feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers

2026-04-02 11:19:50 +08:00
parent e59a77bc49
commit dcc1f186f8
298 changed files with 62603 additions and 0 deletions
--- a/internal/service/auth_email.go
+++ b/internal/service/auth_email.go
@@ -0,0 +1,201 @@
+package service
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"log"
+
+	"github.com/user-management-system/internal/auth"
+	"github.com/user-management-system/internal/domain"
+)
+
+func (s *AuthService) SetEmailActivationService(svc *EmailActivationService) {
+	s.emailActivationSvc = svc
+}
+
+func (s *AuthService) SetEmailCodeService(svc *EmailCodeService) {
+	s.emailCodeSvc = svc
+}
+
+func (s *AuthService) RegisterWithActivation(ctx context.Context, req *RegisterRequest) (*UserInfo, error) {
+	if err := s.validatePassword(req.Password); err != nil {
+		return nil, err
+	}
+	if err := s.verifyPhoneRegistration(ctx, req); err != nil {
+		return nil, err
+	}
+
+	exists, err := s.userRepo.ExistsByUsername(ctx, req.Username)
+	if err != nil {
+		return nil, err
+	}
+	if exists {
+		return nil, errors.New("username already exists")
+	}
+
+	if req.Email != "" {
+		exists, err = s.userRepo.ExistsByEmail(ctx, req.Email)
+		if err != nil {
+			return nil, err
+		}
+		if exists {
+			return nil, errors.New("email already exists")
+		}
+	}
+
+	if req.Phone != "" {
+		exists, err = s.userRepo.ExistsByPhone(ctx, req.Phone)
+		if err != nil {
+			return nil, err
+		}
+		if exists {
+			return nil, errors.New("phone already exists")
+		}
+	}
+
+	hashedPassword, err := auth.HashPassword(req.Password)
+	if err != nil {
+		return nil, err
+	}
+
+	initialStatus := domain.UserStatusActive
+	if s.emailActivationSvc != nil && req.Email != "" {
+		initialStatus = domain.UserStatusInactive
+	}
+
+	user := &domain.User{
+		Username: req.Username,
+		Email:    domain.StrPtr(req.Email),
+		Phone:    domain.StrPtr(req.Phone),
+		Password: hashedPassword,
+		Nickname: req.Nickname,
+		Status:   initialStatus,
+	}
+	if err := s.userRepo.Create(ctx, user); err != nil {
+		return nil, err
+	}
+
+	s.bestEffortAssignDefaultRoles(ctx, user.ID, "register_with_activation")
+
+	if s.emailActivationSvc != nil && req.Email != "" {
+		nickname := req.Nickname
+		if nickname == "" {
+			nickname = req.Username
+		}
+		go func() {
+			if err := s.emailActivationSvc.SendActivationEmail(ctx, user.ID, req.Email, nickname); err != nil {
+				log.Printf("auth: send activation email failed, user_id=%d email=%s err=%v", user.ID, req.Email, err)
+			}
+		}()
+	}
+
+	userInfo := s.buildUserInfo(user)
+	s.publishEvent(ctx, domain.EventUserRegistered, userInfo)
+	return userInfo, nil
+}
+
+func (s *AuthService) ActivateEmail(ctx context.Context, token string) error {
+	if s.emailActivationSvc == nil {
+		return errors.New("email activation service is not configured")
+	}
+
+	userID, err := s.emailActivationSvc.ValidateActivationToken(ctx, token)
+	if err != nil {
+		return err
+	}
+
+	user, err := s.userRepo.GetByID(ctx, userID)
+	if err != nil {
+		return fmt.Errorf("user not found: %w", err)
+	}
+
+	if user.Status == domain.UserStatusActive {
+		return errors.New("account already activated")
+	}
+	if user.Status != domain.UserStatusInactive {
+		return errors.New("account status does not allow activation")
+	}
+
+	return s.userRepo.UpdateStatus(ctx, userID, domain.UserStatusActive)
+}
+
+func (s *AuthService) ResendActivationEmail(ctx context.Context, email string) error {
+	if s.emailActivationSvc == nil {
+		return errors.New("email activation service is not configured")
+	}
+
+	user, err := s.userRepo.GetByEmail(ctx, email)
+	if err != nil {
+		if isUserNotFoundError(err) {
+			return nil
+		}
+		return err
+	}
+	if user.Status == domain.UserStatusActive {
+		return nil
+	}
+	if user.Status != domain.UserStatusInactive {
+		return errors.New("account status does not allow activation")
+	}
+
+	nickname := user.Nickname
+	if nickname == "" {
+		nickname = user.Username
+	}
+	return s.emailActivationSvc.SendActivationEmail(ctx, user.ID, email, nickname)
+}
+
+func (s *AuthService) SendEmailLoginCode(ctx context.Context, email string) error {
+	if s.emailCodeSvc == nil {
+		return errors.New("email code service is not configured")
+	}
+
+	_, err := s.userRepo.GetByEmail(ctx, email)
+	if err != nil {
+		if isUserNotFoundError(err) {
+			return nil
+		}
+		return err
+	}
+	return s.emailCodeSvc.SendEmailCode(ctx, email, "login")
+}
+
+func (s *AuthService) LoginByEmailCode(ctx context.Context, email, code, ip string) (*LoginResponse, error) {
+	if s.emailCodeSvc == nil {
+		return nil, errors.New("email code login is disabled")
+	}
+
+	if err := s.emailCodeSvc.VerifyEmailCode(ctx, email, "login", code); err != nil {
+		s.writeLoginLog(ctx, nil, domain.LoginTypeEmailCode, ip, false, err.Error())
+		return nil, err
+	}
+
+	user, err := s.userRepo.GetByEmail(ctx, email)
+	if err != nil {
+		if isUserNotFoundError(err) {
+			s.writeLoginLog(ctx, nil, domain.LoginTypeEmailCode, ip, false, "email not registered")
+			return nil, errors.New("email not registered")
+		}
+		s.writeLoginLog(ctx, nil, domain.LoginTypeEmailCode, ip, false, err.Error())
+		return nil, err
+	}
+
+	if err := s.ensureUserActive(user); err != nil {
+		s.writeLoginLog(ctx, &user.ID, domain.LoginTypeEmailCode, ip, false, err.Error())
+		s.recordLoginAnomaly(ctx, &user.ID, ip, "", "", false)
+		return nil, err
+	}
+
+	s.bestEffortUpdateLastLogin(ctx, user.ID, ip, "email_code")
+	s.writeLoginLog(ctx, &user.ID, domain.LoginTypeEmailCode, ip, true, "")
+	s.recordLoginAnomaly(ctx, &user.ID, ip, "", "", true)
+	s.publishEvent(ctx, domain.EventUserLogin, map[string]interface{}{
+		"user_id":  user.ID,
+		"username": user.Username,
+		"ip":       ip,
+		"method":   "email_code",
+	})
+
+	return s.generateLoginResponseWithoutRemember(ctx, user)
+}