package auth import ( "fmt" "golang.org/x/crypto/bcrypt" "photography-backend/internal/model/entity" "photography-backend/internal/model/dto" "photography-backend/internal/repository/postgres" ) // AuthService 认证服务 type AuthService struct { userRepo postgres.UserRepository jwtService *JWTService } // NewAuthService 创建认证服务 func NewAuthService(userRepo postgres.UserRepository, jwtService *JWTService) *AuthService { return &AuthService{ userRepo: userRepo, jwtService: jwtService, } } // Login 用户登录 func (s *AuthService) Login(req *dto.LoginRequest) (*dto.LoginResponse, error) { // 根据用户名或邮箱查找用户 var user *entity.User var err error // 按邮箱查找用户 user, err = s.userRepo.GetByEmail(req.Email) if err != nil { return nil, fmt.Errorf("failed to get user by email: %w", err) } if user == nil { return nil, fmt.Errorf("invalid credentials") } // 检查用户是否激活 if !user.IsActive { return nil, fmt.Errorf("user account is deactivated") } // 验证密码 if err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(req.Password)); err != nil { return nil, fmt.Errorf("invalid credentials") } // 生成JWT令牌 tokenPair, err := s.jwtService.GenerateTokenPair(user.ID, user.Username, string(user.Role)) if err != nil { return nil, fmt.Errorf("failed to generate tokens: %w", err) } // 更新最后登录时间 if err := s.userRepo.UpdateLastLogin(user.ID); err != nil { // 记录错误但不中断登录流程 fmt.Printf("failed to update last login: %v\n", err) } // 清除密码字段 user.Password = "" return &dto.LoginResponse{ Token: dto.TokenResponse{ AccessToken: tokenPair.AccessToken, RefreshToken: tokenPair.RefreshToken, TokenType: tokenPair.TokenType, ExpiresIn: tokenPair.ExpiresIn, }, User: *dto.ConvertToUserResponse(user), }, nil } // Register 用户注册 func (s *AuthService) Register(req *dto.CreateUserRequest) (*entity.User, error) { // 检查用户名是否已存在 existingUser, err := s.userRepo.GetByUsername(req.Username) if err != nil { return nil, fmt.Errorf("failed to check username: %w", err) } if existingUser != nil { return nil, fmt.Errorf("username already exists") } // 检查邮箱是否已存在 existingUser, err = s.userRepo.GetByEmail(req.Email) if err != nil { return nil, fmt.Errorf("failed to check email: %w", err) } if existingUser != nil { return nil, fmt.Errorf("email already exists") } // 加密密码 hashedPassword, err := bcrypt.GenerateFromPassword([]byte(req.Password), bcrypt.DefaultCost) if err != nil { return nil, fmt.Errorf("failed to hash password: %w", err) } // 创建用户 user := &entity.User{ Username: req.Username, Email: req.Email, Password: string(hashedPassword), Name: req.Name, Role: req.Role, IsActive: true, } // 如果没有指定角色,默认为普通用户 if user.Role == "" { user.Role = entity.UserRoleUser } if err := s.userRepo.Create(user); err != nil { return nil, fmt.Errorf("failed to create user: %w", err) } // 清除密码字段 user.Password = "" return user, nil } // RefreshToken 刷新令牌 func (s *AuthService) RefreshToken(req *dto.RefreshTokenRequest) (*dto.LoginResponse, error) { // 验证刷新令牌 claims, err := s.jwtService.ValidateToken(req.RefreshToken) if err != nil { return nil, fmt.Errorf("invalid refresh token: %w", err) } // 获取用户信息 user, err := s.userRepo.GetByID(claims.UserID) if err != nil { return nil, fmt.Errorf("failed to get user: %w", err) } if user == nil { return nil, fmt.Errorf("user not found") } // 检查用户是否激活 if !user.IsActive { return nil, fmt.Errorf("user account is deactivated") } // 生成新的令牌对 tokenPair, err := s.jwtService.GenerateTokenPair(user.ID, user.Username, string(user.Role)) if err != nil { return nil, fmt.Errorf("failed to generate tokens: %w", err) } // 清除密码字段 user.Password = "" return &dto.LoginResponse{ Token: dto.TokenResponse{ AccessToken: tokenPair.AccessToken, RefreshToken: tokenPair.RefreshToken, TokenType: tokenPair.TokenType, ExpiresIn: tokenPair.ExpiresIn, }, User: *dto.ConvertToUserResponse(user), }, nil } // GetUserByID 根据ID获取用户 func (s *AuthService) GetUserByID(id uint) (*entity.User, error) { user, err := s.userRepo.GetByID(id) if err != nil { return nil, fmt.Errorf("failed to get user: %w", err) } if user == nil { return nil, fmt.Errorf("user not found") } // 清除密码字段 user.Password = "" return user, nil } // UpdatePassword 更新密码 func (s *AuthService) UpdatePassword(userID uint, req *dto.ChangePasswordRequest) error { // 获取用户信息 user, err := s.userRepo.GetByID(userID) if err != nil { return fmt.Errorf("failed to get user: %w", err) } if user == nil { return fmt.Errorf("user not found") } // 验证旧密码 if err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(req.OldPassword)); err != nil { return fmt.Errorf("invalid old password") } // 加密新密码 hashedPassword, err := bcrypt.GenerateFromPassword([]byte(req.NewPassword), bcrypt.DefaultCost) if err != nil { return fmt.Errorf("failed to hash password: %w", err) } // 更新密码 user.Password = string(hashedPassword) if err := s.userRepo.Update(user); err != nil { return fmt.Errorf("failed to update password: %w", err) } return nil } // CheckPermission 检查权限 func (s *AuthService) CheckPermission(userRole entity.UserRole, requiredRole entity.UserRole) bool { roleLevel := map[entity.UserRole]int{ entity.UserRoleUser: 1, entity.UserRolePhotographer: 2, entity.UserRoleAdmin: 3, } userLevel, exists := roleLevel[userRole] if !exists { return false } requiredLevel, exists := roleLevel[requiredRole] if !exists { return false } return userLevel >= requiredLevel } // IsAdmin 检查是否为管理员 func (s *AuthService) IsAdmin(userRole entity.UserRole) bool { return userRole == entity.UserRoleAdmin } // IsPhotographer 检查是否为摄影师或以上 func (s *AuthService) IsPhotographer(userRole entity.UserRole) bool { return userRole == entity.UserRolePhotographer || userRole == entity.UserRoleAdmin }