[feature/backend] implement /users handler + switch to username + add display name + user management cli

2025-02-21 04:30:07 +08:00 · 2025-02-21 04:30:07 +08:00 · 86ab334bc9
commit 86ab334bc9
parent 1d712d4e6c
38 changed files with 1851 additions and 506 deletions
--- a/backend/internal/handler/auth.go
+++ b/backend/internal/handler/auth.go
@ -7,16 +7,18 @@ import (
    "github.com/gin-gonic/gin"
    "github.com/golang-jwt/jwt/v5"
    "github.com/rs/zerolog/log"
+    "golang.org/x/crypto/bcrypt"
 )

 type RegisterRequest struct {
+    Username string `json:"username" binding:"required"`
    Email    string `json:"email" binding:"required,email"`
    Password string `json:"password" binding:"required,min=8"`
    Role     string `json:"role" binding:"required,oneof=admin editor contributor"`
 }

 type LoginRequest struct {
-    Email    string `json:"email" binding:"required,email"`
+    Username string `json:"username" binding:"required,min=3,max=32"`
    Password string `json:"password" binding:"required"`
 }

@ -31,7 +33,7 @@ func (h *Handler) Register(c *gin.Context) {
        return
    }

-    user, err := h.service.CreateUser(c.Request.Context(), req.Email, req.Password, req.Role)
+    user, err := h.service.CreateUser(c.Request.Context(), req.Username, req.Email, req.Password, req.Role)
    if err != nil {
        log.Error().Err(err).Msg("Failed to create user")
        c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to create user"})
@ -76,14 +78,20 @@ func (h *Handler) Login(c *gin.Context) {
        return
    }

-    user, err := h.service.GetUserByEmail(c.Request.Context(), req.Email)
+    user, err := h.service.GetUserByUsername(c.Request.Context(), req.Username)
    if err != nil {
-        c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid credentials"})
+        c.JSON(http.StatusUnauthorized, gin.H{
+            "error": "Invalid username or password",
+        })
        return
    }

-    if !h.service.ValidatePassword(c.Request.Context(), user, req.Password) {
-        c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid credentials"})
+    // 验证密码
+    err = bcrypt.CompareHashAndPassword([]byte(user.PasswordHash), []byte(req.Password))
+    if err != nil {
+        c.JSON(http.StatusUnauthorized, gin.H{
+            "error": "Invalid username or password",
+        })
        return
    }

@ -91,7 +99,9 @@ func (h *Handler) Login(c *gin.Context) {
    roles, err := h.service.GetUserRoles(c.Request.Context(), user.ID)
    if err != nil {
        log.Error().Err(err).Msg("Failed to get user roles")
-        c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to get user roles"})
+        c.JSON(http.StatusInternalServerError, gin.H{
+            "error": "Failed to get user roles",
+        })
        return
    }

@ -111,7 +121,9 @@ func (h *Handler) Login(c *gin.Context) {
    tokenString, err := token.SignedString([]byte(h.cfg.JWT.Secret))
    if err != nil {
        log.Error().Err(err).Msg("Failed to generate token")
-        c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to generate token"})
+        c.JSON(http.StatusInternalServerError, gin.H{
+            "error": "Failed to generate token",
+        })
        return
    }

--- a/backend/internal/handler/auth_handler_test.go
+++ b/backend/internal/handler/auth_handler_test.go
@ -3,10 +3,11 @@ package handler
 import (
 	"bytes"
 	"encoding/json"
-	"errors"
+	"fmt"
 	"net/http"
 	"net/http/httptest"
 	"testing"
+
 	"tss-rocks-be/ent"
 	"tss-rocks-be/internal/config"
 	"tss-rocks-be/internal/service/mock"
@ -14,6 +15,7 @@ import (
 	"github.com/gin-gonic/gin"
 	"github.com/stretchr/testify/suite"
 	"go.uber.org/mock/gomock"
+	"golang.org/x/crypto/bcrypt"
 )

 type AuthHandlerTestSuite struct {
@ -54,20 +56,21 @@ func (s *AuthHandlerTestSuite) TestRegister() {
 		{
 			name: "成功注册",
 			request: RegisterRequest{
+				Username: "testuser",
 				Email:    "test@example.com",
 				Password: "password123",
 				Role:     "contributor",
 			},
 			setupMock: func() {
-				user := &ent.User{
-					ID:    1,
-					Email: "test@example.com",
-				}
 				s.service.EXPECT().
-					CreateUser(gomock.Any(), "test@example.com", "password123", "contributor").
-					Return(user, nil)
+					CreateUser(gomock.Any(), "testuser", "test@example.com", "password123", "contributor").
+					Return(&ent.User{
+						ID:       1,
+						Username: "testuser",
+						Email:    "test@example.com",
+					}, nil)
 				s.service.EXPECT().
-					GetUserRoles(gomock.Any(), user.ID).
+					GetUserRoles(gomock.Any(), 1).
 					Return([]*ent.Role{{ID: 1, Name: "contributor"}}, nil)
 			},
 			expectedStatus: http.StatusCreated,
@ -75,6 +78,7 @@ func (s *AuthHandlerTestSuite) TestRegister() {
 		{
 			name: "无效的邮箱格式",
 			request: RegisterRequest{
+				Username: "testuser",
 				Email:    "invalid-email",
 				Password: "password123",
 				Role:     "contributor",
@ -86,6 +90,7 @@ func (s *AuthHandlerTestSuite) TestRegister() {
 		{
 			name: "密码太短",
 			request: RegisterRequest{
+				Username: "testuser",
 				Email:    "test@example.com",
 				Password: "short",
 				Role:     "contributor",
@ -97,6 +102,7 @@ func (s *AuthHandlerTestSuite) TestRegister() {
 		{
 			name: "无效的角色",
 			request: RegisterRequest{
+				Username: "testuser",
 				Email:    "test@example.com",
 				Password: "password123",
 				Role:     "invalid-role",
@ -151,91 +157,95 @@ func (s *AuthHandlerTestSuite) TestLogin() {
 		{
 			name: "成功登录",
 			request: LoginRequest{
-				Email:    "test@example.com",
+				Username: "testuser",
 				Password: "password123",
 			},
 			setupMock: func() {
+				// 使用 bcrypt 生成正确的密码哈希
+				hashedPassword, _ := bcrypt.GenerateFromPassword([]byte("password123"), bcrypt.DefaultCost)
 				user := &ent.User{
-					ID:    1,
-					Email: "test@example.com",
+					ID:           1,
+					Username:     "testuser",
+					PasswordHash: string(hashedPassword),
 				}
 				s.service.EXPECT().
-					GetUserByEmail(gomock.Any(), "test@example.com").
+					GetUserByUsername(gomock.Any(), "testuser").
 					Return(user, nil)
-				s.service.EXPECT().
-					ValidatePassword(gomock.Any(), user, "password123").
-					Return(true)
 				s.service.EXPECT().
 					GetUserRoles(gomock.Any(), user.ID).
-					Return([]*ent.Role{{ID: 1, Name: "contributor"}}, nil)
+					Return([]*ent.Role{{Name: "admin"}}, nil)
 			},
 			expectedStatus: http.StatusOK,
 		},
 		{
-			name: "无效的邮箱格式",
+			name: "无效的用户名",
 			request: LoginRequest{
-				Email:    "invalid-email",
+				Username: "invalid",
 				Password: "password123",
 			},
-			setupMock:      func() {},
-			expectedStatus: http.StatusBadRequest,
-			expectedError:  "Key: 'LoginRequest.Email' Error:Field validation for 'Email' failed on the 'email' tag",
+			setupMock: func() {
+				s.service.EXPECT().
+					GetUserByUsername(gomock.Any(), "invalid").
+					Return(nil, fmt.Errorf("user not found"))
+			},
+			expectedStatus: http.StatusUnauthorized,
+			expectedError:  "Invalid username or password",
 		},
 		{
 			name: "用户不存在",
 			request: LoginRequest{
-				Email:    "nonexistent@example.com",
+				Username: "nonexistent",
 				Password: "password123",
 			},
 			setupMock: func() {
 				s.service.EXPECT().
-					GetUserByEmail(gomock.Any(), "nonexistent@example.com").
-					Return(nil, errors.New("user not found"))
+					GetUserByUsername(gomock.Any(), "nonexistent").
+					Return(nil, fmt.Errorf("user not found"))
 			},
 			expectedStatus: http.StatusUnauthorized,
-			expectedError:  "Invalid credentials",
+			expectedError:  "Invalid username or password",
 		},
 		{
 			name: "密码错误",
 			request: LoginRequest{
-				Email:    "test@example.com",
+				Username: "testuser",
 				Password: "wrong-password",
 			},
 			setupMock: func() {
+				// 使用 bcrypt 生成正确的密码哈希
+				hashedPassword, _ := bcrypt.GenerateFromPassword([]byte("password123"), bcrypt.DefaultCost)
 				user := &ent.User{
-					ID:    1,
-					Email: "test@example.com",
+					ID:           1,
+					Username:     "testuser",
+					PasswordHash: string(hashedPassword),
 				}
 				s.service.EXPECT().
-					GetUserByEmail(gomock.Any(), "test@example.com").
+					GetUserByUsername(gomock.Any(), "testuser").
 					Return(user, nil)
-				s.service.EXPECT().
-					ValidatePassword(gomock.Any(), user, "wrong-password").
-					Return(false)
 			},
 			expectedStatus: http.StatusUnauthorized,
-			expectedError:  "Invalid credentials",
+			expectedError:  "Invalid username or password",
 		},
 		{
 			name: "获取用户角色失败",
 			request: LoginRequest{
-				Email:    "test@example.com",
+				Username: "testuser",
 				Password: "password123",
 			},
 			setupMock: func() {
+				// 使用 bcrypt 生成正确的密码哈希
+				hashedPassword, _ := bcrypt.GenerateFromPassword([]byte("password123"), bcrypt.DefaultCost)
 				user := &ent.User{
-					ID:    1,
-					Email: "test@example.com",
+					ID:           1,
+					Username:     "testuser",
+					PasswordHash: string(hashedPassword),
 				}
 				s.service.EXPECT().
-					GetUserByEmail(gomock.Any(), "test@example.com").
+					GetUserByUsername(gomock.Any(), "testuser").
 					Return(user, nil)
-				s.service.EXPECT().
-					ValidatePassword(gomock.Any(), user, "password123").
-					Return(true)
 				s.service.EXPECT().
 					GetUserRoles(gomock.Any(), user.ID).
-					Return(nil, errors.New("failed to get roles"))
+					Return(nil, fmt.Errorf("failed to get roles"))
 			},
 			expectedStatus: http.StatusInternalServerError,
 			expectedError:  "Failed to get user roles",
--- a/backend/internal/handler/handler.go
+++ b/backend/internal/handler/handler.go
@ -34,6 +34,18 @@ func (h *Handler) RegisterRoutes(r *gin.Engine) {
 			auth.POST("/login", h.Login)
 		}

+		// User routes
+		users := api.Group("/users")
+		{
+			users.GET("", h.ListUsers)
+			users.POST("", h.CreateUser)
+			users.GET("/:id", h.GetUser)
+			users.PUT("/:id", h.UpdateUser)
+			users.DELETE("/:id", h.DeleteUser)
+			users.GET("/me", h.GetCurrentUser)
+			users.PUT("/me", h.UpdateCurrentUser)
+		}
+
 		// Category routes
 		categories := api.Group("/categories")
 		{
--- a/backend/internal/handler/user.go
+++ b/backend/internal/handler/user.go
@ -0,0 +1,227 @@
+package handler
+
+import (
+	"net/http"
+	"strconv"
+
+	"github.com/gin-gonic/gin"
+	"github.com/rs/zerolog/log"
+	"tss-rocks-be/internal/types"
+)
+
+type UpdateCurrentUserRequest struct {
+	Email           string `json:"email,omitempty" binding:"omitempty,email"`
+	CurrentPassword string `json:"current_password,omitempty"`
+	NewPassword     string `json:"new_password,omitempty" binding:"omitempty,min=8"`
+	DisplayName     string `json:"display_name,omitempty" binding:"omitempty,max=64"`
+}
+
+type CreateUserRequest struct {
+	Email       string `json:"email" binding:"required,email"`
+	Password    string `json:"password" binding:"required,min=8"`
+	Role        string `json:"role" binding:"required,oneof=admin editor"`
+	DisplayName string `json:"display_name,omitempty" binding:"omitempty,max=64"`
+}
+
+type UpdateUserRequest struct {
+	Email       string `json:"email,omitempty" binding:"omitempty,email"`
+	Password    string `json:"password,omitempty" binding:"omitempty,min=8"`
+	Role        string `json:"role,omitempty" binding:"omitempty,oneof=admin editor"`
+	Status      string `json:"status,omitempty" binding:"omitempty,oneof=active inactive"`
+	DisplayName string `json:"display_name,omitempty" binding:"omitempty,max=64"`
+}
+
+// ListUsers returns a list of users
+func (h *Handler) ListUsers(c *gin.Context) {
+	// Parse query parameters
+	params := &types.ListUsersParams{
+		Page:    1,
+		PerPage: 10,
+	}
+
+	if page := c.Query("page"); page != "" {
+		if p, err := strconv.Atoi(page); err == nil && p > 0 {
+			params.Page = p
+		}
+	}
+
+	if perPage := c.Query("per_page"); perPage != "" {
+		if pp, err := strconv.Atoi(perPage); err == nil && pp > 0 {
+			params.PerPage = pp
+		}
+	}
+
+	params.Sort = c.Query("sort")
+	params.Role = c.Query("role")
+	params.Status = c.Query("status")
+	params.Email = c.Query("email")
+
+	// Get users
+	users, err := h.service.ListUsers(c.Request.Context(), params)
+	if err != nil {
+		log.Error().Err(err).Msg("Failed to list users")
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to list users"})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"data": users,
+	})
+}
+
+// CreateUser creates a new user
+func (h *Handler) CreateUser(c *gin.Context) {
+	var req CreateUserRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	user, err := h.service.CreateUser(c.Request.Context(), req.Email, req.Email, req.Password, req.Role)
+	if err != nil {
+		log.Error().Err(err).Msg("Failed to create user")
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to create user"})
+		return
+	}
+
+	c.JSON(http.StatusCreated, gin.H{
+		"data": user,
+	})
+}
+
+// GetUser returns user details
+func (h *Handler) GetUser(c *gin.Context) {
+	id, err := strconv.Atoi(c.Param("id"))
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid user ID"})
+		return
+	}
+
+	user, err := h.service.GetUser(c.Request.Context(), id)
+	if err != nil {
+		log.Error().Err(err).Msg("Failed to get user")
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to get user"})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"data": user,
+	})
+}
+
+// UpdateUser updates user information
+func (h *Handler) UpdateUser(c *gin.Context) {
+	id, err := strconv.Atoi(c.Param("id"))
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid user ID"})
+		return
+	}
+
+	var req UpdateUserRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	user, err := h.service.UpdateUser(c.Request.Context(), id, &types.UpdateUserInput{
+		Email:       req.Email,
+		Password:    req.Password,
+		Role:        req.Role,
+		Status:      req.Status,
+		DisplayName: req.DisplayName,
+	})
+	if err != nil {
+		log.Error().Err(err).Msg("Failed to update user")
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to update user"})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"data": user,
+	})
+}
+
+// DeleteUser deletes a user
+func (h *Handler) DeleteUser(c *gin.Context) {
+	id, err := strconv.Atoi(c.Param("id"))
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid user ID"})
+		return
+	}
+
+	if err := h.service.DeleteUser(c.Request.Context(), id); err != nil {
+		log.Error().Err(err).Msg("Failed to delete user")
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to delete user"})
+		return
+	}
+
+	c.Status(http.StatusNoContent)
+}
+
+// GetCurrentUser returns the current user's information
+func (h *Handler) GetCurrentUser(c *gin.Context) {
+	// 从上下文中获取用户ID（由认证中间件设置）
+	userID, exists := c.Get("user_id")
+	if !exists {
+		c.JSON(http.StatusUnauthorized, gin.H{"error": "Unauthorized"})
+		return
+	}
+
+	// 获取用户信息
+	user, err := h.service.GetUser(c.Request.Context(), userID.(int))
+	if err != nil {
+		log.Error().Err(err).Msg("Failed to get user")
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to get user information"})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"data": user,
+	})
+}
+
+// UpdateCurrentUser updates the current user's information
+func (h *Handler) UpdateCurrentUser(c *gin.Context) {
+	// 从上下文中获取用户ID（由认证中间件设置）
+	userID, exists := c.Get("user_id")
+	if !exists {
+		c.JSON(http.StatusUnauthorized, gin.H{"error": "Unauthorized"})
+		return
+	}
+
+	var req UpdateCurrentUserRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	// 如果要更新密码，需要验证当前密码
+	if req.NewPassword != "" {
+		if req.CurrentPassword == "" {
+			c.JSON(http.StatusBadRequest, gin.H{"error": "Current password is required to update password"})
+			return
+		}
+
+		// 验证当前密码
+		if err := h.service.VerifyPassword(c.Request.Context(), userID.(int), req.CurrentPassword); err != nil {
+			c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid current password"})
+			return
+		}
+	}
+
+	// 更新用户信息
+	user, err := h.service.UpdateUser(c.Request.Context(), userID.(int), &types.UpdateUserInput{
+		Email:       req.Email,
+		Password:    req.NewPassword,
+		DisplayName: req.DisplayName,
+	})
+	if err != nil {
+		log.Error().Err(err).Msg("Failed to update user")
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to update user information"})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"data": user,
+	})
+}