Merge pull request #2198 from sspanel-uim/dev

Dev 20231008

composer.json

@@ -22,7 +22,6 @@
         "illuminate/database": "^10.0",
         "illuminate/pagination": "^10.0",
         "irazasyed/telegram-bot-sdk": "^3",
-        "khanamiryan/qrcode-detector-decoder": "*",
         "lcobucci/jwt": "^5.0",
         "league/omnipay": "^3.2.1",
         "mailgun/mailgun-php": "^3",
@@ -59,7 +58,7 @@
     },
     "require-dev": {
         "nunomaduro/phpinsights": "*",
-        "phpunit/phpunit": "^10.2"
+        "phpunit/phpunit": "^10.4"
     },
     "scripts": {
         "update-dev-windows": [

config/.config.example.php

@@ -89,7 +89,8 @@
 $_ENV['rememberMeDuration']     = 7;                //登录时记住账号时长天数
 $_ENV['timeZone']               = 'Asia/Taipei';    //需使用 PHP 兼容的时区格式
 $_ENV['theme']                  = 'tabler';         //默认主题
-$_ENV['jump_delay']             = 1200;             //跳转延时，单位ms，不建议太长
+$_ENV['locale']                 = 'zh-TW';          //默认语言
+$_ENV['jump_delay']             = 1200;             //跳转延时，单位ms
 $_ENV['keep_connect']           = false;            // 流量耗尽用户限速至 1Mbps
 
 // cdn.jsdelivr.net / fastly.jsdelivr.net / gcore.jsdelivr.net / testingcf.jsdelivr.net

phpunit.xml

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/10.2/phpunit.xsd"
+         xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/10.4/phpunit.xsd"
          bootstrap="vendor/autoload.php"
          cacheDirectory=".phpunit.cache"
          executionOrder="depends,defects"

src/Command/Tool.php

@@ -352,6 +352,7 @@ public function createAdmin(): void
             $user->node_iplimit = 0;
             $user->node_speedlimit = 0;
             $user->theme = $_ENV['theme'];
+            $user->locale = $_ENV['locale'];
 
             $user->ga_token = MFA::generateGaToken();
             $user->ga_enable = 0;

src/Controllers/AuthController.php

@@ -65,15 +65,11 @@ public function login(ServerRequest $request, Response $response, array $args):
      */
     public function loginHandle(ServerRequest $request, Response $response, array $args): Response|ResponseInterface
     {
-        if (Setting::obtain('enable_login_captcha')) {
-            $ret = Captcha::verify($request->getParams());
-
-            if (! $ret) {
-                return $response->withJson([
-                    'ret' => 0,
-                    'msg' => '系统无法接受你的验证结果，请刷新页面后重试。',
-                ]);
-            }
+        if (Setting::obtain('enable_login_captcha') && ! Captcha::verify($request->getParams())) {
+            return $response->withJson([
+                'ret' => 0,
+                'msg' => '系统无法接受你的验证结果，请刷新页面后重试。',
+            ]);
         }
 
         $antiXss = new AntiXSS();
@@ -83,9 +79,10 @@ public function loginHandle(ServerRequest $request, Response $response, array $a
         $email = strtolower(trim($antiXss->xss_clean($request->getParam('email'))));
         $redir = Cookie::get('redir') === '' ? $antiXss->xss_clean(Cookie::get('redir')) : '/user';
         $user = User::where('email', $email)->first();
+        $loginIp = new LoginIp();
 
         if ($user === null) {
-            (new LoginIp())->collectLoginIP($_SERVER['REMOTE_ADDR'], 1);
+            $loginIp->collectLoginIP($_SERVER['REMOTE_ADDR'], 1);
 
             return $response->withJson([
                 'ret' => 0,
@@ -94,32 +91,21 @@ public function loginHandle(ServerRequest $request, Response $response, array $a
         }
 
         if (! Hash::checkPassword($user->pass, $passwd)) {
-            (new LoginIp())->collectLoginIP($_SERVER['REMOTE_ADDR'], 1, $user->id);
+            $loginIp->collectLoginIP($_SERVER['REMOTE_ADDR'], 1, $user->id);
 
             return $response->withJson([
                 'ret' => 0,
                 'msg' => '邮箱或者密码错误',
             ]);
         }
 
-        if ($user->ga_enable) {
-            if (strlen($code) !== 6) {
-                (new LoginIp())->collectLoginIP($_SERVER['REMOTE_ADDR'], 1, $user->id);
+        if ($user->ga_enable && (strlen($code) !== 6 || ! MFA::verifyGa($user, $code))) {
+            $loginIp->collectLoginIP($_SERVER['REMOTE_ADDR'], 1, $user->id);
 
-                return $response->withJson([
-                    'ret' => 0,
-                    'msg' => '两步验证码错误',
-                ]);
-            }
-
-            if (! MFA::verifyGa($user, $code)) {
-                (new LoginIp())->collectLoginIP($_SERVER['REMOTE_ADDR'], 1, $user->id);
-
-                return $response->withJson([
-                    'ret' => 0,
-                    'msg' => '两步验证码错误',
-                ]);
-            }
+            return $response->withJson([
+                'ret' => 0,
+                'msg' => '两步验证码错误',
+            ]);
         }
 
         $time = 3600;
@@ -130,7 +116,7 @@ public function loginHandle(ServerRequest $request, Response $response, array $a
 
         Auth::login($user->id, $time);
         // 记录登录成功
-        (new LoginIp())->collectLoginIP($_SERVER['REMOTE_ADDR'], 0, $user->id);
+        $loginIp->collectLoginIP($_SERVER['REMOTE_ADDR'], 0, $user->id);
         $user->last_login_time = time();
         $user->save();
 
@@ -268,7 +254,6 @@ public static function registerHelper(
         $user->forbidden_port = Setting::obtain('reg_forbidden_port');
         $user->im_type = $imtype;
         $user->im_value = $imvalue;
-
         $user->transfer_enable = Tools::toGB($configs['sign_up_for_free_traffic']);
         $user->invite_num = $configs['sign_up_for_invitation_codes'];
         $user->auto_reset_day = Setting::obtain('free_user_reset_day');
@@ -292,14 +277,14 @@ public static function registerHelper(
 
         $user->ga_token = MFA::generateGaToken();
         $user->ga_enable = 0;
-
         $user->class_expire = date('Y-m-d H:i:s', time() + (int) $configs['sign_up_for_class_time'] * 86400);
         $user->class = $configs['sign_up_for_class'];
         $user->node_iplimit = $configs['connection_ip_limit'];
         $user->node_speedlimit = $configs['connection_rate_limit'];
         $user->reg_date = date('Y-m-d H:i:s');
         $user->reg_ip = $_SERVER['REMOTE_ADDR'];
         $user->theme = $_ENV['theme'];
+        $user->locale = $_ENV['locale'];
         $random_group = Setting::obtain('random_group');
 
         if ($random_group === '') {
@@ -340,15 +325,11 @@ public function registerHandle(ServerRequest $request, Response $response, array
             return ResponseHelper::error($response, '未开放注册。');
         }
 
-        if (Setting::obtain('enable_reg_captcha')) {
-            $ret = Captcha::verify($request->getParams());
-            if (! $ret) {
-                return ResponseHelper::error($response, '系统无法接受你的验证结果，请刷新页面后重试。');
-            }
+        if (Setting::obtain('enable_reg_captcha') && ! Captcha::verify($request->getParams())) {
+            return ResponseHelper::error($response, '系统无法接受你的验证结果，请刷新页面后重试。');
         }
 
         $antiXss = new AntiXSS();
-
         $tos = $request->getParam('tos') === 'true' ? 1 : 0;
         $email = strtolower(trim($antiXss->xss_clean($request->getParam('email'))));
         $name = $antiXss->xss_clean($request->getParam('name'));
@@ -383,11 +364,13 @@ public function registerHandle(ServerRequest $request, Response $response, array
 
         // check email format
         $check_res = Tools::isEmailLegal($email);
+
         if ($check_res['ret'] === 0) {
             return $response->withJson($check_res);
         }
         // check email
         $user = User::where('email', $email)->first();
+
         if ($user !== null) {
             return ResponseHelper::error($response, '邮箱已经被注册了');
         }
@@ -418,6 +401,7 @@ public function registerHandle(ServerRequest $request, Response $response, array
     public function logout(ServerRequest $request, Response $response, $next): Response
     {
         Auth::logout();
+
         return $response->withStatus(302)
             ->withHeader('Location', '/auth/login');
     }