Losita/smartmate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7d324b77aa6a8aa2761a4c3548e97db3252dd240
smartmate/backend/services/userauth/sv/service.go
Losita 3b6fca44a6 Version: 0.9.77.dev.260505 
后端:
1.阶段 6 CP4/CP5 目录收口与共享边界纯化
- 将 backend 根目录收口为 services、client、gateway、cmd、shared 五个一级目录
- 收拢 bootstrap、inits、infra/kafka、infra/outbox、conv、respond、pkg、middleware,移除根目录旧实现与空目录
- 将 utils 下沉到 services/userauth/internal/auth,将 logic 下沉到 services/schedule/core/planning
- 将迁移期 runtime 桥接实现统一收拢到 services/runtime/{conv,dao,eventsvc,model},删除 shared/legacy 与未再被 import 的旧 service 实现
- 将 gateway/shared/respond 收口为 HTTP/Gin 错误写回适配,shared/respond 仅保留共享错误语义与状态映射
- 将 HTTP IdempotencyMiddleware 与 RateLimitMiddleware 收口到 gateway/middleware
- 将 GormCachePlugin 下沉到 shared/infra/gormcache,将共享 RateLimiter 下沉到 shared/infra/ratelimit,将 agent token budget 下沉到 services/agent/shared
- 删除 InitEino 兼容壳,收缩 cmd/internal/coreinit 仅保留旧组合壳残留域初始化语义
- 更新微服务迁移计划与桌面 checklist,补齐 CP4/CP5 当前切流点、目录终态与验证结果
- 完成 go test ./...、git diff --check 与最终真实 smoke;health、register/login、task/create+get、schedule/today、task-class/list、memory/items、agent chat/meta/timeline/context-stats 全部 200,SSE 合并结果为 CP5_OK 且 [DONE] 只有 1 个
2026-05-05 23:25:07 +08:00

176 lines
6.2 KiB
Go
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
package sv
import (
"context"
"errors"
"strings"
"time"
userauthdao "github.com/LoveLosita/smartflow/backend/services/userauth/dao"
userauthauth "github.com/LoveLosita/smartflow/backend/services/userauth/internal/auth"
userauthmodel "github.com/LoveLosita/smartflow/backend/services/userauth/model"
contracts "github.com/LoveLosita/smartflow/backend/shared/contracts/userauth"
"github.com/LoveLosita/smartflow/backend/shared/respond"
"gorm.io/gorm"
)
type UserRepo interface {
Create(ctx context.Context, username, phoneNumber, password string) (*userauthmodel.User, error)
IfUsernameExists(ctx context.Context, name string) (bool, error)
GetUserHashedPasswordByName(ctx context.Context, name string) (string, error)
GetUserIDByName(ctx context.Context, name string) (int, error)
GetUserTokenQuotaByID(ctx context.Context, id int) (*userauthmodel.User, error)
ResetUserTokenUsageIfDue(ctx context.Context, id int, dueBefore time.Time, resetAt time.Time) (bool, error)
AddTokenUsage(ctx context.Context, id int, delta int) (bool, error)
AdjustTokenUsageOnce(ctx context.Context, eventID string, id int, delta int, dueBefore time.Time, resetAt time.Time) (*userauthmodel.User, bool, error)
}
type CacheRepo interface {
IsBlacklisted(jti string) (bool, error)
SetBlacklist(jti string, expiration time.Duration) error
SetBlacklistIfAbsent(jti string, expiration time.Duration) (bool, error)
IsSessionBlacklisted(sessionID string) (bool, error)
SetSessionBlacklist(sessionID string, expiration time.Duration) error
IsUserTokenBlocked(ctx context.Context, userID int) (bool, error)
GetUserTokenQuotaSnapshot(ctx context.Context, userID int) (*userauthdao.TokenQuotaSnapshot, bool, error)
SetUserTokenQuotaSnapshot(ctx context.Context, userID int, snapshot userauthdao.TokenQuotaSnapshot, ttl time.Duration) error
DeleteUserTokenQuotaSnapshot(ctx context.Context, userID int) error
SetUserTokenBlocked(ctx context.Context, userID int, ttl time.Duration) error
DeleteUserTokenBlocked(ctx context.Context, userID int) error
}
// Service 承载 user/auth 服务内部业务规则。
//
// 职责边界:
// 1. 负责注册、登录、刷新、登出、JWT 签发/校验、黑名单和 token 额度门禁;
// 2. 不负责 Gin gateway 的响应适配、路由聚合和 SSE 等边缘职责;
// 3. 不负责 agent 会话 token 统计,迁移期该链路仍由 agent 持久化事件触发 userauth 账本调整。
type Service struct {
userRepo UserRepo
cacheRepo CacheRepo
}
func New(userRepo UserRepo, cacheRepo CacheRepo) *Service {
return &Service{
userRepo: userRepo,
cacheRepo: cacheRepo,
}
}
func (s *Service) Register(ctx context.Context, req contracts.RegisterRequest) (*contracts.RegisterResponse, error) {
if strings.TrimSpace(req.Username) == "" || strings.TrimSpace(req.Password) == "" || strings.TrimSpace(req.PhoneNumber) == "" {
return nil, respond.MissingParam
}
if len(req.Username) > 45 || len(req.Password) > 229 || len(req.PhoneNumber) > 18 {
return nil, respond.ParamTooLong
}
exists, err := s.userRepo.IfUsernameExists(ctx, req.Username)
if err != nil {
return nil, err
}
if exists {
return nil, respond.InvalidName
}
hashedPwd, err := userauthauth.HashPassword(req.Password)
if err != nil {
return nil, err
}
newUser, err := s.userRepo.Create(ctx, req.Username, req.PhoneNumber, hashedPwd)
if err != nil {
return nil, err
}
return &contracts.RegisterResponse{ID: newUser.ID}, nil
}
func (s *Service) Login(ctx context.Context, req contracts.LoginRequest) (*contracts.Tokens, error) {
hashedPwd, err := s.userRepo.GetUserHashedPasswordByName(ctx, req.Username)
if err != nil {
if errors.Is(err, gorm.ErrRecordNotFound) {
return nil, respond.WrongName
}
return nil, err
}
matched, err := userauthauth.CompareHashPwdAndPwd(hashedPwd, req.Password)
if err != nil {
return nil, err
}
if !matched {
return nil, respond.WrongPwd
}
userID, err := s.userRepo.GetUserIDByName(ctx, req.Username)
if err != nil {
if errors.Is(err, gorm.ErrRecordNotFound) {
return nil, respond.WrongName
}
return nil, err
}
return userauthauth.GenerateTokens(userID)
}
func (s *Service) RefreshToken(ctx context.Context, req contracts.RefreshTokenRequest) (*contracts.Tokens, error) {
if strings.TrimSpace(req.RefreshToken) == "" {
return nil, respond.MissingParam
}
claims, err := userauthauth.ValidateRefreshToken(req.RefreshToken, s.cacheRepo)
if err != nil {
return nil, err
}
ttl := time.Until(claims.ExpiresAt.Time)
if ttl <= 0 {
return nil, respond.InvalidRefreshToken
}
// 1. 先用 SET NX 抢占旧 refresh 的 JTI确保并发刷新时只有一个请求能继续签发新 token。
// 2. 这里只黑掉旧 refresh不黑掉整个 session避免误伤同一会话下新签发的 access token。
consumed, err := s.cacheRepo.SetBlacklistIfAbsent(claims.JTI, ttl)
if err != nil {
return nil, err
}
if !consumed {
return nil, respond.InvalidRefreshToken
}
return userauthauth.GenerateTokensWithSession(claims.UserID, claims.SessionID)
}
func (s *Service) LogoutByAccessToken(ctx context.Context, accessToken string) error {
if strings.TrimSpace(accessToken) == "" {
return respond.MissingToken
}
claims, err := userauthauth.ValidateAccessToken(accessToken, s.cacheRepo)
if err != nil {
return err
}
// 1. logout 的目标是整段会话,而不是单个 access token。
// 2. 先按会话维度拉黑,再让 access / refresh 各自的 validate 流程拒绝后续请求。
if strings.TrimSpace(claims.SessionID) == "" {
return s.cacheRepo.SetBlacklist(claims.JTI, time.Until(claims.ExpiresAt.Time))
}
sessionTTL, err := userauthauth.SessionBlacklistTTL()
if err != nil {
return err
}
return s.cacheRepo.SetSessionBlacklist(claims.SessionID, sessionTTL)
}
func (s *Service) ValidateAccessToken(ctx context.Context, req contracts.ValidateAccessTokenRequest) (*contracts.ValidateAccessTokenResponse, error) {
if strings.TrimSpace(req.AccessToken) == "" {
return nil, respond.MissingToken
}
claims, err := userauthauth.ValidateAccessToken(req.AccessToken, s.cacheRepo)
if err != nil {
return nil, err
}
return &contracts.ValidateAccessTokenResponse{
Valid: true,
UserID: claims.UserID,
TokenType: claims.TokenType,
JTI: claims.JTI,
ExpiresAt: claims.ExpiresAt.Time,
}, nil
}
Reference in New Issue View Git Blame Copy Permalink