修改密码时记录 security_log

2026-03-27 22:44:32 +08:00 · 2014-08-09 12:15:58 +08:00
parent e64dd424db
commit 2b2702f3f3
3 changed files with 34 additions and 4 deletions
--- a/core/model/account.coffee
+++ b/core/model/account.coffee
@@ -141,8 +141,6 @@ exports.authenticate = (token, callback) ->
  exports.findAndModify 'tokens.token': token, {},
    $set:
      'tokens.$.updated_at': new Date()
-  ,
-    new: true
  , callback

 exports.byUsernameOrEmailOrId = (username, callback) ->
--- a/core/model/security_log.coffee
+++ b/core/model/security_log.coffee
@@ -0,0 +1,22 @@
+module.exports = exports = app.db.buildModel 'security_log'
+
+sample =
+  account_id: new ObjectID()
+  type: 'update_password'
+  created_at: new Date()
+  attribute:
+    token:
+      token: 'b535a6cec7b73a60c53673f434686e04972ccafddb2a5477f066f30eded55a9b'
+      created_at: Date()
+      attribute:
+        ip: '123.184.237.163'
+        ua: 'Mozilla/5.0 (Intel Mac OS X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.102'
+
+exports.create = (account, type, attribute, callback) ->
+  exports.insert
+    account_id: account._id
+    type: type
+    attribute: attribute
+    created_at: new Date()
+  , (err, result) ->
+    callback err, result?[0]
--- a/core/router/account.coffee
+++ b/core/router/account.coffee
@@ -3,6 +3,7 @@ utils = require './utils'
 {renderAccount, errorHandling, requireAuthenticate} = require './middleware'

 mAccount = require '../model/account'
+mSecurityLog = require '../model/security_log'

 module.exports = exports = express.Router()

@@ -56,7 +57,10 @@ exports.post '/login', errorHandling, (req, res) ->
    unless mAccount.matchPassword account, req.body.password
      return res.error 'wrong_password'

-    mAccount.createToken account, {}, (err, token) ->
+    mAccount.createToken account,
+      ip: req.headers['x-real-ip']
+      ua: req.headers['user-agent']
+    , (err, token) ->
      res.cookie 'token', token,
        expires: new Date(Date.now() + config.account.cookie_time)

@@ -77,4 +81,10 @@ exports.post '/update_password', requireAuthenticate, (req, res) ->
    return res.error 'invalid_password'

  mAccount.updatePassword req.account, req.body.password, ->
-    res.json {}
+    token = _.first _.where req.account.tokens,
+      token: req.token
+
+    mSecurityLog.create req.account, 'update_password',
+      token: _.omit(token, 'updated_at')
+    , ->
+      res.json {}