fix

2025-07-10 18:09:11 +08:00
parent 5cbdc5af73
commit 604b9e59ba
95 changed files with 23709 additions and 19 deletions
--- a/backend-old/internal/service/auth/auth_service.go
+++ b/backend-old/internal/service/auth/auth_service.go
@ -0,0 +1,249 @@
+package auth
+
+import (
+	"fmt"
+	"golang.org/x/crypto/bcrypt"
+	"photography-backend/internal/model/entity"
+	"photography-backend/internal/model/dto"
+	"photography-backend/internal/repository/postgres"
+)
+
+// AuthService 认证服务
+type AuthService struct {
+	userRepo   postgres.UserRepository
+	jwtService *JWTService
+}
+
+// NewAuthService 创建认证服务
+func NewAuthService(userRepo postgres.UserRepository, jwtService *JWTService) *AuthService {
+	return &AuthService{
+		userRepo:   userRepo,
+		jwtService: jwtService,
+	}
+}
+
+// Login 用户登录
+func (s *AuthService) Login(req *dto.LoginRequest) (*dto.LoginResponse, error) {
+	// 根据用户名或邮箱查找用户
+	var user *entity.User
+	var err error
+	
+	// 按邮箱查找用户
+	user, err = s.userRepo.GetByEmail(req.Email)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get user by email: %w", err)
+	}
+	
+	if user == nil {
+		return nil, fmt.Errorf("invalid credentials")
+	}
+	
+	// 检查用户是否激活
+	if !user.IsActive {
+		return nil, fmt.Errorf("user account is deactivated")
+	}
+	
+	// 验证密码
+	if err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(req.Password)); err != nil {
+		return nil, fmt.Errorf("invalid credentials")
+	}
+	
+	// 生成JWT令牌
+	tokenPair, err := s.jwtService.GenerateTokenPair(user.ID, user.Username, string(user.Role))
+	if err != nil {
+		return nil, fmt.Errorf("failed to generate tokens: %w", err)
+	}
+	
+	// 更新最后登录时间
+	if err := s.userRepo.UpdateLastLogin(user.ID); err != nil {
+		// 记录错误但不中断登录流程
+		fmt.Printf("failed to update last login: %v\n", err)
+	}
+	
+	// 清除密码字段
+	user.Password = ""
+	
+	return &dto.LoginResponse{
+		Token: dto.TokenResponse{
+			AccessToken:  tokenPair.AccessToken,
+			RefreshToken: tokenPair.RefreshToken,
+			TokenType:    tokenPair.TokenType,
+			ExpiresIn:    tokenPair.ExpiresIn,
+		},
+		User: *dto.ConvertToUserResponse(user),
+	}, nil
+}
+
+// Register 用户注册
+func (s *AuthService) Register(req *dto.CreateUserRequest) (*entity.User, error) {
+	// 检查用户名是否已存在
+	existingUser, err := s.userRepo.GetByUsername(req.Username)
+	if err != nil {
+		return nil, fmt.Errorf("failed to check username: %w", err)
+	}
+	if existingUser != nil {
+		return nil, fmt.Errorf("username already exists")
+	}
+	
+	// 检查邮箱是否已存在
+	existingUser, err = s.userRepo.GetByEmail(req.Email)
+	if err != nil {
+		return nil, fmt.Errorf("failed to check email: %w", err)
+	}
+	if existingUser != nil {
+		return nil, fmt.Errorf("email already exists")
+	}
+	
+	// 加密密码
+	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(req.Password), bcrypt.DefaultCost)
+	if err != nil {
+		return nil, fmt.Errorf("failed to hash password: %w", err)
+	}
+	
+	// 创建用户
+	user := &entity.User{
+		Username: req.Username,
+		Email:    req.Email,
+		Password: string(hashedPassword),
+		Name:     req.Name,
+		Role:     req.Role,
+		IsActive: true,
+	}
+	
+	// 如果没有指定角色，默认为普通用户
+	if user.Role == "" {
+		user.Role = entity.UserRoleUser
+	}
+	
+	if err := s.userRepo.Create(user); err != nil {
+		return nil, fmt.Errorf("failed to create user: %w", err)
+	}
+	
+	// 清除密码字段
+	user.Password = ""
+	
+	return user, nil
+}
+
+// RefreshToken 刷新令牌
+func (s *AuthService) RefreshToken(req *dto.RefreshTokenRequest) (*dto.LoginResponse, error) {
+	// 验证刷新令牌
+	claims, err := s.jwtService.ValidateToken(req.RefreshToken)
+	if err != nil {
+		return nil, fmt.Errorf("invalid refresh token: %w", err)
+	}
+	
+	// 获取用户信息
+	user, err := s.userRepo.GetByID(claims.UserID)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get user: %w", err)
+	}
+	
+	if user == nil {
+		return nil, fmt.Errorf("user not found")
+	}
+	
+	// 检查用户是否激活
+	if !user.IsActive {
+		return nil, fmt.Errorf("user account is deactivated")
+	}
+	
+	// 生成新的令牌对
+	tokenPair, err := s.jwtService.GenerateTokenPair(user.ID, user.Username, string(user.Role))
+	if err != nil {
+		return nil, fmt.Errorf("failed to generate tokens: %w", err)
+	}
+	
+	// 清除密码字段
+	user.Password = ""
+	
+	return &dto.LoginResponse{
+		Token: dto.TokenResponse{
+			AccessToken:  tokenPair.AccessToken,
+			RefreshToken: tokenPair.RefreshToken,
+			TokenType:    tokenPair.TokenType,
+			ExpiresIn:    tokenPair.ExpiresIn,
+		},
+		User: *dto.ConvertToUserResponse(user),
+	}, nil
+}
+
+// GetUserByID 根据ID获取用户
+func (s *AuthService) GetUserByID(id uint) (*entity.User, error) {
+	user, err := s.userRepo.GetByID(id)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get user: %w", err)
+	}
+	
+	if user == nil {
+		return nil, fmt.Errorf("user not found")
+	}
+	
+	// 清除密码字段
+	user.Password = ""
+	
+	return user, nil
+}
+
+// UpdatePassword 更新密码
+func (s *AuthService) UpdatePassword(userID uint, req *dto.ChangePasswordRequest) error {
+	// 获取用户信息
+	user, err := s.userRepo.GetByID(userID)
+	if err != nil {
+		return fmt.Errorf("failed to get user: %w", err)
+	}
+	
+	if user == nil {
+		return fmt.Errorf("user not found")
+	}
+	
+	// 验证旧密码
+	if err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(req.OldPassword)); err != nil {
+		return fmt.Errorf("invalid old password")
+	}
+	
+	// 加密新密码
+	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(req.NewPassword), bcrypt.DefaultCost)
+	if err != nil {
+		return fmt.Errorf("failed to hash password: %w", err)
+	}
+	
+	// 更新密码
+	user.Password = string(hashedPassword)
+	if err := s.userRepo.Update(user); err != nil {
+		return fmt.Errorf("failed to update password: %w", err)
+	}
+	
+	return nil
+}
+
+// CheckPermission 检查权限
+func (s *AuthService) CheckPermission(userRole entity.UserRole, requiredRole entity.UserRole) bool {
+	roleLevel := map[entity.UserRole]int{
+		entity.UserRoleUser:         1,
+		entity.UserRolePhotographer: 2,
+		entity.UserRoleAdmin:        3,
+	}
+	
+	userLevel, exists := roleLevel[userRole]
+	if !exists {
+		return false
+	}
+	
+	requiredLevel, exists := roleLevel[requiredRole]
+	if !exists {
+		return false
+	}
+	
+	return userLevel >= requiredLevel
+}
+
+// IsAdmin 检查是否为管理员
+func (s *AuthService) IsAdmin(userRole entity.UserRole) bool {
+	return userRole == entity.UserRoleAdmin
+}
+
+// IsPhotographer 检查是否为摄影师或以上
+func (s *AuthService) IsPhotographer(userRole entity.UserRole) bool {
+	return userRole == entity.UserRolePhotographer || userRole == entity.UserRoleAdmin
+}
--- a/backend-old/internal/service/auth/jwt_service.go
+++ b/backend-old/internal/service/auth/jwt_service.go
@ -0,0 +1,132 @@
+package auth
+
+import (
+	"fmt"
+	"time"
+	"github.com/golang-jwt/jwt/v5"
+	"photography-backend/internal/config"
+)
+
+// JWTService JWT服务
+type JWTService struct {
+	secretKey            []byte
+	accessTokenDuration  time.Duration
+	refreshTokenDuration time.Duration
+}
+
+// JWTClaims JWT声明
+type JWTClaims struct {
+	UserID   uint   `json:"user_id"`
+	Username string `json:"username"`
+	Role     string `json:"role"`
+	jwt.RegisteredClaims
+}
+
+// TokenPair 令牌对
+type TokenPair struct {
+	AccessToken  string `json:"access_token"`
+	RefreshToken string `json:"refresh_token"`
+	TokenType    string `json:"token_type"`
+	ExpiresIn    int64  `json:"expires_in"`
+}
+
+// NewJWTService 创建JWT服务
+func NewJWTService(cfg *config.JWTConfig) *JWTService {
+	accessDuration, _ := time.ParseDuration(cfg.ExpiresIn)
+	refreshDuration, _ := time.ParseDuration(cfg.RefreshExpiresIn)
+	
+	return &JWTService{
+		secretKey:            []byte(cfg.Secret),
+		accessTokenDuration:  accessDuration,
+		refreshTokenDuration: refreshDuration,
+	}
+}
+
+// GenerateTokenPair 生成令牌对
+func (s *JWTService) GenerateTokenPair(userID uint, username, role string) (*TokenPair, error) {
+	// 生成访问令牌
+	accessToken, err := s.generateToken(userID, username, role, s.accessTokenDuration)
+	if err != nil {
+		return nil, fmt.Errorf("failed to generate access token: %w", err)
+	}
+	
+	// 生成刷新令牌
+	refreshToken, err := s.generateToken(userID, username, role, s.refreshTokenDuration)
+	if err != nil {
+		return nil, fmt.Errorf("failed to generate refresh token: %w", err)
+	}
+	
+	return &TokenPair{
+		AccessToken:  accessToken,
+		RefreshToken: refreshToken,
+		TokenType:    "Bearer",
+		ExpiresIn:    int64(s.accessTokenDuration.Seconds()),
+	}, nil
+}
+
+// generateToken 生成令牌
+func (s *JWTService) generateToken(userID uint, username, role string, duration time.Duration) (string, error) {
+	now := time.Now()
+	claims := &JWTClaims{
+		UserID:   userID,
+		Username: username,
+		Role:     role,
+		RegisteredClaims: jwt.RegisteredClaims{
+			ExpiresAt: jwt.NewNumericDate(now.Add(duration)),
+			IssuedAt:  jwt.NewNumericDate(now),
+			NotBefore: jwt.NewNumericDate(now),
+			Issuer:    "photography-backend",
+		},
+	}
+	
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+	return token.SignedString(s.secretKey)
+}
+
+// ValidateToken 验证令牌
+func (s *JWTService) ValidateToken(tokenString string) (*JWTClaims, error) {
+	token, err := jwt.ParseWithClaims(tokenString, &JWTClaims{}, func(token *jwt.Token) (interface{}, error) {
+		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
+			return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
+		}
+		return s.secretKey, nil
+	})
+	
+	if err != nil {
+		return nil, fmt.Errorf("failed to parse token: %w", err)
+	}
+	
+	if claims, ok := token.Claims.(*JWTClaims); ok && token.Valid {
+		return claims, nil
+	}
+	
+	return nil, fmt.Errorf("invalid token")
+}
+
+// RefreshToken 刷新令牌
+func (s *JWTService) RefreshToken(refreshToken string) (*TokenPair, error) {
+	claims, err := s.ValidateToken(refreshToken)
+	if err != nil {
+		return nil, fmt.Errorf("invalid refresh token: %w", err)
+	}
+	
+	// 生成新的令牌对
+	return s.GenerateTokenPair(claims.UserID, claims.Username, claims.Role)
+}
+
+// GetClaimsFromToken 从令牌中获取声明
+func (s *JWTService) GetClaimsFromToken(tokenString string) (*JWTClaims, error) {
+	token, err := jwt.ParseWithClaims(tokenString, &JWTClaims{}, func(token *jwt.Token) (interface{}, error) {
+		return s.secretKey, nil
+	})
+	
+	if err != nil {
+		return nil, err
+	}
+	
+	if claims, ok := token.Claims.(*JWTClaims); ok {
+		return claims, nil
+	}
+	
+	return nil, fmt.Errorf("invalid claims")
+}