feat: each user can only create a wallet via POST /users/:id/wallet

KJlmfe · KJlmfe · commit b3456f4e98ef · 2018-06-22T14:04:13.000+08:00
diff --git a/app/controller/user.js b/app/controller/user.js
@@ -23,12 +23,22 @@ class UserController extends Controller {
 
     const address = ctx.params.address;
     const updates = ctx.request.body;
-    // TODO: 检查权限 只有本人 或者 管理员 才有权修改
+    // TODO: 检查权限 只有本人 或者 管理员 才有权限
     // ctx.throw(403, '无权限修改用户信息', { code: 'FORBIDDEN_UPDATE_USER', error: { address } });
     const user = await ctx.service.user.updateByAddress(address, updates);
     ctx.body = user;
   }
 
+  async createWallet() {
+    const ctx = this.ctx;
+    const user_id = ctx.params.id;
+
+    // TODO: 检查权限 只有本人 或者 管理员 才有权限
+    // ctx.throw(403, '无权限创建钱包', { code: 'FORBIDDEN_CREATE_WALLET', error: { user_id } });
+    const { address } = await ctx.service.user.createWallet(user_id);
+    ctx.body = { address };
+  }
+
 }
 
 module.exports = UserController;
diff --git a/app/router.js b/app/router.js
@@ -36,6 +36,7 @@ module.exports = app => {
   router.get('/user', isUser, controller.user.current);
   router.get('/users/:address', controller.user.getUser);
   router.patch('/users/:address', controller.user.updateUser);
+  router.post('/users/:id/wallet', controller.user.createWallet);
 
   router.get('/likes', controller.like.list);
   router.post('/likes', isUser, controller.like.create);
diff --git a/app/service/user.js b/app/service/user.js
@@ -1,7 +1,9 @@
 'use strict';
 
 const Service = require('egg').Service;
-
+const secp256k1 = require('secp256k1/elliptic');
+const createKeccakHash = require('keccak');
+const crypto = require('crypto');
 class UserService extends Service {
 
   async create(user) {
@@ -18,10 +20,8 @@ class UserService extends Service {
     }
 
     const exist_user = await ctx.model.User.find({ where: { mobile } });
-    console.log(exist_user);
     if (exist_user) return exist_user;
 
-
     return ctx.model.User.create({ mobile });
   }
 
@@ -90,6 +90,43 @@ class UserService extends Service {
     return this.getByAddress(address);
   }
 
+  // 创建钱包
+  async createWallet(user_id) {
+    const ctx = this.ctx;
+
+    const user = await ctx.model.User.find({ where: { id: user_id } });
+    if (!user) {
+      ctx.throw(400, `用户(id: ${user_id})不存在`, { code: 'USER_NOT_FOUND', errors: { user_id } });
+    }
+    if (user.address) {
+      ctx.throw(400, `用户(id: ${user_id})已有钱包，无法创建新的`, { code: 'USER_ALREADY_HAS_WALLET', errors: { user_id, address: user.address } });
+    }
+
+    let private_key = crypto.randomBytes(32);
+    const publicKey = secp256k1.publicKeyCreate(private_key, false).slice(1);
+    let address = createKeccakHash('keccak256').update(publicKey).digest()
+      .slice(-20);
+    private_key = private_key.toString('hex').toLowerCase();
+    address = '0x' + address.toString('hex').toLowerCase();
+
+    await ctx.model.User.update({
+      address,
+      private_key
+    }, {
+        where: {
+          id: user_id,
+          address: null, // 如果同一个用户高并发打过来，可能会被更新多次, 所以不要用user.updates({address,private_key})
+          private_key: null,
+        },
+        returning: true,
+      });
+
+    return {
+      address,
+      private_key
+    };
+  }
+
 }
 
 module.exports = UserService;
