更新邮件内容的otp图片

2023-01-03 14:17:53 +08:00 · 2023-01-03 14:17:53 +08:00 · cff97d746c
parent 1582b46bb9
commit cff97d746c
2 changed files with 45 additions and 26 deletions
--- a/server/admin/api_user.go
+++ b/server/admin/api_user.go
@ -133,33 +133,44 @@ func UserDel(w http.ResponseWriter, r *http.Request) {

 func UserOtpQr(w http.ResponseWriter, r *http.Request) {
 	_ = r.ParseForm()
-	b64 := r.FormValue("b64")
+	b64S := r.FormValue("b64")
 	idS := r.FormValue("id")
 	id, _ := strconv.Atoi(idS)
-	var user dbdata.User
-	err := dbdata.One("Id", id, &user)
+
+	var b64 bool
+	if b64S == "1" {
+		b64 = true
+	}
+	data, err := userOtpQr(id, b64)
 	if err != nil {
-		RespError(w, RespInternalErr, err)
-		return
+		base.Error(err)
+	}
+	io.WriteString(w, data)
+}
+
+func userOtpQr(uid int, b64 bool) (string, error) {
+	var user dbdata.User
+	err := dbdata.One("Id", uid, &user)
+	if err != nil {
+		return "", err
 	}

 	issuer := url.QueryEscape(base.Cfg.Issuer)
 	qrstr := fmt.Sprintf("otpauth://totp/%s:%s?issuer=%s&secret=%s", issuer, user.Email, issuer, user.OtpSecret)
 	qr, _ := qrcode.New(qrstr, qrcode.High)

-	if b64 == "1" {
-		data, _ := qr.PNG(300)
-		s := base64.StdEncoding.EncodeToString(data)
-		_, err = fmt.Fprint(w, s)
+	if b64 {
+		data, err := qr.PNG(300)
 		if err != nil {
-			base.Error(err)
+			return "", err
 		}
-		return
-	}
-	err = qr.Write(300, w)
-	if err != nil {
-		base.Error(err)
+		s := base64.StdEncoding.EncodeToString(data)
+		return s, nil
 	}
+
+	buf := bytes.NewBuffer(nil)
+	err = qr.Write(300, buf)
+	return buf.String(), err
 }

 // 在线用户
@ -190,12 +201,13 @@ func UserReline(w http.ResponseWriter, r *http.Request) {
 }

 type userAccountMailData struct {
-	Issuer   string
-	LinkAddr string
-	Group    string
-	Username string
-	PinCode  string
-	OtpImg   string
+	Issuer       string
+	LinkAddr     string
+	Group        string
+	Username     string
+	PinCode      string
+	OtpImg       string
+	OtpImgBase64 string
 }

 func userAccountMail(user *dbdata.User) error {
@ -236,12 +248,15 @@ func userAccountMail(user *dbdata.User) error {
 		return err
 	}

+	otpData, _ := userOtpQr(user.Id, true)
+
 	data := userAccountMailData{
-		LinkAddr: setting.LinkAddr,
-		Group:    strings.Join(user.Groups, ","),
-		Username: user.Username,
-		PinCode:  user.PinCode,
-		OtpImg:   fmt.Sprintf("https://%s/otp_qr?id=%d&jwt=%s", setting.LinkAddr, user.Id, tokenString),
+		LinkAddr:     setting.LinkAddr,
+		Group:        strings.Join(user.Groups, ","),
+		Username:     user.Username,
+		PinCode:      user.PinCode,
+		OtpImg:       fmt.Sprintf("https://%s/otp_qr?id=%d&jwt=%s", setting.LinkAddr, user.Id, tokenString),
+		OtpImgBase64: "data:image/png;base64," + otpData,
 	}
 	w := bytes.NewBufferString("")
 	t, _ := template.New("auth_complete").Parse(htmlBody)
--- a/server/dbdata/db.go
+++ b/server/dbdata/db.go
@ -149,8 +149,12 @@ const accountMail = `<p>您好:</p>
    用户组: <b>{{.Group}}</b> <br/>
    用户名: <b>{{.Username}}</b> <br/>
    用户PIN码: <b>{{.PinCode}}</b> <br/>
+    <!-- 
    用户动态码(3天后失效):<br/>
    <img src="{{.OtpImg}}"/>
+    -->
+    用户动态码(请妥善保存):<br/>
+    <img src="{{.OtpImgBase64}}"/>
 </p>
 <div>
    使用说明: