feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers

2026-04-02 11:19:50 +08:00
parent e59a77bc49
commit dcc1f186f8
298 changed files with 62603 additions and 0 deletions
--- a/internal/service/sms.go
+++ b/internal/service/sms.go
@@ -0,0 +1,462 @@
+package service
+
+import (
+	"context"
+	cryptorand "crypto/rand"
+	"encoding/json"
+	"fmt"
+	"log"
+	"regexp"
+	"strings"
+	"time"
+
+	aliyunopenapiutil "github.com/alibabacloud-go/darabonba-openapi/v2/utils"
+	aliyunsms "github.com/alibabacloud-go/dysmsapi-20170525/v5/client"
+	"github.com/alibabacloud-go/tea/dara"
+	tccommon "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common"
+	tcprofile "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile"
+	tcsms "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/sms/v20210111"
+)
+
+var (
+	validPhonePattern         = regexp.MustCompile(`^((\+86|86)?1[3-9]\d{9}|\+[1-9]\d{6,14})$`)
+	mainlandPhonePattern      = regexp.MustCompile(`^1[3-9]\d{9}$`)
+	mainlandPhone86Pattern    = regexp.MustCompile(`^86(1[3-9]\d{9})$`)
+	mainlandPhone0086Pattern  = regexp.MustCompile(`^0086(1[3-9]\d{9})$`)
+	verificationCodeCharset10 = 1000000
+)
+
+// SMSProvider sends one verification code to one phone number.
+type SMSProvider interface {
+	SendVerificationCode(ctx context.Context, phone, code string) error
+}
+
+// MockSMSProvider is a test helper and is not wired into the server runtime.
+type MockSMSProvider struct{}
+
+func (m *MockSMSProvider) SendVerificationCode(ctx context.Context, phone, code string) error {
+	_ = ctx
+	// 安全：不在日志中记录完整验证码，仅显示部分信息用于调试
+	maskedCode := "****"
+	if len(code) >= 4 {
+		maskedCode = strings.Repeat("*", len(code)-4) + code[len(code)-4:]
+	}
+	log.Printf("[sms-mock] phone=%s code=%s ttl=5m", phone, maskedCode)
+	return nil
+}
+
+type aliyunSMSClient interface {
+	SendSms(request *aliyunsms.SendSmsRequest) (*aliyunsms.SendSmsResponse, error)
+}
+
+type tencentSMSClient interface {
+	SendSmsWithContext(ctx context.Context, request *tcsms.SendSmsRequest) (*tcsms.SendSmsResponse, error)
+}
+
+type AliyunSMSConfig struct {
+	AccessKeyID     string
+	AccessKeySecret string
+	SignName        string
+	TemplateCode    string
+	Endpoint        string
+	RegionID        string
+	CodeParamName   string
+}
+
+type AliyunSMSProvider struct {
+	cfg    AliyunSMSConfig
+	client aliyunSMSClient
+}
+
+func NewAliyunSMSProvider(cfg AliyunSMSConfig) (SMSProvider, error) {
+	cfg = normalizeAliyunSMSConfig(cfg)
+	if cfg.AccessKeyID == "" || cfg.AccessKeySecret == "" || cfg.SignName == "" || cfg.TemplateCode == "" {
+		return nil, fmt.Errorf("aliyun SMS config is incomplete")
+	}
+
+	client, err := newAliyunSMSClient(cfg)
+	if err != nil {
+		return nil, fmt.Errorf("create aliyun SMS client failed: %w", err)
+	}
+
+	return &AliyunSMSProvider{
+		cfg:    cfg,
+		client: client,
+	}, nil
+}
+
+func newAliyunSMSClient(cfg AliyunSMSConfig) (aliyunSMSClient, error) {
+	client, err := aliyunsms.NewClient(&aliyunopenapiutil.Config{
+		AccessKeyId:     dara.String(cfg.AccessKeyID),
+		AccessKeySecret: dara.String(cfg.AccessKeySecret),
+		Endpoint:        stringPointerOrNil(cfg.Endpoint),
+		RegionId:        dara.String(cfg.RegionID),
+	})
+	if err != nil {
+		return nil, err
+	}
+	return client, nil
+}
+
+func (a *AliyunSMSProvider) SendVerificationCode(ctx context.Context, phone, code string) error {
+	_ = ctx
+
+	templateParam, err := json.Marshal(map[string]string{
+		a.cfg.CodeParamName: code,
+	})
+	if err != nil {
+		return fmt.Errorf("marshal aliyun SMS template param failed: %w", err)
+	}
+
+	resp, err := a.client.SendSms(
+		new(aliyunsms.SendSmsRequest).
+			SetPhoneNumbers(normalizePhoneForSMS(phone)).
+			SetSignName(a.cfg.SignName).
+			SetTemplateCode(a.cfg.TemplateCode).
+			SetTemplateParam(string(templateParam)),
+	)
+	if err != nil {
+		return fmt.Errorf("aliyun SMS request failed: %w", err)
+	}
+	if resp == nil || resp.Body == nil {
+		return fmt.Errorf("aliyun SMS returned empty response")
+	}
+
+	body := resp.Body
+	if !strings.EqualFold(dara.StringValue(body.Code), "OK") {
+		return fmt.Errorf(
+			"aliyun SMS rejected: code=%s message=%s request_id=%s",
+			valueOrDefault(dara.StringValue(body.Code), "unknown"),
+			valueOrDefault(dara.StringValue(body.Message), "unknown"),
+			valueOrDefault(dara.StringValue(body.RequestId), "unknown"),
+		)
+	}
+
+	return nil
+}
+
+type TencentSMSConfig struct {
+	SecretID   string
+	SecretKey  string
+	AppID      string
+	SignName   string
+	TemplateID string
+	Region     string
+	Endpoint   string
+}
+
+type TencentSMSProvider struct {
+	cfg    TencentSMSConfig
+	client tencentSMSClient
+}
+
+func NewTencentSMSProvider(cfg TencentSMSConfig) (SMSProvider, error) {
+	cfg = normalizeTencentSMSConfig(cfg)
+	if cfg.SecretID == "" || cfg.SecretKey == "" || cfg.AppID == "" || cfg.SignName == "" || cfg.TemplateID == "" {
+		return nil, fmt.Errorf("tencent SMS config is incomplete")
+	}
+
+	client, err := newTencentSMSClient(cfg)
+	if err != nil {
+		return nil, fmt.Errorf("create tencent SMS client failed: %w", err)
+	}
+
+	return &TencentSMSProvider{
+		cfg:    cfg,
+		client: client,
+	}, nil
+}
+
+func newTencentSMSClient(cfg TencentSMSConfig) (tencentSMSClient, error) {
+	clientProfile := tcprofile.NewClientProfile()
+	clientProfile.HttpProfile.ReqTimeout = 30
+	if cfg.Endpoint != "" {
+		clientProfile.HttpProfile.Endpoint = cfg.Endpoint
+	}
+
+	client, err := tcsms.NewClient(
+		tccommon.NewCredential(cfg.SecretID, cfg.SecretKey),
+		cfg.Region,
+		clientProfile,
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	return client, nil
+}
+
+func (t *TencentSMSProvider) SendVerificationCode(ctx context.Context, phone, code string) error {
+	req := tcsms.NewSendSmsRequest()
+	req.PhoneNumberSet = []*string{tccommon.StringPtr(normalizePhoneForSMS(phone))}
+	req.SmsSdkAppId = tccommon.StringPtr(t.cfg.AppID)
+	req.SignName = tccommon.StringPtr(t.cfg.SignName)
+	req.TemplateId = tccommon.StringPtr(t.cfg.TemplateID)
+	req.TemplateParamSet = []*string{tccommon.StringPtr(code)}
+
+	resp, err := t.client.SendSmsWithContext(ctx, req)
+	if err != nil {
+		return fmt.Errorf("tencent SMS request failed: %w", err)
+	}
+	if resp == nil || resp.Response == nil {
+		return fmt.Errorf("tencent SMS returned empty response")
+	}
+	if len(resp.Response.SendStatusSet) == 0 {
+		return fmt.Errorf(
+			"tencent SMS returned empty status list: request_id=%s",
+			valueOrDefault(pointerString(resp.Response.RequestId), "unknown"),
+		)
+	}
+
+	status := resp.Response.SendStatusSet[0]
+	if !strings.EqualFold(pointerString(status.Code), "Ok") {
+		return fmt.Errorf(
+			"tencent SMS rejected: code=%s message=%s request_id=%s",
+			valueOrDefault(pointerString(status.Code), "unknown"),
+			valueOrDefault(pointerString(status.Message), "unknown"),
+			valueOrDefault(pointerString(resp.Response.RequestId), "unknown"),
+		)
+	}
+
+	return nil
+}
+
+type SMSCodeConfig struct {
+	CodeTTL        time.Duration
+	ResendCooldown time.Duration
+	MaxDailyLimit  int
+}
+
+func DefaultSMSCodeConfig() SMSCodeConfig {
+	return SMSCodeConfig{
+		CodeTTL:        5 * time.Minute,
+		ResendCooldown: time.Minute,
+		MaxDailyLimit:  10,
+	}
+}
+
+type SMSCodeService struct {
+	provider SMSProvider
+	cache    cacheInterface
+	cfg      SMSCodeConfig
+}
+
+type cacheInterface interface {
+	Get(ctx context.Context, key string) (interface{}, bool)
+	Set(ctx context.Context, key string, value interface{}, l1TTL, l2TTL time.Duration) error
+	Delete(ctx context.Context, key string) error
+}
+
+func NewSMSCodeService(provider SMSProvider, cacheManager cacheInterface, cfg SMSCodeConfig) *SMSCodeService {
+	if cfg.CodeTTL <= 0 {
+		cfg.CodeTTL = 5 * time.Minute
+	}
+	if cfg.ResendCooldown <= 0 {
+		cfg.ResendCooldown = time.Minute
+	}
+	if cfg.MaxDailyLimit <= 0 {
+		cfg.MaxDailyLimit = 10
+	}
+
+	return &SMSCodeService{
+		provider: provider,
+		cache:    cacheManager,
+		cfg:      cfg,
+	}
+}
+
+type SendCodeRequest struct {
+	Phone   string `json:"phone" binding:"required"`
+	Purpose string `json:"purpose"`
+	Scene   string `json:"scene"`
+}
+
+type SendCodeResponse struct {
+	ExpiresIn int `json:"expires_in"`
+	Cooldown  int `json:"cooldown"`
+}
+
+func (s *SMSCodeService) SendCode(ctx context.Context, req *SendCodeRequest) (*SendCodeResponse, error) {
+	if s == nil || s.provider == nil || s.cache == nil {
+		return nil, fmt.Errorf("sms code service is not configured")
+	}
+	if req == nil {
+		return nil, newValidationError("\u8bf7\u6c42\u4e0d\u80fd\u4e3a\u7a7a")
+	}
+
+	phone := strings.TrimSpace(req.Phone)
+	if !isValidPhone(phone) {
+		return nil, newValidationError("\u624b\u673a\u53f7\u7801\u683c\u5f0f\u4e0d\u6b63\u786e")
+	}
+	purpose := strings.TrimSpace(req.Purpose)
+	if purpose == "" {
+		purpose = strings.TrimSpace(req.Scene)
+	}
+
+	cooldownKey := fmt.Sprintf("sms_cooldown:%s", phone)
+	if _, ok := s.cache.Get(ctx, cooldownKey); ok {
+		return nil, newRateLimitError(fmt.Sprintf("\u64cd\u4f5c\u8fc7\u4e8e\u9891\u7e41\uff0c\u8bf7 %d \u79d2\u540e\u518d\u8bd5", int(s.cfg.ResendCooldown.Seconds())))
+	}
+
+	dailyKey := fmt.Sprintf("sms_daily:%s:%s", phone, time.Now().Format("2006-01-02"))
+	var dailyCount int
+	if val, ok := s.cache.Get(ctx, dailyKey); ok {
+		if n, ok := intValue(val); ok {
+			dailyCount = n
+		}
+	}
+	if dailyCount >= s.cfg.MaxDailyLimit {
+		return nil, newRateLimitError(fmt.Sprintf("\u4eca\u65e5\u53d1\u9001\u6b21\u6570\u5df2\u8fbe\u4e0a\u9650\uff08%d\u6b21\uff09\uff0c\u8bf7\u660e\u65e5\u518d\u8bd5", s.cfg.MaxDailyLimit))
+	}
+
+	code, err := generateSMSCode()
+	if err != nil {
+		return nil, fmt.Errorf("generate sms code failed: %w", err)
+	}
+
+	codeKey := fmt.Sprintf("sms_code:%s:%s", purpose, phone)
+	if err := s.cache.Set(ctx, codeKey, code, s.cfg.CodeTTL, s.cfg.CodeTTL); err != nil {
+		return nil, fmt.Errorf("store sms code failed: %w", err)
+	}
+	if err := s.cache.Set(ctx, cooldownKey, true, s.cfg.ResendCooldown, s.cfg.ResendCooldown); err != nil {
+		_ = s.cache.Delete(ctx, codeKey)
+		return nil, fmt.Errorf("store sms cooldown failed: %w", err)
+	}
+	if err := s.cache.Set(ctx, dailyKey, dailyCount+1, 24*time.Hour, 24*time.Hour); err != nil {
+		_ = s.cache.Delete(ctx, codeKey)
+		_ = s.cache.Delete(ctx, cooldownKey)
+		return nil, fmt.Errorf("store sms daily counter failed: %w", err)
+	}
+
+	if err := s.provider.SendVerificationCode(ctx, phone, code); err != nil {
+		_ = s.cache.Delete(ctx, codeKey)
+		_ = s.cache.Delete(ctx, cooldownKey)
+		return nil, fmt.Errorf("\u77ed\u4fe1\u53d1\u9001\u5931\u8d25: %w", err)
+	}
+
+	return &SendCodeResponse{
+		ExpiresIn: int(s.cfg.CodeTTL.Seconds()),
+		Cooldown:  int(s.cfg.ResendCooldown.Seconds()),
+	}, nil
+}
+
+func (s *SMSCodeService) VerifyCode(ctx context.Context, phone, purpose, code string) error {
+	if s == nil || s.cache == nil {
+		return fmt.Errorf("sms code service is not configured")
+	}
+	if strings.TrimSpace(code) == "" {
+		return fmt.Errorf("\u9a8c\u8bc1\u7801\u4e0d\u80fd\u4e3a\u7a7a")
+	}
+
+	phone = strings.TrimSpace(phone)
+	purpose = strings.TrimSpace(purpose)
+	codeKey := fmt.Sprintf("sms_code:%s:%s", purpose, phone)
+	val, ok := s.cache.Get(ctx, codeKey)
+	if !ok {
+		return fmt.Errorf("\u9a8c\u8bc1\u7801\u5df2\u8fc7\u671f\u6216\u4e0d\u5b58\u5728")
+	}
+
+	stored, ok := val.(string)
+	if !ok || stored != code {
+		return fmt.Errorf("\u9a8c\u8bc1\u7801\u4e0d\u6b63\u786e")
+	}
+
+	if err := s.cache.Delete(ctx, codeKey); err != nil {
+		return fmt.Errorf("consume sms code failed: %w", err)
+	}
+
+	return nil
+}
+
+func isValidPhone(phone string) bool {
+	return validPhonePattern.MatchString(strings.TrimSpace(phone))
+}
+
+func generateSMSCode() (string, error) {
+	b := make([]byte, 4)
+	if _, err := cryptorand.Read(b); err != nil {
+		return "", err
+	}
+
+	n := int(b[0])<<24 | int(b[1])<<16 | int(b[2])<<8 | int(b[3])
+	if n < 0 {
+		n = -n
+	}
+	n = n % verificationCodeCharset10
+	if n < 100000 {
+		n += 100000
+	}
+
+	return fmt.Sprintf("%06d", n), nil
+}
+
+func normalizeAliyunSMSConfig(cfg AliyunSMSConfig) AliyunSMSConfig {
+	cfg.AccessKeyID = strings.TrimSpace(cfg.AccessKeyID)
+	cfg.AccessKeySecret = strings.TrimSpace(cfg.AccessKeySecret)
+	cfg.SignName = strings.TrimSpace(cfg.SignName)
+	cfg.TemplateCode = strings.TrimSpace(cfg.TemplateCode)
+	cfg.Endpoint = strings.TrimSpace(cfg.Endpoint)
+	cfg.RegionID = strings.TrimSpace(cfg.RegionID)
+	cfg.CodeParamName = strings.TrimSpace(cfg.CodeParamName)
+
+	if cfg.RegionID == "" {
+		cfg.RegionID = "cn-hangzhou"
+	}
+	if cfg.CodeParamName == "" {
+		cfg.CodeParamName = "code"
+	}
+
+	return cfg
+}
+
+func normalizeTencentSMSConfig(cfg TencentSMSConfig) TencentSMSConfig {
+	cfg.SecretID = strings.TrimSpace(cfg.SecretID)
+	cfg.SecretKey = strings.TrimSpace(cfg.SecretKey)
+	cfg.AppID = strings.TrimSpace(cfg.AppID)
+	cfg.SignName = strings.TrimSpace(cfg.SignName)
+	cfg.TemplateID = strings.TrimSpace(cfg.TemplateID)
+	cfg.Region = strings.TrimSpace(cfg.Region)
+	cfg.Endpoint = strings.TrimSpace(cfg.Endpoint)
+
+	if cfg.Region == "" {
+		cfg.Region = "ap-guangzhou"
+	}
+
+	return cfg
+}
+
+func normalizePhoneForSMS(phone string) string {
+	phone = strings.TrimSpace(phone)
+
+	switch {
+	case mainlandPhonePattern.MatchString(phone):
+		return "+86" + phone
+	case mainlandPhone86Pattern.MatchString(phone):
+		return "+" + phone
+	case mainlandPhone0086Pattern.MatchString(phone):
+		return "+86" + mainlandPhone0086Pattern.ReplaceAllString(phone, "$1")
+	default:
+		return phone
+	}
+}
+
+func stringPointerOrNil(value string) *string {
+	if value == "" {
+		return nil
+	}
+	return dara.String(value)
+}
+
+func pointerString(value *string) string {
+	if value == nil {
+		return ""
+	}
+	return *value
+}
+
+func valueOrDefault(value, fallback string) string {
+	if strings.TrimSpace(value) == "" {
+		return fallback
+	}
+	return value
+}