注册接口统一去除前端的role参数，防止发生安全性问题

488547c0 · VK1688 · 1c22b829 · 488547c0 · 488547c0 · 488547c0
7 changed file
--- a/uniCloud-aliyun/cloudfunctions/router/service/user/pub/loginByAlipay.js
+++ b/uniCloud-aliyun/cloudfunctions/router/service/user/pub/loginByAlipay.js
@@ -18,7 +18,18 @@ module.exports = {
 		let { uid } = data;
 		let res = {};
 		// 业务逻辑开始-----------------------------------------------------------
-		res = await uniID.loginByAlipay(data);
+		let { 
+			code,
+			type,
+			myInviteCode,
+			needPermission
+		} = data;
+		res = await uniID.loginByAlipay({
+			code,
+			type,
+			myInviteCode,
+			needPermission
+		});
 		if (res.token) {
 			if (!res.msg) {
 				res.msg = res.type === "register" ? "注册成功" : "登录成功";

--- a/uniCloud-aliyun/cloudfunctions/router/service/user/pub/loginByEmail.js
+++ b/uniCloud-aliyun/cloudfunctions/router/service/user/pub/loginByEmail.js
 module.exports = {
 	/**
-	 * 用户登录(支付宝授权)
+	 * 用户登录（邮箱+验证码登录）
 	 * @url user/pub/loginByEmail 前端调用的url参数地址
-	 * @description 用户登录(支付宝授权)
 	 * data 请求参数 说明
 	 * @param {String} email 邮箱
 	 * @param {String} code 邮箱收到的验证码
@@ -10,7 +9,6 @@ module.exports = {
 	 * @param {String} password 密码，当前用户为新注册时生效
 	 * @param {String} myInviteCode 设置当前注册用户自己的邀请码，当前用户为新注册时生效（不传会自动生成）
 	 * @param {Boolean} needPermission 设置为true时会在checkToken时返回用户权限（permission），如果是在admin端，需传true
-	 * @param {Array} role 设定用户角色，当前用户为新注册时生效
 	 * res 返回参数说明
 	 * @param {Number} code 错误码，0表示成功
 	 * @param {String} msg 详细信息
@@ -23,15 +21,14 @@ module.exports = {
 		let { uid } = data;
 		let res = {};
 		// 业务逻辑开始-----------------------------------------------------------
-		let { email, code, type, password, needPermission, myInviteCode, role } = data;
+		let { email, code, type, password, needPermission, myInviteCode } = data;
 		res = await uniID.loginByEmail({
 			email,
 			code,
 			type,
 			password,
 			myInviteCode,
-			needPermission,
-			role
+			needPermission
 		});
 		if (res.token) {
 			if (!res.msg) {

--- a/uniCloud-aliyun/cloudfunctions/router/service/user/pub/loginByQQ.js
+++ b/uniCloud-aliyun/cloudfunctions/router/service/user/pub/loginByQQ.js
@@ -18,7 +18,20 @@ module.exports = {
 		let { uid } = data;
 		let res = {};
 		// 业务逻辑开始-----------------------------------------------------------
-		res = await uniID.loginByQQ(data);
+		let {
+			code,
+			accessToken,
+			type,
+			myInviteCode,
+			needPermission
+		} = data;
+		res = await uniID.loginByQQ({
+			code,
+			accessToken,
+			type,
+			myInviteCode,
+			needPermission
+		});
 		if (res.token) {
 			if (!res.msg) {
 				res.msg = res.type === "register" ? "注册成功" : "登录成功";

--- a/uniCloud-aliyun/cloudfunctions/router/service/user/pub/loginBySms.js
+++ b/uniCloud-aliyun/cloudfunctions/router/service/user/pub/loginBySms.js
@@ -11,7 +11,6 @@ module.exports = {
 	 * @param {String} inviteCode 邀请人的邀请码，当前用户为新注册时生效
 	 * @param {String} myInviteCode 设置当前注册用户自己的邀请码，当前用户为新注册时生效（不传会自动生成）
 	 * @param {Boolean} needPermission 设置为true时会在checkToken时返回用户权限（permission），如果是在admin端，需传true
-	 * @param {Array} role 设定用户角色，当前用户为新注册时生效
 	 * res 返回参数说明
 	 * @param {Number} code 错误码，0表示成功
 	 * @param {String} msg 详细信息
@@ -24,7 +23,15 @@ module.exports = {
 		let { uid } = data;
 		let res = {};
 		// 业务逻辑开始-----------------------------------------------------------
-		let { mobile, code, password, inviteCode, myInviteCode, needPermission, role, type } = data;
+		let {
+			mobile,
+			code,
+			type,
+			password,
+			inviteCode,
+			myInviteCode,
+			needPermission
+		} = data;
 		res = await uniID.loginBySms({
 			mobile,
 			code,
@@ -32,8 +39,7 @@ module.exports = {
 			password,
 			inviteCode,
 			myInviteCode,
-			needPermission,
-			role
+			needPermission
 		});
 		// 修改用户昵称为:手机尾号xxxx用户
 		if (res.token) {

--- a/uniCloud-aliyun/cloudfunctions/router/service/user/pub/loginByUniverify.js
+++ b/uniCloud-aliyun/cloudfunctions/router/service/user/pub/loginByUniverify.js
@@ -25,7 +25,24 @@ module.exports = {
 		let { uid } = data;
 		let res = { code: 0, msg: '' };
 		// 业务逻辑开始-----------------------------------------------------------
-		res = await uniID.loginByUniverify(data);
+		let {
+			access_token,
+			openid,
+			type,
+			password,
+			inviteCode,
+			myInviteCode,
+			needPermission
+		} = data;
+		res = await uniID.loginByUniverify({
+			access_token,
+			openid,
+			type,
+			password,
+			inviteCode,
+			myInviteCode,
+			needPermission
+		});
 		if (res.token) {
 			if (!res.msg) {
 				res.msg = res.type === "register" ? "注册成功" : "登录成功";

--- a/uniCloud-aliyun/cloudfunctions/router/service/user/pub/register.js
+++ b/uniCloud-aliyun/cloudfunctions/router/service/user/pub/register.js
 module.exports = {
-  /**
-   * 用户注册(账号+密码)
-   * @url user/pub/register 前端调用的url参数地址
-   * @description 用户注册(账号+密码)
+	/**
+	 * 用户注册(账号+密码)
+	 * @url user/pub/register 前端调用的url参数地址
+	 * @description 用户注册(账号+密码)
 	 * data 请求参数 说明
 	 * @param {String} username 用户名，唯一
 	 * @param {String} password 密码
@@ -12,26 +12,34 @@ module.exports = {
 	 * @param {String} token 注册完成自动登录之后返回的token信息
 	 * @param {String} tokenExpired token过期时间
 	 * @param {Object} userInfo 用户信息
-   */
+	 */
 	main: async (event) => {
 		let { data = {}, userInfo, util, originalParam } = event;
-		let { uniID, config, pubFun, vk , db, _ } = util;
+		let { uniID, config, pubFun, vk, db, _ } = util;
 		let { uid } = data;
-		let res = { code : -1, msg : '' };
+		let res = { code: -1, msg: '' };
 		// 业务逻辑开始-----------------------------------------------------------
-		let { username, password, needPermission } = data;
+		let {
+			username,
+			password,
+			needPermission,
+			myInviteCode
+		} = data;
 		// username必须以字母开头，长度在6~18之间，只能包含字母、数字和下划线
-		if(!vk.pubfn.test(username,"username")){
-			return { code : -1, msg : "账号必须以字母开头，长度在6~18之间，只能包含字母、数字和下划线" };
+		if (!vk.pubfn.test(username, "username")) {
+			return { code: -1, msg: "账号必须以字母开头，长度在6~18之间，只能包含字母、数字和下划线" };
 		}
 		// password 长度在6~18之间，只能包含字母、数字和下划线
-		if(!vk.pubfn.test(password,"pwd")){
-			return { code : -1, msg : "密码长度在6~18之间，只能包含字母、数字和下划线" };
+		if (!vk.pubfn.test(password, "pwd")) {
+			return { code: -1, msg: "密码长度在6~18之间，只能包含字母、数字和下划线" };
 		}
-		 res = await uniID.register({
-			 username, password, needPermission
-		 });
+		res = await uniID.register({
+			username,
+			password,
+			needPermission,
+			myInviteCode
+		});
 		// 业务逻辑结束-----------------------------------------------------------
 		return res;
 	}
-}
+}
\ No newline at end of file
--- a/uniCloud-aliyun/cloudfunctions/router/service/user/pub/sendEmailCode.js
+++ b/uniCloud-aliyun/cloudfunctions/router/service/user/pub/sendEmailCode.js
@@ -29,6 +29,9 @@ module.exports = {
 		} = data;
 		let res = { code: 0, msg: 'ok' };
 		// 业务逻辑开始----------------------------------------------------------- 
+		if (!vkmail) {
+			return { code: -1, msg: "请先添加公共模块：vk-mail（右键对应的云函数，点击管理公共模块或扩展库依赖，勾选vk-mail依赖）" };
+		}
 		let code = vk.pubfn.random(6, "0123456789");
 		let param = {
 			code,