feat: add sensitive (#724)

Author: hyrious

src/dao/index.ts

@@ -16,6 +16,7 @@ import { UserAppleModel } from "../model/user/Apple";
 import { UserAgoraModel } from "../model/user/Agora";
 import { UserGoogleModel } from "../model/user/Google";
 import { UserPhoneModel } from "../model/user/Phone";
+import { UserSensitiveModel } from "../model/user/Sensitive";
 
 export const UserDAO = DAOImplement(UserModel) as ReturnType<DAO<UserModel>>;
 
@@ -31,6 +32,10 @@ export const UserGoogleDAO = DAOImplement(UserGoogleModel) as ReturnType<DAO<Use
 
 export const UserPhoneDAO = DAOImplement(UserPhoneModel) as ReturnType<DAO<UserPhoneModel>>;
 
+export const UserSensitiveDAO = DAOImplement(UserSensitiveModel) as ReturnType<
+    DAO<UserSensitiveModel>
+>;
+
 export const RoomDAO = DAOImplement(RoomModel) as ReturnType<DAO<RoomModel>>;
 
 export const RoomUserDAO = DAOImplement(RoomUserModel) as ReturnType<DAO<RoomUserModel>>;

src/model/index.ts

@@ -17,6 +17,7 @@ import { CloudStorageConfigsModel } from "./cloudStorage/CloudStorageConfigs";
 import { OAuthInfosModel } from "./oauth/oauth-infos";
 import { OAuthSecretsModel } from "./oauth/oauth-secrets";
 import { OAuthUsersModel } from "./oauth/oauth-users";
+import { UserSensitiveModel } from "./user/Sensitive";
 
 export type Model =
     | UserModel
@@ -26,6 +27,7 @@ export type Model =
     | UserAgoraModel
     | UserGoogleModel
     | UserPhoneModel
+    | UserSensitiveModel
     | RoomModel
     | RoomUserModel
     | RoomPeriodicConfigModel

src/model/user/Constants.ts

@@ -0,0 +1,4 @@
+export enum SensitiveType {
+    Phone = "phone",
+    Avatar = "avatar",
+}

src/model/user/Sensitive.ts

@@ -0,0 +1,32 @@
+import { Column, Entity, Index } from "typeorm";
+import { Content } from "../Content";
+
+@Entity({
+    name: "user_sensitive",
+})
+export class UserSensitiveModel extends Content {
+    @Index("user_sensitive_user_uuid_index")
+    @Column({
+        length: 40,
+    })
+    user_uuid: string;
+
+    @Index("user_sensitive_type_index")
+    @Column({
+        length: 128,
+        comment: "sensitive type like 'phone'",
+    })
+    type: string;
+
+    @Column({
+        length: 2083,
+        comment: "sensitive value like '123****4'",
+    })
+    content: string;
+
+    @Index("user_sensitive_is_delete_index")
+    @Column({
+        default: false,
+    })
+    is_delete: boolean;
+}

src/thirdPartyService/TypeORMService.ts

@@ -17,6 +17,7 @@ import { UserAppleModel } from "../model/user/Apple";
 import { UserAgoraModel } from "../model/user/Agora";
 import { UserGoogleModel } from "../model/user/Google";
 import { UserPhoneModel } from "../model/user/Phone";
+import { UserSensitiveModel } from "../model/user/Sensitive";
 import { OAuthInfosModel } from "../model/oauth/oauth-infos";
 import { OAuthSecretsModel } from "../model/oauth/oauth-secrets";
 import { OAuthUsersModel } from "../model/oauth/oauth-users";
@@ -36,6 +37,7 @@ export const dataSource = new DataSource({
         UserAgoraModel,
         UserGoogleModel,
         UserPhoneModel,
+        UserSensitiveModel,
         RoomModel,
         RoomUserModel,
         RoomPeriodicConfigModel,

src/v1/controller/login/platforms/LoginPhone.ts

@@ -7,6 +7,7 @@ import { ServiceCloudStorageConfigs } from "../../../service/cloudStorage/CloudS
 import { ServiceCloudStorageUserFiles } from "../../../service/cloudStorage/CloudStorageUserFiles";
 import { ServiceUserPhone } from "../../../service/user/UserPhone";
 import { dataSource } from "../../../../thirdPartyService/TypeORMService";
+import { ServiceUserSensitive } from "../../../service/user/UserSensitive";
 
 @Login()
 export class LoginPhone extends AbstractLogin {
@@ -18,6 +19,7 @@ export class LoginPhone extends AbstractLogin {
         this.svc = {
             user: new ServiceUser(this.userUUID),
             userPhone: new ServiceUserPhone(this.userUUID),
+            userSensitive: new ServiceUserSensitive(this.userUUID),
             cloudStorageFiles: new ServiceCloudStorageFiles(),
             cloudStorageConfigs: new ServiceCloudStorageConfigs(this.userUUID),
             cloudStorageUserFiles: new ServiceCloudStorageUserFiles(this.userUUID),
@@ -33,8 +35,14 @@ export class LoginPhone extends AbstractLogin {
             const createUser = this.svc.user.create(info, t);
 
             const createUserPhone = this.svc.userPhone.create(info, t);
+            const createUserSensitive = this.svc.userSensitive.phone(info, t);
 
-            return await Promise.all([createUser, createUserPhone, this.setGuidePPTX(this.svc, t)]);
+            return await Promise.all([
+                createUser,
+                createUserPhone,
+                createUserSensitive,
+                this.setGuidePPTX(this.svc, t),
+            ]);
         });
     }
 
@@ -50,6 +58,7 @@ export class LoginPhone extends AbstractLogin {
 interface RegisterService {
     user: ServiceUser;
     userPhone: ServiceUserPhone;
+    userSensitive: ServiceUserSensitive;
     cloudStorageFiles: ServiceCloudStorageFiles;
     cloudStorageUserFiles: ServiceCloudStorageUserFiles;
     cloudStorageConfigs: ServiceCloudStorageConfigs;

src/v1/controller/user/binding/platform/phone/Binding.ts

@@ -10,6 +10,7 @@ import { ErrorCode } from "../../../../../../ErrorCode";
 import { Status } from "../../../../../../constants/Project";
 import { ServiceUserPhone } from "../../../../../service/user/UserPhone";
 import { UserDAO } from "../../../../../../dao";
+import { ServiceUserSensitive } from "../../../../../service/user/UserSensitive";
 
 @Controller<RequestType, ResponseType>({
     method: "post",
@@ -38,6 +39,7 @@ export class BindingPhone extends AbstractController<RequestType, ResponseType>
 
     private svc = {
         userPhone: new ServiceUserPhone(this.userUUID),
+        userSensitive: new ServiceUserSensitive(this.userUUID),
     };
 
     private static ExhaustiveAttackCount = 10;
@@ -75,6 +77,9 @@ export class BindingPhone extends AbstractController<RequestType, ResponseType>
             phone,
             userName: userInfo.user_name,
         });
+        await this.svc.userSensitive.phone({
+            phone,
+        });
 
         await BindingPhone.clearVerificationCode(safePhone);
 

src/v1/controller/user/uploadAvatar/Finish.ts

@@ -12,6 +12,7 @@ import { getOSSDomain, getOSSFileURLPath } from "../../cloudStorage/alibabaCloud
 import { deleteObject, isExistObject } from "../../cloudStorage/alibabaCloud/Utils";
 import { getFilePath } from "./Utils";
 import { dataSource } from "../../../../thirdPartyService/TypeORMService";
+import { ServiceUserSensitive } from "../../../service/user/UserSensitive";
 
 @Controller<RequestType, ResponseType>({
     method: "post",
@@ -34,6 +35,7 @@ export class UploadAvatarFinish extends AbstractController<RequestType, Response
 
     public readonly svc: {
         user: ServiceUser;
+        userSensitive: ServiceUserSensitive;
     };
 
     private static readonly censorshipLogger = createLoggerContentCensorship({});
@@ -43,6 +45,7 @@ export class UploadAvatarFinish extends AbstractController<RequestType, Response
 
         this.svc = {
             user: new ServiceUser(this.userUUID),
+            userSensitive: new ServiceUserSensitive(this.userUUID),
         };
     }
 
@@ -86,6 +89,7 @@ export class UploadAvatarFinish extends AbstractController<RequestType, Response
         // Delete previous avatar and set new avatar.
         await dataSource.transaction(async t => {
             await this.svc.user.updateAvatar(alibabaCloudFileURL, t);
+            await this.svc.userSensitive.avatar({ avatarURL: alibabaCloudFileURL }, t);
 
             const avatarURL = (await this.svc.user.nameAndAvatar())?.avatarURL;
             if (avatarURL) {

src/v1/service/user/UserSensitive.ts

@@ -0,0 +1,37 @@
+import { EntityManager, InsertResult } from "typeorm";
+import { UserSensitiveDAO } from "../../../dao";
+import { SensitiveType } from "../../../model/user/Constants";
+
+export class ServiceUserSensitive {
+    constructor(private readonly userUUID: string) {}
+
+    public async phone(
+        data: {
+            phone: string;
+        },
+        t?: EntityManager,
+    ): Promise<InsertResult> {
+        return await UserSensitiveDAO(t).insert({
+            user_uuid: this.userUUID,
+            type: SensitiveType.Phone,
+            content: this.desensitivePhone(data.phone),
+        });
+    }
+
+    private desensitivePhone(phone: string): string {
+        return phone.slice(0, 3) + "*******" + phone.slice(-1);
+    }
+
+    public async avatar(
+        data: {
+            avatarURL: string;
+        },
+        t?: EntityManager,
+    ): Promise<InsertResult> {
+        return await UserSensitiveDAO(t).insert({
+            user_uuid: this.userUUID,
+            type: SensitiveType.Avatar,
+            content: data.avatarURL,
+        });
+    }
+}

src/v2/controllers/user/routes.ts

@@ -2,6 +2,7 @@ import { Server } from "../../../utils/registryRoutersV2";
 import { userRename, userRenameSchema } from "./rename";
 import { userUploadAvatarStart, userUploadAvatarStartSchema } from "./upload-avatar/start";
 import { userUploadAvatarFinish, userUploadAvatarFinishSchema } from "./upload-avatar/finish";
+import { userSensitive, userSensitiveSchema } from "./sensitive";
 
 export const userRouters = (server: Server): void => {
     server.post("user/rename", userRename, {
@@ -15,4 +16,8 @@ export const userRouters = (server: Server): void => {
     server.post("user/upload-avatar/finish", userUploadAvatarFinish, {
         schema: userUploadAvatarFinishSchema,
     });
+
+    server.post("user/sensitive", userSensitive, {
+        schema: userSensitiveSchema,
+    });
 };