fix
This commit is contained in:
xujiang
249
backend-old/internal/service/auth/auth_service.go
Normal file
249
backend-old/internal/service/auth/auth_service.go
Normal file
@ -0,0 +1,249 @@
|
||||
package auth
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
"photography-backend/internal/model/entity"
|
||||
"photography-backend/internal/model/dto"
|
||||
"photography-backend/internal/repository/postgres"
|
||||
)
|
||||
|
||||
// AuthService 认证服务
|
||||
type AuthService struct {
|
||||
userRepo postgres.UserRepository
|
||||
jwtService *JWTService
|
||||
}
|
||||
|
||||
// NewAuthService 创建认证服务
|
||||
func NewAuthService(userRepo postgres.UserRepository, jwtService *JWTService) *AuthService {
|
||||
return &AuthService{
|
||||
userRepo: userRepo,
|
||||
jwtService: jwtService,
|
||||
}
|
||||
}
|
||||
|
||||
// Login 用户登录
|
||||
func (s *AuthService) Login(req *dto.LoginRequest) (*dto.LoginResponse, error) {
|
||||
// 根据用户名或邮箱查找用户
|
||||
var user *entity.User
|
||||
var err error
|
||||
|
||||
// 按邮箱查找用户
|
||||
user, err = s.userRepo.GetByEmail(req.Email)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to get user by email: %w", err)
|
||||
}
|
||||
|
||||
if user == nil {
|
||||
return nil, fmt.Errorf("invalid credentials")
|
||||
}
|
||||
|
||||
// 检查用户是否激活
|
||||
if !user.IsActive {
|
||||
return nil, fmt.Errorf("user account is deactivated")
|
||||
}
|
||||
|
||||
// 验证密码
|
||||
if err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(req.Password)); err != nil {
|
||||
return nil, fmt.Errorf("invalid credentials")
|
||||
}
|
||||
|
||||
// 生成JWT令牌
|
||||
tokenPair, err := s.jwtService.GenerateTokenPair(user.ID, user.Username, string(user.Role))
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to generate tokens: %w", err)
|
||||
}
|
||||
|
||||
// 更新最后登录时间
|
||||
if err := s.userRepo.UpdateLastLogin(user.ID); err != nil {
|
||||
// 记录错误但不中断登录流程
|
||||
fmt.Printf("failed to update last login: %v\n", err)
|
||||
}
|
||||
|
||||
// 清除密码字段
|
||||
user.Password = ""
|
||||
|
||||
return &dto.LoginResponse{
|
||||
Token: dto.TokenResponse{
|
||||
AccessToken: tokenPair.AccessToken,
|
||||
RefreshToken: tokenPair.RefreshToken,
|
||||
TokenType: tokenPair.TokenType,
|
||||
ExpiresIn: tokenPair.ExpiresIn,
|
||||
},
|
||||
User: *dto.ConvertToUserResponse(user),
|
||||
}, nil
|
||||
}
|
||||
|
||||
// Register 用户注册
|
||||
func (s *AuthService) Register(req *dto.CreateUserRequest) (*entity.User, error) {
|
||||
// 检查用户名是否已存在
|
||||
existingUser, err := s.userRepo.GetByUsername(req.Username)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to check username: %w", err)
|
||||
}
|
||||
if existingUser != nil {
|
||||
return nil, fmt.Errorf("username already exists")
|
||||
}
|
||||
|
||||
// 检查邮箱是否已存在
|
||||
existingUser, err = s.userRepo.GetByEmail(req.Email)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to check email: %w", err)
|
||||
}
|
||||
if existingUser != nil {
|
||||
return nil, fmt.Errorf("email already exists")
|
||||
}
|
||||
|
||||
// 加密密码
|
||||
hashedPassword, err := bcrypt.GenerateFromPassword([]byte(req.Password), bcrypt.DefaultCost)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to hash password: %w", err)
|
||||
}
|
||||
|
||||
// 创建用户
|
||||
user := &entity.User{
|
||||
Username: req.Username,
|
||||
Email: req.Email,
|
||||
Password: string(hashedPassword),
|
||||
Name: req.Name,
|
||||
Role: req.Role,
|
||||
IsActive: true,
|
||||
}
|
||||
|
||||
// 如果没有指定角色,默认为普通用户
|
||||
if user.Role == "" {
|
||||
user.Role = entity.UserRoleUser
|
||||
}
|
||||
|
||||
if err := s.userRepo.Create(user); err != nil {
|
||||
return nil, fmt.Errorf("failed to create user: %w", err)
|
||||
}
|
||||
|
||||
// 清除密码字段
|
||||
user.Password = ""
|
||||
|
||||
return user, nil
|
||||
}
|
||||
|
||||
// RefreshToken 刷新令牌
|
||||
func (s *AuthService) RefreshToken(req *dto.RefreshTokenRequest) (*dto.LoginResponse, error) {
|
||||
// 验证刷新令牌
|
||||
claims, err := s.jwtService.ValidateToken(req.RefreshToken)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("invalid refresh token: %w", err)
|
||||
}
|
||||
|
||||
// 获取用户信息
|
||||
user, err := s.userRepo.GetByID(claims.UserID)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to get user: %w", err)
|
||||
}
|
||||
|
||||
if user == nil {
|
||||
return nil, fmt.Errorf("user not found")
|
||||
}
|
||||
|
||||
// 检查用户是否激活
|
||||
if !user.IsActive {
|
||||
return nil, fmt.Errorf("user account is deactivated")
|
||||
}
|
||||
|
||||
// 生成新的令牌对
|
||||
tokenPair, err := s.jwtService.GenerateTokenPair(user.ID, user.Username, string(user.Role))
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to generate tokens: %w", err)
|
||||
}
|
||||
|
||||
// 清除密码字段
|
||||
user.Password = ""
|
||||
|
||||
return &dto.LoginResponse{
|
||||
Token: dto.TokenResponse{
|
||||
AccessToken: tokenPair.AccessToken,
|
||||
RefreshToken: tokenPair.RefreshToken,
|
||||
TokenType: tokenPair.TokenType,
|
||||
ExpiresIn: tokenPair.ExpiresIn,
|
||||
},
|
||||
User: *dto.ConvertToUserResponse(user),
|
||||
}, nil
|
||||
}
|
||||
|
||||
// GetUserByID 根据ID获取用户
|
||||
func (s *AuthService) GetUserByID(id uint) (*entity.User, error) {
|
||||
user, err := s.userRepo.GetByID(id)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to get user: %w", err)
|
||||
}
|
||||
|
||||
if user == nil {
|
||||
return nil, fmt.Errorf("user not found")
|
||||
}
|
||||
|
||||
// 清除密码字段
|
||||
user.Password = ""
|
||||
|
||||
return user, nil
|
||||
}
|
||||
|
||||
// UpdatePassword 更新密码
|
||||
func (s *AuthService) UpdatePassword(userID uint, req *dto.ChangePasswordRequest) error {
|
||||
// 获取用户信息
|
||||
user, err := s.userRepo.GetByID(userID)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to get user: %w", err)
|
||||
}
|
||||
|
||||
if user == nil {
|
||||
return fmt.Errorf("user not found")
|
||||
}
|
||||
|
||||
// 验证旧密码
|
||||
if err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(req.OldPassword)); err != nil {
|
||||
return fmt.Errorf("invalid old password")
|
||||
}
|
||||
|
||||
// 加密新密码
|
||||
hashedPassword, err := bcrypt.GenerateFromPassword([]byte(req.NewPassword), bcrypt.DefaultCost)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to hash password: %w", err)
|
||||
}
|
||||
|
||||
// 更新密码
|
||||
user.Password = string(hashedPassword)
|
||||
if err := s.userRepo.Update(user); err != nil {
|
||||
return fmt.Errorf("failed to update password: %w", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// CheckPermission 检查权限
|
||||
func (s *AuthService) CheckPermission(userRole entity.UserRole, requiredRole entity.UserRole) bool {
|
||||
roleLevel := map[entity.UserRole]int{
|
||||
entity.UserRoleUser: 1,
|
||||
entity.UserRolePhotographer: 2,
|
||||
entity.UserRoleAdmin: 3,
|
||||
}
|
||||
|
||||
userLevel, exists := roleLevel[userRole]
|
||||
if !exists {
|
||||
return false
|
||||
}
|
||||
|
||||
requiredLevel, exists := roleLevel[requiredRole]
|
||||
if !exists {
|
||||
return false
|
||||
}
|
||||
|
||||
return userLevel >= requiredLevel
|
||||
}
|
||||
|
||||
// IsAdmin 检查是否为管理员
|
||||
func (s *AuthService) IsAdmin(userRole entity.UserRole) bool {
|
||||
return userRole == entity.UserRoleAdmin
|
||||
}
|
||||
|
||||
// IsPhotographer 检查是否为摄影师或以上
|
||||
func (s *AuthService) IsPhotographer(userRole entity.UserRole) bool {
|
||||
return userRole == entity.UserRolePhotographer || userRole == entity.UserRoleAdmin
|
||||
}
|
||||
Reference in New Issue
Block a user