332 lines
8.9 KiB
Go
332 lines
8.9 KiB
Go
package service
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"opencatd-open/internal/auth"
|
|
"opencatd-open/internal/consts"
|
|
"opencatd-open/internal/dao"
|
|
"opencatd-open/internal/dto"
|
|
"opencatd-open/internal/model"
|
|
"opencatd-open/internal/utils"
|
|
"opencatd-open/pkg/config"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/google/uuid"
|
|
"gorm.io/gorm"
|
|
)
|
|
|
|
type UserServiceImpl struct {
|
|
cfg *config.Config
|
|
db *gorm.DB
|
|
userRepo dao.UserRepository
|
|
}
|
|
|
|
func NewUserService(cfg *config.Config, db *gorm.DB, userRepo dao.UserRepository) *UserServiceImpl {
|
|
return &UserServiceImpl{
|
|
cfg: cfg,
|
|
db: db,
|
|
userRepo: userRepo,
|
|
}
|
|
}
|
|
|
|
func (s *UserServiceImpl) Register(ctx context.Context, req *model.User) error {
|
|
var _user model.User
|
|
var count int64
|
|
err := s.db.Model(&model.User{}).Count(&count).Error
|
|
if err != nil {
|
|
return fmt.Errorf("username or email already exists")
|
|
}
|
|
if count == 0 {
|
|
_user.Name = "root"
|
|
_user.Role = utils.ToPtr(consts.RoleRoot)
|
|
_user.Active = utils.ToPtr(true)
|
|
_user.UnlimitedQuota = utils.ToPtr(true)
|
|
} else {
|
|
if !s.cfg.AllowRegister {
|
|
return fmt.Errorf("register is not allowed")
|
|
}
|
|
}
|
|
|
|
_user.Password, err = utils.HashPassword(req.Password)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
_user.Active = &s.cfg.DefaultActive
|
|
_user.UnlimitedQuota = &s.cfg.UnlimitedQuota
|
|
|
|
_user.Username = req.Username
|
|
_user.Email = req.Email
|
|
_user.Tokens = []model.Token{
|
|
{
|
|
Name: "default",
|
|
Key: "sk-team-" + strings.ReplaceAll(uuid.New().String(), "-", ""),
|
|
},
|
|
}
|
|
|
|
return s.userRepo.Create(&_user)
|
|
}
|
|
|
|
func (s *UserServiceImpl) Login(ctx context.Context, req *dto.User) (*dto.Auth, error) {
|
|
var _user model.User
|
|
if err := s.db.Model(&model.User{}).Where("username = ?", req.Username).First(&_user).Error; err != nil {
|
|
if err := s.db.Model(&model.User{}).Where("email = ?", req.Username).First(&_user).Error; err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
if utils.CheckPassword(_user.Password, req.Password) {
|
|
day := 86400
|
|
at, err := auth.GenerateTokenPair(&_user, consts.SecretKey, time.Duration(day)*time.Second, time.Duration(day*7)*time.Second)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return &dto.Auth{
|
|
Token: at.AccessToken,
|
|
ExpiresIn: time.Now().Add(time.Duration(day) * time.Second).Unix(),
|
|
}, nil
|
|
}
|
|
return nil, fmt.Errorf("密码错误")
|
|
}
|
|
|
|
func (s *UserServiceImpl) Profile(ctx context.Context) (*model.User, error) {
|
|
id := ctx.Value("user_id").(int64)
|
|
return s.userRepo.GetByID(id)
|
|
}
|
|
|
|
func (s *UserServiceImpl) List(ctx context.Context, limit, offset int, active []string) ([]model.User, int64, error) {
|
|
userRoleValue := ctx.Value("user_role")
|
|
if userRoleValue == nil {
|
|
return nil, 0, fmt.Errorf("user role not found in context")
|
|
}
|
|
|
|
role, ok := userRoleValue.(*consts.UserRole)
|
|
if !ok {
|
|
return nil, 0, fmt.Errorf("user role in context is not an integer")
|
|
}
|
|
|
|
if *role < consts.RoleAdmin {
|
|
return nil, 0, fmt.Errorf("Unauthorized")
|
|
} else if *role < consts.RoleRoot { // 管理员只能查看普通用户
|
|
var condition = map[string]interface{}{"role = ?": consts.RoleUser}
|
|
if len(active) > 0 {
|
|
boolCondition := utils.StringToBool(active)
|
|
condition["active IN ?"] = boolCondition
|
|
}
|
|
return s.userRepo.List(limit, offset, condition)
|
|
} else {
|
|
var condition = make(map[string]interface{})
|
|
if len(active) > 0 {
|
|
boolCondition := utils.StringToBool(active)
|
|
condition["active IN ?"] = boolCondition
|
|
}
|
|
return s.userRepo.List(limit, offset, condition)
|
|
}
|
|
}
|
|
|
|
func (s *UserServiceImpl) Create(ctx context.Context, req *model.User) error {
|
|
userRoleValue := ctx.Value("user_role")
|
|
if userRoleValue == nil {
|
|
return fmt.Errorf("user role not found in context")
|
|
}
|
|
|
|
role, ok := userRoleValue.(*consts.UserRole)
|
|
if !ok {
|
|
return fmt.Errorf("user role in context is not an integer")
|
|
}
|
|
var _user model.User
|
|
|
|
if *role < consts.RoleAdmin {
|
|
return fmt.Errorf("Forbidden")
|
|
} else if *role < consts.RoleRoot {
|
|
_user.Role = utils.ToPtr(consts.RoleRoot)
|
|
} else {
|
|
_user.Role = req.Role
|
|
}
|
|
_user.Username = req.Username
|
|
_user.Name = req.Name
|
|
_user.Email = req.Email
|
|
_user.Active = req.Active
|
|
_user.Quota = req.Quota
|
|
_user.UnlimitedQuota = req.UnlimitedQuota
|
|
_user.Language = req.Language
|
|
if hashpass, err := utils.HashPassword(req.Password); err != nil {
|
|
return err
|
|
} else {
|
|
_user.Password = hashpass
|
|
}
|
|
_user.Tokens = []model.Token{
|
|
{
|
|
Name: "default",
|
|
Key: "sk-team-" + strings.ReplaceAll(uuid.New().String(), "-", ""),
|
|
},
|
|
}
|
|
|
|
return s.userRepo.Create(&_user)
|
|
}
|
|
func (s *UserServiceImpl) GetByID(ctx context.Context, id int64) (*model.User, error) {
|
|
return s.userRepo.GetByID(id)
|
|
}
|
|
|
|
func (s *UserServiceImpl) Update(ctx context.Context, user *model.User) error {
|
|
_user := ctx.Value("user").(*model.User) // 被更新的用户
|
|
if _user == nil {
|
|
return fmt.Errorf("user not found in context")
|
|
}
|
|
userid := ctx.Value("user_id").(int64) // 操作者
|
|
userRoleValue := ctx.Value("user_role")
|
|
if userRoleValue == nil {
|
|
return fmt.Errorf("user role not found in context")
|
|
}
|
|
|
|
role, ok := userRoleValue.(*consts.UserRole) // 操作者角色
|
|
if !ok {
|
|
return fmt.Errorf("user role in context is not an integer")
|
|
}
|
|
switch {
|
|
case *role < consts.RoleAdmin:
|
|
if user.ID != userid {
|
|
return fmt.Errorf("Permission denied")
|
|
}
|
|
case *role == consts.RoleAdmin:
|
|
if *user.Role > *role { // 更新的用户角色不能高于操作者角色
|
|
return fmt.Errorf("Permission denied")
|
|
}
|
|
if *_user.Role >= *role { // 管理员之间不能被修改
|
|
return fmt.Errorf("Permission denied")
|
|
}
|
|
case *role > consts.RoleAdmin: // 根不能被修改
|
|
if user.ID == userid {
|
|
user.Role = role // root不能修改自己的角色
|
|
} else {
|
|
if user.Role != nil && user.Role == utils.ToPtr(consts.RoleRoot) {
|
|
return fmt.Errorf("Root user Only one can exist")
|
|
}
|
|
}
|
|
}
|
|
|
|
if user.Name != "" {
|
|
_user.Name = user.Name
|
|
}
|
|
if user.Username != "" {
|
|
_user.Username = user.Username
|
|
}
|
|
if user.Email != "" {
|
|
_user.Email = user.Email
|
|
_user.EmailVerified = utils.ToPtr(false)
|
|
}
|
|
if user.Active != nil {
|
|
_user.Active = user.Active
|
|
}
|
|
if user.Role != nil {
|
|
_user.Role = user.Role
|
|
}
|
|
if user.Active != nil {
|
|
_user.Active = user.Active
|
|
}
|
|
if user.Quota != nil {
|
|
_user.Quota = user.Quota
|
|
}
|
|
if user.UsedQuota != nil {
|
|
_user.UsedQuota = user.UsedQuota
|
|
}
|
|
if user.UnlimitedQuota != nil {
|
|
_user.UnlimitedQuota = user.UnlimitedQuota
|
|
}
|
|
if user.Timezone != "" {
|
|
_user.Timezone = user.Timezone
|
|
}
|
|
if user.Language != "" {
|
|
_user.Language = user.Language
|
|
}
|
|
return s.userRepo.Update(_user)
|
|
}
|
|
|
|
func (s *UserServiceImpl) Delete(ctx context.Context, id int64) error {
|
|
_user, err := s.userRepo.GetByID(id) // 被更新的用户
|
|
if err != nil {
|
|
return err
|
|
}
|
|
userid := ctx.Value("user_id").(int64)
|
|
userRoleValue := ctx.Value("user_role")
|
|
if userRoleValue == nil {
|
|
return fmt.Errorf("user role not found in context")
|
|
}
|
|
role, ok := userRoleValue.(*consts.UserRole) // 操作者
|
|
if !ok {
|
|
return fmt.Errorf("user role in context is not an integer")
|
|
}
|
|
|
|
switch {
|
|
case *role < consts.RoleAdmin:
|
|
if _user.ID != userid {
|
|
return fmt.Errorf("Permission denied")
|
|
}
|
|
case *role == consts.RoleAdmin:
|
|
if *_user.Role >= *role { // 管理员之间不能被修改
|
|
return fmt.Errorf("Permission denied")
|
|
}
|
|
case *_user.Role == consts.RoleRoot: // 根不能被修改
|
|
return fmt.Errorf("Root user can not be modified")
|
|
}
|
|
|
|
return s.userRepo.Delete(id)
|
|
}
|
|
|
|
func (s *UserServiceImpl) BatchDelete(ctx context.Context, ids []int64) error {
|
|
userRoleValue := ctx.Value("user_role")
|
|
if userRoleValue == nil {
|
|
return fmt.Errorf("user role not found in context")
|
|
}
|
|
role, ok := userRoleValue.(*consts.UserRole)
|
|
if !ok {
|
|
return fmt.Errorf("user role in context is not an integer")
|
|
}
|
|
|
|
switch {
|
|
case *role < consts.RoleAdmin:
|
|
return fmt.Errorf("Unauthorized")
|
|
case *role == consts.RoleAdmin:
|
|
return s.userRepo.BatchDelete(ids, []string{fmt.Sprintf("role < %d", role)})
|
|
}
|
|
return s.userRepo.BatchDelete(ids, []string{fmt.Sprintf("role < %d", consts.RoleRoot)})
|
|
}
|
|
|
|
func (s *UserServiceImpl) BatchEnable(ctx context.Context, ids []int64) error {
|
|
userRoleValue := ctx.Value("user_role")
|
|
if userRoleValue == nil {
|
|
return fmt.Errorf("user role not found in context")
|
|
}
|
|
role, ok := userRoleValue.(*consts.UserRole)
|
|
if !ok {
|
|
return fmt.Errorf("user role in context is not an integer")
|
|
}
|
|
|
|
switch {
|
|
case *role < consts.RoleAdmin:
|
|
return fmt.Errorf("Unauthorized")
|
|
case *role == consts.RoleAdmin:
|
|
return s.userRepo.BatchEnable(ids, []string{fmt.Sprintf("role < %d", role)})
|
|
}
|
|
return s.userRepo.BatchEnable(ids, nil)
|
|
}
|
|
|
|
func (s *UserServiceImpl) BatchDisable(ctx context.Context, ids []int64) error {
|
|
userRoleValue := ctx.Value("user_role")
|
|
if userRoleValue == nil {
|
|
return fmt.Errorf("user role not found in context")
|
|
}
|
|
role, ok := userRoleValue.(*consts.UserRole)
|
|
if !ok {
|
|
return fmt.Errorf("user role in context is not an integer")
|
|
}
|
|
|
|
switch {
|
|
case *role < consts.RoleAdmin:
|
|
return fmt.Errorf("Unauthorized")
|
|
case *role == consts.RoleAdmin:
|
|
return s.userRepo.BatchDisable(ids, []string{fmt.Sprintf("role < %d", role)})
|
|
}
|
|
return s.userRepo.BatchDisable(ids, nil)
|
|
}
|