feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers

2026-04-02 11:19:50 +08:00
parent e59a77bc49
commit dcc1f186f8
298 changed files with 62603 additions and 0 deletions
--- a/internal/database/db.go
+++ b/internal/database/db.go
@@ -0,0 +1,212 @@
+package database
+
+import (
+	"fmt"
+	"log"
+
+	"github.com/glebarez/sqlite"
+	"gorm.io/gorm"
+
+	"github.com/user-management-system/internal/auth"
+	"github.com/user-management-system/internal/config"
+	"github.com/user-management-system/internal/domain"
+)
+
+type DB struct {
+	*gorm.DB
+}
+
+func NewDB(cfg *config.Config) (*DB, error) {
+	// 当前仅支持 SQLite
+	// 如果配置中指定了数据库路径则使用它，否则使用默认路径
+	dbPath := "./data/user_management.db"
+	if cfg != nil && cfg.Database.DBName != "" {
+		dbPath = cfg.Database.DBName
+	}
+	dialector := sqlite.Open(dbPath)
+
+	db, err := gorm.Open(dialector, &gorm.Config{})
+	if err != nil {
+		return nil, fmt.Errorf("connect database failed: %w", err)
+	}
+
+	return &DB{DB: db}, nil
+}
+
+func (db *DB) AutoMigrate(cfg *config.Config) error {
+	log.Println("starting database migration")
+	if err := db.DB.AutoMigrate(
+		&domain.User{},
+		&domain.Role{},
+		&domain.Permission{},
+		&domain.UserRole{},
+		&domain.RolePermission{},
+		&domain.Device{},
+		&domain.LoginLog{},
+		&domain.OperationLog{},
+		&domain.SocialAccount{},
+		&domain.Webhook{},
+		&domain.WebhookDelivery{},
+		&domain.PasswordHistory{},
+	); err != nil {
+		return fmt.Errorf("database migration failed: %w", err)
+	}
+
+	if err := db.initDefaultData(cfg); err != nil {
+		return fmt.Errorf("initialize default data failed: %w", err)
+	}
+
+	return nil
+}
+
+func (db *DB) initDefaultData(cfg *config.Config) error {
+	var count int64
+	if err := db.DB.Model(&domain.Role{}).Count(&count).Error; err != nil {
+		return err
+	}
+	if count > 0 {
+		// 角色已存在，仍需补充权限数据（升级场景）
+		if err := db.ensurePermissions(); err != nil {
+			log.Printf("warn: ensure permissions failed: %v", err)
+		}
+		log.Println("default data already exists, skipping bootstrap")
+		return nil
+	}
+
+	log.Println("bootstrapping default roles and permissions")
+
+	// 1. 创建角色
+	var adminRoleID int64
+	var userRoleID int64
+	for _, predefined := range domain.PredefinedRoles {
+		role := predefined
+		if err := db.DB.Create(&role).Error; err != nil {
+			return fmt.Errorf("create role failed: %w", err)
+		}
+		if role.Code == "admin" {
+			adminRoleID = role.ID
+		}
+		if role.Code == "user" {
+			userRoleID = role.ID
+		}
+	}
+
+	// 2. 创建权限
+	permIDs, err := db.createDefaultPermissions()
+	if err != nil {
+		return fmt.Errorf("create permissions failed: %w", err)
+	}
+
+	// 3. 给 admin 角色绑定所有权限
+	if adminRoleID > 0 {
+		for _, permID := range permIDs {
+			db.DB.Create(&domain.RolePermission{RoleID: adminRoleID, PermissionID: permID})
+		}
+		log.Printf("assigned %d permissions to admin role", len(permIDs))
+	}
+
+	// 4. 给普通用户角色绑定基础权限
+	if userRoleID > 0 {
+		userPermCodes := []string{"profile:view", "profile:edit", "log:view_own"}
+		for _, code := range userPermCodes {
+			var perm domain.Permission
+			if err := db.DB.Where("code = ?", code).First(&perm).Error; err == nil {
+				db.DB.Create(&domain.RolePermission{RoleID: userRoleID, PermissionID: perm.ID})
+			}
+		}
+	}
+
+	// 5. 创建 admin 用户
+	adminUsername := cfg.Default.AdminEmail
+	adminPassword := cfg.Default.AdminPassword
+	if adminUsername == "" || adminPassword == "" {
+		log.Println("admin bootstrap skipped: default.admin_email/admin_password not configured")
+		return nil
+	}
+
+	passwordHash, err := auth.HashPassword(adminPassword)
+	if err != nil {
+		return fmt.Errorf("hash admin password failed: %w", err)
+	}
+
+	adminUser := &domain.User{
+		Username: adminUsername,
+		Email:    domain.StrPtr(adminUsername),
+		Password: passwordHash,
+		Nickname: "系统管理员",
+		Status:   domain.UserStatusActive,
+	}
+	if err := db.DB.Create(adminUser).Error; err != nil {
+		return fmt.Errorf("create admin user failed: %w", err)
+	}
+
+	if adminRoleID == 0 {
+		return fmt.Errorf("admin role missing during bootstrap")
+	}
+
+	if err := db.DB.Create(&domain.UserRole{
+		UserID: adminUser.ID,
+		RoleID: adminRoleID,
+	}).Error; err != nil {
+		return fmt.Errorf("assign admin role failed: %w", err)
+	}
+
+	log.Printf("bootstrap completed: admin user=%s, roles=%d, permissions=%d",
+		adminUser.Username, 2, len(permIDs))
+	return nil
+}
+
+// ensurePermissions 在升级场景中补充缺失的权限数据
+func (db *DB) ensurePermissions() error {
+	var permCount int64
+	db.DB.Model(&domain.Permission{}).Count(&permCount)
+	if permCount > 0 {
+		return nil // 已有权限数据
+	}
+
+	log.Println("permissions table is empty, seeding default permissions")
+	permIDs, err := db.createDefaultPermissions()
+	if err != nil {
+		return err
+	}
+
+	// 找到 admin 角色并绑定所有权限
+	var adminRole domain.Role
+	if err := db.DB.Where("code = ?", "admin").First(&adminRole).Error; err == nil {
+		for _, permID := range permIDs {
+			db.DB.Create(&domain.RolePermission{RoleID: adminRole.ID, PermissionID: permID})
+		}
+		log.Printf("assigned %d permissions to admin role (upgrade)", len(permIDs))
+	}
+
+	// 找到普通用户角色并绑定基础权限
+	var userRole domain.Role
+	if err := db.DB.Where("code = ?", "user").First(&userRole).Error; err == nil {
+		userPermCodes := []string{"profile:view", "profile:edit", "log:view_own"}
+		for _, code := range userPermCodes {
+			var perm domain.Permission
+			if err := db.DB.Where("code = ?", code).First(&perm).Error; err == nil {
+				db.DB.Create(&domain.RolePermission{RoleID: userRole.ID, PermissionID: perm.ID})
+			}
+		}
+	}
+
+	return nil
+}
+
+// createDefaultPermissions 创建默认权限列表，返回所有权限 ID
+func (db *DB) createDefaultPermissions() ([]int64, error) {
+	permissions := domain.DefaultPermissions()
+	var ids []int64
+	for i := range permissions {
+		p := permissions[i]
+		// 使用 FirstOrCreate 防止重复插入（幂等）
+		result := db.DB.Where("code = ?", p.Code).FirstOrCreate(&p)
+		if result.Error != nil {
+			log.Printf("warn: create permission %s failed: %v", p.Code, result.Error)
+			continue
+		}
+		ids = append(ids, p.ID)
+	}
+	return ids, nil
+}