1 Star 0 Fork 59

宋雨 / uni-id

forked from DCloud / uni-id 
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
贡献代码
同步代码
取消
提示: 由于 Git 不支持空文件夾,创建文件夹后会生成空的 .keep 文件
Loading...
README
Apache-2.0

需求背景

99%的应用,都要开发用户注册、登录、发送短信验证码、密码md5加密保存、修改密码、token管理等功能,从前端到后端都需要。

为什么不能有一个开源的通用项目,避免大家的重复开发呢?

uni-id应需而生。

uni-iduniCloud开发者提供了简单、统一、可扩展的用户管理能力封装。

组成部分

uni-id包括如下组成部分:

  1. 云数据库

主表为 uni-id-users 表,保存用户的基本信息。

扩展字段有很多,如实名认证数据、工作履历数据,开发者可以自由扩展。

  1. 云函数

提供一个名为uni-id的公共模块,该模块封装了一系列API,包括注册、登录、修改密码、设置头像等。

示例工程中还提供了一个user-center的云函数,演示在云函数中如何调用uni-id公共模块。示例工程地址

  1. 前端调用

前端示例通过callfunction调用云函数user-center,在注册和登录时保存token。

uniCloud框架底层,会自动在callfunction时传递uni-id的token(uni-app 2.7.13+版本)。在云函数的event中可直接拿到uni-id的token。也就是说开发者无需自己管理token了。

2.7.14版本使用的时候token持久化存储时需要存储为uniIdToken,之后的版本虽然也兼容uniIdToken,但是推荐存储为uni_id_token

uni-id 对开发者的价值

  1. 节省了大量重复劳动
  2. 降低门槛,前端开发者无需纠结怎样设计数据库设计才更合理
  3. 多系统打通用户和上下游协同

关于第三点,着重强调下。

一个应用,往往需要集成多个功能模块。比如一个电商应用,需要一个基本电商模板,还需要客服聊天模板,甚至还需要用户交流社区。

在插件市场,每类模板插件都能找到,但他们如果不是基于同一套用户体系设计,就很难整合。

DCloud推荐所有uniCloud的应用,都基于uni-id来做。

有了统一的账户规范,并且围绕这套账户规范,有各种各样插件,那么开发者可以随意整合这些插件,让数据连同。

规范,还可以让上下游充分协同。插件市场会出现各种数据迁移插件,比如把从discuz里把用户迁移到uni-id中的插件,相信围绕这套规范的产业链会非常活跃。

现状和未来

uni-id已完整的内容:

  • 注册、登录、发送短信验证码、密码md5加密保存、修改密码、token管理(短信验证码功能需要HBuilderX 2.8.3+)
  • 三方登录:App中的微信登录、微信小程序中的微信登录、支付宝小程序中的支付宝账户登录

关于还缺少的部分,哪些DCloud在完善,哪些希望开发者给共同完善开源项目,计划与边界公布如下:

  • 部分社交账户登录

DCloud暂无计划开发百度、头条、QQ等小程序的登录,以及Apple ID、微博、QQ等App端的登录。欢迎其他开发者在开源项目上提交pr,共同完善uni-id

  • 邮箱验证和手机号一键认证sdk集成

手机号一键认证sdk,目前插件市场里已经有不少相关插件,未来DCloud会整合到uni-id中。邮箱验证,DCloud暂无计划开发,有需求的开发者欢迎提供pr。

  • 实名认证、活体检测

目前插件市场里已经有不少相关插件,未来DCloud会整合到uni-id中。

  • 权限管理ACL

这部分欢迎开发者参与完善。

其他方面,各种常见开源项目如discuz、wordPress、ecshop的用户导入插件,不属于uni-id主工程,欢迎开发者单独提交插件到插件市场。

对于uni-id还未封装的能力,欢迎大家在开源项目上提交 pr,共同完善这个开源项目。

使用方式

uni-id 作为公用模块导入 common 目录,然后在云函数中调用,示例代码:

'use strict';

const uniID = require('uni-id')

exports.main = async (event) => {

    let params = event.params
    let res = {}

    let payload = {}
    // 不需要uid的方法
    let noTokenActions = ['register', 'login', 'loginByWeixin']
    if(!!event.uniIdToken && noTokenActions.indexOf(event.action) >= 0){
        payload = await uniID.checkToken(event.uniIdToken)
        if (payload.code && payload.code > 0) {
            return payload
        }
        if(!!params){
            params.uid = payload.uid
        }
    }

    switch (event.action) {
        case 'register':
            res = await uniID.register(event.params);
            break;
        case 'login':
            res = await uniID.login(event.params);
            break;
        case 'loginByWeixin':
            res = await uniID.loginByWeixin(event.code);
            break;
        case 'logout':
            res = await uniID.logout(payload.uid);
            break;
        case 'updatePassword':
            res = await uniID.updatePwd(params);
            break;
        case 'resetPwd':
            res = await uniID.resetPwd(params);
            break;
        case 'setAvatar':
            res = await uniID.setAvatar(params);
            break;
        case 'bindMobile':
            res = await uniID.bindMobile(params);
            break;
        case 'bindEmail':
            res = await uniID.bindEmail(params);
            break;
        case 'bindWeixin':
            res = await uniID.bindWeixin(payload.uid, event.code);
            break;
        case 'unbindWeixin':
            res = await uniID.unbindWeixin(payload.uid);
            break;
        case 'bindWeixin':
            res = await uniID.bindEmail(params);
            break;
        case 'updateUser':
            res = await uniID.updateUser(params);
            break;
        case 'setVerifyCode':
            //mobile email提供一个即可。验证码需要调用方发送给用户
            let code = '1234';
            //send verify code
            res = await uniID.setVerifyCode({
                mobile: params.mobile, 
                email: params.email, 
                code, 
                expiresIn: params.expiresIn, 
                type: params.type
            });
            break;
        case 'loginBySms':
            // 需要先调用sendSmsCode发送验证码或者setVerifyCode设置验证码
            res = await uniID.loginBySms(params);
            break;
        default:
            res = {
                code: 403,
                msg: '非法访问'
            }
            break;
    }

    //返回数据给客户端
    return res
};

数据表设计

用户表

表名:uni-id-users

字段 类型 必填 描述
_id Object ID 存储文档 ID(用户 ID),系统自动生成
username String 用户名,不允许重复
password String 密码,加密存储
nickname String 用户昵称
gender Integer 用户性别:0 未知 1 男性 2 女性
status Integer 用户状态:0 正常 1 禁用 2 审核中 3 审核拒绝
mobile String 手机号码
mobile_confirmed Integer 手机号验证状态:0 未验证 1 已验证
email String 邮箱地址
email_confirmed Integer 邮箱验证状态:0 未验证 1 已验证
avatar String 头像地址
wx_unionid String 微信unionid
wx_openid Object 微信各个平台openid
ali_openid String 支付宝平台openid
comment String 备注
realname_auth Object 实名认证信息
register_date Timestamp 注册时间
register_ip String 注册时 IP 地址
last_login_date Timestamp 最后登录时间
last_login_ip String 最后登录时 IP 地址
login_ip_limit Array 登录 IP 限制

realname_auth字段定义

字段 类型 必填 描述
type Integer 用户类型:0 个人用户 1 企业用户
auth_status Integer 认证状态:0 未认证 1 等待认证 2 认证通过 3 认证失败
auth_date Timestamp 认证通过时间
real_name String 真实姓名/企业名称
identity String 身份证号码/营业执照号码
id_card_front String 身份证正面照 URL
id_card_back String 身份证反面照 URL
id_card_in_hand String 手持身份证照片 URL
license String 营业执照 URL
contact_person String 联系人姓名
contact_mobile String 联系人手机号码
contact_email String 联系人邮箱

login_ip_limit字段定义

字段 类型 必填 描述
ip String ip地址
error_times Integer 密码错误次数
last_error_time Timestamp 上次密码错误时间

wx_openid字段定义

字段 类型 必填 描述
app-plus String app平台微信openid
mp-weixin String 微信小程序平台openid

job 字段定义

字段 类型 必填 描述
company String 公司名称
title String 职位

用户集合示例:

{
  "_id": "f2a60d815ee1da3900823d45541bb162",
  "username": "姓名"
  "password": "503005d4dd16dd7771b2d0a47aaef927e9dba89e",
  "status":0,//用户状态:0正常 1禁用 2审核中 3审核拒绝
  "mobile":"",
  "mobile_confirmed":0, //手机号是否验证,0为未验证,1为已验证
  "email":"amdin@domain.com",
  "email_confirmed":0, //邮箱是否验证,0为未验证,1为已验证
  "avatar":"https://cdn.domain.com/avatar.png"
  "register_ip": "123.120.11.128", //注册IP
  "last_login_ip": "123.120.11.128", //最后登录IP

}

验证码

表名:uni-verify

字段 类型 必填 描述
_id Object ID 存储文档 ID(验证码 ID),系统自动生成
mobile String 手机号,和邮箱二选一
email String 邮箱,和手机号二选一
code String 验证码
type String 验证类型:login, bind, unbind, pay
state Integer 验证状态:0 未验证 1 已验证 2 已作废
ip String 请求时 IP 地址
created_at Timestamp 创建时间
expired_at Timestamp 验证码过期时间

代码规范

  • 存储到数据库时使用蛇形参数
  • 代码内参数名使用驼峰形式
  • 确定只有一个参数且以后几乎不会变更的时候使用api(xxx)形式,否则使用api({xxx:xxx,xxx:xxx})形式方便后续扩充

错误码规范

模块 模块码 错误代码 错误信息
登录通用模块 100 01 账号已禁用
账号、邮箱、手机+密码登录 101 01 用户不存在
02 密码错误
03 密码错误次数过多
手机号验证码登录/注册 102 - -
邮箱验证码登录/注册 103 - -
微信登录/注册 104 01 获取openid失败
支付宝登录/注册 105 01 获取openid失败
注册通用模块 200 - -
账号、邮箱、手机+密码注册 201 01 用户名、邮箱、手机号必填一项
02 用户名、邮箱、手机号冲突
Token类 300 - -
生成Token 301 - -
验证Token 302 01 设备特征校验未通过
02 云端以不包含此token
03 token已过期
04 token校验未通过
账号安全类 400 - -
登出 401 - -
修改密码 402 01 用户不存在
02 旧密码错误
重置密码 403 - -
验证类 500 - -
设置验证码 501 01 参数错误
校验验证码 502 01 参数错误
02 验证码错误或已失效
发送短信验证码 503 01 验证码发送失败,一般msg内有描述
绑定账号 600 - -
绑定手机号 601 01 此手机号已被绑定
绑定邮箱 602 01 此邮箱已被绑定
绑定微信 603 01 获取openid失败
02 此账号已被绑定
绑定支付宝 604 01 获取openid失败
02 此账号已被绑定
解绑账号 700 - -
解绑手机号 701 01 解绑失败,可能已经解绑或者账号不匹配
解绑邮箱 702 01 解绑失败,可能已经解绑或者账号不匹配
解绑微信 703 01 解绑失败,可能已经解绑
解绑支付宝 704 01 解绑失败,可能已经解绑
基础功能 800 - -
更新用户信息 801 01 参数错误
设置头像 802 - -
公用码 900 01 数据库读写异常

遗留问题

  1. 补充使用文档,上线插件市场
  2. 补充实名认证接口
  3. token 刷新机制
  4. 用户表的索引创建
  5. 权限管理实现(ACL or RBAC)
  6. 更多用户信息,比如:
  • 个人信息:生日、身高、体重、血型、政治面貌、婚否
  • 兴趣爱好、擅长领域
  • 籍贯信息:省市区联动选择保存
  • 教育经历
  • 从业经历
  • 行业、常住地、标签等
  1. 重置密码接口
  2. 全国省市区数据表
  3. 注销用户,建立归档表
  4. 全国省市区数据表
  5. HTTP 访问的接口文档
  6. 错误代码规范化
Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

简介

简单、统一、可扩展的用户中心 展开 收起
Apache-2.0
取消

发行版

暂无发行版

贡献者

全部

近期动态

加载更多
不能加载更多了
1
https://gitee.com/s_weidm/uni-id.git
git@gitee.com:s_weidm/uni-id.git
s_weidm
uni-id
uni-id
master

搜索帮助

14c37bed 8189591 565d56ea 8189591