Finish email.

7 years ago · cd3817a3a5
10 changed files with 119 additions and 55 deletions
--- a/config-example.json
+++ b/config-example.json
@ -10,10 +10,15 @@
    "dialect": "sqlite",
    "storage": "syzoj.db"
  },
-  "register_mail": {
+  "register_mail": true,
-    "enabled": true,
+  "email": {
-    "address": "test@test.domain",
+    "method": "aliyundm",
-    "key": "test"
+    "key": "test",
    "options": {
      "AccessKeyId": "xxxx",
      "AccessKeySecret": "xxxx",
      "AccountName": "xxxx"
    }
  },
  "upload_dir": "uploads",
  "default": {
@ -164,4 +169,4 @@
  "session_secret": "233",
  "judge_server_addr": "http://127.0.0.1:5284",
  "judge_token": "233"
-}
+}
--- a/libs/email.js
+++ b/libs/email.js
@ -1,16 +1,41 @@
 const Promise = require('bluebird');
 const sendmail = Promise.promisify(require('sendmail')());
 const { DM } = require('waliyun');
-async function send_sendmail(to, subject, body) {
+let doSendEmail;
-    await sendmail({
+
-        from: `${syzoj.config.title} <${syzoj.config.register_mail.address}>`,
+if (syzoj.config.email.method === "sendmail") {
-        to: to,
+    doSendEmail = async function send_sendmail(to, subject, body) {
-        type: 'text/html',
+        await sendmail({
-        subject: subject,
+            from: `${syzoj.config.title} <${syzoj.config.email.options.address}>`,
-        html: body
+            to: to,
            type: 'text/html',
            subject: subject,
            html: body
        });
    }
 } else if (syzoj.config.email.method === "aliyundm") {
    const dm = DM({
        AccessKeyId: syzoj.config.email.options.AccessKeyId,
        AccessKeySecret: syzoj.config.email.options.AccessKeySecret
    });
    doSendEmail = async function send_aliyundm(to, subject, body) {
        const result = await dm.singleSendMail({
            AccountName: syzoj.config.email.options.AccountName,
            AddressType: 1,
            ReplyToAddress: false,
            ToAddress: to,
            FromAlias: syzoj.config.title,
            Subject: subject,
            HtmlBody: body
        });
        if (result.Code != null) {
            throw new Error("阿里云 API 错误：" + JSON.stringify(result));
        }
    }
 } else {
    doSendEmail = async () => {
        throw new Error("邮件发送配置不正确。");
    }
 }
-
+module.exports.send = doSendEmail;
 module.exports.send = async function sendEmail(to, subject, body) {
    await send_sendmail(to, subject, body);
 }
--- a/modules/api.js
+++ b/modules/api.js
@ -57,16 +57,16 @@ app.post('/api/forget', async (req, res) => {
      userId: user.id,
    };
-    const token = jwt.sign(sendObj, syzoj.config.register_mail.key, {
+    const token = jwt.sign(sendObj, syzoj.config.email.key, {
      subject: 'forget',
      expiresIn: '12h'
    });
    const vurl = req.protocol + '://' + req.get('host') + syzoj.utils.makeUrl(['api', 'forget_confirm'], { token: token });
    try {
-      await Email.send(req.body.email,
+      await Email.send(user.email,
-        `${req.body.username} 的 ${syzoj.config.title} 密码重置邮件`,
+        `${user.username} 的 ${syzoj.config.title} 密码重置邮件`,
-        `<p>请点击该链接来重置密码：</p><p><a href="${vurl}">${vurl}</a></p><p>链接有效期为 12h。如果您不是 ${req.body.username}，请忽略此邮件。</p>`
+        `<p>请点击该链接来重置密码：</p><p><a href="${vurl}">${vurl}</a></p><p>链接有效期为 12h。如果您不是 ${user.username}，请忽略此邮件。</p>`
      );
    } catch (e) {
      return res.send({
@ -75,7 +75,8 @@ app.post('/api/forget', async (req, res) => {
      });
    }
-    if (!user) res.send({ error_code: 1 });
+    throw 123;
    res.send({ error_code: 1 });
  } catch (e) {
    syzoj.log(e);
    res.send(JSON.stringify({ error_code: e }));
@ -99,14 +100,14 @@ app.post('/api/sign_up', async (req, res) => {
    if (!(req.body.email = req.body.email.trim())) throw 2006;
    if (!syzoj.utils.isValidUsername(req.body.username)) throw 2002;
-    if (syzoj.config.register_mail.enabled) {
+    if (syzoj.config.register_mail) {
      let sendObj = {
        username: req.body.username,
        password: req.body.password,
        email: req.body.email,
      };
-      const token = jwt.sign(sendObj, syzoj.config.register_mail.key, {
+      const token = jwt.sign(sendObj, syzoj.config.email.key, {
        subject: 'register',
        expiresIn: '2d'
      });
@ -147,6 +148,11 @@ app.post('/api/sign_up', async (req, res) => {
 app.get('/api/forget_confirm', async (req, res) => {
  try {
    try {
      jwt.verify(req.query.token, syzoj.config.email.key, { subject: 'forget' });
    } catch (e) {
      throw new ErrorMessage("Token 不正确。");
    }
    res.render('forget_confirm', {
      token: req.query.token
    });
@ -160,23 +166,28 @@ app.get('/api/forget_confirm', async (req, res) => {
 app.post('/api/reset_password', async (req, res) => {
  try {
    res.setHeader('Content-Type', 'application/json');
    let obj;
    try {
-      obj = jwt.verify(req.query.token, syzoj.config.register_mail.key, { subject: 'forget' });
+      obj = jwt.verify(req.body.token, syzoj.config.email.key, { subject: 'forget' });
    } catch (e) {
      throw 3001;
    }
    let syzoj2_xxx_md5 = '59cb65ba6f9ad18de0dcd12d5ae11bd2';
-    if (req.query.password === syzoj2_xxx_md5) throw new ErrorMessage('密码不能为空。');
+    if (req.body.password === syzoj2_xxx_md5) throw new ErrorMessage('密码不能为空。');
-    const user = await User.fromId(obj.id);
+    const user = await User.fromID(obj.userId);
-    user.password = req.query.password;
+    user.password = req.body.password;
    await user.save();
    res.send(JSON.stringify({ error_code: 1 }));
  } catch (e) {
    syzoj.log(e);
-    res.send(JSON.stringify({ error_code: e }));
+    if (typeof e === 'number') {
      res.send(JSON.stringify({ error_code: e }));
    } else {
      res.send(JSON.stringify({ error_code: 1000 }));
    }
  }
 });
@ -184,9 +195,9 @@ app.get('/api/sign_up_confirm', async (req, res) => {
  try {
    let obj;
    try {
-      obj = jwt.verify(req.query.token, syzoj.config.register_mail.key, { subject: 'register' });
+      obj = jwt.verify(req.query.token, syzoj.config.email.key, { subject: 'register' });
    } catch (e) {
-      throw new ErrorMessage('无效的注册验证链接。');
+      throw new ErrorMessage('无效的注册验证链接: ' + e.toString());
    }
    let user = await User.fromName(obj.username);
@ -226,7 +237,7 @@ app.get('/api/sign_up/:token', async (req, res) => {
  try {
    let obj;
    try {
-      let decrypted = syzoj.utils.decrypt(Buffer.from(req.params.token, 'base64'), syzoj.config.register_mail.key).toString();
+      let decrypted = syzoj.utils.decrypt(Buffer.from(req.params.token, 'base64'), syzoj.config.email.key).toString();
      obj = JSON.parse(decrypted);
    } catch (e) {
      throw new ErrorMessage('无效的注册验证链接。');
--- a/package-lock.json
+++ b/package-lock.json
@ -3925,6 +3925,15 @@
        "extsprintf": "1.0.2"
      }
    },
    "waliyun": {
      "version": "3.1.1",
      "resolved": "https://registry.npmjs.org/waliyun/-/waliyun-3.1.1.tgz",
      "integrity": "sha1-CCl+SSNBytTbRB8ruhUBVtvob1Q=",
      "requires": {
        "debug": "2.6.7",
        "request": "2.81.0"
      }
    },
    "webidl-conversions": {
      "version": "4.0.1",
      "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-4.0.1.tgz",
--- a/package.json
+++ b/package.json
@ -56,5 +56,8 @@
    "syzoj-divine": "^1.0.2",
    "tmp-promise": "^1.0.3",
    "xss": "^0.3.3"
  },
  "optionalDependencies": {
    "waliyun": "^3.1.1"
  }
 }
--- a/views/forget.ejs
+++ b/views/forget.ejs
@ -1,4 +1,5 @@
 <% this.title = '忘记密码' %>
 <% this.noPreserveUrl = true; %>
 <% include header %>
 <div class="ui message" id="msgBox" hidden>
    <p id="msgContent"></p>
@ -11,17 +12,16 @@
          忘记密码
        </div>
      </h2>
-      <form class="ui large form">
+      <form class="ui large form" id="forgetForm">
        <div class="ui existing segment">
          <div class="field">
            <div class="ui left icon input">
              <i class="at icon"></i>
-              <input name="email" placeholder="电子邮件地址" type="text" id="email" onkeydown="key_login(event)">
+              <input name="email" placeholder="电子邮件地址" type="text" id="email">
            </div>
          </div>
-          <div class="ui fluid large submit button" id="sendEmail">找回密码</div>
+          <button type="submit" class="ui fluid large submit button" id="sendEmail">找回密码</div>
        </div>
        <div class="ui error message"></div>
      </form>
    </div>
  </div>
@ -48,14 +48,14 @@ function submitForm() {
                case 1:
                    showMessage("positive", "找回密码邮件已经发至你电子邮箱的垃圾邮件文件夹。");
                    return;
-                case 1002:
+                case 1001:
                    showMessage("error", "用户不存在");
                    break;
                default:
                    showMessage("error", "未知错误" + error_code);
                    break;
            }
-            $("#resetPassword").removeClass("loading");
+            $("#sendEmail").removeClass("loading");
        },
        error:  function(XMLHttpRequest, textStatus, errorThrown) {
            alert(XMLHttpRequest.responseText);
@ -63,8 +63,9 @@ function submitForm() {
    });
 }
 $(document).ready(function() {
-    $("#sendEmail").click(function() {
+    $("#forgetForm").submit(function(event) {
        submitForm();
        event.preventDefault();
    });
 });
 </script>
--- a/views/forget_confirm.ejs
+++ b/views/forget_confirm.ejs
@ -1,6 +1,9 @@
-<% this.title = '重设密码' %>
+<% this.title = '重设密码';  %>
 <% this.noPreserveUrl = true; %>
 <% include header %>
-<div class="ui error message" id="error" hidden></div>
+<div class="ui message" id="msgBox" hidden>
    <p id="msgContent"></p>
 </div>
 <div class="ui middle aligned center aligned grid">
  <div class="row">
    <div class="column" style="max-width: 450px">
@ -9,19 +12,21 @@
          重设密码
        </div>
      </h2>
-      <form class="ui large form">
+      <form class="ui large form" id="resetForm">
        <div class="ui existing segment">
-            <div class="two fields">
+            <div class="field">
-                <div class="field">
+                <div class="ui left icon input">
-                <label class="ui header">密码</label>
+                    <i class="lock icon"></i>
-                    <input type="password" placeholder="" id="password1">
+                    <input type="password" placeholder="密码" id="password1">
                </div>
-                <div class="field">
+            </div>
-                    <label class="ui header">确认密码</label>
+            <div class="field">
-                    <input type="password" placeholder="" id="password2">
+                <div class="ui left icon input">
                    <i class="undo icon"></i>
                    <input type="password" placeholder="确认密码" id="password2">
                </div>
            </div>
-            <div class="ui fluid large submit button" id="reset">重设</div>
+            <button type="submit" class="ui fluid large submit button" id="resetPassword">重设</div>
        </div>
      </form>
    </div>
@ -46,17 +51,19 @@ function submitForm() {
        type: 'POST',
        data: {
            "token": <%- JSON.stringify(token) %>,
-            "password": password
+            "password": password,
            "_csrf": document.head.getAttribute('data-csrf-token')
        },
        async: true,
        success: function(data) {
            error_code = data.error_code;
            alert('fuck' + error_code);
            switch (error_code) {
                case 1:
                    showMessage("positive", "密码重置成功。");
-                    return;
+                    break;
                default:
-                    showMessage("error", "未知错误" + error_code);
+                    showMessage("error", "未知错误 " + error_code);
                    break;
            }
            $("#resetPassword").removeClass("loading");
@ -67,8 +74,9 @@ function submitForm() {
    });
 }
 $(document).ready(function() {
-    $("#reset").click(function() {
+    $("#resetForm").submit(function(event) {
        submitForm();
        event.preventDefault();
    });
 });
 </script>
--- a/views/header.ejs
+++ b/views/header.ejs
@ -43,10 +43,10 @@
              </a>
                <% } else { %>
                <div class="item">
-                    <a class="ui button" style="margin-right: 0.5em; " href="<%= syzoj.utils.makeUrl(['login'], { url: req.originalUrl }) %>">
+                    <a class="ui button" style="margin-right: 0.5em; " href="<%= syzoj.utils.makeUrl(['login'], { url: this.noPreserveUrl ? undefined : req.originalUrl }) %>">
                        登录
                    </a>
-                    <a class="ui primary button" href="<%= syzoj.utils.makeUrl(['sign_up'], { url: req.originalUrl }) %>">
+                    <a class="ui primary button" href="<%= syzoj.utils.makeUrl(['sign_up'], { url: this.noPreserveUrl ? undefined : req.originalUrl }) %>">
                        注册
                    </a>
                </div>
--- a/views/login.ejs
+++ b/views/login.ejs
@ -1,4 +1,5 @@
 <% this.title = '登录' %>
 <% this.noPreserveUrl = true; %>
 <% include header %>
 <div class="ui error message" id="error" hidden></div>
 <div class="ui middle aligned center aligned grid">
--- a/views/sign_up.ejs
+++ b/views/sign_up.ejs
@ -1,4 +1,5 @@
 <% this.title = '注册' %>
 <% this.noPreserveUrl = true; %>
 <% include header %>
 <div class="padding">
  <h1>注册</h1>