fix: some api bug
This commit is contained in:
wwweww
@@ -1,601 +0,0 @@
|
||||
# JWT 集成指南
|
||||
|
||||
指导如何将 JWT Manager 集成到 RPC Handlers 和业务逻辑中。
|
||||
|
||||
## 1. gRPC Unary Interceptor 实现
|
||||
|
||||
在 RPC 服务中添加 JWT 验证拦截器。
|
||||
|
||||
### 创建拦截器
|
||||
|
||||
创建文件 [app/users/rpc/internal/interceptor/jwt_interceptor.go](../../../app/users/rpc/internal/interceptor/jwt_interceptor.go):
|
||||
|
||||
```go
|
||||
package interceptor
|
||||
|
||||
import (
|
||||
"context"
|
||||
"log"
|
||||
|
||||
"google.golang.org/grpc"
|
||||
"google.golang.org/grpc/codes"
|
||||
"google.golang.org/grpc/metadata"
|
||||
"google.golang.org/grpc/status"
|
||||
|
||||
"yourmodule/app/users/rpc/internal/svc"
|
||||
)
|
||||
|
||||
// JwtUnaryInterceptor 验证 gRPC 请求中的 JWT 令牌
|
||||
func JwtUnaryInterceptor(svcCtx *svc.ServiceContext) grpc.UnaryServerInterceptor {
|
||||
return func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {
|
||||
// 获取请求元数据
|
||||
md, ok := metadata.FromIncomingContext(ctx)
|
||||
if !ok {
|
||||
return nil, status.Error(codes.Unauthenticated, "missing metadata")
|
||||
}
|
||||
|
||||
// 从 Authorization 头提取令牌
|
||||
tokens := md.Get("authorization")
|
||||
if len(tokens) == 0 {
|
||||
return nil, status.Error(codes.Unauthenticated, "missing authorization header")
|
||||
}
|
||||
|
||||
token := tokens[0]
|
||||
|
||||
// 验证令牌
|
||||
claims, err := svcCtx.JwtManager.Valid(ctx, token)
|
||||
if err != nil {
|
||||
log.Printf("Token validation failed: %v", err)
|
||||
|
||||
// 尝试刷新令牌(如果过期但仍在 Redis 中)
|
||||
newToken, refreshErr := svcCtx.JwtManager.Renew(ctx, token)
|
||||
if refreshErr == nil && newToken != "" {
|
||||
// 在响应头中返回新令牌
|
||||
grpc.SetHeader(ctx, metadata.Pairs("authorization", newToken))
|
||||
// 继续处理请求,使用原令牌的声明
|
||||
// 注意:实际应用中需要重新验证新令牌
|
||||
newClaims, err := svcCtx.JwtManager.Valid(ctx, newToken)
|
||||
if err != nil {
|
||||
return nil, status.Error(codes.Unauthenticated, "token refresh failed")
|
||||
}
|
||||
claims = newClaims
|
||||
} else {
|
||||
return nil, status.Error(codes.Unauthenticated, "invalid or expired token")
|
||||
}
|
||||
}
|
||||
|
||||
// 将声明附加到上下文,供处理器使用
|
||||
newCtx := context.WithValue(ctx, "claims", claims)
|
||||
|
||||
return handler(newCtx, req)
|
||||
}
|
||||
}
|
||||
|
||||
// JwtStreamInterceptor 验证流式 gRPC 请求中的 JWT 令牌
|
||||
func JwtStreamInterceptor(svcCtx *svc.ServiceContext) grpc.StreamServerInterceptor {
|
||||
return func(srv interface{}, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error {
|
||||
md, ok := metadata.FromIncomingContext(ss.Context())
|
||||
if !ok {
|
||||
return status.Error(codes.Unauthenticated, "missing metadata")
|
||||
}
|
||||
|
||||
tokens := md.Get("authorization")
|
||||
if len(tokens) == 0 {
|
||||
return status.Error(codes.Unauthenticated, "missing authorization header")
|
||||
}
|
||||
|
||||
token := tokens[0]
|
||||
claims, err := svcCtx.JwtManager.Valid(ss.Context(), token)
|
||||
if err != nil {
|
||||
return status.Error(codes.Unauthenticated, "invalid token")
|
||||
}
|
||||
|
||||
// 创建包装流以注入上下文
|
||||
wrappedStream := &WrappedStream{
|
||||
ServerStream: ss,
|
||||
ctx: context.WithValue(ss.Context(), "claims", claims),
|
||||
}
|
||||
|
||||
return handler(srv, wrappedStream)
|
||||
}
|
||||
}
|
||||
|
||||
// WrappedStream 包装 grpc.ServerStream 以注入新的上下文
|
||||
type WrappedStream struct {
|
||||
grpc.ServerStream
|
||||
ctx context.Context
|
||||
}
|
||||
|
||||
func (w *WrappedStream) Context() context.Context {
|
||||
return w.ctx
|
||||
}
|
||||
```
|
||||
|
||||
### 在 Server 中注册拦截器
|
||||
|
||||
修改 [app/users/rpc/usercenter/usercenter.go](../../../app/users/rpc/usercenter/usercenter.go):
|
||||
|
||||
```go
|
||||
package main
|
||||
|
||||
import (
|
||||
"flag"
|
||||
"fmt"
|
||||
"log"
|
||||
|
||||
"yourmodule/app/users/rpc/internal/config"
|
||||
"yourmodule/app/users/rpc/internal/interceptor"
|
||||
"yourmodule/app/users/rpc/internal/server"
|
||||
"yourmodule/app/users/rpc/internal/svc"
|
||||
"yourmodule/app/users/rpc/pb"
|
||||
|
||||
"github.com/zeromicro/go-zero/core/conf"
|
||||
"github.com/zeromicro/go-zero/core/logx"
|
||||
"google.golang.org/grpc"
|
||||
)
|
||||
|
||||
var configFile = flag.String("f", "etc/pb.yaml", "the config file")
|
||||
|
||||
func main() {
|
||||
flag.Parse()
|
||||
|
||||
var c config.Config
|
||||
conf.MustLoad(*configFile, &c)
|
||||
ctx := svc.NewServiceContext(c)
|
||||
|
||||
logx.DisableStat()
|
||||
|
||||
s := grpc.NewServer(
|
||||
grpc.UnaryInterceptor(interceptor.JwtUnaryInterceptor(ctx)),
|
||||
grpc.StreamInterceptor(interceptor.JwtStreamInterceptor(ctx)),
|
||||
)
|
||||
|
||||
pb.RegisterUsercenterServer(s, server.NewUsercenterServer(ctx))
|
||||
|
||||
logx.Infof("Starting gRPC server on %s:%d", c.Host, c.Port)
|
||||
if err := s.Serve(net.Listen("tcp", "0.0.0.0:"+fmt.Sprintf("%d", c.Port))); err != nil {
|
||||
logx.Error(err)
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
## 2. 登录 Handler 实现
|
||||
|
||||
实现 [app/users/api/internal/handler/user/loginHandler.go](../../../app/users/api/internal/handler/user/loginHandler.go):
|
||||
|
||||
```go
|
||||
package user
|
||||
|
||||
import (
|
||||
"context"
|
||||
"log"
|
||||
"net/http"
|
||||
|
||||
"yourmodule/app/users/api/internal/logic/user"
|
||||
"yourmodule/app/users/api/internal/svc"
|
||||
"yourmodule/app/users/api/internal/types"
|
||||
)
|
||||
|
||||
// LoginHandler 处理用户登录
|
||||
func LoginHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
var req types.LoginRequest
|
||||
|
||||
// 解析请求体...
|
||||
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
||||
http.Error(w, "Invalid request", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
// 调用业务逻辑
|
||||
resp, err := user.NewLoginLogic(r.Context(), svcCtx).Login(&req)
|
||||
if err != nil {
|
||||
log.Printf("Login failed: %v", err)
|
||||
http.Error(w, "Login failed", http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
// 返回令牌
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
json.NewEncoder(w).Encode(resp)
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
实现 [app/users/api/internal/logic/user/loginLogic.go](../../../app/users/api/internal/logic/user/loginLogic.go):
|
||||
|
||||
```go
|
||||
package user
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
|
||||
"yourmodule/app/users/api/internal/svc"
|
||||
"yourmodule/app/users/api/internal/types"
|
||||
)
|
||||
|
||||
type LoginLogic struct {
|
||||
ctx context.Context
|
||||
svcCtx *svc.ServiceContext
|
||||
}
|
||||
|
||||
func NewLoginLogic(ctx context.Context, svcCtx *svc.ServiceContext) *LoginLogic {
|
||||
return &LoginLogic{
|
||||
ctx: ctx,
|
||||
svcCtx: svcCtx,
|
||||
}
|
||||
}
|
||||
|
||||
func (l *LoginLogic) Login(req *types.LoginRequest) (*types.LoginResponse, error) {
|
||||
// 1. 验证用户凭证(密码等)
|
||||
user, err := l.svcCtx.UserModel.FindByEmail(l.ctx, req.Email)
|
||||
if err != nil {
|
||||
return nil, errors.New("user not found")
|
||||
}
|
||||
|
||||
// 2. 验证密码
|
||||
if !user.VerifyPassword(req.Password) {
|
||||
return nil, errors.New("invalid password")
|
||||
}
|
||||
|
||||
// 3. 生成 JWT 令牌
|
||||
token, err := l.svcCtx.JwtManager.New(
|
||||
l.ctx,
|
||||
user.ID,
|
||||
user.Email,
|
||||
user.Name,
|
||||
)
|
||||
if err != nil {
|
||||
return nil, errors.New("failed to generate token")
|
||||
}
|
||||
|
||||
// 4. 返回令牌
|
||||
return &types.LoginResponse{
|
||||
Token: token,
|
||||
User: types.User{
|
||||
ID: user.ID,
|
||||
Email: user.Email,
|
||||
Name: user.Name,
|
||||
},
|
||||
}, nil
|
||||
}
|
||||
```
|
||||
|
||||
## 3. 在 Handlers 中使用声明
|
||||
|
||||
在 Protected Handlers 中提取并使用声明:
|
||||
|
||||
```go
|
||||
package user
|
||||
|
||||
import (
|
||||
"context"
|
||||
"log"
|
||||
"net/http"
|
||||
|
||||
"yourmodule/app/users/api/internal/svc"
|
||||
"yourmodule/app/users/api/internal/types"
|
||||
"github.com/golang-jwt/jwt/v4"
|
||||
)
|
||||
|
||||
// GetUserInfoHandler 获取当前用户信息
|
||||
func GetUserInfoHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
// 从上下文提取声明(由拦截器设置)
|
||||
claims, ok := r.Context().Value("claims").(*jwt.RegisteredClaims)
|
||||
if !ok {
|
||||
http.Error(w, "Unauthorized", http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
// 使用声明中的用户信息
|
||||
userID := claims.Subject // 用户 ID 存储在 Subject 中
|
||||
log.Printf("User %s requested their info", userID)
|
||||
|
||||
// 查询用户信息
|
||||
user, err := svcCtx.UserModel.FindByID(r.Context(), userID)
|
||||
if err != nil {
|
||||
http.Error(w, "User not found", http.StatusNotFound)
|
||||
return
|
||||
}
|
||||
|
||||
// 返回用户信息
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
json.NewEncoder(w).Encode(user)
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
## 4. 令牌刷新端点
|
||||
|
||||
实现令牌刷新端点:
|
||||
|
||||
```go
|
||||
package user
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"yourmodule/app/users/api/internal/svc"
|
||||
"yourmodule/app/users/api/internal/types"
|
||||
)
|
||||
|
||||
// RefreshTokenHandler 刷新过期的 JWT 令牌
|
||||
func RefreshTokenHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
var req types.RefreshTokenRequest
|
||||
|
||||
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
||||
http.Error(w, "Invalid request", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
// 提取旧令牌
|
||||
oldToken := req.Token
|
||||
|
||||
// 尝试刷新令牌
|
||||
newToken, err := svcCtx.JwtManager.Renew(r.Context(), oldToken)
|
||||
if err != nil {
|
||||
http.Error(w, "Token refresh failed", http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
// 返回新令牌
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
json.NewEncoder(w).Encode(types.RefreshTokenResponse{
|
||||
Token: newToken,
|
||||
})
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
## 5. 登出处理
|
||||
|
||||
实现登出端点以撤销令牌:
|
||||
|
||||
```go
|
||||
package user
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"yourmodule/app/users/api/internal/svc"
|
||||
)
|
||||
|
||||
// LogoutHandler 登出用户(撤销令牌)
|
||||
func LogoutHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
// 从上下文提取声明
|
||||
claims, ok := r.Context().Value("claims").(*jwt.RegisteredClaims)
|
||||
if !ok {
|
||||
http.Error(w, "Unauthorized", http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
userID := claims.Subject
|
||||
|
||||
// 获取用户当前令牌
|
||||
currentToken := r.Header.Get("Authorization")
|
||||
|
||||
// 撤销令牌
|
||||
err := svcCtx.JwtManager.Revoke(r.Context(), userID, currentToken)
|
||||
if err != nil {
|
||||
http.Error(w, "Logout failed", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
json.NewEncoder(w).Encode(map[string]string{"message": "logged out successfully"})
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
## 6. 特定端点的 JWT 验证
|
||||
|
||||
对于 REST API,在需要的 handlers 中手动验证令牌:
|
||||
|
||||
### 在 Routes 中配置
|
||||
|
||||
修改 [app/users/api/internal/handler/routes.go](../../../app/users/api/internal/handler/routes.go):
|
||||
|
||||
```go
|
||||
package handler
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"yourmodule/app/users/api/internal/middleware"
|
||||
"yourmodule/app/users/api/internal/svc"
|
||||
"yourmodule/app/users/api/internal/handler/user"
|
||||
)
|
||||
|
||||
// RegisterRoutes 注册所有路由
|
||||
func RegisterRoutes(router *http.ServeMux, svcCtx *svc.ServiceContext) {
|
||||
// 公开路由
|
||||
router.HandleFunc("POST /api/v1/auth/login", user.LoginHandler(svcCtx))
|
||||
router.HandleFunc("POST /api/v1/auth/refresh", user.RefreshTokenHandler(svcCtx))
|
||||
|
||||
// 受保护的路由(需要 JWT 验证)
|
||||
protected := middleware.JwtMiddleware(svcCtx)
|
||||
router.HandleFunc("GET /api/v1/users/me", protected(user.GetUserInfoHandler(svcCtx)))
|
||||
router.HandleFunc("POST /api/v1/users/logout", protected(user.LogoutHandler(svcCtx)))
|
||||
router.HandleFunc("PUT /api/v1/users/me", protected(user.UpdateUserInfoHandler(svcCtx)))
|
||||
}
|
||||
```
|
||||
|
||||
### 创建 JWT 中间件
|
||||
|
||||
创建 [app/users/api/internal/middleware/jwt.go](../../../app/users/api/internal/middleware/jwt.go):
|
||||
|
||||
```go
|
||||
package middleware
|
||||
|
||||
import (
|
||||
"context"
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
"yourmodule/app/users/api/internal/svc"
|
||||
)
|
||||
|
||||
// JwtMiddleware 为 HTTP 处理器添加 JWT 验证
|
||||
func JwtMiddleware(svcCtx *svc.ServiceContext) func(http.Handler) http.Handler {
|
||||
return func(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
// 从 Authorization 头提取令牌
|
||||
authHeader := r.Header.Get("Authorization")
|
||||
if authHeader == "" {
|
||||
http.Error(w, "Missing authorization header", http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
// 期望格式: "Bearer <token>"
|
||||
parts := strings.SplitN(authHeader, " ", 2)
|
||||
if len(parts) != 2 || parts[0] != "Bearer" {
|
||||
http.Error(w, "Invalid authorization header", http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
token := parts[1]
|
||||
|
||||
// 验证令牌
|
||||
claims, err := svcCtx.JwtManager.Valid(r.Context(), token)
|
||||
if err != nil {
|
||||
// 尝试刷新
|
||||
newToken, refreshErr := svcCtx.JwtManager.Renew(r.Context(), token)
|
||||
if refreshErr != nil {
|
||||
http.Error(w, "Invalid or expired token", http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
// 在响应头返回新令牌
|
||||
w.Header().Set("X-New-Token", newToken)
|
||||
|
||||
// 重新验证新令牌
|
||||
claims, err = svcCtx.JwtManager.Valid(r.Context(), newToken)
|
||||
if err != nil {
|
||||
http.Error(w, "Token refresh failed", http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
// 将声明附加到上下文
|
||||
newCtx := context.WithValue(r.Context(), "claims", claims)
|
||||
next.ServeHTTP(w, r.WithContext(newCtx))
|
||||
})
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
## 7. 错误处理最佳实践
|
||||
|
||||
```go
|
||||
package logic
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"log"
|
||||
|
||||
"yourmodule/app/users/rpc/internal/utils"
|
||||
)
|
||||
|
||||
// HandleJwtError 处理 JWT 相关错误
|
||||
func HandleJwtError(err error) error {
|
||||
if errors.Is(err, utils.ErrTokenExpired) {
|
||||
log.Println("Token has expired, user needs to refresh")
|
||||
return errors.New("token expired - use refresh endpoint")
|
||||
}
|
||||
|
||||
if errors.Is(err, utils.ErrTokenInvalid) {
|
||||
log.Println("Token is invalid or malformed")
|
||||
return errors.New("invalid token")
|
||||
}
|
||||
|
||||
if errors.Is(err, utils.ErrTokenNotFound) {
|
||||
log.Println("Token not found in Redis (revoked or expired)")
|
||||
return errors.New("token revoked or expired")
|
||||
}
|
||||
|
||||
return err
|
||||
}
|
||||
```
|
||||
|
||||
## 8. 测试 JWT 集成
|
||||
|
||||
### 单元测试示例
|
||||
|
||||
```go
|
||||
package interceptor
|
||||
|
||||
import (
|
||||
"context"
|
||||
"testing"
|
||||
|
||||
"google.golang.org/grpc/codes"
|
||||
"google.golang.org/grpc/metadata"
|
||||
"google.golang.org/grpc/status"
|
||||
)
|
||||
|
||||
func TestJwtUnaryInterceptor_ValidToken(t *testing.T) {
|
||||
// 1. 创建有效的令牌
|
||||
token, err := svcCtx.JwtManager.New(context.Background(), "user123", "user@example.com", "John")
|
||||
if err != nil {
|
||||
t.Fatalf("Failed to create token: %v", err)
|
||||
}
|
||||
|
||||
// 2. 创建包含令牌的上下文
|
||||
md := metadata.Pairs("authorization", token)
|
||||
ctx := metadata.NewIncomingContext(context.Background(), md)
|
||||
|
||||
// 3. 调用拦截器
|
||||
_, err = JwtUnaryInterceptor(svcCtx)(ctx, nil, nil, func(ctx context.Context, req interface{}) (interface{}, error) {
|
||||
return "success", nil
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
t.Errorf("Unexpected error: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestJwtUnaryInterceptor_ExpiredToken(t *testing.T) {
|
||||
// 1. 创建过期的令牌或使用无效令牌
|
||||
token := "invalid.token.here"
|
||||
|
||||
// 2. 创建包含令牌的上下文
|
||||
md := metadata.Pairs("authorization", token)
|
||||
ctx := metadata.NewIncomingContext(context.Background(), md)
|
||||
|
||||
// 3. 调用拦截器
|
||||
_, err := JwtUnaryInterceptor(svcCtx)(ctx, nil, nil, func(ctx context.Context, req interface{}) (interface{}, error) {
|
||||
return "success", nil
|
||||
})
|
||||
|
||||
// 4. 验证错误
|
||||
st, ok := status.FromError(err)
|
||||
if !ok || st.Code() != codes.Unauthenticated {
|
||||
t.Errorf("Expected Unauthenticated error, got: %v", err)
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
## 9. 生产部署清单
|
||||
|
||||
在将 JWT 集成部署到生产环境前:
|
||||
|
||||
- [ ] 所有令牌端点都进行了压力测试
|
||||
- [ ] 令牌刷新逻辑已验证
|
||||
- [ ] 错误处理覆盖了所有 JWT 失败情况
|
||||
- [ ] 审计日志记录了所有认证尝试
|
||||
- [ ] 密钥轮换计划已确定
|
||||
- [ ] 监控和告警已配置
|
||||
- [ ] 灾难恢复流程已文档化
|
||||
- [ ] 所有依赖于 JWT 的服务都已更新
|
||||
|
||||
## 相关文件
|
||||
|
||||
- [app/users/rpc/internal/utils/jwt.go](../../../app/users/rpc/internal/utils/jwt.go) - JWT Manager 实现
|
||||
- [app/users/rpc/internal/config/config.go](../../../app/users/rpc/internal/config/config.go) - JWT 配置
|
||||
- [app/users/rpc/internal/svc/serviceContext.go](../../../app/users/rpc/internal/svc/serviceContext.go) - 依赖注入
|
||||
- [deploy/k8s/secrets/jwt-secret.yaml](./jwt-secret.yaml) - Secret 和 RBAC
|
||||
- [deploy/k8s/secrets/DEPLOYMENT.md](./DEPLOYMENT.md) - 部署指南
|
||||
@@ -7,9 +7,19 @@ Prometheus:
|
||||
Port: 4001
|
||||
Path: /metrics
|
||||
|
||||
# ===== PROC CONFIG =====
|
||||
#UsercenterRpcConf:
|
||||
# Target: k8s://juwan/user-rpc-svc:8080
|
||||
#UserVerificationRpc:
|
||||
# Target: k8s://juwan/user_verifications-svc:8080
|
||||
|
||||
SnowflakeRpcConf:
|
||||
Target: k8s://juwan/snowflake-svc:8080
|
||||
|
||||
# ===== DEV CONFIG ====
|
||||
UserVerificationRpc:
|
||||
Target: k8s://juwan/user_verifications-svc:8080
|
||||
Endpoints:
|
||||
- user-verifications-rpc:8080
|
||||
UsercenterRpcConf:
|
||||
Endpoints:
|
||||
- user-rpc:8080
|
||||
|
||||
Log:
|
||||
Level: debug
|
||||
@@ -146,23 +146,20 @@ func RegisterHandlers(server *rest.Server, serverCtx *svc.ServiceContext) {
|
||||
)
|
||||
|
||||
server.AddRoutes(
|
||||
rest.WithMiddlewares(
|
||||
[]rest.Middleware{serverCtx.Logger},
|
||||
[]rest.Route{
|
||||
{
|
||||
// 提交或修改角色认证申请 (支持幂等更新)
|
||||
Method: http.MethodPost,
|
||||
Path: "/me/verification",
|
||||
Handler: verification_user.ApplyVerificationHandler(serverCtx),
|
||||
},
|
||||
{
|
||||
// 获取我的所有认证状态
|
||||
Method: http.MethodGet,
|
||||
Path: "/me/verification",
|
||||
Handler: verification_user.GetMyVerificationsHandler(serverCtx),
|
||||
},
|
||||
}...,
|
||||
),
|
||||
[]rest.Route{
|
||||
{
|
||||
// 提交或修改角色认证申请 (支持幂等更新)
|
||||
Method: http.MethodPost,
|
||||
Path: "/me/verification",
|
||||
Handler: verification_user.ApplyVerificationHandler(serverCtx),
|
||||
},
|
||||
{
|
||||
// 获取我的所有认证状态
|
||||
Method: http.MethodGet,
|
||||
Path: "/me/verification",
|
||||
Handler: verification_user.GetMyVerificationsHandler(serverCtx),
|
||||
},
|
||||
},
|
||||
rest.WithPrefix("/api/v1/users"),
|
||||
)
|
||||
}
|
||||
|
||||
@@ -6,6 +6,7 @@ package auth
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"juwan-backend/app/users/rpc/pb"
|
||||
"juwan-backend/app/users/rpc/usercenter"
|
||||
"juwan-backend/common/utils/contextj"
|
||||
@@ -57,7 +58,8 @@ func (l *RegisterLogic) Register(req *types.RegisterReq) (resp *types.RegisterRe
|
||||
return nil, errors.New("hash password failed")
|
||||
}
|
||||
|
||||
requestId, err := contextj.RequestIdFrom(l.ctx)
|
||||
requestId, err := contextj.RIdFrom(l.ctx)
|
||||
logx.Infof("requestId: %s", requestId)
|
||||
if err != nil {
|
||||
logx.Errorf("contextj.RequestIdFrom failed: %v", err)
|
||||
return nil, errors.New("contextj.RequestIdFrom failed")
|
||||
@@ -73,7 +75,7 @@ func (l *RegisterLogic) Register(req *types.RegisterReq) (resp *types.RegisterRe
|
||||
})
|
||||
if err != nil {
|
||||
logx.Error("failed to register user: ", err)
|
||||
return nil, errors.New("failed to register user")
|
||||
return nil, errors.New(fmt.Sprintf("failed to register user: %v", err.Error()))
|
||||
}
|
||||
|
||||
// 返回响应
|
||||
|
||||
@@ -5,6 +5,9 @@ package user
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"juwan-backend/app/users/rpc/usercenter"
|
||||
"juwan-backend/common/utils/contextj"
|
||||
|
||||
"juwan-backend/app/users/api/internal/svc"
|
||||
"juwan-backend/app/users/api/internal/types"
|
||||
@@ -29,6 +32,19 @@ func NewFollowUserLogic(ctx context.Context, svcCtx *svc.ServiceContext) *Follow
|
||||
|
||||
func (l *FollowUserLogic) FollowUser(req *types.FollowUserReq) (resp *types.EmptyResp, err error) {
|
||||
// todo: add your logic here and delete this line
|
||||
userId, err := contextj.UserIDFrom(l.ctx)
|
||||
if err != nil {
|
||||
return nil, errors.New("unauthorized")
|
||||
}
|
||||
|
||||
return
|
||||
_, err = l.svcCtx.UserRpc.AddUserFollows(l.ctx, &usercenter.AddUserFollowsReq{
|
||||
FollowerId: userId,
|
||||
FolloweeId: req.Id,
|
||||
CreatedAt: 0,
|
||||
})
|
||||
if err != nil {
|
||||
logx.Errorf("add user follow err: %v", err)
|
||||
return nil, errors.New("failed to follow user")
|
||||
}
|
||||
return &types.EmptyResp{}, nil
|
||||
}
|
||||
|
||||
@@ -6,15 +6,15 @@ package user
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"juwan-backend/app/users/api/internal/svc"
|
||||
"juwan-backend/app/users/api/internal/types"
|
||||
"juwan-backend/app/users/rpc/usercenter"
|
||||
"juwan-backend/common/converter"
|
||||
"juwan-backend/common/utils/contextj"
|
||||
"time"
|
||||
|
||||
"juwan-backend/app/users/api/internal/svc"
|
||||
"juwan-backend/app/users/api/internal/types"
|
||||
|
||||
"github.com/jinzhu/copier"
|
||||
"github.com/zeromicro/go-zero/core/logx"
|
||||
"k8s.io/apimachinery/pkg/util/json"
|
||||
)
|
||||
|
||||
type GetMeLogic struct {
|
||||
@@ -35,19 +35,34 @@ func NewGetMeLogic(ctx context.Context, svcCtx *svc.ServiceContext) *GetMeLogic
|
||||
func (l *GetMeLogic) GetMe() (resp *types.User, err error) {
|
||||
userId, err := contextj.UserIDFrom(l.ctx)
|
||||
if err != nil {
|
||||
return nil, errors.New("illegal id")
|
||||
logx.Errorf("get user id from context: %v", err)
|
||||
return nil, errors.New("illegal user")
|
||||
}
|
||||
|
||||
user, err := l.svcCtx.UserRpc.GetUsersById(l.ctx, &usercenter.GetUsersByIdReq{
|
||||
Id: userId,
|
||||
})
|
||||
if err != nil {
|
||||
return nil, errors.New("get user by id error")
|
||||
logx.Errorf("GetMeLogic.GetUsersById err: %v", err)
|
||||
return nil, errors.New("get user failed")
|
||||
}
|
||||
err = converter.StructToStruct(user, &resp)
|
||||
createAt := time.Unix(user.Users.CreatedAt, 0)
|
||||
resp.CreatedAt = createAt.Format(time.DateTime)
|
||||
logx.Debugf("get user resp: %+v", user)
|
||||
|
||||
resp = &types.User{}
|
||||
|
||||
err = copier.Copy(&resp, user.Users)
|
||||
if err != nil {
|
||||
return nil, errors.New("to struct error")
|
||||
logx.Errorf("copier.Copy err: %v", err)
|
||||
return nil, errors.New("copy user failed")
|
||||
}
|
||||
|
||||
var verificationStatus map[string]string
|
||||
err = json.Unmarshal([]byte(user.Users.VerificationStatus), &verificationStatus)
|
||||
if err != nil {
|
||||
logx.Errorf("json.Unmarshal err: %v", err)
|
||||
}
|
||||
resp.VerifiedRoles = user.Users.VerifiedRoles
|
||||
resp.VerificationStatus = verificationStatus
|
||||
resp.CreatedAt = time.Unix(user.Users.CreatedAt, 0).Format(time.DateTime)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -32,7 +32,6 @@ func NewSwitchRoleLogic(ctx context.Context, svcCtx *svc.ServiceContext) *Switch
|
||||
}
|
||||
|
||||
func (l *SwitchRoleLogic) SwitchRole(req *types.SwitchRoleReq) (resp *types.EmptyResp, err error) {
|
||||
// todo: add your logic here and delete this line
|
||||
id, err := contextj.UserIDFrom(l.ctx)
|
||||
if err != nil {
|
||||
logx.Errorf("get user id from context: %v", err)
|
||||
|
||||
@@ -5,6 +5,9 @@ package user
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"juwan-backend/app/users/rpc/usercenter"
|
||||
"juwan-backend/common/utils/contextj"
|
||||
|
||||
"juwan-backend/app/users/api/internal/svc"
|
||||
"juwan-backend/app/users/api/internal/types"
|
||||
@@ -29,6 +32,18 @@ func NewUnfollowUserLogic(ctx context.Context, svcCtx *svc.ServiceContext) *Unfo
|
||||
|
||||
func (l *UnfollowUserLogic) UnfollowUser(req *types.UnfollowUserReq) (resp *types.EmptyResp, err error) {
|
||||
// todo: add your logic here and delete this line
|
||||
userId, err := contextj.UserIDFrom(l.ctx)
|
||||
if err != nil {
|
||||
return nil, errors.New("unauthorized")
|
||||
}
|
||||
|
||||
return
|
||||
_, err = l.svcCtx.UserRpc.DelUserFollows(l.ctx, &usercenter.DelUserFollowsReq{
|
||||
Id: req.Id,
|
||||
UserId: userId,
|
||||
})
|
||||
if err != nil {
|
||||
logx.Errorf("del user follow err: %v", err)
|
||||
return nil, errors.New("unfollow user failed")
|
||||
}
|
||||
return &types.EmptyResp{}, nil
|
||||
}
|
||||
|
||||
@@ -29,6 +29,5 @@ func NewUpdateNotificationSettingsLogic(ctx context.Context, svcCtx *svc.Service
|
||||
|
||||
func (l *UpdateNotificationSettingsLogic) UpdateNotificationSettings(req *types.UpdateNotifySettingsReq) (resp *types.EmptyResp, err error) {
|
||||
// todo: add your logic here and delete this line
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
@@ -33,7 +33,6 @@ func NewRejectVerificationLogic(ctx context.Context, svcCtx *svc.ServiceContext)
|
||||
var REJECTED = "rejected"
|
||||
|
||||
func (l *RejectVerificationLogic) RejectVerification(req *types.RejectVerificationReq) (resp *types.VerificationEmptyResp, err error) {
|
||||
// todo: add your logic here and delete this line
|
||||
adminId, err := contextj.AdminIdFrom(l.ctx)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
||||
@@ -36,13 +36,6 @@ func (l *ApplyVerificationLogic) ApplyVerification(req *types.ApplyVerificationR
|
||||
logx.Errorf("get user id from context: %v", err)
|
||||
return nil, contextj.ERRILLEGALUSER
|
||||
}
|
||||
verifications, err := l.svcCtx.UserVerificationsRpc.SearchUserVerifications(l.ctx, &pb.SearchUserVerificationsReq{
|
||||
UserId: userId,
|
||||
})
|
||||
if err != nil {
|
||||
logx.Errorf("search user verifications: %v", err)
|
||||
return nil, errors.New("search user verifications failed")
|
||||
}
|
||||
|
||||
materials, err := json.Marshal(req.Materials)
|
||||
if err != nil {
|
||||
@@ -50,18 +43,14 @@ func (l *ApplyVerificationLogic) ApplyVerification(req *types.ApplyVerificationR
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if verifications == nil || len(verifications.UserVerifications) == 0 {
|
||||
// 如果没有则增加
|
||||
_, err = l.svcCtx.UserVerificationsRpc.AddUserVerifications(l.ctx, &pb.AddUserVerificationsReq{
|
||||
Role: req.Role,
|
||||
Materials: string(materials),
|
||||
})
|
||||
if err != nil {
|
||||
logx.Errorf("add user verifications: %v", err)
|
||||
return nil, errors.New("add user verifications failed")
|
||||
}
|
||||
} else {
|
||||
|
||||
_, err = l.svcCtx.UserVerificationsRpc.AddOrUpdateUserVerifications(l.ctx, &pb.AddOrUpdateUserVerificationsReq{
|
||||
UserId: userId,
|
||||
Role: req.Role,
|
||||
Material: string(materials),
|
||||
})
|
||||
if err != nil {
|
||||
logx.Errorf("call AddOrUpdateUserVerifications: %v", err)
|
||||
return nil, errors.New("apply verification failed: " + err.Error())
|
||||
}
|
||||
|
||||
return &types.VerificationEmptyResp{}, nil
|
||||
|
||||
@@ -32,23 +32,21 @@ func NewGetMyVerificationsLogic(ctx context.Context, svcCtx *svc.ServiceContext)
|
||||
}
|
||||
|
||||
func (l *GetMyVerificationsLogic) GetMyVerifications() (resp *types.GetMyVerificationsResp, err error) {
|
||||
// todo: add your logic here and delete this line
|
||||
userId, err := contextj.UserIDFrom(l.ctx)
|
||||
if err != nil {
|
||||
logx.Errorf("get user id from context: %v", err)
|
||||
return nil, contextj.ERRILLEGALUSER
|
||||
}
|
||||
|
||||
verifications, err := l.svcCtx.UserVerificationsRpc.SearchUserVerifications(l.ctx, &pb.SearchUserVerificationsReq{
|
||||
verifications, err := l.svcCtx.UserVerificationsRpc.ListUserVerificationsByUserId(l.ctx, &pb.ListUserVerificationsByUserIdReq{
|
||||
UserId: userId,
|
||||
Page: 1,
|
||||
Limit: 100, // assuming a user won't have more than 100 verification records, adjust as needed
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
var searchResults []types.VerificationItem
|
||||
|
||||
for _, v := range verifications.UserVerifications {
|
||||
temp := types.VerificationItem{}
|
||||
err = copier.Copy(&temp, v)
|
||||
|
||||
@@ -4,8 +4,8 @@
|
||||
package types
|
||||
|
||||
type ApplyVerificationReq struct {
|
||||
Role string `json:"role"` // 申请什么角色
|
||||
Materials map[string]string `json:"materials"` // 证明材料键值对 {"idCardFront": "http...", "license": "http..."}
|
||||
Role string `json:"role"` // 申请什么角色
|
||||
Materials MaterialJson `json:"materials"` // 证明材料键值对 {"idCardFront": "http...", "license": "http..."}
|
||||
}
|
||||
|
||||
type EmptyResp struct {
|
||||
@@ -56,6 +56,13 @@ type LoginResp struct {
|
||||
type LogoutReq struct {
|
||||
}
|
||||
|
||||
type MaterialJson struct {
|
||||
IdCardFront string `json:"idCardFront"` // 身份证正面照片URL
|
||||
IdCardBack string `json:"idCardBack"` // 身份证反面照片URL
|
||||
GameScreenshots []string `json:"gameScreenshots"` // 游戏截图URL列表
|
||||
VoiceDemo string `json:"voiceDemo"` // 语音认证示例URL
|
||||
}
|
||||
|
||||
type RegisterReq struct {
|
||||
Phone string `json:"phone,omitempty,optional"`
|
||||
Email string `json:"email,omitempty,"`
|
||||
|
||||
@@ -6,6 +6,7 @@ package main
|
||||
import (
|
||||
"flag"
|
||||
"fmt"
|
||||
"juwan-backend/common/middlewares"
|
||||
|
||||
"juwan-backend/app/users/api/internal/config"
|
||||
"juwan-backend/app/users/api/internal/handler"
|
||||
@@ -24,6 +25,8 @@ func main() {
|
||||
conf.MustLoad(*configFile, &c)
|
||||
|
||||
server := rest.MustNewServer(c.RestConf)
|
||||
server.Use(middlewares.NewHeaderExtractorMiddleware().Handle)
|
||||
server.Use(middlewares.NewRequestMiddleware().Handle)
|
||||
defer server.Stop()
|
||||
|
||||
ctx := svc.NewServiceContext(c)
|
||||
|
||||
Reference in New Issue
Block a user