Feat: 2-FA login verification

2026-01-26 09:34:57 +08:00 · 2020-02-21 13:48:34 +08:00
parent 11e45bc751
commit 7c07b623f6
6 changed files with 93 additions and 1 deletions
--- a/service/user/login.go
+++ b/service/user/login.go
@@ -6,6 +6,7 @@ import (
 	"github.com/HFO4/cloudreve/pkg/util"
 	"github.com/gin-gonic/gin"
 	"github.com/mojocn/base64Captcha"
+	"github.com/pquerna/otp/totp"
 )

 // UserLoginService 管理用户登录的服务
@@ -16,6 +17,32 @@ type UserLoginService struct {
 	CaptchaCode string `form:"captchaCode" json:"captchaCode"`
 }

+// Login 二步验证继续登录
+func (service *Enable2FA) Login(c *gin.Context) serializer.Response {
+	if uid, ok := util.GetSession(c, "2fa_user_id").(uint); ok {
+		// 查找用户
+		expectedUser, err := model.GetActiveUserByID(uid)
+		if err != nil {
+			return serializer.Err(serializer.CodeNotFound, "用户不存在", nil)
+		}
+
+		// 验证二步验证代码
+		if !totp.Validate(service.Code, expectedUser.TwoFactor) {
+			return serializer.ParamErr("验证代码不正确", nil)
+		}
+
+		//登陆成功，清空并设置session
+		util.DeleteSession(c, "2fa_user_id")
+		util.SetSession(c, map[string]interface{}{
+			"user_id": expectedUser.ID,
+		})
+
+		return serializer.BuildUserResponse(expectedUser)
+	}
+
+	return serializer.Err(serializer.CodeNotFound, "登录会话不存在", nil)
+}
+
 // Login 用户登录函数
 func (service *UserLoginService) Login(c *gin.Context) serializer.Response {
 	isCaptchaRequired := model.GetSettingByName("login_captcha")
@@ -44,7 +71,11 @@ func (service *UserLoginService) Login(c *gin.Context) serializer.Response {
 	}

 	if expectedUser.TwoFactor != "" {
-		//TODO 二步验证处理
+		// 需要二步验证
+		util.SetSession(c, map[string]interface{}{
+			"2fa_user_id": expectedUser.ID,
+		})
+		return serializer.Response{Code: 203}
 	}

 	//登陆成功，清空并设置session