fix: 修复复审中发现的NEW-P0和NEW-P1问题
修复内容: 1. NEW-P0-03: 删除重复的api.Register(mux)调用 2. NEW-P0-04: 修复handler/mux链路混乱问题 3. NEW-P1-03: 添加tokenBackend和auditEmitter适配器修复nil问题 4. NEW-P1-04: 幂等中间件因repo为nil保持禁用,使用内联幂等逻辑 5. NEW-P1-05: 统一幂等方案为supply_api.go内联实现 新增: - memoryTokenBackend: 内存token状态后端 - auditEmitterAdapter: auditStore到middleware.AuditEmitter的适配器 注意:审计日志分页total问题(NEW-P2-02)需要架构重构修复
This commit is contained in:
Your Name
@@ -120,6 +120,12 @@ func main() {
|
||||
// 可以使用Redis缓存
|
||||
}
|
||||
|
||||
// 初始化token状态后端(NEW-P1-03修复)
|
||||
tokenBackend := newMemoryTokenBackend()
|
||||
|
||||
// 初始化审计事件适配器(NEW-P1-03修复)
|
||||
auditEmitter := newAuditEmitterAdapter(auditStore)
|
||||
|
||||
// 初始化鉴权中间件
|
||||
authConfig := middleware.AuthConfig{
|
||||
SecretKey: cfg.Token.SecretKey,
|
||||
@@ -127,14 +133,21 @@ func main() {
|
||||
CacheTTL: cfg.Token.RevocationCacheTTL,
|
||||
Enabled: *env != "dev", // 开发模式禁用鉴权
|
||||
}
|
||||
authMiddleware := middleware.NewAuthMiddleware(authConfig, tokenCache, nil, nil)
|
||||
authMiddleware := middleware.NewAuthMiddleware(authConfig, tokenCache, tokenBackend, auditEmitter)
|
||||
|
||||
// 初始化幂等中间件
|
||||
idempotencyMiddleware := middleware.NewIdempotencyMiddleware(nil, middleware.IdempotencyConfig{
|
||||
// 初始化幂等中间件(NEW-P1-04修复 - 由于repo为nil,暂保持禁用状态)
|
||||
// 注意:幂等逻辑在supply_api.go中以内联方式实现
|
||||
var idempotencyMiddleware *middleware.IdempotencyMiddleware
|
||||
if db != nil && idempotencyRepo != nil {
|
||||
idempotencyMiddleware = middleware.NewIdempotencyMiddleware(idempotencyRepo, middleware.IdempotencyConfig{
|
||||
TTL: 24 * time.Hour,
|
||||
Enabled: *env != "dev",
|
||||
})
|
||||
_ = idempotencyMiddleware // TODO: 在生产环境中用于幂等处理
|
||||
log.Println("幂等中间件已启用")
|
||||
} else {
|
||||
log.Println("警告:幂等中间件未启用(db或repo不可用)- 使用内联幂等逻辑作为替代")
|
||||
}
|
||||
_ = idempotencyMiddleware // 暂不使用,幂等逻辑在supply_api.go中实现
|
||||
|
||||
// 初始化幂等存储
|
||||
idempotencyStore := storage.NewInMemoryIdempotencyStore()
|
||||
@@ -159,7 +172,7 @@ func main() {
|
||||
mux.HandleFunc("/actuator/health/live", handleLiveness)
|
||||
mux.HandleFunc("/actuator/health/ready", handleReadiness(db, redisCache))
|
||||
|
||||
// 注册API路由(应用鉴权和幂等中间件)
|
||||
// 注册API路由
|
||||
api.Register(mux)
|
||||
|
||||
// 应用中间件链路
|
||||
@@ -169,10 +182,9 @@ func main() {
|
||||
// 4. QueryKeyReject - 拒绝外部query key (M-016)
|
||||
// 5. BearerExtract - Bearer Token提取
|
||||
// 6. TokenVerify - JWT校验
|
||||
// 7. ScopeRoleAuthz - 权限校验
|
||||
// 8. Idempotent - 幂等处理
|
||||
// 注:幂等处理在supply_api.go中以内联方式实现(NEW-P1-05已统一:中间件方案需要DB-backed repo)
|
||||
|
||||
handler := http.Handler(mux)
|
||||
var handler http.Handler = mux
|
||||
handler = middleware.RequestID(handler)
|
||||
handler = middleware.Recovery(handler)
|
||||
handler = middleware.Logging(handler)
|
||||
@@ -187,9 +199,6 @@ func main() {
|
||||
handler = authMiddleware.TokenVerifyMiddleware(handler)
|
||||
}
|
||||
|
||||
// 注册API路由
|
||||
api.Register(mux)
|
||||
|
||||
// 创建HTTP服务器
|
||||
srv := &http.Server{
|
||||
Addr: cfg.Server.Addr,
|
||||
@@ -480,3 +489,56 @@ func (s *DBEarningStore) GetBillingSummary(ctx context.Context, supplierID int64
|
||||
// TODO: 实现真实查询
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
// ==================== 内存Backend适配器 ====================
|
||||
|
||||
// memoryTokenBackend 内存token状态后端(临时实现,生产应使用DB-backed)
|
||||
type memoryTokenBackend struct {
|
||||
revokedTokens map[string]string // tokenID -> status
|
||||
}
|
||||
|
||||
func newMemoryTokenBackend() *memoryTokenBackend {
|
||||
return &memoryTokenBackend{
|
||||
revokedTokens: make(map[string]string),
|
||||
}
|
||||
}
|
||||
|
||||
func (b *memoryTokenBackend) CheckTokenStatus(ctx context.Context, tokenID string) (string, error) {
|
||||
// 默认所有token都是active的
|
||||
if status, found := b.revokedTokens[tokenID]; found {
|
||||
return status, nil
|
||||
}
|
||||
return "active", nil
|
||||
}
|
||||
|
||||
func (b *memoryTokenBackend) RevokeToken(tokenID string) {
|
||||
b.revokedTokens[tokenID] = "revoked"
|
||||
}
|
||||
|
||||
// ==================== 审计事件适配器 ====================
|
||||
|
||||
// auditEmitterAdapter 将auditStore适配为middleware.AuditEmitter
|
||||
type auditEmitterAdapter struct {
|
||||
store audit.AuditStore
|
||||
}
|
||||
|
||||
func newAuditEmitterAdapter(store audit.AuditStore) *auditEmitterAdapter {
|
||||
return &auditEmitterAdapter{store: store}
|
||||
}
|
||||
|
||||
func (a *auditEmitterAdapter) Emit(ctx context.Context, event middleware.AuditEvent) error {
|
||||
if a.store == nil {
|
||||
return nil
|
||||
}
|
||||
// 转换middleware.AuditEvent为audit.Event
|
||||
auditEvent := audit.Event{
|
||||
EventID: event.RequestID,
|
||||
ObjectType: "auth",
|
||||
Action: event.EventName,
|
||||
RequestID: event.RequestID,
|
||||
ResultCode: event.ResultCode,
|
||||
ClientIP: event.ClientIP,
|
||||
}
|
||||
a.store.Emit(ctx, auditEvent)
|
||||
return nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user