feat: forget password api

CubeWhyMC · Oct 13, 2024 · 35976af · 35976af
1 parent d317de9
commit 35976af
Show file tree

Hide file tree

Showing 8 changed files with 61 additions and 9 deletions.
diff --git a/src/main/java/fuck/manthe/nmsl/config/SecurityConfig.java b/src/main/java/fuck/manthe/nmsl/config/SecurityConfig.java
@@ -17,6 +17,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
         http
                 .authorizeHttpRequests(conf -> conf
                         .requestMatchers("/user/redeem").permitAll()
+                        .requestMatchers("/user/forgetPassword").anonymous()
                         .requestMatchers("/user/**").authenticated()
                         .requestMatchers("/dashboard").authenticated()
                         .requestMatchers("/admin/**").hasAuthority("ADMIN")

diff --git a/src/main/java/fuck/manthe/nmsl/controller/UserController.java b/src/main/java/fuck/manthe/nmsl/controller/UserController.java
@@ -4,6 +4,7 @@
 import fuck.manthe.nmsl.entity.RedeemCode;
 import fuck.manthe.nmsl.entity.RestBean;
 import fuck.manthe.nmsl.entity.User;
+import fuck.manthe.nmsl.entity.dto.ForgetPasswordDTO;
 import fuck.manthe.nmsl.entity.dto.RedeemDTO;
 import fuck.manthe.nmsl.entity.webhook.UserRegisterMessage;
 import fuck.manthe.nmsl.entity.webhook.UserRenewMessage;
@@ -83,4 +84,22 @@ public ResponseEntity<RestBean<String>> redeem(@RequestBody RedeemDTO dto) throw
         }
         return new ResponseEntity<>(RestBean.failure(409, "User exists or wrong password"), HttpStatus.CONFLICT);
     }
+
+    @PostMapping("forgetPassword")
+    public ResponseEntity<RestBean<String>> forgetPassword(@RequestBody ForgetPasswordDTO dto) {
+        User user = userService.findByUsername(dto.getUsername());
+        if (user == null) {
+            return new ResponseEntity<>(RestBean.failure(404, "User not found."), HttpStatus.NOT_FOUND);
+        }
+
+        RedeemCode redeemCode = redeemService.infoOrNull(dto.getRedeemCode());
+        if (redeemCode == null || redeemCode.isAvailable() || redeemCode.getRedeemer().getId().equals(user.getId())) {
+            // 邀请码找不到或者根本没被人用过
+            // 写到一起是为了防止被刷API
+            return new ResponseEntity<>(RestBean.failure(404, "Code not found."), HttpStatus.NOT_FOUND);
+        }
+        user.setPassword(passwordEncoder.encode(dto.getPassword()));
+        userService.save(user);
+        return ResponseEntity.ok(RestBean.success("Password reset successfully"));
+    }
 }
diff --git a/src/main/java/fuck/manthe/nmsl/controller/WebController.java b/src/main/java/fuck/manthe/nmsl/controller/WebController.java
@@ -24,29 +24,39 @@ public String index() {
     }
 
     @GetMapping("colddown")
-    public String coldDown() {
-        return "colddown";
+    public String coldDownRedirect() {
+        return "redirect:/user/colddown";
     }
 
-    @GetMapping("queue")
-    public String queue() {
-        return "queue";
+    @GetMapping("user/colddown")
+    public String coldDown() {
+        return "user/colddown";
     }
 
+//    @GetMapping("queue")
+//    public String queue() {
+//        return "queue";
+//    }
+
     @Deprecated
     @GetMapping("redeem")
-    public String register() {
+    public String redeemRedirect() {
         return "redirect:/user/redeem";
     }
 
     @GetMapping("user/redeem")
     public String redeem() {
-        return "redeem";
+        return "user/redeem";
     }
 
     @GetMapping("user/login")
     public String login() {
-        return "login";
+        return "user/login";
+    }
+
+    @GetMapping("user/forgetPassword")
+    public String forgetPassword() {
+        return "user/forget-password";
     }
 
     @GetMapping("maintain")

diff --git a/src/main/java/fuck/manthe/nmsl/entity/dto/ForgetPasswordDTO.java b/src/main/java/fuck/manthe/nmsl/entity/dto/ForgetPasswordDTO.java
@@ -0,0 +1,11 @@
+package fuck.manthe.nmsl.entity.dto;
+
+import lombok.Data;
+
+@Data
+public class ForgetPasswordDTO {
+    private String username;
+    private String redeemCode;
+
+    private String password; // new password
+}
diff --git a/src/main/resources/templates/colddown.html → ...in/resources/templates/user/colddown.html b/src/main/resources/templates/colddown.html → ...in/resources/templates/user/colddown.html
diff --git a/src/main/resources/templates/user/forget-password.html b/src/main/resources/templates/user/forget-password.html
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>找回密码</title>
+</head>
+<body>
+<h1>WIP</h1>
+</body>
+</html>
diff --git a/src/main/resources/templates/login.html → src/main/resources/templates/user/login.html b/src/main/resources/templates/login.html → src/main/resources/templates/user/login.html
@@ -22,7 +22,7 @@
 <div class="mdui-container">
     <div class="mdui-card login-card">
         <div class="mdui-card-primary">
-            <div class="mdui-card-primary-title">登录到DingZhenServlet</div>
+            <div class="mdui-card-primary-title">登录到顶针服务</div>
             <div class="mdui-card-primary-subtitle">请输入您的用户名和密码</div>
         </div>
         <div class="mdui-card-content">
@@ -41,6 +41,7 @@
                     <label class="mdui-textfield-label">密码</label>
                     <input class="mdui-textfield-input" name="password" required type="password"/>
                 </div>
+                <div><a href="/user/forgetPassword">忘记密码</a></div>
                 <div class="mdui-p-t-3">
                     <button class="mdui-btn mdui-btn-raised mdui-btn-block mdui-color-theme-accent" type="submit">登录
                     </button>

diff --git a/src/main/resources/templates/redeem.html → ...main/resources/templates/user/redeem.html b/src/main/resources/templates/redeem.html → ...main/resources/templates/user/redeem.html