134 lines
3.8 KiB
Go
134 lines
3.8 KiB
Go
package service
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"strings"
|
|
|
|
"github.com/user-management-system/internal/auth"
|
|
"github.com/user-management-system/internal/domain"
|
|
"github.com/user-management-system/internal/repository"
|
|
)
|
|
|
|
// UserService 用户服务
|
|
type UserService struct {
|
|
userRepo *repository.UserRepository
|
|
userRoleRepo *repository.UserRoleRepository
|
|
roleRepo *repository.RoleRepository
|
|
passwordHistoryRepo *repository.PasswordHistoryRepository
|
|
}
|
|
|
|
const passwordHistoryLimit = 5 // 保留最近5条密码历史
|
|
|
|
// NewUserService 创建用户服务实例
|
|
func NewUserService(
|
|
userRepo *repository.UserRepository,
|
|
userRoleRepo *repository.UserRoleRepository,
|
|
roleRepo *repository.RoleRepository,
|
|
passwordHistoryRepo *repository.PasswordHistoryRepository,
|
|
) *UserService {
|
|
return &UserService{
|
|
userRepo: userRepo,
|
|
userRoleRepo: userRoleRepo,
|
|
roleRepo: roleRepo,
|
|
passwordHistoryRepo: passwordHistoryRepo,
|
|
}
|
|
}
|
|
|
|
// ChangePassword 修改用户密码(含历史记录检查)
|
|
func (s *UserService) ChangePassword(ctx context.Context, userID int64, oldPassword, newPassword string) error {
|
|
if s.userRepo == nil {
|
|
return errors.New("user repository is not configured")
|
|
}
|
|
|
|
user, err := s.userRepo.GetByID(ctx, userID)
|
|
if err != nil {
|
|
return errors.New("用户不存在")
|
|
}
|
|
|
|
// 验证旧密码
|
|
if strings.TrimSpace(oldPassword) == "" {
|
|
return errors.New("请输入当前密码")
|
|
}
|
|
if !auth.VerifyPassword(user.Password, oldPassword) {
|
|
return errors.New("当前密码不正确")
|
|
}
|
|
|
|
// 检查新密码强度
|
|
if strings.TrimSpace(newPassword) == "" {
|
|
return errors.New("新密码不能为空")
|
|
}
|
|
if err := validatePasswordStrength(newPassword, 8, false); err != nil {
|
|
return err
|
|
}
|
|
|
|
// 检查密码历史
|
|
if s.passwordHistoryRepo != nil {
|
|
histories, err := s.passwordHistoryRepo.GetByUserID(ctx, userID, passwordHistoryLimit)
|
|
if err == nil && len(histories) > 0 {
|
|
for _, h := range histories {
|
|
if auth.VerifyPassword(h.PasswordHash, newPassword) {
|
|
return errors.New("新密码不能与最近5次密码相同")
|
|
}
|
|
}
|
|
}
|
|
|
|
// 保存新密码到历史记录
|
|
newHashedPassword, hashErr := auth.HashPassword(newPassword)
|
|
if hashErr != nil {
|
|
return errors.New("密码哈希失败")
|
|
}
|
|
|
|
go func() {
|
|
_ = s.passwordHistoryRepo.Create(context.Background(), &domain.PasswordHistory{
|
|
UserID: userID,
|
|
PasswordHash: newHashedPassword,
|
|
})
|
|
_ = s.passwordHistoryRepo.DeleteOldRecords(context.Background(), userID, passwordHistoryLimit)
|
|
}()
|
|
}
|
|
|
|
// 更新密码
|
|
newHashedPassword, err := auth.HashPassword(newPassword)
|
|
if err != nil {
|
|
return errors.New("密码哈希失败")
|
|
}
|
|
user.Password = newHashedPassword
|
|
return s.userRepo.Update(ctx, user)
|
|
}
|
|
|
|
// GetByID 根据ID获取用户
|
|
func (s *UserService) GetByID(ctx context.Context, id int64) (*domain.User, error) {
|
|
return s.userRepo.GetByID(ctx, id)
|
|
}
|
|
|
|
// GetByEmail 根据邮箱获取用户
|
|
func (s *UserService) GetByEmail(ctx context.Context, email string) (*domain.User, error) {
|
|
return s.userRepo.GetByEmail(ctx, email)
|
|
}
|
|
|
|
// Create 创建用户
|
|
func (s *UserService) Create(ctx context.Context, user *domain.User) error {
|
|
return s.userRepo.Create(ctx, user)
|
|
}
|
|
|
|
// Update 更新用户
|
|
func (s *UserService) Update(ctx context.Context, user *domain.User) error {
|
|
return s.userRepo.Update(ctx, user)
|
|
}
|
|
|
|
// Delete 删除用户
|
|
func (s *UserService) Delete(ctx context.Context, id int64) error {
|
|
return s.userRepo.Delete(ctx, id)
|
|
}
|
|
|
|
// List 获取用户列表
|
|
func (s *UserService) List(ctx context.Context, offset, limit int) ([]*domain.User, int64, error) {
|
|
return s.userRepo.List(ctx, offset, limit)
|
|
}
|
|
|
|
// UpdateStatus 更新用户状态
|
|
func (s *UserService) UpdateStatus(ctx context.Context, id int64, status domain.UserStatus) error {
|
|
return s.userRepo.UpdateStatus(ctx, id, status)
|
|
}
|