package auth import ( "fmt" "time" "golang.org/x/crypto/bcrypt" "photography-backend/internal/models" "photography-backend/internal/repository/postgres" ) // AuthService 认证服务 type AuthService struct { userRepo postgres.UserRepository jwtService *JWTService } // NewAuthService 创建认证服务 func NewAuthService(userRepo postgres.UserRepository, jwtService *JWTService) *AuthService { return &AuthService{ userRepo: userRepo, jwtService: jwtService, } } // Login 用户登录 func (s *AuthService) Login(req *models.LoginRequest) (*models.LoginResponse, error) { // 根据用户名或邮箱查找用户 var user *models.User var err error // 尝试按用户名查找 user, err = s.userRepo.GetByUsername(req.Username) if err != nil { return nil, fmt.Errorf("failed to get user: %w", err) } // 如果用户名未找到,尝试按邮箱查找 if user == nil { user, err = s.userRepo.GetByEmail(req.Username) if err != nil { return nil, fmt.Errorf("failed to get user by email: %w", err) } } if user == nil { return nil, fmt.Errorf("invalid credentials") } // 检查用户是否激活 if !user.IsActive { return nil, fmt.Errorf("user account is deactivated") } // 验证密码 if err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(req.Password)); err != nil { return nil, fmt.Errorf("invalid credentials") } // 生成JWT令牌 tokenPair, err := s.jwtService.GenerateTokenPair(user.ID, user.Username, user.Role) if err != nil { return nil, fmt.Errorf("failed to generate tokens: %w", err) } // 更新最后登录时间 if err := s.userRepo.UpdateLastLogin(user.ID); err != nil { // 记录错误但不中断登录流程 fmt.Printf("failed to update last login: %v\n", err) } // 清除密码字段 user.Password = "" return &models.LoginResponse{ AccessToken: tokenPair.AccessToken, RefreshToken: tokenPair.RefreshToken, TokenType: tokenPair.TokenType, ExpiresIn: tokenPair.ExpiresIn, User: user, }, nil } // Register 用户注册 func (s *AuthService) Register(req *models.CreateUserRequest) (*models.User, error) { // 检查用户名是否已存在 existingUser, err := s.userRepo.GetByUsername(req.Username) if err != nil { return nil, fmt.Errorf("failed to check username: %w", err) } if existingUser != nil { return nil, fmt.Errorf("username already exists") } // 检查邮箱是否已存在 existingUser, err = s.userRepo.GetByEmail(req.Email) if err != nil { return nil, fmt.Errorf("failed to check email: %w", err) } if existingUser != nil { return nil, fmt.Errorf("email already exists") } // 加密密码 hashedPassword, err := bcrypt.GenerateFromPassword([]byte(req.Password), bcrypt.DefaultCost) if err != nil { return nil, fmt.Errorf("failed to hash password: %w", err) } // 创建用户 user := &models.User{ Username: req.Username, Email: req.Email, Password: string(hashedPassword), Name: req.Name, Role: req.Role, IsActive: true, } // 如果没有指定角色,默认为普通用户 if user.Role == "" { user.Role = models.RoleUser } if err := s.userRepo.Create(user); err != nil { return nil, fmt.Errorf("failed to create user: %w", err) } // 清除密码字段 user.Password = "" return user, nil } // RefreshToken 刷新令牌 func (s *AuthService) RefreshToken(req *models.RefreshTokenRequest) (*models.LoginResponse, error) { // 验证刷新令牌 claims, err := s.jwtService.ValidateToken(req.RefreshToken) if err != nil { return nil, fmt.Errorf("invalid refresh token: %w", err) } // 获取用户信息 user, err := s.userRepo.GetByID(claims.UserID) if err != nil { return nil, fmt.Errorf("failed to get user: %w", err) } if user == nil { return nil, fmt.Errorf("user not found") } // 检查用户是否激活 if !user.IsActive { return nil, fmt.Errorf("user account is deactivated") } // 生成新的令牌对 tokenPair, err := s.jwtService.GenerateTokenPair(user.ID, user.Username, user.Role) if err != nil { return nil, fmt.Errorf("failed to generate tokens: %w", err) } // 清除密码字段 user.Password = "" return &models.LoginResponse{ AccessToken: tokenPair.AccessToken, RefreshToken: tokenPair.RefreshToken, TokenType: tokenPair.TokenType, ExpiresIn: tokenPair.ExpiresIn, User: user, }, nil } // GetUserByID 根据ID获取用户 func (s *AuthService) GetUserByID(id uint) (*models.User, error) { user, err := s.userRepo.GetByID(id) if err != nil { return nil, fmt.Errorf("failed to get user: %w", err) } if user == nil { return nil, fmt.Errorf("user not found") } // 清除密码字段 user.Password = "" return user, nil } // UpdatePassword 更新密码 func (s *AuthService) UpdatePassword(userID uint, req *models.UpdatePasswordRequest) error { // 获取用户信息 user, err := s.userRepo.GetByID(userID) if err != nil { return fmt.Errorf("failed to get user: %w", err) } if user == nil { return fmt.Errorf("user not found") } // 验证旧密码 if err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(req.OldPassword)); err != nil { return fmt.Errorf("invalid old password") } // 加密新密码 hashedPassword, err := bcrypt.GenerateFromPassword([]byte(req.NewPassword), bcrypt.DefaultCost) if err != nil { return fmt.Errorf("failed to hash password: %w", err) } // 更新密码 user.Password = string(hashedPassword) if err := s.userRepo.Update(user); err != nil { return fmt.Errorf("failed to update password: %w", err) } return nil } // CheckPermission 检查权限 func (s *AuthService) CheckPermission(userRole string, requiredRole string) bool { roleLevel := map[string]int{ models.RoleUser: 1, models.RoleEditor: 2, models.RoleAdmin: 3, } userLevel, exists := roleLevel[userRole] if !exists { return false } requiredLevel, exists := roleLevel[requiredRole] if !exists { return false } return userLevel >= requiredLevel } // IsAdmin 检查是否为管理员 func (s *AuthService) IsAdmin(userRole string) bool { return userRole == models.RoleAdmin } // IsEditor 检查是否为编辑者或以上 func (s *AuthService) IsEditor(userRole string) bool { return userRole == models.RoleEditor || userRole == models.RoleAdmin }