, Repository } from 'typeorm';
- import { UserEntity } from '@d8d/user-module';
- import { FileService } from '@d8d/file-module';
- import { JWTUtil, redisUtil } from '@d8d/shared-utils';
- import axios from 'axios';
- import process from 'node:process'
- export class MiniAuthService {
- private userRepository: Repository<UserEntity>;
- private fileService: FileService;
- constructor(dataSource: DataSource) {
- this.userRepository = dataSource.getRepository(UserEntity);
- this.fileService = new FileService(dataSource);
- }
- async miniLogin(code: string): Promise<{ token: string; user: UserEntity; isNewUser: boolean }> {
- // 1. 通过code获取openid和session_key
- const openidInfo = await this.getOpenIdByCode(code);
- // 2. 查找或创建用户
- let user = await this.userRepository.findOne({
- where: { openid: openidInfo.openid }
- });
- let isNewUser = false;
- if (!user) {
- // 自动注册新用户
- user = await this.createMiniUser(openidInfo);
- isNewUser = true;
- }
- // 3. 保存sessionKey到Redis
- await redisUtil.setSessionKey(user.id, openidInfo.session_key);
- // 4. 生成token
- const token = this.generateToken(user);
- return { token, user, isNewUser };
- }
- async updateUserProfile(userId: number, profile: { nickname?: string; avatarUrl?: string }): Promise<UserEntity> {
- const user = await this.userRepository.findOne({
- where: { id: userId },
- relations: ['avatarFile']
- });
- if (!user) throw new Error('用户不存在');
- if (profile.nickname) user.nickname = profile.nickname;
- // 处理头像:如果用户没有头像且提供了小程序头像URL,则下载保存
- if (profile.avatarUrl && !user.avatarFileId) {
- try {
- const avatarFileId = await this.downloadAndSaveAvatar(profile.avatarUrl, userId);
- if (avatarFileId) {
- user.avatarFileId = avatarFileId;
- }
- } catch (error) {
- // 头像下载失败不影响主要功能
- console.error('头像下载失败:', error);
- }
- }
- return await this.userRepository.save(user);
- }
- private async getOpenIdByCode(code: string): Promise<{ openid: string; unionid?: string; session_key: string }> {
- const appId = process.env.WX_MINI_APP_ID;
- const appSecret = process.env.WX_MINI_APP_SECRET;
- if (!appId || !appSecret) {
- throw new Error('微信小程序配置缺失');
- }
- const url = `https://api.weixin.qq.com/sns/jscode2session?appid=${appId}&secret=${appSecret}&js_code=${code}&grant_type=authorization_code`;
- try {
- const response = await axios.get(url, { timeout: 10000 });
- if (response.data.errcode) {
- throw new Error(`微信API错误: ${response.data.errmsg}`);
- }
- return {
- openid: response.data.openid,
- unionid: response.data.unionid,
- session_key: response.data.session_key
- };
- } catch (error) {
- if (axios.isAxiosError(error)) {
- throw new Error('微信服务器连接失败');
- }
- throw error;
- }
- }
- private async createMiniUser(openidInfo: { openid: string; unionid?: string }): Promise<UserEntity> {
- const user = this.userRepository.create({
- username: `wx_${Date.now()}_${Math.random().toString(36).substr(2, 6)}`,
- password: '', // 小程序用户不需要密码
- openid: openidInfo.openid,
- unionid: openidInfo.unionid,
- nickname: '微信用户',
- registrationSource: 'miniapp',
- isDisabled: 0,
- isDeleted: 0
- });
- return await this.userRepository.save(user);
- }
- private async downloadAndSaveAvatar(avatarUrl: string, userId: number): Promise<number | null> {
- try {
- const result = await this.fileService.downloadAndSaveFromUrl(
- avatarUrl,
- {
- uploadUserId: userId,
- customPath: `avatars/`,
- mimeType: 'image/jpeg'
- },
- { timeout: 10000 }
- );
- return result.file.id;
- } catch (error) {
- console.error('下载保存头像失败:', error);
- return null;
- }
- }
- private generateToken(user: UserEntity): string {
- return JWTUtil.generateToken({
- id: user.id,
- username: user.username,
- roles: user.roles,
- openid: user.openid || undefined
- });
- }
- /**
- * 解密小程序加密的手机号
- */
- async decryptPhoneNumber(encryptedData: string, iv: string, sessionKey: string): Promise<string> {
- console.debug('手机号解密请求:', { encryptedData, iv, sessionKey });
- // 参数验证
- if (!encryptedData || !iv || !sessionKey) {
- throw { code: 400, message: '加密数据或初始向量不能为空' };
- }
- try {
- // 使用Node.js内置crypto模块进行AES-128-CBC解密
- // 微信小程序手机号解密算法:AES-128-CBC,PKCS#7填充
- const crypto = await import('node:crypto');
- // 创建解密器
- const decipher = crypto.createDecipheriv(
- 'aes-128-cbc',
- Buffer.from(sessionKey, 'base64'),
- Buffer.from(iv, 'base64')
- );
- // 设置自动PKCS#7填充
- decipher.setAutoPadding(true);
- // 解密数据
- let decrypted = decipher.update(Buffer.from(encryptedData, 'base64'));
- decrypted = Buffer.concat([decrypted, decipher.final()]);
- // 解析解密后的JSON数据
- const decryptedStr = decrypted.toString('utf8');
- const phoneData = JSON.parse(decryptedStr);
- // 验证解密结果
- if (!phoneData.phoneNumber || typeof phoneData.phoneNumber !== 'string') {
- throw new Error('解密数据格式不正确');
- }
- console.debug('手机号解密成功:', { phoneNumber: phoneData.phoneNumber });
- return phoneData.phoneNumber;
- } catch (error) {
- console.error('手机号解密失败:', error);
- // 根据错误类型返回相应的错误信息
- if (error instanceof SyntaxError) {
- throw { code: 400, message: '解密数据格式错误' };
- } else if (error instanceof Error && error.message?.includes('wrong final block length')) {
- throw { code: 400, message: '解密数据长度不正确' };
- } else if (error instanceof Error && error.message?.includes('bad decrypt')) {
- throw { code: 400, message: '解密失败,请检查sessionKey是否正确' };
- } else {
- const errorMessage = error instanceof Error ? error.message : '未知错误';
- throw { code: 400, message: '手机号解密失败: ' + errorMessage };
- }
- }
- }
- }
|
