61db646805
后端: 1. LLM 独立服务与统一计费出口落地:新增 `cmd/llm`、`client/llm` 与 `services/llm/rpc`,补齐 BillingContext、CreditBalanceGuard、价格规则解析、stream usage 归集与 `credit.charge.requested` outbox 发布,active-scheduler / agent / course / memory / gateway fallback 全部改走 llm zrpc,不再各自本地初始化模型。 2. TokenStore 收口为 Credit 权威账本:新增 credit account / ledger / product / order / price-rule / reward-rule 能力与 Redis 快照缓存,扩展 tokenstore rpc/client 支撑余额快照、消耗看板、商品、订单、流水、价格规则和奖励规则,并接入 LLM charge 事件消费完成 Credit 扣费落账。 3. 计费旧链路下线与网关切口切换:`/token-store` 语义整体切到 `/credit-store`,agent chat 移除旧 TokenQuotaGuard,userauth 的 CheckTokenQuota / AdjustTokenUsage 改为废弃,聊天历史落库不再同步旧 token 额度账本,course 图片解析请求补 user_id 进入新计费口径。 前端: 4. 计划广场从 mock 数据切到真实接口:新增 forum api/types,首页支持真实列表、标签、搜索、防抖、点赞、导入和发布计划,详情页补齐帖子详情、评论树、回复和删除评论链路,同时补上“至少一个标签”的前后端约束与默认标签兜底。 5. 商店页切到 Credit 体系并重做展示:顶部改为余额 + Credit/Token 消耗看板,支持 24h/7d/30d/all 周期切换;套餐区展示原价与当前价;历史区改为当前用户 Credit 流水并支持查看更多,整体视觉和交互同步收口。 仓库: 6. 配置与本地启动体系补齐 llm / outbox 编排:`config.example.yaml` 增加 llm rpc 和统一 outbox service 配置,`dev-common.ps1` 把 llm 纳入多服务依赖并自动建 Kafka topic,`docker-compose.yml` 同步初始化 agent/task/memory/active-scheduler/notification/taskclass-forum/llm/token-store 全量 outbox topic。
165 lines
5.2 KiB
Go
165 lines
5.2 KiB
Go
package sv
|
||
|
||
import (
|
||
"context"
|
||
"errors"
|
||
"strings"
|
||
"time"
|
||
|
||
userauthauth "github.com/LoveLosita/smartflow/backend/services/userauth/internal/auth"
|
||
userauthmodel "github.com/LoveLosita/smartflow/backend/services/userauth/model"
|
||
contracts "github.com/LoveLosita/smartflow/backend/shared/contracts/userauth"
|
||
"github.com/LoveLosita/smartflow/backend/shared/respond"
|
||
"gorm.io/gorm"
|
||
)
|
||
|
||
type UserRepo interface {
|
||
Create(ctx context.Context, username, phoneNumber, password string) (*userauthmodel.User, error)
|
||
IfUsernameExists(ctx context.Context, name string) (bool, error)
|
||
GetUserHashedPasswordByName(ctx context.Context, name string) (string, error)
|
||
GetUserIDByName(ctx context.Context, name string) (int, error)
|
||
}
|
||
|
||
type CacheRepo interface {
|
||
IsBlacklisted(jti string) (bool, error)
|
||
SetBlacklist(jti string, expiration time.Duration) error
|
||
SetBlacklistIfAbsent(jti string, expiration time.Duration) (bool, error)
|
||
IsSessionBlacklisted(sessionID string) (bool, error)
|
||
SetSessionBlacklist(sessionID string, expiration time.Duration) error
|
||
}
|
||
|
||
// Service 承载 user/auth 服务内部业务规则。
|
||
//
|
||
// 职责边界:
|
||
// 1. 负责注册、登录、刷新、登出、JWT 签发/校验和黑名单;
|
||
// 2. 不负责 Gin gateway 的响应适配、路由聚合和 SSE 等边缘职责;
|
||
// 3. 旧 token 额度门禁与记账能力已下线,不再由 userauth 承担计费相关职责。
|
||
type Service struct {
|
||
userRepo UserRepo
|
||
cacheRepo CacheRepo
|
||
}
|
||
|
||
func New(userRepo UserRepo, cacheRepo CacheRepo) *Service {
|
||
return &Service{
|
||
userRepo: userRepo,
|
||
cacheRepo: cacheRepo,
|
||
}
|
||
}
|
||
|
||
func (s *Service) Register(ctx context.Context, req contracts.RegisterRequest) (*contracts.RegisterResponse, error) {
|
||
if strings.TrimSpace(req.Username) == "" || strings.TrimSpace(req.Password) == "" || strings.TrimSpace(req.PhoneNumber) == "" {
|
||
return nil, respond.MissingParam
|
||
}
|
||
if len(req.Username) > 45 || len(req.Password) > 229 || len(req.PhoneNumber) > 18 {
|
||
return nil, respond.ParamTooLong
|
||
}
|
||
|
||
exists, err := s.userRepo.IfUsernameExists(ctx, req.Username)
|
||
if err != nil {
|
||
return nil, err
|
||
}
|
||
if exists {
|
||
return nil, respond.InvalidName
|
||
}
|
||
|
||
hashedPwd, err := userauthauth.HashPassword(req.Password)
|
||
if err != nil {
|
||
return nil, err
|
||
}
|
||
newUser, err := s.userRepo.Create(ctx, req.Username, req.PhoneNumber, hashedPwd)
|
||
if err != nil {
|
||
return nil, err
|
||
}
|
||
return &contracts.RegisterResponse{ID: newUser.ID}, nil
|
||
}
|
||
|
||
func (s *Service) Login(ctx context.Context, req contracts.LoginRequest) (*contracts.Tokens, error) {
|
||
hashedPwd, err := s.userRepo.GetUserHashedPasswordByName(ctx, req.Username)
|
||
if err != nil {
|
||
if errors.Is(err, gorm.ErrRecordNotFound) {
|
||
return nil, respond.WrongName
|
||
}
|
||
return nil, err
|
||
}
|
||
|
||
matched, err := userauthauth.CompareHashPwdAndPwd(hashedPwd, req.Password)
|
||
if err != nil {
|
||
return nil, err
|
||
}
|
||
if !matched {
|
||
return nil, respond.WrongPwd
|
||
}
|
||
|
||
userID, err := s.userRepo.GetUserIDByName(ctx, req.Username)
|
||
if err != nil {
|
||
if errors.Is(err, gorm.ErrRecordNotFound) {
|
||
return nil, respond.WrongName
|
||
}
|
||
return nil, err
|
||
}
|
||
return userauthauth.GenerateTokens(userID)
|
||
}
|
||
|
||
func (s *Service) RefreshToken(ctx context.Context, req contracts.RefreshTokenRequest) (*contracts.Tokens, error) {
|
||
if strings.TrimSpace(req.RefreshToken) == "" {
|
||
return nil, respond.MissingParam
|
||
}
|
||
claims, err := userauthauth.ValidateRefreshToken(req.RefreshToken, s.cacheRepo)
|
||
if err != nil {
|
||
return nil, err
|
||
}
|
||
|
||
ttl := time.Until(claims.ExpiresAt.Time)
|
||
if ttl <= 0 {
|
||
return nil, respond.InvalidRefreshToken
|
||
}
|
||
// 1. 先用 SET NX 抢占旧 refresh 的 JTI,确保并发刷新时只有一个请求能继续签发新 token。
|
||
// 2. 这里只黑掉旧 refresh,不黑掉整个 session,避免误伤同一会话下新签发的 access token。
|
||
consumed, err := s.cacheRepo.SetBlacklistIfAbsent(claims.JTI, ttl)
|
||
if err != nil {
|
||
return nil, err
|
||
}
|
||
if !consumed {
|
||
return nil, respond.InvalidRefreshToken
|
||
}
|
||
|
||
return userauthauth.GenerateTokensWithSession(claims.UserID, claims.SessionID)
|
||
}
|
||
|
||
func (s *Service) LogoutByAccessToken(ctx context.Context, accessToken string) error {
|
||
if strings.TrimSpace(accessToken) == "" {
|
||
return respond.MissingToken
|
||
}
|
||
claims, err := userauthauth.ValidateAccessToken(accessToken, s.cacheRepo)
|
||
if err != nil {
|
||
return err
|
||
}
|
||
// 1. logout 的目标是整段会话,而不是单个 access token。
|
||
// 2. 先按会话维度拉黑,再让 access / refresh 各自的 validate 流程拒绝后续请求。
|
||
if strings.TrimSpace(claims.SessionID) == "" {
|
||
return s.cacheRepo.SetBlacklist(claims.JTI, time.Until(claims.ExpiresAt.Time))
|
||
}
|
||
sessionTTL, err := userauthauth.SessionBlacklistTTL()
|
||
if err != nil {
|
||
return err
|
||
}
|
||
return s.cacheRepo.SetSessionBlacklist(claims.SessionID, sessionTTL)
|
||
}
|
||
|
||
func (s *Service) ValidateAccessToken(ctx context.Context, req contracts.ValidateAccessTokenRequest) (*contracts.ValidateAccessTokenResponse, error) {
|
||
if strings.TrimSpace(req.AccessToken) == "" {
|
||
return nil, respond.MissingToken
|
||
}
|
||
claims, err := userauthauth.ValidateAccessToken(req.AccessToken, s.cacheRepo)
|
||
if err != nil {
|
||
return nil, err
|
||
}
|
||
return &contracts.ValidateAccessTokenResponse{
|
||
Valid: true,
|
||
UserID: claims.UserID,
|
||
TokenType: claims.TokenType,
|
||
JTI: claims.JTI,
|
||
ExpiresAt: claims.ExpiresAt.Time,
|
||
}, nil
|
||
}
|