app/controller/power.js

@@ -13,6 +13,11 @@ class LoginController extends Controller {
     const res = await ctx.service.power.getUserMenu();
     ctx.body = res;
   }
+  async captcha() {
+    const { ctx } = this;
+    const res = await ctx.service.power.captcha();
+    ctx.body = res;
+  }
 }
 
 module.exports = LoginController;

app/router.js

@@ -9,6 +9,7 @@ module.exports = app => {
   // 系统用户
   router.post('/api/adminUser/create', jwt, controller.adminUser.create);
   router.post('/api/adminUser/update', jwt, controller.adminUser.update);
+  router.post('/api/adminUser/pwdUpdate', jwt, controller.adminUser.pwdUpdate);
   router.delete('/api/adminUser/delete/:id', jwt, controller.adminUser.del);
   router.get('/api/adminUser/query', controller.adminUser.query);
   // 角色
@@ -24,6 +25,8 @@ module.exports = app => {
   // 登录
   router.post('/api/power/login', controller.power.login);
   router.get('/api/power/getUserMenu', controller.power.getUserMenu);
+  // 获取验证码
+  router.get('/api/captcha', controller.power.captcha);
   // 内容
   router.post('/api/content/create', jwt, controller.content.create);
   router.post('/api/content/update', jwt, controller.content.update);

app/service/adminUser.js

@@ -24,30 +24,33 @@ class adminUserService extends Service {
       throw new Error('添加失败');
     }
   }
-  async update({ userName, phone, _id, roleList, state }) {
+  async update({ userName, phone, _id, roleList, state, password }) {
     assert(_id, 'id不存在');
     const { AdminUser: model } = this.ctx.model;
     try {
-      await model.findById(_id).update({ userName, phone, roleList, state });
+      const hash = crypto.createHmac('sha256', this.app.config.userSecret);
+      const pwd = hash.update(password).digest('hex');
+      await model.findById(_id).update({ userName, phone, roleList, state, password: pwd });
       return { errmsg: '', errcode: 0 };
     } catch (error) {
       console.log(error);
       throw new Error('修改失败');
     }
   }
-  async pwdUpdate({ password, _id, confirmPwd }) {
-    assert(_id, 'id不存在');
+  async pwdUpdate({ password, userName, confirmPwd }) {
+    console.log(password, userName, confirmPwd);
+    assert(userName, '用户名不存在');
     const { AdminUser: model } = this.ctx.model;
     const hash = crypto.createHmac('sha256', this.app.config.userSecret);
     const cpwd = hash.update(confirmPwd).digest('hex');
     try {
-      const res = await model.findById(_id);
+      const res = await model.findOne({ userName });
       if (res.password !== cpwd) {
         return { errmsg: '原密码错误', errcode: -2003 };
       }
       const hash = crypto.createHmac('sha256', this.app.config.userSecret);
       const pwd = hash.update(password).digest('hex');
-      await model.findByIdAndUpdate(_id, { password: pwd });
+      await model.findByIdAndUpdate(res._id, { password: pwd });
       return { errmsg: '', errcode: 0 };
     } catch (error) {
       throw new Error('修改失败');

app/service/log.js

@@ -69,14 +69,18 @@ class LogService extends Service {
         decode = ctx.app.jwt.verify(token, ctx.app.config.secret);
       } else {
         const { acct } = ctx.request.body;
-        const res = await model.find({ acct });
-        decode = res[0];
+        const res = await model.findOne({ acct });
+        if (!res) {
+          decode = { acct, userName: '用户不存在' };
+        } else {
+          decode = res;
+        }
       }
       const str = url.split('/');
       for (let i = 0; i < str.length; i++) {
         const e = str[i];
         if (e !== '' && e !== 'api') {
-          if (e === 'create' || e === 'update' || e === 'delete' || e === 'upload' || e === 'login') {
+          if (e === 'create' || e === 'update' || e === 'delete' || e === 'upload' || e === 'login' || e === 'pwdUpdate') {
             methods = routerMethod[e];
             if (e === 'delete') {
               break;
@@ -86,7 +90,7 @@ class LogService extends Service {
           }
         }
       }
-      return { mondel, method: methods, data: body, acct: decode.acct, userName: decode.userName, date };
+      return { mondel, method: methods, data: body, acct: decode.acct, userName: decode && decode.userName, date };
     }
   }
 }

app/service/power.js

@@ -4,10 +4,16 @@ const Service = require('egg').Service;
 const assert = require('assert');
 const crypto = require('crypto');
 const menu = require('../public/adminMenu');
+const svgCaptcha = require('svg-captcha');
 class UserService extends Service {
-  async login({ acct, password }) {
+  async login({ acct, password, code }) {
     assert(acct, '帐号不存在');
     assert(password, '密码不存在');
+    assert(code, '验证码不存在');
+    const captcha = this.ctx.session.code;
+    if (captcha !== code) {
+      return { errmsg: '验证码错误', errcode: -2003 };
+    }
     const { AdminUser: model } = this.ctx.model;
     const hash = crypto.createHmac('sha256', this.app.config.userSecret);
     const pwd = hash.update(password).digest('hex');
@@ -61,6 +67,21 @@ class UserService extends Service {
       throw new Error('登录失败');
     }
   }
+  async captcha() {
+    const captcha = svgCaptcha.create({
+      size: 4,
+      fontSize: 50,
+      ignoreChars: 'Ooli',
+      width: 100,
+      height: 40,
+      noise: 3,
+      color: true,
+      background: '#cc9966',
+    });
+    this.ctx.session.code = captcha.text;
+    this.ctx.response.type = 'image/svg+xml';
+    return captcha.data;
+  }
 }
 
 module.exports = UserService;

config/plugin.js

@@ -14,4 +14,12 @@ module.exports = {
     enable: true,
     package: 'egg-cors',
   },
+  captcha: {
+    enable: true,
+    package: 'svg-captcha',
+  },
+  session: {
+    enable: true,
+    package: 'egg-session',
+  },
 };

config/routerMethod.js

@@ -9,4 +9,5 @@ module.exports = {
   'delete': '删除',
   'upload': '上传文件',
   'login': '系统登录',
+  'pwdUpdate': '修改密码',
 };

package.json

@@ -12,8 +12,10 @@
     "egg-jwt": "^3.1.7",
     "egg-mongoose": "^3.3.1",
     "egg-scripts": "^2.11.0",
+    "egg-session": "^3.3.0",
     "lodash": "^4.17.21",
     "moment": "^2.29.1",
+    "svg-captcha": "^1.4.0",
     "uuid": "^8.3.2"
   },
   "devDependencies": {