iriver/photography
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: 实现后端和管理后台基础架构

Browse Source 
## 后端架构 (Go + Gin + GORM)
-  完整的分层架构 (API/Service/Repository)
-  PostgreSQL数据库设计和迁移脚本
-  JWT认证系统和权限控制
-  用户、照片、分类、标签等核心模型
-  中间件系统 (认证、CORS、日志)
-  配置管理和环境变量支持
-  结构化日志和错误处理
-  Makefile构建和部署脚本

## 管理后台架构 (React + TypeScript)
-  Vite + React 18 + TypeScript现代化架构
-  路由系统和状态管理 (Zustand + TanStack Query)
-  基于Radix UI的组件库基础
-  认证流程和权限控制
-  响应式设计和主题系统

## 数据库设计
-  用户表 (角色权限、认证信息)
-  照片表 (元数据、EXIF、状态管理)
-  分类表 (层级结构、封面图片)
-  标签表 (使用统计、标签云)
-  关联表 (照片-标签多对多)

## 技术特点
- 🚀 高性能: Gin框架 + GORM ORM
- 🔐 安全: JWT认证 + 密码加密 + 权限控制
- 📊 监控: 结构化日志 + 健康检查
- 🎨 现代化: React 18 + TypeScript + Vite
- 📱 响应式: Tailwind CSS + Radix UI

参考文档: docs/development/saved-docs/
This commit is contained in:
xujiang
2025-07-09 14:56:22 +08:00
parent 180fbd2ae9
commit c57ec3aa82
34 changed files with 3432 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

253
backend/internal/service/auth/auth_service.go Normal file
View File

@ -0,0 +1,253 @@
package auth
import (
"fmt"
"time"
"golang.org/x/crypto/bcrypt"
"photography-backend/internal/models"
"photography-backend/internal/repository/postgres"
)
// AuthService 认证服务
type AuthService struct {
userRepo postgres.UserRepository
jwtService *JWTService
}
// NewAuthService 创建认证服务
func NewAuthService(userRepo postgres.UserRepository, jwtService *JWTService) *AuthService {
return &AuthService{
userRepo: userRepo,
jwtService: jwtService,
}
}
// Login 用户登录
func (s *AuthService) Login(req *models.LoginRequest) (*models.LoginResponse, error) {
// 根据用户名或邮箱查找用户
var user *models.User
var err error
// 尝试按用户名查找
user, err = s.userRepo.GetByUsername(req.Username)
if err != nil {
return nil, fmt.Errorf("failed to get user: %w", err)
}
// 如果用户名未找到,尝试按邮箱查找
if user == nil {
user, err = s.userRepo.GetByEmail(req.Username)
if err != nil {
return nil, fmt.Errorf("failed to get user by email: %w", err)
}
}
if user == nil {
return nil, fmt.Errorf("invalid credentials")
}
// 检查用户是否激活
if !user.IsActive {
return nil, fmt.Errorf("user account is deactivated")
}
// 验证密码
if err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(req.Password)); err != nil {
return nil, fmt.Errorf("invalid credentials")
}
// 生成JWT令牌
tokenPair, err := s.jwtService.GenerateTokenPair(user.ID, user.Username, user.Role)
if err != nil {
return nil, fmt.Errorf("failed to generate tokens: %w", err)
}
// 更新最后登录时间
if err := s.userRepo.UpdateLastLogin(user.ID); err != nil {
// 记录错误但不中断登录流程
fmt.Printf("failed to update last login: %v\n", err)
}
// 清除密码字段
user.Password = ""
return &models.LoginResponse{
AccessToken: tokenPair.AccessToken,
RefreshToken: tokenPair.RefreshToken,
TokenType: tokenPair.TokenType,
ExpiresIn: tokenPair.ExpiresIn,
User: user,
}, nil
}
// Register 用户注册
func (s *AuthService) Register(req *models.CreateUserRequest) (*models.User, error) {
// 检查用户名是否已存在
existingUser, err := s.userRepo.GetByUsername(req.Username)
if err != nil {
return nil, fmt.Errorf("failed to check username: %w", err)
}
if existingUser != nil {
return nil, fmt.Errorf("username already exists")
}
// 检查邮箱是否已存在
existingUser, err = s.userRepo.GetByEmail(req.Email)
if err != nil {
return nil, fmt.Errorf("failed to check email: %w", err)
}
if existingUser != nil {
return nil, fmt.Errorf("email already exists")
}
// 加密密码
hashedPassword, err := bcrypt.GenerateFromPassword([]byte(req.Password), bcrypt.DefaultCost)
if err != nil {
return nil, fmt.Errorf("failed to hash password: %w", err)
}
// 创建用户
user := &models.User{
Username: req.Username,
Email: req.Email,
Password: string(hashedPassword),
Name: req.Name,
Role: req.Role,
IsActive: true,
}
// 如果没有指定角色,默认为普通用户
if user.Role == "" {
user.Role = models.RoleUser
}
if err := s.userRepo.Create(user); err != nil {
return nil, fmt.Errorf("failed to create user: %w", err)
}
// 清除密码字段
user.Password = ""
return user, nil
}
// RefreshToken 刷新令牌
func (s *AuthService) RefreshToken(req *models.RefreshTokenRequest) (*models.LoginResponse, error) {
// 验证刷新令牌
claims, err := s.jwtService.ValidateToken(req.RefreshToken)
if err != nil {
return nil, fmt.Errorf("invalid refresh token: %w", err)
}
// 获取用户信息
user, err := s.userRepo.GetByID(claims.UserID)
if err != nil {
return nil, fmt.Errorf("failed to get user: %w", err)
}
if user == nil {
return nil, fmt.Errorf("user not found")
}
// 检查用户是否激活
if !user.IsActive {
return nil, fmt.Errorf("user account is deactivated")
}
// 生成新的令牌对
tokenPair, err := s.jwtService.GenerateTokenPair(user.ID, user.Username, user.Role)
if err != nil {
return nil, fmt.Errorf("failed to generate tokens: %w", err)
}
// 清除密码字段
user.Password = ""
return &models.LoginResponse{
AccessToken: tokenPair.AccessToken,
RefreshToken: tokenPair.RefreshToken,
TokenType: tokenPair.TokenType,
ExpiresIn: tokenPair.ExpiresIn,
User: user,
}, nil
}
// GetUserByID 根据ID获取用户
func (s *AuthService) GetUserByID(id uint) (*models.User, error) {
user, err := s.userRepo.GetByID(id)
if err != nil {
return nil, fmt.Errorf("failed to get user: %w", err)
}
if user == nil {
return nil, fmt.Errorf("user not found")
}
// 清除密码字段
user.Password = ""
return user, nil
}
// UpdatePassword 更新密码
func (s *AuthService) UpdatePassword(userID uint, req *models.UpdatePasswordRequest) error {
// 获取用户信息
user, err := s.userRepo.GetByID(userID)
if err != nil {
return fmt.Errorf("failed to get user: %w", err)
}
if user == nil {
return fmt.Errorf("user not found")
}
// 验证旧密码
if err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(req.OldPassword)); err != nil {
return fmt.Errorf("invalid old password")
}
// 加密新密码
hashedPassword, err := bcrypt.GenerateFromPassword([]byte(req.NewPassword), bcrypt.DefaultCost)
if err != nil {
return fmt.Errorf("failed to hash password: %w", err)
}
// 更新密码
user.Password = string(hashedPassword)
if err := s.userRepo.Update(user); err != nil {
return fmt.Errorf("failed to update password: %w", err)
}
return nil
}
// CheckPermission 检查权限
func (s *AuthService) CheckPermission(userRole string, requiredRole string) bool {
roleLevel := map[string]int{
models.RoleUser: 1,
models.RoleEditor: 2,
models.RoleAdmin: 3,
}
userLevel, exists := roleLevel[userRole]
if !exists {
return false
}
requiredLevel, exists := roleLevel[requiredRole]
if !exists {
return false
}
return userLevel >= requiredLevel
}
// IsAdmin 检查是否为管理员
func (s *AuthService) IsAdmin(userRole string) bool {
return userRole == models.RoleAdmin
}
// IsEditor 检查是否为编辑者或以上
func (s *AuthService) IsEditor(userRole string) bool {
return userRole == models.RoleEditor || userRole == models.RoleAdmin
}

129
backend/internal/service/auth/jwt_service.go Normal file
View File

@ -0,0 +1,129 @@
package auth
import (
"fmt"
"time"
"github.com/golang-jwt/jwt/v5"
"photography-backend/internal/config"
)
// JWTService JWT服务
type JWTService struct {
secretKey []byte
accessTokenDuration time.Duration
refreshTokenDuration time.Duration
}
// JWTClaims JWT声明
type JWTClaims struct {
UserID uint `json:"user_id"`
Username string `json:"username"`
Role string `json:"role"`
jwt.RegisteredClaims
}
// TokenPair 令牌对
type TokenPair struct {
AccessToken string `json:"access_token"`
RefreshToken string `json:"refresh_token"`
TokenType string `json:"token_type"`
ExpiresIn int64 `json:"expires_in"`
}
// NewJWTService 创建JWT服务
func NewJWTService(cfg *config.JWTConfig) *JWTService {
return &JWTService{
secretKey: []byte(cfg.Secret),
accessTokenDuration: config.AppConfig.GetJWTExpiration(),
refreshTokenDuration: config.AppConfig.GetJWTRefreshExpiration(),
}
}
// GenerateTokenPair 生成令牌对
func (s *JWTService) GenerateTokenPair(userID uint, username, role string) (*TokenPair, error) {
// 生成访问令牌
accessToken, err := s.generateToken(userID, username, role, s.accessTokenDuration)
if err != nil {
return nil, fmt.Errorf("failed to generate access token: %w", err)
}
// 生成刷新令牌
refreshToken, err := s.generateToken(userID, username, role, s.refreshTokenDuration)
if err != nil {
return nil, fmt.Errorf("failed to generate refresh token: %w", err)
}
return &TokenPair{
AccessToken: accessToken,
RefreshToken: refreshToken,
TokenType: "Bearer",
ExpiresIn: int64(s.accessTokenDuration.Seconds()),
}, nil
}
// generateToken 生成令牌
func (s *JWTService) generateToken(userID uint, username, role string, duration time.Duration) (string, error) {
now := time.Now()
claims := &JWTClaims{
UserID: userID,
Username: username,
Role: role,
RegisteredClaims: jwt.RegisteredClaims{
ExpiresAt: jwt.NewNumericDate(now.Add(duration)),
IssuedAt: jwt.NewNumericDate(now),
NotBefore: jwt.NewNumericDate(now),
Issuer: "photography-backend",
},
}
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
return token.SignedString(s.secretKey)
}
// ValidateToken 验证令牌
func (s *JWTService) ValidateToken(tokenString string) (*JWTClaims, error) {
token, err := jwt.ParseWithClaims(tokenString, &JWTClaims{}, func(token *jwt.Token) (interface{}, error) {
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
}
return s.secretKey, nil
})
if err != nil {
return nil, fmt.Errorf("failed to parse token: %w", err)
}
if claims, ok := token.Claims.(*JWTClaims); ok && token.Valid {
return claims, nil
}
return nil, fmt.Errorf("invalid token")
}
// RefreshToken 刷新令牌
func (s *JWTService) RefreshToken(refreshToken string) (*TokenPair, error) {
claims, err := s.ValidateToken(refreshToken)
if err != nil {
return nil, fmt.Errorf("invalid refresh token: %w", err)
}
// 生成新的令牌对
return s.GenerateTokenPair(claims.UserID, claims.Username, claims.Role)
}
// GetClaimsFromToken 从令牌中获取声明
func (s *JWTService) GetClaimsFromToken(tokenString string) (*JWTClaims, error) {
token, err := jwt.ParseWithClaims(tokenString, &JWTClaims{}, func(token *jwt.Token) (interface{}, error) {
return s.secretKey, nil
})
if err != nil {
return nil, err
}
if claims, ok := token.Claims.(*JWTClaims); ok {
return claims, nil
}
return nil, fmt.Errorf("invalid claims")
}