reface to openteam

2025-04-16 18:01:27 +08:00
parent bc223d6530
commit e7ffc9e8b9
92 changed files with 5345 additions and 1273 deletions
--- a/internal/service/user.go
+++ b/internal/service/user.go
@@ -0,0 +1,320 @@
+package service
+
+import (
+	"context"
+	"fmt"
+	"opencatd-open/internal/auth"
+	"opencatd-open/internal/consts"
+	"opencatd-open/internal/dao"
+	"opencatd-open/internal/dto"
+	"opencatd-open/internal/model"
+	"opencatd-open/internal/utils"
+	"strings"
+	"time"
+
+	"github.com/google/uuid"
+	"gorm.io/gorm"
+)
+
+type UserServiceImpl struct {
+	db       *gorm.DB
+	userRepo dao.UserRepository
+}
+
+func NewUserService(db *gorm.DB, userRepo dao.UserRepository) *UserServiceImpl {
+	return &UserServiceImpl{
+		db:       db,
+		userRepo: userRepo,
+	}
+}
+
+func (s *UserServiceImpl) Register(ctx context.Context, req *model.User) error {
+	var _user model.User
+	var count int64
+	err := s.db.Model(&model.User{}).Count(&count).Error
+	if err != nil {
+		return fmt.Errorf("username or email already exists")
+	}
+	if count == 0 {
+		_user.Name = "root"
+		_user.Role = utils.ToPtr(consts.RoleRoot)
+		_user.Active = utils.ToPtr(true)
+		_user.UnlimitedQuota = utils.ToPtr(true)
+	}
+	_user.Password, err = utils.HashPassword(req.Password)
+	if err != nil {
+		return err
+	}
+	_user.Username = req.Username
+	_user.Email = req.Email
+	_user.Tokens = []model.Token{
+		{
+			Name: "default",
+			Key:  "sk-team-" + strings.ReplaceAll(uuid.New().String(), "-", ""),
+		},
+	}
+
+	return s.userRepo.Create(&_user)
+}
+
+func (s *UserServiceImpl) Login(ctx context.Context, req *dto.User) (*dto.Auth, error) {
+	var _user model.User
+	if err := s.db.Model(&model.User{}).Where("username = ?", req.Username).First(&_user).Error; err != nil {
+		if err := s.db.Model(&model.User{}).Where("email = ?", req.Username).First(&_user).Error; err != nil {
+			return nil, err
+		}
+	}
+	if utils.CheckPassword(_user.Password, req.Password) {
+		day := 86400
+		at, err := auth.GenerateTokenPair(&_user, consts.SecretKey, time.Duration(day)*time.Second, time.Duration(day*7)*time.Second)
+		if err != nil {
+			return nil, err
+		}
+		return &dto.Auth{
+			Token:     at.AccessToken,
+			ExpiresIn: time.Now().Add(time.Duration(day) * time.Second).Unix(),
+		}, nil
+	}
+	return nil, fmt.Errorf("密码错误")
+}
+
+func (s *UserServiceImpl) Profile(ctx context.Context) (*model.User, error) {
+	id := ctx.Value("user_id").(int64)
+	return s.userRepo.GetByID(id)
+}
+
+func (s *UserServiceImpl) List(ctx context.Context, limit, offset int, active []string) ([]model.User, int64, error) {
+	userRoleValue := ctx.Value("user_role")
+	if userRoleValue == nil {
+		return nil, 0, fmt.Errorf("user role not found in context")
+	}
+
+	role, ok := userRoleValue.(*consts.UserRole)
+	if !ok {
+		return nil, 0, fmt.Errorf("user role in context is not an integer")
+	}
+
+	if *role < consts.RoleAdmin {
+		return nil, 0, fmt.Errorf("Unauthorized")
+	} else if *role < consts.RoleRoot { // 管理员只能查看普通用户
+		var condition = map[string]interface{}{"role = ?": consts.RoleUser}
+		if len(active) > 0 {
+			boolCondition := utils.StringToBool(active)
+			condition["active IN ?"] = boolCondition
+		}
+		return s.userRepo.List(limit, offset, condition)
+	} else {
+		var condition = make(map[string]interface{})
+		if len(active) > 0 {
+			boolCondition := utils.StringToBool(active)
+			condition["active IN ?"] = boolCondition
+		}
+		return s.userRepo.List(limit, offset, condition)
+	}
+}
+
+func (s *UserServiceImpl) Create(ctx context.Context, req *model.User) error {
+	userRoleValue := ctx.Value("user_role")
+	if userRoleValue == nil {
+		return fmt.Errorf("user role not found in context")
+	}
+
+	role, ok := userRoleValue.(*consts.UserRole)
+	if !ok {
+		return fmt.Errorf("user role in context is not an integer")
+	}
+	var _user model.User
+
+	if *role < consts.RoleAdmin {
+		return fmt.Errorf("Forbidden")
+	} else if *role < consts.RoleRoot {
+		_user.Role = utils.ToPtr(consts.RoleRoot)
+	} else {
+		_user.Role = req.Role
+	}
+	_user.Username = req.Username
+	_user.Name = req.Name
+	_user.Email = req.Email
+	_user.Active = req.Active
+	_user.Quota = req.Quota
+	_user.UnlimitedQuota = req.UnlimitedQuota
+	_user.Language = req.Language
+	if hashpass, err := utils.HashPassword(req.Password); err != nil {
+		return err
+	} else {
+		_user.Password = hashpass
+	}
+	_user.Tokens = []model.Token{
+		{
+			Name: "default",
+			Key:  "sk-team-" + strings.ReplaceAll(uuid.New().String(), "-", ""),
+		},
+	}
+
+	return s.userRepo.Create(&_user)
+}
+func (s *UserServiceImpl) GetByID(ctx context.Context, id int64) (*model.User, error) {
+	return s.userRepo.GetByID(id)
+}
+
+func (s *UserServiceImpl) Update(ctx context.Context, user *model.User) error {
+	_user := ctx.Value("user").(*model.User) // 被更新的用户
+	if _user == nil {
+		return fmt.Errorf("user not found in context")
+	}
+	userid := ctx.Value("user_id").(int64) // 操作者
+	userRoleValue := ctx.Value("user_role")
+	if userRoleValue == nil {
+		return fmt.Errorf("user role not found in context")
+	}
+
+	role, ok := userRoleValue.(*consts.UserRole) // 操作者角色
+	if !ok {
+		return fmt.Errorf("user role in context is not an integer")
+	}
+	switch {
+	case *role < consts.RoleAdmin:
+		if user.ID != userid {
+			return fmt.Errorf("Permission denied")
+		}
+	case *role == consts.RoleAdmin:
+		if *user.Role > *role { // 更新的用户角色不能高于操作者角色
+			return fmt.Errorf("Permission denied")
+		}
+		if *_user.Role >= *role { // 管理员之间不能被修改
+			return fmt.Errorf("Permission denied")
+		}
+	case *role > consts.RoleAdmin: // 根不能被修改
+		if user.ID == userid {
+			user.Role = role // root不能修改自己的角色
+		} else {
+			if user.Role != nil && user.Role == utils.ToPtr(consts.RoleRoot) {
+				return fmt.Errorf("Root user Only one can exist")
+			}
+		}
+	}
+
+	if user.Name != "" {
+		_user.Name = user.Name
+	}
+	if user.Username != "" {
+		_user.Username = user.Username
+	}
+	if user.Email != "" {
+		_user.Email = user.Email
+		_user.EmailVerified = utils.ToPtr(false)
+	}
+	if user.Active != nil {
+		_user.Active = user.Active
+	}
+	if user.Role != nil {
+		_user.Role = user.Role
+	}
+	if user.Active != nil {
+		_user.Active = user.Active
+	}
+	if user.Quota != nil {
+		_user.Quota = user.Quota
+	}
+	if user.UsedQuota != nil {
+		_user.UsedQuota = user.UsedQuota
+	}
+	if user.UnlimitedQuota != nil {
+		_user.UnlimitedQuota = user.UnlimitedQuota
+	}
+	if user.Timezone != "" {
+		_user.Timezone = user.Timezone
+	}
+	if user.Language != "" {
+		_user.Language = user.Language
+	}
+	return s.userRepo.Update(_user)
+}
+
+func (s *UserServiceImpl) Delete(ctx context.Context, id int64) error {
+	_user, err := s.userRepo.GetByID(id) // 被更新的用户
+	if err != nil {
+		return err
+	}
+	userid := ctx.Value("user_id").(int64)
+	userRoleValue := ctx.Value("user_role")
+	if userRoleValue == nil {
+		return fmt.Errorf("user role not found in context")
+	}
+	role, ok := userRoleValue.(*consts.UserRole) // 操作者
+	if !ok {
+		return fmt.Errorf("user role in context is not an integer")
+	}
+
+	switch {
+	case *role < consts.RoleAdmin:
+		if _user.ID != userid {
+			return fmt.Errorf("Permission denied")
+		}
+	case *role == consts.RoleAdmin:
+		if *_user.Role >= *role { // 管理员之间不能被修改
+			return fmt.Errorf("Permission denied")
+		}
+	case *_user.Role == consts.RoleRoot: // 根不能被修改
+		return fmt.Errorf("Root user can not be modified")
+	}
+
+	return s.userRepo.Delete(id)
+}
+
+func (s *UserServiceImpl) BatchDelete(ctx context.Context, ids []int64) error {
+	userRoleValue := ctx.Value("user_role")
+	if userRoleValue == nil {
+		return fmt.Errorf("user role not found in context")
+	}
+	role, ok := userRoleValue.(*consts.UserRole)
+	if !ok {
+		return fmt.Errorf("user role in context is not an integer")
+	}
+
+	switch {
+	case *role < consts.RoleAdmin:
+		return fmt.Errorf("Unauthorized")
+	case *role == consts.RoleAdmin:
+		return s.userRepo.BatchDelete(ids, []string{fmt.Sprintf("role < %d", role)})
+	}
+	return s.userRepo.BatchDelete(ids, []string{fmt.Sprintf("role < %d", consts.RoleRoot)})
+}
+
+func (s *UserServiceImpl) BatchEnable(ctx context.Context, ids []int64) error {
+	userRoleValue := ctx.Value("user_role")
+	if userRoleValue == nil {
+		return fmt.Errorf("user role not found in context")
+	}
+	role, ok := userRoleValue.(*consts.UserRole)
+	if !ok {
+		return fmt.Errorf("user role in context is not an integer")
+	}
+
+	switch {
+	case *role < consts.RoleAdmin:
+		return fmt.Errorf("Unauthorized")
+	case *role == consts.RoleAdmin:
+		return s.userRepo.BatchEnable(ids, []string{fmt.Sprintf("role < %d", role)})
+	}
+	return s.userRepo.BatchEnable(ids, nil)
+}
+
+func (s *UserServiceImpl) BatchDisable(ctx context.Context, ids []int64) error {
+	userRoleValue := ctx.Value("user_role")
+	if userRoleValue == nil {
+		return fmt.Errorf("user role not found in context")
+	}
+	role, ok := userRoleValue.(*consts.UserRole)
+	if !ok {
+		return fmt.Errorf("user role in context is not an integer")
+	}
+
+	switch {
+	case *role < consts.RoleAdmin:
+		return fmt.Errorf("Unauthorized")
+	case *role == consts.RoleAdmin:
+		return s.userRepo.BatchDisable(ids, []string{fmt.Sprintf("role < %d", role)})
+	}
+	return s.userRepo.BatchDisable(ids, nil)
+}