feat(costcenter): add recharge limit for non real name user

HUAHUAI23 · Oct 25, 2024 · b1a0efe · b1a0efe
1 parent b57e851
commit b1a0efe
Show file tree

Hide file tree

Showing 5 changed files with 68 additions and 3 deletions.
diff --git a/frontend/providers/costcenter/src/pages/api/account/gift-code.ts b/frontend/providers/costcenter/src/pages/api/account/gift-code.ts
@@ -1,5 +1,6 @@
 import { makeAPIClientByHeader } from '@/service/backend/region';
 import { jsonRes } from '@/service/backend/response';
+import { checkSealosUserIsRealName } from '@/utils/tools';
 import type { NextApiRequest, NextApiResponse } from 'next';
 
 export default async function handler(req: NextApiRequest, resp: NextApiResponse) {
@@ -28,6 +29,14 @@ export default async function handler(req: NextApiRequest, resp: NextApiResponse
     const client = await makeAPIClientByHeader(req, resp);
     if (!client) return;
 
+    const isRealName = await checkSealosUserIsRealName(client);
+    if (!isRealName) {
+      return jsonRes(resp, {
+        code: 403,
+        message: 'recharge is not allowed for non-real-name user'
+      });
+    }
+
     const response = await client.post('/account/v1alpha1/gift-code/use', body);
     const responseData = await response.data;
     if (response.status !== 200) {

diff --git a/frontend/providers/costcenter/src/pages/api/account/payment/index.ts b/frontend/providers/costcenter/src/pages/api/account/payment/index.ts
@@ -1,8 +1,10 @@
 import { generatePaymentCrd, PaymentForm } from '@/constants/payment';
 import { authSession } from '@/service/backend/auth';
 import { ApplyYaml, GetUserDefaultNameSpace } from '@/service/backend/kubernetes';
+import { makeAPIClientByHeader } from '@/service/backend/region';
 import { jsonRes } from '@/service/backend/response';
 import { deFormatMoney } from '@/utils/format';
+import { checkSealosUserIsRealName } from '@/utils/tools';
 import crypto from 'crypto';
 import type { NextApiRequest, NextApiResponse } from 'next';
 
@@ -38,6 +40,17 @@ export default async function handler(req: NextApiRequest, resp: NextApiResponse
       return jsonRes(resp, { code: 401, message: 'user not found' });
     }
 
+    const client = await makeAPIClientByHeader(req, resp);
+    if (!client) return;
+
+    const isRealName = await checkSealosUserIsRealName(client);
+    if (!isRealName) {
+      return jsonRes(resp, {
+        code: 403,
+        message: 'recharge is not allowed for non-real-name user'
+      });
+    }
+
     // do payment
     const paymentName = crypto.randomUUID();
     const namespace = GetUserDefaultNameSpace(kubeUser.name);

diff --git a/frontend/providers/costcenter/src/pages/api/account/payment/stripe.ts b/frontend/providers/costcenter/src/pages/api/account/payment/stripe.ts
@@ -1,7 +1,9 @@
 import { generatePaymentCrd, PaymentForm } from '@/constants/payment';
 import { authSession } from '@/service/backend/auth';
 import { ApplyYaml, GetUserDefaultNameSpace } from '@/service/backend/kubernetes';
+import { makeAPIClientByHeader } from '@/service/backend/region';
 import { jsonRes } from '@/service/backend/response';
+import { checkSealosUserIsRealName } from '@/utils/tools';
 import crypto from 'crypto';
 import type { NextApiRequest, NextApiResponse } from 'next';
 
@@ -23,6 +25,17 @@ export default async function handler(req: NextApiRequest, resp: NextApiResponse
       });
     }
 
+    const client = await makeAPIClientByHeader(req, resp);
+    if (!client) return;
+
+    const isRealName = await checkSealosUserIsRealName(client);
+    if (!isRealName) {
+      return jsonRes(resp, {
+        code: 403,
+        message: 'recharge is not allowed for non-real-name user'
+      });
+    }
+
     const k8s_username = kc.getUsers()[0].name;
     // do payment
     const paymentName = crypto.randomUUID();

diff --git a/frontend/providers/costcenter/src/service/backend/region.ts b/frontend/providers/costcenter/src/service/backend/region.ts
@@ -1,5 +1,5 @@
 import { Region } from '@/types/region';
-import axios from 'axios';
+import axios, { AxiosInstance } from 'axios';
 import { NextApiRequest, NextApiResponse } from 'next';
 import { AccessTokenPayload, generateBillingToken, verifyInternalToken } from '../auth';
 import { jsonRes } from './response';
@@ -53,7 +53,10 @@ export async function makeRegionListAPIClientByHeader(req: NextApiRequest, res:
   });
   return clientList;
 }
-export function makeAPIClient(region: Region | undefined | null, payload?: AccessTokenPayload) {
+export function makeAPIClient(
+  region: Region | undefined | null,
+  payload?: AccessTokenPayload
+): AxiosInstance {
   const baseURL = region?.accountSvc
     ? `http://${region?.accountSvc}`
     : global.AppConfig.costCenter.components.accountService.url;

diff --git a/frontend/providers/costcenter/src/utils/tools.ts b/frontend/providers/costcenter/src/utils/tools.ts
@@ -1,4 +1,6 @@
 import { NextApiRequest } from 'next';
+import { AxiosInstance } from 'axios';
+import crypto from 'crypto';
 
 export const retrySerially = <T>(fn: () => Promise<T>, times: number) =>
   new Promise((res, rej) => {
@@ -16,7 +18,6 @@ export const retrySerially = <T>(fn: () => Promise<T>, times: number) =>
     };
     attempt();
   });
-import crypto from 'crypto';
 export function genSign(secret: string, timestamp: number | string) {
   const stringToSign = `${timestamp}\n${secret}`;
   const hmac = crypto.createHmac('sha256', stringToSign);
@@ -54,3 +55,29 @@ export function getClientIPFromRequest(req: NextApiRequest) {
 
   return undefined;
 }
+
+type RealNameInfoResponse = {
+  data: {
+    userID: string;
+    isRealName: boolean;
+  };
+  error?: string;
+  message: string;
+};
+
+export const checkSealosUserIsRealName = async (client: AxiosInstance): Promise<boolean> => {
+  try {
+    const response = await client.post('/account/v1alpha1/real-name-info');
+    const realNameInfoData: RealNameInfoResponse = await response.data;
+
+    if (realNameInfoData.error) {
+      console.error(realNameInfoData.error);
+      return false;
+    }
+
+    return realNameInfoData.data.isRealName;
+  } catch (error) {
+    console.error(error);
+    return false;
+  }
+};