sqlx: security logic is implemented complete. WIP %40

2 years ago · 5957eeacc3
parent a9743e25bd
commit 5957eeacc3
4 changed files with 21 additions and 27 deletions
--- a/internal/dao/jinzhu/security.go
+++ b/internal/dao/jinzhu/security.go
@ -21,12 +21,14 @@ var (

 type securitySrv struct {
 	db          *gorm.DB
+	rand        *rand.Rand
 	phoneVerify core.PhoneVerifyService
 }

 func newSecurityService(db *gorm.DB, phoneVerify core.PhoneVerifyService) core.SecurityService {
 	return &securitySrv{
 		db:          db,
+		rand:        rand.New(rand.NewSource(time.Now().UnixNano())),
 		phoneVerify: phoneVerify,
 	}
 }
@ -49,8 +51,7 @@ func (s *securitySrv) SendPhoneCaptcha(phone string) error {
 	expire := time.Duration(5)

 	// 发送验证码
-	rand.Seed(time.Now().UnixNano())
-	captcha := strconv.Itoa(rand.Intn(900000) + 100000)
+	captcha := strconv.Itoa(s.rand.Intn(900000) + 100000)
 	if err := s.phoneVerify.SendPhoneCaptcha(phone, captcha, expire); err != nil {
 		return err
 	}
--- a/internal/dao/sakila/security.go
+++ b/internal/dao/sakila/security.go
@ -23,20 +23,19 @@ var (
 type securitySrv struct {
 	*sqlxSrv
 	q           *cc.Security
+	rand        *rand.Rand
 	phoneVerify core.PhoneVerifyService
 }

 // GetLatestPhoneCaptcha 获取最新短信验证码
-func (s *securitySrv) GetLatestPhoneCaptcha(phone string) (*ms.Captcha, error) {
-	res := &ms.Captcha{}
-	err := s.q.GetLatestPhoneCaptcha.Get(res, phone)
-	return res, err
+func (s *securitySrv) GetLatestPhoneCaptcha(phone string) (res *ms.Captcha, err error) {
+	err = s.q.GetLatestPhoneCaptcha.Get(res, phone)
+	return
 }

 // UsePhoneCaptcha 更新短信验证码
 func (s *securitySrv) UsePhoneCaptcha(r *ms.Captcha) error {
-	r.UseTimes++
-	_, err := s.q.UsePhoneCaptcha.Exec(r)
+	_, err := s.q.UsePhoneCaptcha.Exec(time.Now().Unix(), r.ID)
 	return err
 }

@ -44,13 +43,15 @@ func (s *securitySrv) UsePhoneCaptcha(r *ms.Captcha) error {
 func (s *securitySrv) SendPhoneCaptcha(phone string) error {
 	expire := time.Duration(5)
 	// 发送验证码
-	rand.Seed(time.Now().UnixNano())
-	captcha := strconv.Itoa(rand.Intn(900000) + 100000)
+	captcha := strconv.Itoa(s.rand.Intn(900000) + 100000)
 	if err := s.phoneVerify.SendPhoneCaptcha(phone, captcha, expire); err != nil {
 		return err
 	}
 	// 写入表
 	phoneCaptcha := &dbr.Captcha{
+		Model: &ms.Model{
+			CreatedOn: time.Now().Unix(),
+		},
 		Phone:     phone,
 		Captcha:   captcha,
 		ExpiredOn: time.Now().Add(expire * time.Minute).Unix(),
@ -63,6 +64,7 @@ func newSecurityService(db *sqlx.DB, phoneVerify core.PhoneVerifyService) core.S
 	return &securitySrv{
 		sqlxSrv:     newSqlxSrv(db),
 		q:           mustBuild(db, cc.BuildSecurity),
+		rand:        rand.New(rand.NewSource(time.Now().UnixNano())),
 		phoneVerify: phoneVerify,
 	}
 }
--- a/internal/dao/sakila/yesql/cc/yesql.go
+++ b/internal/dao/sakila/yesql/cc/yesql.go
@ -60,10 +60,9 @@ const (
 	_Message_GetMessages                     = `SELECT * FROM @message WHERE receiver_user_id=:recerver_user_id AND is_del=0 ORDER BY id DESC LIMIT :limit OFFSET :offset`
 	_Message_GetUnreadCount                  = `SELECT count(*) FROM @message WHERE receiver_user_id=? AND is_read=0 AND is_del=0`
 	_Message_ReadMessage                     = `UPDATE @message SET is_read=1, modified_on=? WHERE id=?`
-	_Security_CreatePhoneCaptcha             = `SELECT * FROM @user WHERE username=?`
-	_Security_GetLatestPhoneCaptcha          = `SELECT * FROM @user WHERE username=?`
-	_Security_SendPhoneCaptcha               = `SELECT * FROM @user WHERE username=?`
-	_Security_UsePhoneCaptcha                = `SELECT * FROM @user WHERE username=?`
+	_Security_CreatePhoneCaptcha             = `INSERT INTO @captcha (phone, captcha, expired_on, created_on) VALUES (:phone, :captcha, :expired_on, :created_on)`
+	_Security_GetLatestPhoneCaptcha          = `SELECT * FROM @captcha WHERE phone=:phone AND is_del=0`
+	_Security_UsePhoneCaptcha                = `UPDATE @captcha SET use_times=use_times+1, modified_on=? WHERE id=? AND is_del=0`
 	_SimpleIndexA_UserInfo                   = `SELECT * FROM @user WHERE username=?`
 	_SimpleIndex_UserInfo                    = `SELECT * FROM @user WHERE username=?`
 	_TopicA_DecrTagsById                     = `UPDATE @tag SET quote_num=quote_num-1, modified_on=? WHERE id IN (?)`
@ -226,9 +225,8 @@ type Message struct {
 type Security struct {
 	yesql.Namespace       `yesql:"security"`
 	GetLatestPhoneCaptcha *sqlx.Stmt      `yesql:"get_latest_phone_captcha"`
-	SendPhoneCaptcha      *sqlx.Stmt      `yesql:"send_phone_captcha"`
+	UsePhoneCaptcha       *sqlx.Stmt      `yesql:"use_phone_captcha"`
 	CreatePhoneCaptcha    *sqlx.NamedStmt `yesql:"create_phone_captcha"`
-	UsePhoneCaptcha       *sqlx.NamedStmt `yesql:"use_phone_captcha"`
 }

 type SimpleIndex struct {
@ -609,15 +607,12 @@ func BuildSecurity(p yesql.PreparexBuilder, ctx ...context.Context) (obj *Securi
 	if obj.GetLatestPhoneCaptcha, err = p.PreparexContext(c, p.Rebind(p.QueryHook(_Security_GetLatestPhoneCaptcha))); err != nil {
 		return
 	}
-	if obj.SendPhoneCaptcha, err = p.PreparexContext(c, p.Rebind(p.QueryHook(_Security_SendPhoneCaptcha))); err != nil {
+	if obj.UsePhoneCaptcha, err = p.PreparexContext(c, p.Rebind(p.QueryHook(_Security_UsePhoneCaptcha))); err != nil {
 		return
 	}
 	if obj.CreatePhoneCaptcha, err = p.PrepareNamedContext(c, p.Rebind(p.QueryHook(_Security_CreatePhoneCaptcha))); err != nil {
 		return
 	}
-	if obj.UsePhoneCaptcha, err = p.PrepareNamedContext(c, p.Rebind(p.QueryHook(_Security_UsePhoneCaptcha))); err != nil {
-		return
-	}
 	return
 }

--- a/internal/dao/sakila/yesql/yesql.sql
+++ b/internal/dao/sakila/yesql/yesql.sql
@ -195,19 +195,15 @@ SELECT count(*) FROM @message WHERE receiver_user_id=:recerver_user_id AND is_de

 -- name: get_latest_phone_captcha@security
 -- prepare: stmt
-SELECT * FROM @user WHERE username=?
+SELECT * FROM @captcha WHERE phone=? AND is_del=0;

 -- name: use_phone_captcha@security
-- prepare: named_stmt
-SELECT * FROM @user WHERE username=?
-
-- name: send_phone_captcha@security
 -- prepare: stmt
-SELECT * FROM @user WHERE username=?
+UPDATE @captcha SET use_times=use_times+1, modified_on=? WHERE id=? AND is_del=0;

 -- name: create_phone_captcha@security
 -- prepare: named_stmt
-SELECT * FROM @user WHERE username=?
+INSERT INTO @captcha (phone, captcha, expired_on, created_on) VALUES (:phone, :captcha, :expired_on, :created_on);

 --------------------------------------------------------------------------------
 -- friend_index sql dml