fix: 调整 chat WS/WT dev 接入

WT 目前沿用 JToken 的 JWT 校验；撤销一致性留到后续 WT 专用网关设计。

app/chat/api/etc/chat-api.yaml

@@ -7,7 +7,7 @@ Hybrid:
   Protocol: auto
   Ws:
     Name: chat-ws
-    Addr: :8889
+    Addr: :8888
     Path: /ws/chat
     MaxConnections: 10000
     Auth:
@@ -19,12 +19,17 @@ Hybrid:
     Path: /wt/chat
     CertFile: /etc/certs/tls.crt
     KeyFile: /etc/certs/tls.key
+    Auth:
+      Enabled: true
   FallbackStrategy: auto
   MaxRetries: 3
   MaxConnections: 10000
   Auth:
     Enabled: true
     WsHeaderName: x-auth-user-id
+    WtTokenSource: cookie
+    WtTokenName: JToken
+    WtJWTSecret: MGUyMWE3ZDhjMTQ5ZDg1MWViOWU0MGM3OTE2NWVkYTBlOTE5ZWRkZDU1YjYzOGJjOWRiNzM0NTc4NDIyMjlkZQ
 
 Stateless:
   PollInterval: 100ms

app/chat/api/internal/handler/chat/messaging.go

@@ -64,6 +64,12 @@ func (h *Handler) handleJoin(conn protocol.Connection, msg *WsMessage) error {
 
 func (h *Handler) handleLeave(conn protocol.Connection, msg *WsMessage) error {
 	uid := h.getUserId(conn)
+	if uid <= 0 {
+		return conn.SendJSON(context.Background(), WsResponse{
+			Type:    "error",
+			Content: "authentication required",
+		})
+	}
 	sessionId := msg.SessionId
 	if sessionId <= 0 {
 		if sid, ok := conn.Metadata()["sessionId"].(int64); ok {
@@ -73,6 +79,12 @@ func (h *Handler) handleLeave(conn protocol.Connection, msg *WsMessage) error {
 	if sessionId <= 0 {
 		return nil
 	}
+	if !h.svcCtx.Store.IsParticipant(sessionId, uid) {
+		return conn.SendJSON(context.Background(), WsResponse{
+			Type:    "error",
+			Content: "not a member of this session",
+		})
+	}
 
 	session, err := h.svcCtx.Store.GetSession(sessionId)
 	if err == nil {
@@ -108,6 +120,12 @@ func (h *Handler) handleMessage(conn protocol.Connection, msg *WsMessage) error
 			Content: "sessionId is required, join a session first",
 		})
 	}
+	if !h.svcCtx.Store.IsParticipant(sessionId, uid) {
+		return conn.SendJSON(context.Background(), WsResponse{
+			Type:    "error",
+			Content: "not a member of this session",
+		})
+	}
 
 	msgType := chatcore.MessageType(msg.MsgType)
 	if msgType == "" {
@@ -151,12 +169,25 @@ func (h *Handler) handleMessage(conn protocol.Connection, msg *WsMessage) error
 }
 
 func (h *Handler) handleHistory(conn protocol.Connection, msg *WsMessage) error {
+	uid := h.getUserId(conn)
+	if uid <= 0 {
+		return conn.SendJSON(context.Background(), WsResponse{
+			Type:    "error",
+			Content: "authentication required",
+		})
+	}
 	if msg.SessionId <= 0 {
 		return conn.SendJSON(context.Background(), WsResponse{
 			Type:    "error",
 			Content: "sessionId is required",
 		})
 	}
+	if !h.svcCtx.Store.IsParticipant(msg.SessionId, uid) {
+		return conn.SendJSON(context.Background(), WsResponse{
+			Type:    "error",
+			Content: "not a member of this session",
+		})
+	}
 
 	messages := h.svcCtx.Store.GetMessages(msg.SessionId, 0, 50)
 

app/chat/chatcore/store.go

@@ -109,6 +109,22 @@ func (s *Store) GetSession(id int64) (*Session, error) {
 	return session, nil
 }
 
+func (s *Store) IsParticipant(sessionId, userId int64) bool {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+
+	session, ok := s.Sessions[sessionId]
+	if !ok {
+		return false
+	}
+	for _, p := range session.Participants {
+		if p == userId {
+			return true
+		}
+	}
+	return false
+}
+
 func (s *Store) ListUserSessions(userId int64, page, limit int) []*Session {
 	s.mu.RLock()
 	defer s.mu.RUnlock()

app/chat/test/chat-api-local.yaml

@@ -7,7 +7,7 @@ Hybrid:
   Protocol: auto
   Ws:
     Name: chat-ws
-    Addr: :28889
+    Addr: :28888
     Path: /ws/chat
     MaxConnections: 10000
     Auth:

app/chat/test/chat-api-test.yaml

@@ -7,7 +7,7 @@ Hybrid:
   Protocol: auto
   Ws:
     Name: chat-ws
-    Addr: :8889
+    Addr: :8888
     Path: /ws/chat
     MaxConnections: 10000
     Auth:
@@ -19,6 +19,8 @@ Hybrid:
     Path: /wt/chat
     CertFile: /etc/certs/tls.crt
     KeyFile: /etc/certs/tls.key
+    Auth:
+      Enabled: true
   FallbackStrategy: auto
   MaxRetries: 3
   MaxConnections: 10000

app/chat/test/docker-compose.yml

@@ -6,7 +6,6 @@ services:
     container_name: chat-api-test
     ports:
       - "28888:8888"
-      - "28889:8889"
       - "28443:8443/udp"
     volumes:
       - ./certs:/etc/certs:ro

app/chat/test/test_ws.py

@@ -14,7 +14,7 @@ except ImportError:
     subprocess.check_call([sys.executable, "-m", "pip", "install", "websockets", "-q"])
     import websockets
 
-WS_URL = "ws://localhost:28889/ws/chat"
+WS_URL = "ws://localhost:28888/ws/chat"
 RESULTS = []
 
 def log(tag, msg):

app/chat/test/test_wt.py

@@ -5,8 +5,6 @@ import asyncio
 import json
 import sys
 import time
-import urllib.request
-import urllib.error
 
 try:
     import websockets
@@ -15,7 +13,7 @@ except ImportError:
     subprocess.check_call([sys.executable, "-m", "pip", "install", "websockets", "-q"])
     import websockets
 
-WS_URL = "ws://localhost:28889/ws/chat"
+WS_URL = "ws://localhost:28888/ws/chat"
 API_BASE = "http://localhost:28888"
 RESULTS = []
 

app/users/rpc/internal/utils/jwt.go

@@ -67,6 +67,7 @@ func (m *JwtManager) New(ctx context.Context, payload *TokenPayload) (string, er
 			ExpiresAt: jwt.NewNumericDate(expiresAt),
 			IssuedAt:  jwt.NewNumericDate(now),
 			Issuer:    m.issuer,
+			Subject:   strconv.FormatInt(payload.UserId, 10),
 		},
 	}