diff --git a/Dockerfile b/Dockerfile index 48c10c0..74d41df 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,11 +24,11 @@ RUN BUILD_TIME=$(date -u +"%Y-%m-%d %H:%M:%S") && \ go build -ldflags="-s -w -X 'github.com/perfect-panel/server/pkg/constant.Version=${VERSION}' -X 'github.com/perfect-panel/server/pkg/constant.BuildTime=${BUILD_TIME}'" -o /app/ppanel ppanel.go # Final minimal image -FROM alpine:latest +FROM scratch # Copy CA certificates and timezone data COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ -COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo +COPY --from=builder /usr/share/zoneinfo/Asia/Shanghai /usr/share/zoneinfo/Asia/Shanghai ENV TZ=Asia/Shanghai @@ -36,6 +36,7 @@ ENV TZ=Asia/Shanghai WORKDIR /app COPY --from=builder /app/ppanel /app/ppanel +COPY --from=builder /build/etc /app/etc # Expose the port (optional) EXPOSE 8080 diff --git a/apis/public/user.api b/apis/public/user.api index 931b361..9dd79f5 100644 --- a/apis/public/user.api +++ b/apis/public/user.api @@ -104,16 +104,16 @@ type ( BindEmailWithVerificationResponse { Success bool `json:"success"` Message string `json:"message,omitempty"` + Token string `json:"token,omitempty"` // 设备关联后的新Token + UserId int64 `json:"user_id,omitempty"` // 目标用户ID + } + GetDeviceListResponse { + List []UserDevice `json:"list"` + Total int64 `json:"total"` + } + UnbindDeviceRequest { + Id int64 `json:"id" validate:"required"` } - - GetDeviceListResponse { - List []UserDevice `json:"list"` - Total int64 `json:"total"` - } - - UnbindDeviceRequest { - Id int64 `json:"id" validate:"required"` - } ) @server ( @@ -210,16 +210,12 @@ service ppanel { @handler UpdateBindEmail put /bind_email (UpdateBindEmailRequest) - @doc "Bind Email With Verification" - @handler BindEmailWithVerification - post /bind_email_with_verification (BindEmailWithVerificationRequest) returns (BindEmailWithVerificationResponse) + @doc "Get Device List" + @handler GetDeviceList + get /devices returns (GetDeviceListResponse) - @doc "Get Device List" - @handler GetDeviceList - get /devices returns (GetDeviceListResponse) - - @doc "Unbind Device" - @handler UnbindDevice - put /unbind_device (UnbindDeviceRequest) + @doc "Unbind Device" + @handler UnbindDevice + put /unbind_device (UnbindDeviceRequest) } diff --git a/apis/types.api b/apis/types.api index 886b2fe..3cecd4a 100644 --- a/apis/types.api +++ b/apis/types.api @@ -115,7 +115,7 @@ type ( AuthConfig { Mobile MobileAuthenticateConfig `json:"mobile"` Email EmailAuthticateConfig `json:"email"` - Device DeviceAuthticateConfig `json:"device"` + Device DeviceAuthticateConfig `json:"device"` Register PubilcRegisterConfig `json:"register"` } PubilcRegisterConfig { @@ -135,14 +135,12 @@ type ( EnableDomainSuffix bool `json:"enable_domain_suffix"` DomainSuffixList string `json:"domain_suffix_list"` } - - DeviceAuthticateConfig { - Enable bool `json:"enable"` - ShowAds bool `json:"show_ads"` - EnableSecurity bool `json:"enable_security"` - OnlyRealDevice bool `json:"only_real_device"` - } - + DeviceAuthticateConfig { + Enable bool `json:"enable"` + ShowAds bool `json:"show_ads"` + EnableSecurity bool `json:"enable_security"` + OnlyRealDevice bool `json:"only_real_device"` + } RegisterConfig { StopRegister bool `json:"stop_register"` EnableTrial bool `json:"enable_trial"` @@ -217,7 +215,6 @@ type ( UnitPrice int64 `json:"unit_price"` UnitTime string `json:"unit_time"` Discount []SubscribeDiscount `json:"discount"` - NodeCount int64 `json:"node_count"` Replacement int64 `json:"replacement"` Inventory int64 `json:"inventory"` Traffic int64 `json:"traffic"` @@ -674,7 +671,6 @@ type ( List []SubscribeGroup `json:"list"` Total int64 `json:"total"` } - GetUserSubscribeTrafficLogsRequest { Page int `form:"page"` Size int `form:"size"` diff --git a/initialize/migrate/database/02116_site_custom_data.down.sql b/initialize/migrate/database/02116_site_custom_data.down.sql deleted file mode 100644 index b959fa7..0000000 --- a/initialize/migrate/database/02116_site_custom_data.down.sql +++ /dev/null @@ -1,7 +0,0 @@ -INSERT INTO `ppanel`.`system` (`category`, `key`, `value`, `type`, `desc`, `created_at`, `updated_at`) -SELECT 'site', 'CustomData', '{ - "kr_website_id": "" -}', 'string', 'Custom Data', '2025-04-22 14:25:16.637', '2025-10-14 15:47:19.187' - WHERE NOT EXISTS ( - SELECT 1 FROM `ppanel`.`system` WHERE `category` = 'site' AND `key` = 'CustomData' -); diff --git a/initialize/migrate/database/02116_site_custom_data.up.sql b/initialize/migrate/database/02116_site_custom_data.up.sql deleted file mode 100644 index b959fa7..0000000 --- a/initialize/migrate/database/02116_site_custom_data.up.sql +++ /dev/null @@ -1,7 +0,0 @@ -INSERT INTO `ppanel`.`system` (`category`, `key`, `value`, `type`, `desc`, `created_at`, `updated_at`) -SELECT 'site', 'CustomData', '{ - "kr_website_id": "" -}', 'string', 'Custom Data', '2025-04-22 14:25:16.637', '2025-10-14 15:47:19.187' - WHERE NOT EXISTS ( - SELECT 1 FROM `ppanel`.`system` WHERE `category` = 'site' AND `key` = 'CustomData' -); diff --git a/initialize/migrate/database/02119_user_algo.down.sql b/initialize/migrate/database/02116_user_algo.down.sql similarity index 100% rename from initialize/migrate/database/02119_user_algo.down.sql rename to initialize/migrate/database/02116_user_algo.down.sql diff --git a/initialize/migrate/database/02119_user_algo.up.sql b/initialize/migrate/database/02116_user_algo.up.sql similarity index 100% rename from initialize/migrate/database/02119_user_algo.up.sql rename to initialize/migrate/database/02116_user_algo.up.sql diff --git a/initialize/migrate/database/02118_traffic_log_idx.up.sql b/initialize/migrate/database/02118_traffic_log_idx.up.sql index cdd308f..7928a61 100644 --- a/initialize/migrate/database/02118_traffic_log_idx.up.sql +++ b/initialize/migrate/database/02118_traffic_log_idx.up.sql @@ -1 +1,2 @@ -ALTER TABLE traffic_log ADD INDEX idx_timestamp (timestamp); +ALTER TABLE traffic_log ADD INDEX IF NOT EXISTS idx_timestamp (timestamp); + diff --git a/internal/config/cacheKey.go b/internal/config/cacheKey.go index 655ce55..b2b290b 100644 --- a/internal/config/cacheKey.go +++ b/internal/config/cacheKey.go @@ -39,6 +39,9 @@ const VerifyCodeConfigKey = "system:verify_code_config" // SessionIdKey cache session key const SessionIdKey = "auth:session_id" +// DeviceCacheKeyKey cache session key +const DeviceCacheKeyKey = "auth:device_identifier" + // GlobalConfigKey Global Config Key const GlobalConfigKey = "system:global_config" diff --git a/internal/handler/app/deviceWebSocketHandler.go b/internal/handler/app/deviceWebSocketHandler.go deleted file mode 100644 index 7a09e39..0000000 --- a/internal/handler/app/deviceWebSocketHandler.go +++ /dev/null @@ -1,46 +0,0 @@ -package app - -import ( - "strconv" - - "github.com/gin-gonic/gin" - "github.com/perfect-panel/server/internal/svc" - "github.com/perfect-panel/server/pkg/logger" - "github.com/perfect-panel/server/pkg/result" -) - -// Device WebSocket Handler -func DeviceWebSocketHandler(svcCtx *svc.ServiceContext) func(c *gin.Context) { - return func(c *gin.Context) { - // 获取用户ID - userIDStr := c.Param("userid") - userID, err := strconv.ParseInt(userIDStr, 10, 64) - if err != nil { - logger.WithContext(c.Request.Context()).Error("[DeviceWebSocketHandler] Invalid user ID", logger.Field("userid", userIDStr), logger.Field("error", err.Error())) - result.ParamErrorResult(c, err) - return - } - - // 获取设备号 - deviceNumber := c.Param("device_number") - if deviceNumber == "" { - logger.WithContext(c.Request.Context()).Error("[DeviceWebSocketHandler] Device number is required") - result.ParamErrorResult(c, nil) - return - } - - // 获取Authorization header作为session - authorization := c.GetHeader("Authorization") - if authorization == "" { - logger.WithContext(c.Request.Context()).Error("[DeviceWebSocketHandler] Authorization header is required") - result.ParamErrorResult(c, nil) - return - } - - // 获取最大设备数量配置,默认为3 - maxDevices := 3 - - // 使用设备管理器添加设备 - svcCtx.DeviceManager.AddDevice(c.Writer, c.Request, authorization, userID, deviceNumber, maxDevices) - } -} diff --git a/internal/handler/public/user/bindInviteCodeHandler.go b/internal/handler/public/user/bindInviteCodeHandler.go deleted file mode 100644 index 5a06ce9..0000000 --- a/internal/handler/public/user/bindInviteCodeHandler.go +++ /dev/null @@ -1,26 +0,0 @@ -package user - -import ( - "github.com/gin-gonic/gin" - "github.com/perfect-panel/server/internal/logic/public/user" - "github.com/perfect-panel/server/internal/svc" - "github.com/perfect-panel/server/internal/types" - "github.com/perfect-panel/server/pkg/result" -) - -// Bind Invite Code -func BindInviteCodeHandler(svcCtx *svc.ServiceContext) func(c *gin.Context) { - return func(c *gin.Context) { - var req types.BindInviteCodeRequest - _ = c.ShouldBind(&req) - validateErr := svcCtx.Validate(&req) - if validateErr != nil { - result.ParamErrorResult(c, validateErr) - return - } - - l := user.NewBindInviteCodeLogic(c.Request.Context(), svcCtx) - err := l.BindInviteCode(&req) - result.HttpResult(c, nil, err) - } -} diff --git a/internal/logic/auth/bindDeviceLogic.go b/internal/logic/auth/bindDeviceLogic.go index 8606994..19b0666 100644 --- a/internal/logic/auth/bindDeviceLogic.go +++ b/internal/logic/auth/bindDeviceLogic.go @@ -11,22 +11,12 @@ import ( "gorm.io/gorm" ) -// BindDeviceLogic 设备绑定逻辑处理器 -// 负责处理设备与用户的绑定关系,包括新设备创建、设备重新绑定、数据迁移等核心功能 -// 主要解决设备用户与邮箱用户之间的数据合并问题 type BindDeviceLogic struct { - logger.Logger // 日志记录器,用于记录操作过程和错误信息 - ctx context.Context // 上下文,用于传递请求信息和控制超时 - svcCtx *svc.ServiceContext // 服务上下文,包含数据库连接、配置等依赖 + logger.Logger + ctx context.Context + svcCtx *svc.ServiceContext } -// NewBindDeviceLogic 创建设备绑定逻辑处理器实例 -// 参数: -// - ctx: 请求上下文,用于传递请求信息和控制超时 -// - svcCtx: 服务上下文,包含数据库连接、配置等依赖 -// -// 返回: -// - *BindDeviceLogic: 设备绑定逻辑处理器实例 func NewBindDeviceLogic(ctx context.Context, svcCtx *svc.ServiceContext) *BindDeviceLogic { return &BindDeviceLogic{ Logger: logger.WithContext(ctx), @@ -35,47 +25,27 @@ func NewBindDeviceLogic(ctx context.Context, svcCtx *svc.ServiceContext) *BindDe } } -// BindDeviceToUser 将设备绑定到用户 -// 这是设备绑定的核心入口函数,处理三种主要场景: -// 1. 新设备绑定:设备不存在时,创建新的设备记录并绑定到当前用户 -// 2. 设备已绑定当前用户:更新设备的IP和UserAgent信息 -// 3. 设备已绑定其他用户:执行设备重新绑定,可能涉及数据迁移 -// -// 参数: -// - identifier: 设备唯一标识符(如设备ID、MAC地址等) -// - ip: 设备当前IP地址 -// - userAgent: 设备的User-Agent信息 -// - currentUserId: 当前要绑定的用户ID -// -// 返回: -// - error: 绑定过程中的错误,nil表示成功 -// -// 注意:如果设备已绑定其他用户且该用户为"纯设备用户"(无其他认证方式), -// 将触发完整的数据迁移并禁用原用户 +// BindDeviceToUser binds a device to a user +// If the device is already bound to another user, it will disable that user and bind the device to the current user func (l *BindDeviceLogic) BindDeviceToUser(identifier, ip, userAgent string, currentUserId int64) error { - // 检查设备标识符是否为空 if identifier == "" { - // 没有提供设备标识符,跳过绑定过程 + // No device identifier provided, skip binding return nil } - // 记录设备绑定开始的日志 l.Infow("binding device to user", logger.Field("identifier", identifier), logger.Field("user_id", currentUserId), logger.Field("ip", ip), ) - // 第一步:查询设备是否已存在 - // 通过设备标识符查找现有的设备记录 + // Check if device exists deviceInfo, err := l.svcCtx.UserModel.FindOneDeviceByIdentifier(l.ctx, identifier) if err != nil { if errors.Is(err, gorm.ErrRecordNotFound) { - // 设备不存在,创建新设备记录并绑定到当前用户 - // 这是场景1:新设备绑定 + // Device not found, create new device record return l.createDeviceForUser(identifier, ip, userAgent, currentUserId) } - // 数据库查询出错,记录错误并返回 l.Errorw("failed to query device", logger.Field("identifier", identifier), logger.Field("error", err.Error()), @@ -83,10 +53,9 @@ func (l *BindDeviceLogic) BindDeviceToUser(identifier, ip, userAgent string, cur return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseQueryError), "query device failed: %v", err.Error()) } - // 第二步:检查设备是否已绑定到当前用户 + // Device exists, check if it's bound to current user if deviceInfo.UserId == currentUserId { - // 设备已绑定到当前用户,只需更新IP和UserAgent - // 这是场景2:设备已绑定当前用户 + // Already bound to current user, just update IP and UserAgent l.Infow("device already bound to current user, updating info", logger.Field("identifier", identifier), logger.Field("user_id", currentUserId), @@ -103,49 +72,29 @@ func (l *BindDeviceLogic) BindDeviceToUser(identifier, ip, userAgent string, cur return nil } - // 第三步:设备绑定到其他用户,需要重新绑定 - // 这是场景3:设备已绑定其他用户,需要执行重新绑定逻辑 + // Device is bound to another user, need to disable old user and rebind l.Infow("device bound to another user, rebinding", logger.Field("identifier", identifier), logger.Field("old_user_id", deviceInfo.UserId), logger.Field("new_user_id", currentUserId), ) - // 调用重新绑定函数,可能涉及数据迁移 return l.rebindDeviceToNewUser(deviceInfo, ip, userAgent, currentUserId) } -// createDeviceForUser 为用户创建新的设备记录 -// 当设备标识符在系统中不存在时调用此函数,执行完整的设备创建流程 -// 包括创建设备认证方法记录和设备信息记录,确保数据一致性 -// -// 参数: -// - identifier: 设备唯一标识符 -// - ip: 设备IP地址 -// - userAgent: 设备User-Agent信息 -// - userId: 要绑定的用户ID -// -// 返回: -// - error: 创建过程中的错误,nil表示成功 -// -// 注意:此函数使用数据库事务确保认证方法和设备记录的原子性创建 func (l *BindDeviceLogic) createDeviceForUser(identifier, ip, userAgent string, userId int64) error { - // 记录开始创建设备的日志 l.Infow("creating new device for user", logger.Field("identifier", identifier), logger.Field("user_id", userId), ) - // 使用数据库事务确保数据一致性 - // 如果任何一步失败,整个操作都会回滚 err := l.svcCtx.UserModel.Transaction(l.ctx, func(db *gorm.DB) error { - // 第一步:创建设备认证方法记录 - // 在auth_methods表中记录该设备的认证信息 + // Create device auth method authMethod := &user.AuthMethods{ - UserId: userId, // 关联的用户ID - AuthType: "device", // 认证类型为设备认证 - AuthIdentifier: identifier, // 设备标识符 - Verified: true, // 设备认证默认为已验证状态 + UserId: userId, + AuthType: "device", + AuthIdentifier: identifier, + Verified: true, } if err := db.Create(authMethod).Error; err != nil { l.Errorw("failed to create device auth method", @@ -156,15 +105,14 @@ func (l *BindDeviceLogic) createDeviceForUser(identifier, ip, userAgent string, return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseInsertError), "create device auth method failed: %v", err) } - // 第二步:创建设备信息记录 - // 在device表中记录设备的详细信息 + // Create device record deviceInfo := &user.Device{ - Ip: ip, // 设备IP地址 - UserId: userId, // 关联的用户ID - UserAgent: userAgent, // 设备User-Agent信息 - Identifier: identifier, // 设备唯一标识符 - Enabled: true, // 设备默认启用状态 - Online: false, // 设备默认离线状态 + Ip: ip, + UserId: userId, + UserAgent: userAgent, + Identifier: identifier, + Enabled: true, + Online: false, } if err := db.Create(deviceInfo).Error; err != nil { l.Errorw("failed to create device", @@ -178,7 +126,6 @@ func (l *BindDeviceLogic) createDeviceForUser(identifier, ip, userAgent string, return nil }) - // 检查事务执行结果 if err != nil { l.Errorw("device creation failed", logger.Field("identifier", identifier), @@ -188,29 +135,6 @@ func (l *BindDeviceLogic) createDeviceForUser(identifier, ip, userAgent string, return err } - // 清理用户缓存,确保新设备能正确显示在用户的设备列表中 - userInfo, err := l.svcCtx.UserModel.FindOne(l.ctx, userId) - if err != nil { - l.Errorw("failed to find user for cache clearing", - logger.Field("user_id", userId), - logger.Field("error", err.Error()), - ) - // 不因为缓存清理失败而返回错误,因为设备创建已经成功 - } else { - if err := l.svcCtx.UserModel.ClearUserCache(l.ctx, userInfo); err != nil { - l.Errorw("failed to clear user cache", - logger.Field("user_id", userId), - logger.Field("error", err.Error()), - ) - // 不因为缓存清理失败而返回错误,因为设备创建已经成功 - } else { - l.Infow("cleared user cache after device creation", - logger.Field("user_id", userId), - ) - } - } - - // 记录设备创建成功的日志 l.Infow("device created successfully", logger.Field("identifier", identifier), logger.Field("user_id", userId), @@ -219,36 +143,11 @@ func (l *BindDeviceLogic) createDeviceForUser(identifier, ip, userAgent string, return nil } -// rebindDeviceToNewUser 将设备重新绑定到新用户 -// 这是设备绑定合并逻辑的核心函数,处理设备从一个用户转移到另一个用户的复杂场景 -// 主要解决"设备用户"与"邮箱用户"之间的数据合并问题 -// -// 核心判断逻辑: -// 1. 如果原用户是"纯设备用户"(只有设备认证,无邮箱等其他认证方式): -// - 执行完整数据迁移(订单、订阅、余额、赠送金额) -// - 禁用原用户账户 -// -// 2. 如果原用户有其他认证方式(如邮箱、手机等): -// - 只转移设备绑定关系 -// - 保留原用户账户和数据 -// -// 参数: -// - deviceInfo: 现有的设备信息记录 -// - ip: 设备新的IP地址 -// - userAgent: 设备新的User-Agent信息 -// - newUserId: 要绑定到的新用户ID -// -// 返回: -// - error: 重新绑定过程中的错误,nil表示成功 -// -// 注意:整个过程在数据库事务中执行,确保数据一致性 func (l *BindDeviceLogic) rebindDeviceToNewUser(deviceInfo *user.Device, ip, userAgent string, newUserId int64) error { oldUserId := deviceInfo.UserId - // 使用数据库事务确保所有操作的原子性 err := l.svcCtx.UserModel.Transaction(l.ctx, func(db *gorm.DB) error { - // 第一步:查询原用户的所有认证方式 - // 用于判断原用户是否为"纯设备用户" + // Check if old user has other auth methods besides device var authMethods []user.AuthMethods if err := db.Where("user_id = ?", oldUserId).Find(&authMethods).Error; err != nil { l.Errorw("failed to query auth methods for old user", @@ -258,8 +157,7 @@ func (l *BindDeviceLogic) rebindDeviceToNewUser(deviceInfo *user.Device, ip, use return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseQueryError), "query auth methods failed: %v", err) } - // 第二步:统计非设备认证方式的数量 - // 如果只有设备认证,说明是"纯设备用户" + // Count non-device auth methods nonDeviceAuthCount := 0 for _, auth := range authMethods { if auth.AuthType != "device" { @@ -267,22 +165,8 @@ func (l *BindDeviceLogic) rebindDeviceToNewUser(deviceInfo *user.Device, ip, use } } - // 第三步:根据用户类型执行不同的处理逻辑 + // Only disable old user if they have no other auth methods if nonDeviceAuthCount == 0 { - // 原用户是"纯设备用户",执行完整的数据迁移和用户禁用 - - // 3.1 先执行数据迁移(订单、订阅、余额等) - if err := l.migrateUserData(db, oldUserId, newUserId); err != nil { - l.Errorw("failed to migrate user data", - logger.Field("old_user_id", oldUserId), - logger.Field("new_user_id", newUserId), - logger.Field("error", err.Error()), - ) - return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseUpdateError), "migrate user data failed: %v", err) - } - - // 3.2 禁用原用户账户 - // 使用指针确保布尔值正确传递给GORM falseVal := false if err := db.Model(&user.User{}).Where("id = ?", oldUserId).Update("enable", &falseVal).Error; err != nil { l.Errorw("failed to disable old user", @@ -292,20 +176,17 @@ func (l *BindDeviceLogic) rebindDeviceToNewUser(deviceInfo *user.Device, ip, use return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseUpdateError), "disable old user failed: %v", err) } - l.Infow("disabled old user after data migration (no other auth methods)", + l.Infow("disabled old user (no other auth methods)", logger.Field("old_user_id", oldUserId), - logger.Field("new_user_id", newUserId), ) } else { - // 原用户有其他认证方式,只转移设备绑定,保留原用户 l.Infow("old user has other auth methods, not disabling", logger.Field("old_user_id", oldUserId), logger.Field("non_device_auth_count", nonDeviceAuthCount), ) } - // 第四步:更新设备认证方法的用户归属 - // 将auth_methods表中的设备认证记录转移到新用户 + // Update device auth method to new user if err := db.Model(&user.AuthMethods{}). Where("auth_type = ? AND auth_identifier = ?", "device", deviceInfo.Identifier). Update("user_id", newUserId).Error; err != nil { @@ -316,12 +197,11 @@ func (l *BindDeviceLogic) rebindDeviceToNewUser(deviceInfo *user.Device, ip, use return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseUpdateError), "update device auth method failed: %v", err) } - // 第五步:更新设备记录信息 - // 更新device表中的设备信息,包括用户ID、IP、UserAgent等 - deviceInfo.UserId = newUserId // 更新设备归属用户 - deviceInfo.Ip = ip // 更新设备IP - deviceInfo.UserAgent = userAgent // 更新设备UserAgent - deviceInfo.Enabled = true // 确保设备处于启用状态 + // Update device record + deviceInfo.UserId = newUserId + deviceInfo.Ip = ip + deviceInfo.UserAgent = userAgent + deviceInfo.Enabled = true if err := db.Save(deviceInfo).Error; err != nil { l.Errorw("failed to update device", @@ -334,7 +214,6 @@ func (l *BindDeviceLogic) rebindDeviceToNewUser(deviceInfo *user.Device, ip, use return nil }) - // 检查事务执行结果 if err != nil { l.Errorw("device rebinding failed", logger.Field("identifier", deviceInfo.Identifier), @@ -345,52 +224,6 @@ func (l *BindDeviceLogic) rebindDeviceToNewUser(deviceInfo *user.Device, ip, use return err } - // 清理新用户的缓存,确保用户信息能正确更新 - // 这是关键步骤:设备迁移后必须清理缓存,否则用户看到的还是旧的设备列表 - newUser, err := l.svcCtx.UserModel.FindOne(l.ctx, newUserId) - if err != nil { - l.Errorw("failed to find new user for cache clearing", - logger.Field("new_user_id", newUserId), - logger.Field("error", err.Error()), - ) - // 不因为缓存清理失败而返回错误,因为数据迁移已经成功 - } else { - if err := l.svcCtx.UserModel.ClearUserCache(l.ctx, newUser); err != nil { - l.Errorw("failed to clear new user cache", - logger.Field("new_user_id", newUserId), - logger.Field("error", err.Error()), - ) - // 不因为缓存清理失败而返回错误,因为数据迁移已经成功 - } else { - l.Infow("cleared new user cache after device rebinding", - logger.Field("new_user_id", newUserId), - ) - } - } - - // 清理原用户的缓存(如果原用户没有被禁用的话) - oldUser, err := l.svcCtx.UserModel.FindOne(l.ctx, oldUserId) - if err != nil { - l.Errorw("failed to find old user for cache clearing", - logger.Field("old_user_id", oldUserId), - logger.Field("error", err.Error()), - ) - // 不因为缓存清理失败而返回错误 - } else { - if err := l.svcCtx.UserModel.ClearUserCache(l.ctx, oldUser); err != nil { - l.Errorw("failed to clear old user cache", - logger.Field("old_user_id", oldUserId), - logger.Field("error", err.Error()), - ) - // 不因为缓存清理失败而返回错误 - } else { - l.Infow("cleared old user cache after device rebinding", - logger.Field("old_user_id", oldUserId), - ) - } - } - - // 记录设备重新绑定成功的日志 l.Infow("device rebound successfully", logger.Field("identifier", deviceInfo.Identifier), logger.Field("old_user_id", oldUserId), @@ -399,103 +232,3 @@ func (l *BindDeviceLogic) rebindDeviceToNewUser(deviceInfo *user.Device, ip, use return nil } - -// migrateUserData 执行用户数据迁移 -// 当"纯设备用户"需要合并到"邮箱用户"时,此函数负责迁移所有相关的用户数据 -// 确保用户的历史数据(订单、订阅、余额等)不会丢失 -// -// 迁移的数据类型包括: -// 1. 订单数据:将所有历史订单从原用户转移到新用户 -// 2. 订阅数据:将所有订阅记录从原用户转移到新用户(注意:存在重复套餐问题) -// 3. 用户余额:将原用户的账户余额累加到新用户 -// 4. 赠送金额:将原用户的赠送金额累加到新用户 -// -// 参数: -// - db: 数据库事务对象,确保所有操作在同一事务中执行 -// - oldUserId: 原用户ID(数据来源) -// - newUserId: 新用户ID(数据目标) -// -// 返回: -// - error: 迁移过程中的错误,nil表示成功 -// -// 已知问题: -// - 订阅迁移采用简单的user_id更新,可能导致重复套餐问题 -// - 缺少智能合并策略来处理相同套餐的订阅记录 -// - 流量使用统计在订阅级别跟踪,不需要单独迁移 -func (l *BindDeviceLogic) migrateUserData(db *gorm.DB, oldUserId, newUserId int64) error { - // 记录数据迁移开始的日志 - l.Infow("starting user data migration", - logger.Field("old_user_id", oldUserId), - logger.Field("new_user_id", newUserId), - ) - - // 第一步:迁移订单数据 - // 将order表中所有属于原用户的订单转移到新用户 - // 使用表名直接操作以提高性能 - if err := db.Table("order").Where("user_id = ?", oldUserId).Update("user_id", newUserId).Error; err != nil { - l.Errorw("failed to migrate orders", - logger.Field("old_user_id", oldUserId), - logger.Field("new_user_id", newUserId), - logger.Field("error", err.Error()), - ) - return err - } - - // 第二步:迁移用户订阅数据 - // 将subscribe表中所有属于原用户的订阅转移到新用户 - // 注意:这里存在重复套餐问题,简单的user_id更新可能导致用户拥有多个相同的套餐订阅 - // TODO: 实现智能合并策略,合并相同套餐的订阅记录 - if err := db.Model(&user.Subscribe{}).Where("user_id = ?", oldUserId).Update("user_id", newUserId).Error; err != nil { - l.Errorw("failed to migrate user subscriptions", - logger.Field("old_user_id", oldUserId), - logger.Field("new_user_id", newUserId), - logger.Field("error", err.Error()), - ) - return err - } - - // 第三步:获取原用户的余额和赠送金额信息 - // 需要先查询原用户的财务数据,然后累加到新用户 - var oldUser user.User - if err := db.Where("id = ?", oldUserId).First(&oldUser).Error; err != nil { - l.Errorw("failed to get old user data", - logger.Field("old_user_id", oldUserId), - logger.Field("error", err.Error()), - ) - return err - } - - // 第四步:迁移用户余额和赠送金额 - // 将原用户的余额和赠送金额累加到新用户账户 - // 只有当原用户有余额或赠送金额时才执行更新操作 - if oldUser.Balance > 0 || oldUser.GiftAmount > 0 { - if err := db.Model(&user.User{}).Where("id = ?", newUserId).Updates(map[string]interface{}{ - "balance": gorm.Expr("balance + ?", oldUser.Balance), // 累加余额 - "gift_amount": gorm.Expr("gift_amount + ?", oldUser.GiftAmount), // 累加赠送金额 - }).Error; err != nil { - l.Errorw("failed to migrate user balance and gift", - logger.Field("old_user_id", oldUserId), - logger.Field("new_user_id", newUserId), - logger.Field("old_balance", oldUser.Balance), - logger.Field("old_gift", oldUser.GiftAmount), - logger.Field("error", err.Error()), - ) - return err - } - } - - // 注意事项说明: - // 1. 认证方法(auth_methods)不在此处迁移,由调用方单独处理 - // 2. 流量使用统计(Upload/Download)在订阅级别跟踪,随订阅一起迁移 - // 3. 其他用户相关表如需迁移,可在此处添加 - - // 记录数据迁移完成的日志 - l.Infow("user data migration completed", - logger.Field("old_user_id", oldUserId), - logger.Field("new_user_id", newUserId), - logger.Field("migrated_balance", oldUser.Balance), - logger.Field("migrated_gift", oldUser.GiftAmount), - ) - - return nil -} diff --git a/internal/logic/auth/deviceLoginLogic.go b/internal/logic/auth/deviceLoginLogic.go index 10f0949..d152f3e 100644 --- a/internal/logic/auth/deviceLoginLogic.go +++ b/internal/logic/auth/deviceLoginLogic.go @@ -19,14 +19,13 @@ import ( "gorm.io/gorm" ) -// DeviceLoginLogic 设备登录逻辑结构体 type DeviceLoginLogic struct { logger.Logger ctx context.Context svcCtx *svc.ServiceContext } -// NewDeviceLoginLogic 创建设备登录逻辑实例 +// Device Login func NewDeviceLoginLogic(ctx context.Context, svcCtx *svc.ServiceContext) *DeviceLoginLogic { return &DeviceLoginLogic{ Logger: logger.WithContext(ctx), @@ -35,17 +34,14 @@ func NewDeviceLoginLogic(ctx context.Context, svcCtx *svc.ServiceContext) *Devic } } -// DeviceLogin 设备登录主要逻辑 func (l *DeviceLoginLogic) DeviceLogin(req *types.DeviceLoginRequest) (resp *types.LoginResponse, err error) { - // 检查设备登录是否启用 if !l.svcCtx.Config.Device.Enable { return nil, xerr.NewErrMsg("Device login is disabled") } loginStatus := false var userInfo *user.User - - // 延迟执行:记录登录状态日志 + // Record login status defer func() { if userInfo != nil && userInfo.Id != 0 { loginLog := log.Login{ @@ -71,61 +67,14 @@ func (l *DeviceLoginLogic) DeviceLogin(req *types.DeviceLoginRequest) (resp *typ } }() - // 根据设备标识符查找设备信息 + // Check if device exists by identifier deviceInfo, err := l.svcCtx.UserModel.FindOneDeviceByIdentifier(l.ctx, req.Identifier) if err != nil { if errors.Is(err, gorm.ErrRecordNotFound) { - // 设备未找到,但需要检查认证方法是否已存在 - authMethod, authErr := l.svcCtx.UserModel.FindUserAuthMethodByOpenID(l.ctx, "device", req.Identifier) - if authErr != nil && !errors.Is(authErr, gorm.ErrRecordNotFound) { - l.Errorw("query auth method failed", - logger.Field("identifier", req.Identifier), - logger.Field("error", authErr.Error()), - ) - return nil, errors.Wrapf(xerr.NewErrCode(xerr.DatabaseQueryError), "query auth method failed: %v", authErr.Error()) - } - - if authMethod != nil { - // 认证方法存在但设备记录不存在,可能是数据不一致,获取用户信息并重新创建设备记录 - userInfo, err = l.svcCtx.UserModel.FindOne(l.ctx, authMethod.UserId) - if err != nil { - l.Errorw("query user by auth method failed", - logger.Field("user_id", authMethod.UserId), - logger.Field("identifier", req.Identifier), - logger.Field("error", err.Error()), - ) - return nil, errors.Wrapf(xerr.NewErrCode(xerr.DatabaseQueryError), "query user failed: %v", err.Error()) - } - - // 重新创建缺失的设备记录 - deviceInfo := &user.Device{ - Ip: req.IP, - UserId: userInfo.Id, - UserAgent: req.UserAgent, - Identifier: req.Identifier, - Enabled: true, - Online: false, - } - if err := l.svcCtx.UserModel.InsertDevice(l.ctx, deviceInfo); err != nil { - l.Errorw("failed to recreate device record", - logger.Field("user_id", userInfo.Id), - logger.Field("identifier", req.Identifier), - logger.Field("error", err.Error()), - ) - return nil, errors.Wrapf(xerr.NewErrCode(xerr.DatabaseInsertError), "recreate device record failed: %v", err) - } - - l.Infow("found existing auth method without device record, recreated device record", - logger.Field("user_id", userInfo.Id), - logger.Field("identifier", req.Identifier), - logger.Field("device_id", deviceInfo.Id), - ) - } else { - // 设备和认证方法都不存在,创建新用户和设备 - userInfo, err = l.registerUserAndDevice(req) - if err != nil { - return nil, err - } + // Device not found, create new user and device + userInfo, err = l.registerUserAndDevice(req) + if err != nil { + return nil, err } } else { l.Errorw("query device failed", @@ -135,7 +84,7 @@ func (l *DeviceLoginLogic) DeviceLogin(req *types.DeviceLoginRequest) (resp *typ return nil, errors.Wrapf(xerr.NewErrCode(xerr.DatabaseQueryError), "query device failed: %v", err.Error()) } } else { - // 设备已存在,获取用户信息 + // Device found, get user info userInfo, err = l.svcCtx.UserModel.FindOne(l.ctx, deviceInfo.UserId) if err != nil { l.Errorw("query user failed", @@ -146,10 +95,10 @@ func (l *DeviceLoginLogic) DeviceLogin(req *types.DeviceLoginRequest) (resp *typ } } - // 生成会话ID + // Generate session id sessionId := uuidx.NewUUID().String() - // 生成JWT令牌 + // Generate token token, err := jwt.NewJwtToken( l.svcCtx.Config.JwtAuth.AccessSecret, time.Now().Unix(), @@ -166,7 +115,7 @@ func (l *DeviceLoginLogic) DeviceLogin(req *types.DeviceLoginRequest) (resp *typ return nil, errors.Wrapf(xerr.NewErrCode(xerr.ERROR), "token generate error: %v", err.Error()) } - // 将会话ID存储到Redis中 + // Store session id in redis sessionIdCacheKey := fmt.Sprintf("%v:%v", config.SessionIdKey, sessionId) if err = l.svcCtx.Redis.Set(l.ctx, sessionIdCacheKey, userInfo.Id, time.Duration(l.svcCtx.Config.JwtAuth.AccessExpire)*time.Second).Err(); err != nil { l.Errorw("set session id error", @@ -176,13 +125,23 @@ func (l *DeviceLoginLogic) DeviceLogin(req *types.DeviceLoginRequest) (resp *typ return nil, errors.Wrapf(xerr.NewErrCode(xerr.ERROR), "set session id error: %v", err.Error()) } + // Store device id in redis + + deviceCacheKey := fmt.Sprintf("%v:%v", config.DeviceCacheKeyKey, req.Identifier) + if err = l.svcCtx.Redis.Set(l.ctx, deviceCacheKey, sessionId, time.Duration(l.svcCtx.Config.JwtAuth.AccessExpire)*time.Second).Err(); err != nil { + l.Errorw("set device id error", + logger.Field("user_id", userInfo.Id), + logger.Field("error", err.Error()), + ) + return nil, errors.Wrapf(xerr.NewErrCode(xerr.ERROR), "set device id error: %v", err.Error()) + } + loginStatus = true return &types.LoginResponse{ Token: token, }, nil } -// registerUserAndDevice 注册新用户和设备 func (l *DeviceLoginLogic) registerUserAndDevice(req *types.DeviceLoginRequest) (*user.User, error) { l.Infow("device not found, creating new user and device", logger.Field("identifier", req.Identifier), @@ -190,10 +149,10 @@ func (l *DeviceLoginLogic) registerUserAndDevice(req *types.DeviceLoginRequest) ) var userInfo *user.User - // 使用数据库事务确保数据一致性 err := l.svcCtx.UserModel.Transaction(l.ctx, func(db *gorm.DB) error { - // 创建新用户 + // Create new user userInfo = &user.User{ + Salt: "default", OnlyFirstPurchase: &l.svcCtx.Config.Invite.OnlyFirstPurchase, } if err := db.Create(userInfo).Error; err != nil { @@ -203,7 +162,7 @@ func (l *DeviceLoginLogic) registerUserAndDevice(req *types.DeviceLoginRequest) return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseInsertError), "create user failed: %v", err) } - // 更新用户邀请码 + // Update refer code userInfo.ReferCode = uuidx.UserInviteCode(userInfo.Id) if err := db.Model(&user.User{}).Where("id = ?", userInfo.Id).Update("refer_code", userInfo.ReferCode).Error; err != nil { l.Errorw("failed to update refer code", @@ -213,7 +172,7 @@ func (l *DeviceLoginLogic) registerUserAndDevice(req *types.DeviceLoginRequest) return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseUpdateError), "update refer code failed: %v", err) } - // 创建设备认证方式记录 + // Create device auth method authMethod := &user.AuthMethods{ UserId: userInfo.Id, AuthType: "device", @@ -229,7 +188,7 @@ func (l *DeviceLoginLogic) registerUserAndDevice(req *types.DeviceLoginRequest) return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseInsertError), "create device auth method failed: %v", err) } - // 插入设备记录 + // Insert device record deviceInfo := &user.Device{ Ip: req.IP, UserId: userInfo.Id, @@ -247,7 +206,7 @@ func (l *DeviceLoginLogic) registerUserAndDevice(req *types.DeviceLoginRequest) return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseInsertError), "insert device failed: %v", err) } - // 如果启用了试用,则激活试用订阅 + // Activate trial if enabled if l.svcCtx.Config.Register.EnableTrial { if err := l.activeTrial(userInfo.Id, db); err != nil { return err @@ -271,7 +230,7 @@ func (l *DeviceLoginLogic) registerUserAndDevice(req *types.DeviceLoginRequest) logger.Field("refer_code", userInfo.ReferCode), ) - // 记录注册日志 + // Register log registerLog := log.Register{ AuthMethod: "device", Identifier: req.Identifier, @@ -297,9 +256,7 @@ func (l *DeviceLoginLogic) registerUserAndDevice(req *types.DeviceLoginRequest) return userInfo, nil } -// activeTrial 激活试用订阅 func (l *DeviceLoginLogic) activeTrial(userId int64, db *gorm.DB) error { - // 查找试用订阅模板 sub, err := l.svcCtx.SubscribeModel.FindOne(l.ctx, l.svcCtx.Config.Register.TrialSubscribe) if err != nil { l.Errorw("failed to find trial subscription template", @@ -310,13 +267,11 @@ func (l *DeviceLoginLogic) activeTrial(userId int64, db *gorm.DB) error { return err } - // 计算试用期时间 startTime := time.Now() expireTime := tool.AddTime(l.svcCtx.Config.Register.TrialTimeUnit, l.svcCtx.Config.Register.TrialTime, startTime) subscribeToken := uuidx.SubscribeToken(fmt.Sprintf("Trial-%v", userId)) subscribeUUID := uuidx.NewUUID().String() - // 创建用户订阅记录 userSub := &user.Subscribe{ UserId: userId, OrderId: 0, diff --git a/internal/logic/auth/userLoginLogic.go b/internal/logic/auth/userLoginLogic.go index 3062e63..deecaae 100644 --- a/internal/logic/auth/userLoginLogic.go +++ b/internal/logic/auth/userLoginLogic.go @@ -77,7 +77,7 @@ func (l *UserLoginLogic) UserLogin(req *types.UserLoginRequest) (resp *types.Log } // Verify password - if !tool.VerifyPassWord(req.Password, userInfo.Password) { + if !tool.MultiPasswordVerify(userInfo.Algo, userInfo.Salt, req.Password, userInfo.Password) { return nil, errors.Wrapf(xerr.NewErrCode(xerr.UserPasswordError), "user password") } diff --git a/internal/logic/public/subscribe/queryUserSubscribeNodeListLogic.go b/internal/logic/public/subscribe/queryUserSubscribeNodeListLogic.go index 2ad05b8..1d9769d 100644 --- a/internal/logic/public/subscribe/queryUserSubscribeNodeListLogic.go +++ b/internal/logic/public/subscribe/queryUserSubscribeNodeListLogic.go @@ -141,6 +141,7 @@ func (l *QueryUserSubscribeNodeListLogic) getServers(userSub *user.Subscribe) (u Name: n.Name, Uuid: userSub.UUID, Protocol: n.Protocol, + Protocols: server.Protocols, Port: n.Port, Address: n.Address, Tags: strings.Split(n.Tags, ","), diff --git a/internal/logic/public/user/bindEmailWithVerificationLogic.go b/internal/logic/public/user/bindEmailWithVerificationLogic.go index 213b1b7..a307d2c 100644 --- a/internal/logic/public/user/bindEmailWithVerificationLogic.go +++ b/internal/logic/public/user/bindEmailWithVerificationLogic.go @@ -246,14 +246,14 @@ func (l *BindEmailWithVerificationLogic) transferDeviceToEmailUser(deviceUserId, return nil, err } - // 5. 强制清除邮箱用户的所有相关缓存(确保获取最新数据)// 清除邮箱用户缓存 - emailUser, _ := l.svcCtx.UserModel.FindOne(l.ctx, emailUserId) - if emailUser != nil { - // 清除用户的批量相关缓存(包括设备、认证方法等) - if err := l.svcCtx.UserModel.BatchClearRelatedCache(l.ctx, emailUser); err != nil { - l.Errorw("清理邮箱用户相关缓存失败", logger.Field("error", err.Error()), logger.Field("user_id", emailUser.Id)) - } - } + // // 5. 强制清除邮箱用户的所有相关缓存(确保获取最新数据)// 清除邮箱用户缓存 + // emailUser, _ := l.svcCtx.UserModel.FindOne(l.ctx, emailUserId) + // if emailUser != nil { + // // 清除用户的批量相关缓存(包括设备、认证方法等) + // if err := l.svcCtx.UserModel.BatchClearRelatedCache(l.ctx, emailUser); err != nil { + // l.Errorw("清理邮箱用户相关缓存失败", logger.Field("error", err.Error()), logger.Field("user_id", emailUser.Id)) + // } + // } // 6. 清除设备相关缓存 // l.clearDeviceRelatedCache(deviceIdentifier, deviceUserId, emailUserId) diff --git a/internal/logic/public/user/unbindDeviceLogic.go b/internal/logic/public/user/unbindDeviceLogic.go index fcbe316..e4f519b 100644 --- a/internal/logic/public/user/unbindDeviceLogic.go +++ b/internal/logic/public/user/unbindDeviceLogic.go @@ -41,11 +41,7 @@ func (l *UnbindDeviceLogic) UnbindDevice(req *types.UnbindDeviceRequest) error { return errors.Wrapf(xerr.NewErrCode(xerr.InvalidParams), "device not belong to user") } - // 保存设备信息用于后续缓存清理 - deviceIdentifier := device.Identifier - userId := device.UserId - - err = l.svcCtx.DB.Transaction(func(tx *gorm.DB) error { + return l.svcCtx.DB.Transaction(func(tx *gorm.DB) error { var deleteDevice user.Device err = tx.Model(&deleteDevice).Where("id = ?", req.Id).First(&deleteDevice).Error if err != nil { @@ -59,9 +55,6 @@ func (l *UnbindDeviceLogic) UnbindDevice(req *types.UnbindDeviceRequest) error { err = tx.Model(&userAuth).Where("auth_identifier = ? and auth_type = ?", deleteDevice.Identifier, "device").First(&userAuth).Error if err != nil { if errors.Is(err, gorm.ErrRecordNotFound) { - l.Infow("设备认证方法不存在,可能已被删除", - logger.Field("device_identifier", deleteDevice.Identifier), - logger.Field("user_id", userId)) return nil } return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseQueryError), "find device online record err: %v", err) @@ -72,68 +65,13 @@ func (l *UnbindDeviceLogic) UnbindDevice(req *types.UnbindDeviceRequest) error { return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseDeletedError), "delete device online record err: %v", err) } - l.Infow("设备解绑成功", - logger.Field("device_id", req.Id), - logger.Field("device_identifier", deviceIdentifier), - logger.Field("user_id", userId)) - + //remove device cache + deviceCacheKey := fmt.Sprintf("%v:%v", config.DeviceCacheKeyKey, deleteDevice.Identifier) + if sessionId, err := l.svcCtx.Redis.Get(l.ctx, deviceCacheKey).Result(); err == nil && sessionId != "" { + _ = l.svcCtx.Redis.Del(l.ctx, deviceCacheKey).Err() + sessionIdCacheKey := fmt.Sprintf("%v:%v", config.SessionIdKey, sessionId) + _ = l.svcCtx.Redis.Del(l.ctx, sessionIdCacheKey).Err() + } return nil }) - - if err != nil { - return err - } - - // 事务成功后进行缓存清理 - l.clearUnbindDeviceCache(deviceIdentifier, userId, userInfo) - - return nil -} - -// clearUnbindDeviceCache 清除设备解绑相关的缓存 -func (l *UnbindDeviceLogic) clearUnbindDeviceCache(deviceIdentifier string, userId int64, userInfo *user.User) { - // 1. 清除当前SessionId缓存(使当前token失效) - if sessionId := l.ctx.Value(constant.CtxKeySessionID); sessionId != nil { - sessionIdCacheKey := fmt.Sprintf("%v:%v", config.SessionIdKey, sessionId) - if err := l.svcCtx.Redis.Del(l.ctx, sessionIdCacheKey).Err(); err != nil { - l.Errorw("清理SessionId缓存失败", - logger.Field("error", err.Error()), - logger.Field("session_id", sessionId)) - } else { - l.Infow("已清理SessionId缓存", logger.Field("session_id", sessionId)) - } - } - - // 2. 清除用户缓存 - if err := l.svcCtx.UserModel.ClearUserCache(l.ctx, userInfo); err != nil { - l.Errorw("清理用户缓存失败", - logger.Field("error", err.Error()), - logger.Field("user_id", userId)) - } else { - l.Infow("已清理用户缓存", logger.Field("user_id", userId)) - } - - // 3. 清除设备相关缓存 - l.clearDeviceRelatedCache(deviceIdentifier, userId) -} - -// clearDeviceRelatedCache 清除设备相关缓存 -func (l *UnbindDeviceLogic) clearDeviceRelatedCache(deviceIdentifier string, userId int64) { - // 清除设备相关的缓存键 - deviceCacheKeys := []string{ - fmt.Sprintf("device:%s", deviceIdentifier), - fmt.Sprintf("user_device:%d", userId), - fmt.Sprintf("user_auth:%d", userId), - fmt.Sprintf("device_auth:%s", deviceIdentifier), - } - - for _, key := range deviceCacheKeys { - if err := l.svcCtx.Redis.Del(l.ctx, key).Err(); err != nil { - l.Errorw("清除设备缓存失败", - logger.Field("error", err.Error()), - logger.Field("cache_key", key)) - } else { - l.Infow("已清除设备缓存", logger.Field("cache_key", key)) - } - } } diff --git a/internal/logic/public/user/verifyEmailLogic.go b/internal/logic/public/user/verifyEmailLogic.go index b2fc3f6..4d48df1 100644 --- a/internal/logic/public/user/verifyEmailLogic.go +++ b/internal/logic/public/user/verifyEmailLogic.go @@ -15,16 +15,13 @@ import ( "github.com/pkg/errors" ) -// VerifyEmailLogic 邮箱验证逻辑结构体 -// 用于处理用户邮箱验证码验证的业务逻辑 type VerifyEmailLogic struct { logger.Logger ctx context.Context svcCtx *svc.ServiceContext } -// NewVerifyEmailLogic 创建邮箱验证逻辑实例 -// 用于初始化邮箱验证处理器 +// Verify Email func NewVerifyEmailLogic(ctx context.Context, svcCtx *svc.ServiceContext) *VerifyEmailLogic { return &VerifyEmailLogic{ Logger: logger.WithContext(ctx), @@ -33,68 +30,46 @@ func NewVerifyEmailLogic(ctx context.Context, svcCtx *svc.ServiceContext) *Verif } } -// CacheKeyPayload Redis缓存中验证码的数据结构 -// 用于存储验证码和最后发送时间 type CacheKeyPayload struct { - Code string `json:"code"` // 验证码 - LastAt int64 `json:"lastAt"` // 最后发送时间戳 + Code string `json:"code"` + LastAt int64 `json:"lastAt"` } -// VerifyEmail 验证邮箱验证码 -// 该方法用于验证用户输入的邮箱验证码是否正确,并将邮箱标记为已验证状态 func (l *VerifyEmailLogic) VerifyEmail(req *types.VerifyEmailRequest) error { - // 构建Redis缓存键,格式:认证码缓存前缀:安全标识:邮箱地址 cacheKey := fmt.Sprintf("%s:%s:%s", config.AuthCodeCacheKey, constant.Security, req.Email) - - // 从Redis中获取验证码缓存数据 value, err := l.svcCtx.Redis.Get(l.ctx, cacheKey).Result() if err != nil { l.Errorw("Redis Error", logger.Field("error", err.Error()), logger.Field("cacheKey", cacheKey)) return errors.Wrapf(xerr.NewErrCode(xerr.VerifyCodeError), "code error") } - // 解析缓存中的验证码数据 var payload CacheKeyPayload err = json.Unmarshal([]byte(value), &payload) if err != nil { l.Errorw("Redis Error", logger.Field("error", err.Error()), logger.Field("cacheKey", cacheKey)) return errors.Wrapf(xerr.NewErrCode(xerr.VerifyCodeError), "code error") } - - // 验证用户输入的验证码是否与缓存中的验证码匹配 if payload.Code != req.Code { return errors.Wrapf(xerr.NewErrCode(xerr.VerifyCodeError), "code error") } - - // 验证成功后删除Redis中的验证码缓存(一次性使用) l.svcCtx.Redis.Del(l.ctx, cacheKey) - // 从上下文中获取当前用户信息 u, ok := l.ctx.Value(constant.CtxKeyUser).(*user.User) if !ok { logger.Error("current user is not found in context") return errors.Wrapf(xerr.NewErrCode(xerr.InvalidAccess), "Invalid Access") } - - // 根据邮箱地址查找用户的邮箱认证方式记录 method, err := l.svcCtx.UserModel.FindUserAuthMethodByOpenID(l.ctx, "email", req.Email) if err != nil { return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseQueryError), "FindUserAuthMethodByOpenID error") } - - // 验证邮箱认证记录是否属于当前用户(安全检查) if method.UserId != u.Id { return errors.Wrapf(xerr.NewErrCode(xerr.InvalidAccess), "invalid access") } - - // 将邮箱标记为已验证状态 method.Verified = true - - // 更新数据库中的认证方式记录 err = l.svcCtx.UserModel.UpdateUserAuthMethods(l.ctx, method) if err != nil { return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseUpdateError), "UpdateUserAuthMethods error") } - return nil } diff --git a/internal/logic/server/getServerUserListLogic.go b/internal/logic/server/getServerUserListLogic.go index 70ea51f..89aeae8 100644 --- a/internal/logic/server/getServerUserListLogic.go +++ b/internal/logic/server/getServerUserListLogic.go @@ -2,7 +2,6 @@ package server import ( "encoding/json" - "fmt" "strings" "github.com/gin-gonic/gin" @@ -33,23 +32,24 @@ func NewGetServerUserListLogic(ctx *gin.Context, svcCtx *svc.ServiceContext) *Ge } func (l *GetServerUserListLogic) GetServerUserList(req *types.GetServerUserListRequest) (resp *types.GetServerUserListResponse, err error) { - cacheKey := fmt.Sprintf("%s%d", node.ServerUserListCacheKey, req.ServerId) - cache, err := l.svcCtx.Redis.Get(l.ctx, cacheKey).Result() - if cache != "" { - etag := tool.GenerateETag([]byte(cache)) - resp = &types.GetServerUserListResponse{} - // Check If-None-Match header - if match := l.ctx.GetHeader("If-None-Match"); match == etag { - return nil, xerr.StatusNotModified - } - l.ctx.Header("ETag", etag) - err = json.Unmarshal([]byte(cache), resp) - if err != nil { - l.Errorw("[ServerUserListCacheKey] json unmarshal error", logger.Field("error", err.Error())) - return nil, err - } - return resp, nil - } + //TODO Cache bug, temporarily disable the use of cache + //cacheKey := fmt.Sprintf("%s%d", node.ServerUserListCacheKey, req.ServerId) + //cache, err := l.svcCtx.Redis.Get(l.ctx, cacheKey).Result() + //if cache != "" { + // etag := tool.GenerateETag([]byte(cache)) + // resp = &types.GetServerUserListResponse{} + // // Check If-None-Match header + // if match := l.ctx.GetHeader("If-None-Match"); match == etag { + // return nil, xerr.StatusNotModified + // } + // l.ctx.Header("ETag", etag) + // err = json.Unmarshal([]byte(cache), resp) + // if err != nil { + // l.Errorw("[ServerUserListCacheKey] json unmarshal error", logger.Field("error", err.Error())) + // return nil, err + // } + // return resp, nil + //} server, err := l.svcCtx.NodeModel.FindOneServer(l.ctx, req.ServerId) if err != nil { return nil, err @@ -121,10 +121,11 @@ func (l *GetServerUserListLogic) GetServerUserList(req *types.GetServerUserListR val, _ := json.Marshal(resp) etag := tool.GenerateETag(val) l.ctx.Header("ETag", etag) - err = l.svcCtx.Redis.Set(l.ctx, cacheKey, string(val), -1).Err() - if err != nil { - l.Errorw("[ServerUserListCacheKey] redis set error", logger.Field("error", err.Error())) - } + //TODO Cache bug, temporarily disable the use of cache + //err = l.svcCtx.Redis.Set(l.ctx, cacheKey, string(val), -1).Err() + //if err != nil { + // l.Errorw("[ServerUserListCacheKey] redis set error", logger.Field("error", err.Error())) + //} // Check If-None-Match header if match := l.ctx.GetHeader("If-None-Match"); match == etag { return nil, xerr.StatusNotModified diff --git a/internal/model/user/authMethod.go b/internal/model/user/authMethod.go index 2655531..18ce951 100644 --- a/internal/model/user/authMethod.go +++ b/internal/model/user/authMethod.go @@ -20,10 +20,7 @@ func (m *defaultUserModel) FindUserAuthMethodByOpenID(ctx context.Context, metho err := m.QueryNoCacheCtx(ctx, &data, func(conn *gorm.DB, v interface{}) error { return conn.Model(&AuthMethods{}).Where("auth_type = ? AND auth_identifier = ?", method, openID).First(&data).Error }) - if err != nil { - return nil, err - } - return &data, nil + return &data, err } func (m *defaultUserModel) FindUserAuthMethodByPlatform(ctx context.Context, userId int64, platform string) (*AuthMethods, error) { diff --git a/internal/model/user/user.go b/internal/model/user/user.go index e8f802a..98bfbcb 100644 --- a/internal/model/user/user.go +++ b/internal/model/user/user.go @@ -4,30 +4,29 @@ import ( "time" ) -// User 用户模型结构体 type User struct { - Id int64 `gorm:"primaryKey"` // 用户主键ID - Password string `gorm:"type:varchar(100);not null;comment:User Password"` // 用户密码(加密存储) - Algo string `gorm:"type:varchar(20);default:'default';comment:Encryption Algorithm"` // 密码加密算法 - Salt string `gorm:"type:varchar(20);default:null;comment:Password Salt"` // 密码盐值 - Avatar string `gorm:"type:MEDIUMTEXT;comment:User Avatar"` // 用户头像 - Balance int64 `gorm:"default:0;comment:User Balance"` // 用户余额(以分为单位) - ReferCode string `gorm:"type:varchar(20);default:'';comment:Referral Code"` // 用户推荐码 - RefererId int64 `gorm:"index:idx_referer;comment:Referrer ID"` // 推荐人ID - Commission int64 `gorm:"default:0;comment:Commission"` // 佣金金额 - ReferralPercentage uint8 `gorm:"default:0;comment:Referral"` // 推荐奖励百分比 - OnlyFirstPurchase *bool `gorm:"default:true;not null;comment:Only First Purchase"` // 是否仅首次购买给推荐奖励 - GiftAmount int64 `gorm:"default:0;comment:User Gift Amount"` // 用户赠送金额 - Enable *bool `gorm:"default:true;not null;comment:Is Account Enabled"` // 账户是否启用 - IsAdmin *bool `gorm:"default:false;not null;comment:Is Admin"` // 是否为管理员 - EnableBalanceNotify *bool `gorm:"default:false;not null;comment:Enable Balance Change Notifications"` // 是否启用余额变动通知 - EnableLoginNotify *bool `gorm:"default:false;not null;comment:Enable Login Notifications"` // 是否启用登录通知 - EnableSubscribeNotify *bool `gorm:"default:false;not null;comment:Enable Subscription Notifications"` // 是否启用订阅通知 - EnableTradeNotify *bool `gorm:"default:false;not null;comment:Enable Trade Notifications"` // 是否启用交易通知 - AuthMethods []AuthMethods `gorm:"foreignKey:UserId;references:Id"` // 用户认证方式列表 - UserDevices []Device `gorm:"foreignKey:UserId;references:Id"` // 用户设备列表 - CreatedAt time.Time `gorm:"<-:create;comment:Creation Time"` // 创建时间 - UpdatedAt time.Time `gorm:"comment:Update Time"` // 更新时间 + Id int64 `gorm:"primaryKey"` + Password string `gorm:"type:varchar(100);not null;comment:User Password"` + Algo string `gorm:"type:varchar(20);default:'default';comment:Encryption Algorithm"` + Salt string `gorm:"type:varchar(20);default:null;comment:Password Salt"` + Avatar string `gorm:"type:MEDIUMTEXT;comment:User Avatar"` + Balance int64 `gorm:"default:0;comment:User Balance"` // User Balance Amount + ReferCode string `gorm:"type:varchar(20);default:'';comment:Referral Code"` + RefererId int64 `gorm:"index:idx_referer;comment:Referrer ID"` + Commission int64 `gorm:"default:0;comment:Commission"` // Commission Amount + ReferralPercentage uint8 `gorm:"default:0;comment:Referral"` // Referral Percentage + OnlyFirstPurchase *bool `gorm:"default:true;not null;comment:Only First Purchase"` // Only First Purchase Referral + GiftAmount int64 `gorm:"default:0;comment:User Gift Amount"` + Enable *bool `gorm:"default:true;not null;comment:Is Account Enabled"` + IsAdmin *bool `gorm:"default:false;not null;comment:Is Admin"` + EnableBalanceNotify *bool `gorm:"default:false;not null;comment:Enable Balance Change Notifications"` + EnableLoginNotify *bool `gorm:"default:false;not null;comment:Enable Login Notifications"` + EnableSubscribeNotify *bool `gorm:"default:false;not null;comment:Enable Subscription Notifications"` + EnableTradeNotify *bool `gorm:"default:false;not null;comment:Enable Trade Notifications"` + AuthMethods []AuthMethods `gorm:"foreignKey:UserId;references:Id"` + UserDevices []Device `gorm:"foreignKey:UserId;references:Id"` + CreatedAt time.Time `gorm:"<-:create;comment:Creation Time"` + UpdatedAt time.Time `gorm:"comment:Update Time"` } func (*User) TableName() string { diff --git a/internal/types/types.go b/internal/types/types.go index 3be24d2..ffe5161 100644 --- a/internal/types/types.go +++ b/internal/types/types.go @@ -178,6 +178,18 @@ type BatchSendEmailTask struct { UpdatedAt int64 `json:"updated_at"` } +type BindEmailWithVerificationRequest struct { + Email string `json:"email" validate:"required"` + Code string `json:"code" validate:"required"` +} + +type BindEmailWithVerificationResponse struct { + Success bool `json:"success"` + Message string `json:"message,omitempty"` + Token string `json:"token,omitempty"` // 设备关联后的新Token + UserId int64 `json:"user_id,omitempty"` // 目标用户ID +} + type BindOAuthCallbackRequest struct { Method string `json:"method"` Callback interface{} `json:"callback"` @@ -192,10 +204,6 @@ type BindOAuthResponse struct { Redirect string `json:"redirect"` } -type BindInviteCodeRequest struct { - InviteCode string `json:"invite_code" validate:"required"` -} - type BindTelegramResponse struct { Url string `json:"url"` ExpiredAt int64 `json:"expired_at"` @@ -243,6 +251,10 @@ type CommissionLog struct { Timestamp int64 `json:"timestamp"` } +type BindInviteCodeRequest struct { + InviteCode string `json:"invite_code" validate:"required"` +} + type Coupon struct { Id int64 `json:"id"` Name string `json:"name"` @@ -1174,6 +1186,7 @@ type InviteConfig struct { ForcedInvite bool `json:"forced_invite"` ReferralPercentage int64 `json:"referral_percentage"` OnlyFirstPurchase bool `json:"only_first_purchase"` + GiftDays int64 `json:"gift_days"` } type KickOfflineRequest struct { @@ -2008,31 +2021,32 @@ type StripePayment struct { } type Subscribe struct { - Id int64 `json:"id"` - Name string `json:"name"` - Language string `json:"language"` - Description string `json:"description"` - UnitPrice int64 `json:"unit_price"` - UnitTime string `json:"unit_time"` - Discount []SubscribeDiscount `json:"discount"` - NodeCount int64 `json:"node_count"` - Replacement int64 `json:"replacement"` - Inventory int64 `json:"inventory"` - Traffic int64 `json:"traffic"` - SpeedLimit int64 `json:"speed_limit"` - DeviceLimit int64 `json:"device_limit"` - Quota int64 `json:"quota"` - Nodes []int64 `json:"nodes"` - NodeTags []string `json:"node_tags"` - Show bool `json:"show"` - Sell bool `json:"sell"` - Sort int64 `json:"sort"` - DeductionRatio int64 `json:"deduction_ratio"` - AllowDeduction bool `json:"allow_deduction"` - ResetCycle int64 `json:"reset_cycle"` - RenewalReset bool `json:"renewal_reset"` - CreatedAt int64 `json:"created_at"` - UpdatedAt int64 `json:"updated_at"` + Id int64 `json:"id"` + Name string `json:"name"` + Language string `json:"language"` + Description string `json:"description"` + UnitPrice int64 `json:"unit_price"` + UnitTime string `json:"unit_time"` + Discount []SubscribeDiscount `json:"discount"` + NodeCount int64 `json:"node_count"` + + Replacement int64 `json:"replacement"` + Inventory int64 `json:"inventory"` + Traffic int64 `json:"traffic"` + SpeedLimit int64 `json:"speed_limit"` + DeviceLimit int64 `json:"device_limit"` + Quota int64 `json:"quota"` + Nodes []int64 `json:"nodes"` + NodeTags []string `json:"node_tags"` + Show bool `json:"show"` + Sell bool `json:"sell"` + Sort int64 `json:"sort"` + DeductionRatio int64 `json:"deduction_ratio"` + AllowDeduction bool `json:"allow_deduction"` + ResetCycle int64 `json:"reset_cycle"` + RenewalReset bool `json:"renewal_reset"` + CreatedAt int64 `json:"created_at"` + UpdatedAt int64 `json:"updated_at"` } type SubscribeApplication struct { @@ -2639,6 +2653,7 @@ type UserSubscribeNodeInfo struct { Name string `json:"name"` Uuid string `json:"uuid"` Protocol string `json:"protocol"` + Protocols string `json:"protocols"` Port uint16 `json:"port"` Address string `json:"address"` Tags []string `json:"tags"` @@ -2695,18 +2710,6 @@ type VerifyEmailRequest struct { Code string `json:"code" validate:"required"` } -type BindEmailWithVerificationRequest struct { - Email string `json:"email" validate:"required"` - Code string `json:"code" validate:"required"` -} - -type BindEmailWithVerificationResponse struct { - Success bool `json:"success"` - Message string `json:"message,omitempty"` - Token string `json:"token,omitempty"` // 设备关联后的新Token - UserId int64 `json:"user_id,omitempty"` // 目标用户ID -} - type VersionResponse struct { Version string `json:"version"` } diff --git a/pkg/tool/encryption.go b/pkg/tool/encryption.go index f51f61a..b4dd2c7 100644 --- a/pkg/tool/encryption.go +++ b/pkg/tool/encryption.go @@ -52,6 +52,7 @@ func MultiPasswordVerify(algo, salt, password, hash string) bool { // Bcrypt (corresponding to PHP's password_hash/password_verify) err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password)) return err == nil + default: + return VerifyPassWord(password, hash) } - return false } diff --git a/ppanel-server b/ppanel-server deleted file mode 100755 index 771f052..0000000 Binary files a/ppanel-server and /dev/null differ diff --git a/queue/logic/country/getCountryLogic.go b/queue/logic/country/getCountryLogic.go deleted file mode 100644 index 75e0f6f..0000000 --- a/queue/logic/country/getCountryLogic.go +++ /dev/null @@ -1,22 +0,0 @@ -package countrylogic - -import ( - "context" - - "github.com/hibiken/asynq" - "github.com/perfect-panel/server/internal/svc" -) - -type GetNodeCountryLogic struct { - svcCtx *svc.ServiceContext -} - -func NewGetNodeCountryLogic(svcCtx *svc.ServiceContext) *GetNodeCountryLogic { - return &GetNodeCountryLogic{ - svcCtx: svcCtx, - } -} -func (l *GetNodeCountryLogic) ProcessTask(ctx context.Context, task *asynq.Task) error { - - return nil -} diff --git a/queue/types/country.go b/queue/types/country.go deleted file mode 100644 index 13b9e0c..0000000 --- a/queue/types/country.go +++ /dev/null @@ -1,11 +0,0 @@ -package types - -const ( - // ForthwithGetCountry forthwith country get - ForthwithGetCountry = "forthwith:country:get" -) - -type GetNodeCountry struct { - Protocol string `json:"protocol"` - ServerAddr string `json:"server_addr"` -} diff --git a/script/aaa.txt b/script/aaa.txt deleted file mode 100644 index 48c1cc2..0000000 --- a/script/aaa.txt +++ /dev/null @@ -1,14 +0,0 @@ -已经绑定过的设备,删除重装,这个时候绑定邮箱用哪个接口 - 删除重新装: 设备号不变, 现在拿着设备登录;实际上还是老的 邮箱+设备 - - 1. 该设备已经绑定过邮箱了; 没办法进行绑定 需要解绑后再次绑定 - - 这个场景 如果走 绑定邮箱 需要先解绑 再调用 bind_email_with_password - - 如果直接走登录: /v1/auth/login; - - - -新设备,未绑定邮箱,用哪个接口 - bind_email_with_password - diff --git a/script/build_docker.sh b/script/build_docker.sh deleted file mode 100755 index 9d9b1ae..0000000 --- a/script/build_docker.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -# build-and-push.sh - -set -e - -cd /Users/Apple/vpn/ppanel-server -# 固定版本号为latest -VERSION=v1.0 - -# 构建镜像 -echo "Building image with version: $VERSION" -docker build -f Dockerfile --platform linux/amd64 --build-arg TARGETARCH=amd64 -t registry.kxsw.us/ppanel/ario-server:$VERSION . -docker tag registry.kxsw.us/ppanel/ario-server:$VERSION registry.kxsw.us/ppanel/ario-server:$VERSION - -# 推送镜像 -echo "Pushing image to registry.kxsw.us" -docker push registry.kxsw.us/ppanel/ario-server:$VERSION -docker push registry.kxsw.us/ppanel/ario-server:$VERSION - -echo "Build and push completed successfully!" -# docker-compose exec certbot certbot certonly --webroot --webroot-path=/etc/letsencrypt -d api-dev.kxsw.us \ No newline at end of file diff --git a/script/test_device_login.go b/script/test_device_login.go deleted file mode 100644 index 23c1105..0000000 --- a/script/test_device_login.go +++ /dev/null @@ -1,269 +0,0 @@ -package main - -import ( - "bytes" - "crypto/aes" - "crypto/cipher" - "crypto/md5" - "crypto/sha256" - "encoding/base64" - "encoding/hex" - "encoding/json" - "errors" - "fmt" - "io" - "net/http" - "os" - "time" -) - -func sha256Sum(b []byte) []byte { - sum := sha256.Sum256(b) - return sum[:] -} - -func md5Hex(s string) string { - h := md5.Sum([]byte(s)) - return hex.EncodeToString(h[:]) -} - -func deriveKey(secret string) []byte { - return sha256Sum([]byte(secret)) // 32 bytes for AES-256 -} - -func deriveIV(secret, nonce string) []byte { - ivFull := sha256Sum([]byte(md5Hex(nonce) + secret)) // 32 bytes - return ivFull[:aes.BlockSize] // 16 bytes IV -} - -func pkcs7Pad(data []byte, blockSize int) []byte { - pad := blockSize - len(data)%blockSize - padding := bytes.Repeat([]byte{byte(pad)}, pad) - return append(data, padding...) -} - -func pkcs7Unpad(data []byte) ([]byte, error) { - if len(data) == 0 { - return nil, errors.New("invalid data length") - } - pad := int(data[len(data)-1]) - if pad <= 0 || pad > aes.BlockSize || pad > len(data) { - return nil, errors.New("invalid padding") - } - for i := 0; i < pad; i++ { - if data[len(data)-1-i] != byte(pad) { - return nil, errors.New("invalid padding content") - } - } - return data[:len(data)-pad], nil -} - -func genNonce() string { - return fmt.Sprintf("%x", time.Now().UnixNano()) -} - -func encryptPayload(plain map[string]interface{}, secret string) ([]byte, string, error) { - nonce := genNonce() - key := deriveKey(secret) - iv := deriveIV(secret, nonce) - - b, err := json.Marshal(plain) - if err != nil { - return nil, "", err - } - - block, err := aes.NewCipher(key) - if err != nil { - return nil, "", err - } - mode := cipher.NewCBCEncrypter(block, iv) - padded := pkcs7Pad(b, aes.BlockSize) - cipherText := make([]byte, len(padded)) - mode.CryptBlocks(cipherText, padded) - - wrapper := map[string]string{ - "data": base64.StdEncoding.EncodeToString(cipherText), - "time": nonce, - } - out, err := json.Marshal(wrapper) - return out, nonce, err -} - -func decryptResponseBody(respBody []byte, secret string) (map[string]interface{}, error) { - var top map[string]interface{} - if err := json.Unmarshal(respBody, &top); err != nil { - return nil, err - } - // 响应格式可能是: - // { "code": 0, "msg": "ok", "data": { "data": "...", "time": "..." } } - // 或者直接就是 { "data": "...", "time": "..." } - var wrapper map[string]interface{} - if v, ok := top["data"].(map[string]interface{}); ok && v["data"] != nil && v["time"] != nil { - wrapper = v - } else { - wrapper = top - } - - cipherB64, _ := wrapper["data"].(string) - nonce, _ := wrapper["time"].(string) - if cipherB64 == "" || nonce == "" { - return nil, errors.New("response missing data/time fields") - } - - key := deriveKey(secret) - iv := deriveIV(secret, nonce) - - cipherBytes, err := base64.StdEncoding.DecodeString(cipherB64) - if err != nil { - return nil, err - } - - block, err := aes.NewCipher(key) - if err != nil { - return nil, err - } - mode := cipher.NewCBCDecrypter(block, iv) - plainPadded := make([]byte, len(cipherBytes)) - mode.CryptBlocks(plainPadded, cipherBytes) - - plain, err := pkcs7Unpad(plainPadded) - if err != nil { - return nil, err - } - - var out map[string]interface{} - if err := json.Unmarshal(plain, &out); err != nil { - return nil, err - } - return out, nil -} - -func bindEmailWithPassword(serverURL, secret, token, email, password, userAgent string) error { - plain := map[string]interface{}{ - "email": email, - "password": password, - } - body, _, err := encryptPayload(plain, secret) - if err != nil { - return err - } - - req, err := http.NewRequest("POST", serverURL+"/v1/public/user/bind_email_with_password", bytes.NewReader(body)) - if err != nil { - return err - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Authorization", token) - req.Header.Set("Login-Type", "device") - req.Header.Set("User-Agent", userAgent) - - resp, err := http.DefaultClient.Do(req) - if err != nil { - return err - } - defer resp.Body.Close() - respBytes, _ := io.ReadAll(resp.Body) - fmt.Println("[绑定邮箱响应]", resp.StatusCode, string(respBytes)) - if resp.StatusCode != http.StatusOK { - return fmt.Errorf("bind_email_with_password failed: %s", string(respBytes)) - } - return nil -} - -func main() { - secret := "c0qhq99a-nq8h-ropg-wrlc-ezj4dlkxqpzx" - serverURL := "http://127.0.0.1:8080" - identifier := "AP4A.241205.A17" - userAgent := "ppanel-go-test/1.0" - - plain := map[string]interface{}{ - "identifier": identifier, - "user_agent": userAgent, - } - body, _, err := encryptPayload(plain, secret) - if err != nil { - fmt.Println("加密失败:", err) - os.Exit(2) - } - - req, err := http.NewRequest("POST", serverURL+"/v1/auth/login/device", bytes.NewReader(body)) - if err != nil { - fmt.Println("请求创建失败:", err) - os.Exit(3) - } - req.Header.Set("Login-Type", "device") - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", userAgent) - req.Header.Set("X-Original-Forwarded-For", "127.0.0.1") - - resp, err := http.DefaultClient.Do(req) - if err != nil { - fmt.Println("请求失败:", err) - os.Exit(4) - } - defer resp.Body.Close() - respBytes, err := io.ReadAll(resp.Body) - if err != nil { - fmt.Println("读取响应失败:", err) - os.Exit(5) - } - - fmt.Println("[加密响应原文]", string(respBytes)) - decrypted, err := decryptResponseBody(respBytes, secret) - if err != nil { - fmt.Println("解密失败:", err) - os.Exit(6) - } - fmt.Println("[解密响应明文]", decrypted) - - var token string - if t, ok := decrypted["token"].(string); ok && t != "" { - token = t - fmt.Println("✅ 登录成功,token =", token) - } else { - fmt.Println("⚠️ 未获取到 token") - } - - // 新增:根据邮箱密码绑定设备号(需提供 EMAIL 和 PASSWORD 环境变量) - email := "client@qq.com" - password := "123456" - if token != "" && email != "" && password != "" { - if err := bindEmailWithPassword(serverURL, secret, token, email, password, userAgent); err != nil { - fmt.Println("绑定邮箱失败:", err) - } else { - fmt.Println("✅ 绑定邮箱成功") - } - } else { - fmt.Println("跳过绑定:缺少 token、EMAIL 或 PASSWORD") - } -} - -/* -测试 1: - 设备A: AP4A.241205.017 3节点 - 邮箱B: client05@gmail.com 无套餐 - 设备A 绑定 邮箱B -结果: - 设备A : 设备A 没有套餐了 - 邮箱B: 套餐到了 邮箱B的体系下 设备也和邮箱绑定上了 - 以邮箱为主; - - -测试 2: - 设备A: AP4A.241205.018 无套餐 - 邮箱B: client06@gmail.com 3节点 - 设备A 绑定 邮箱B -结果: - 设备A : 设备A 没有套餐了 - 邮箱B: 原有套餐还存在 设备也和邮箱绑定上了 - 以邮箱为主; - -测试 3: - 设备A: AP4A.241205.019 3节点 2025/11/2 13:12:21 2025/10/23 13:12:21 - 邮箱B: client07@gmail.com day套餐 - 设备A 绑定 邮箱B -结果: - 设备A : 设备A 没有套餐了 - 邮箱B: 原有套餐还存在 设备也和邮箱绑定上了 - 以邮箱为主; -*/ diff --git a/script/test_ws.go b/script/test_ws.go deleted file mode 100644 index 6c69e03..0000000 --- a/script/test_ws.go +++ /dev/null @@ -1,89 +0,0 @@ -package main - -import ( - "fmt" - "log" - "net/http" - "os" - "os/signal" - "time" - - "github.com/gorilla/websocket" -) - -func main() { - // 默认配置,可用环境变量覆盖 - baseURL := getenvDefault("SERVER_URL", "wss://api.hifast.biz") - userID := getenvDefault("USER_ID", "23") - deviceID := getenvDefault("DEVICE_ID", "c76463cff8512722") - auth := "dkjw6TCQTBlgreyhjN8u32gP0A6RrQ/V50vf8wjNFwFL9hgKJrOOv+ziS03GCQ/8E0fWUzjc4aCoMcVMzUN8vR7CwqR45HbtogoT9iNoElW9rgzpQNbwQ4BHK/Q25WvcgdrhfRzE19nPqUTOcN+4iY6NmeiwHEMLBTzDEeu8wGn/yjVLRMCyh5QJuQizllbrDR5LuTiNEcdSdBSx9cFZYtnJIIyi1b60BZYo4lIyRADCH6smTsLDhoZG0nJvJw3C0XCGvf0jC/4d4u40IvbzKOm1TBSK0lgOzNjvkSfS/DJibAi4l7qNTYmFlQ1wp+iW1MNllqd+OtSavZYoajoZGA==" - - // 拼接完整 WS 地址 - wsURL := fmt.Sprintf("%s/v1/app/ws/%s/%s", baseURL, userID, deviceID) - - // 自定义 header(包含 Authorization) - header := http.Header{} - header.Set("Authorization", auth) - - // 建立连接 - dialer := websocket.Dialer{ - HandshakeTimeout: 10 * time.Second, - } - conn, _, err := dialer.Dial(wsURL, header) - if err != nil { - log.Fatalf("dial error: %v", err) - } - defer conn.Close() - log.Println("connected to", wsURL) - - // 优雅退出 - interrupt := make(chan os.Signal, 1) - signal.Notify(interrupt, os.Interrupt) - - // 心跳:定时发送 "ping" - ticker := time.NewTicker(25 * time.Second) - defer ticker.Stop() - - // 读协程 - done := make(chan struct{}) - go func() { - defer close(done) - for { - mt, msg, err := conn.ReadMessage() - if err != nil { - log.Printf("read error: %v", err) - return - } - log.Printf("recv [%d]: %s", mt, string(msg)) - } - }() - - // 连接成功后先发一个 "ping" - if err := conn.WriteMessage(websocket.TextMessage, []byte("ping")); err != nil { - log.Printf("write ping error: %v", err) - } - - for { - select { - case <-done: - return - case <-ticker.C: - if err := conn.WriteMessage(websocket.TextMessage, []byte("ping")); err != nil { - log.Printf("write heartbeat error: %v", err) - return - } - log.Printf("sent heartbeat ping") - case <-interrupt: - log.Println("interrupt, closing...") - _ = conn.WriteMessage(websocket.CloseMessage, websocket.FormatCloseMessage(websocket.CloseNormalClosure, "")) - return - } - } -} - -func getenvDefault(key, def string) string { - if v := os.Getenv(key); v != "" { - return v - } - return def -} diff --git a/scripts/README.md b/scripts/README.md deleted file mode 100644 index a3b65e4..0000000 --- a/scripts/README.md +++ /dev/null @@ -1,149 +0,0 @@ -# 测试数据清理脚本 - -## 问题背景 - -在运行测试案例 `test/device.go` 时,可能会遇到以下错误: - -``` -[ERROR] 2025/01/28 11:40:59 [DeviceLoginLogic] FindOne Error: record not found -``` - -这个错误通常是由于测试数据清理不完整导致的,具体表现为: -- 设备记录存在,但对应的用户记录已被删除 -- 数据库中存在孤立的记录 -- 测试用户数据没有完全清理 - -## 解决方案 - -使用 `cleanup_test_data.go` 脚本来清理测试数据,确保数据一致性。 - -## 使用方法 - -### 1. 配置脚本 - -编辑 `cleanup_test_data.go` 文件,修改以下配置: - -```go -const ( - // 服务器地址 - baseURL = "http://localhost:8080" - - // 管理员认证信息 - adminEmail = "admin@example.com" - adminPassword = "admin123" - - // 测试用户邮箱前缀 - testEmailPrefix = "test_" -) -``` - -### 2. 运行清理脚本 - -```bash -# 进入scripts目录 -cd scripts - -# 查看帮助信息 -go run cleanup_test_data.go --help - -# 运行清理脚本 -go run cleanup_test_data.go -``` - -### 3. 脚本功能 - -脚本会自动执行以下操作: - -1. **管理员登录**: 使用配置的管理员账户登录系统 -2. **识别测试用户**: 根据邮箱规则识别测试用户: - - 邮箱以 `test_` 开头 - - 邮箱包含 `test` 关键字 - - 邮箱包含 `example.com` 域名 -3. **批量删除**: 使用管理员API批量删除测试用户 -4. **数据一致性检查**: 检查剩余用户数据的完整性 - -## API接口说明 - -脚本使用以下管理员API接口: - -| 接口 | 方法 | 说明 | -|------|------|------| -| `/v1/auth/login` | POST | 管理员登录 | -| `/v1/admin/user` | GET | 获取用户列表 | -| `/v1/admin/user/batch` | DELETE | 批量删除用户 | -| `/v1/admin/user/{id}` | GET | 获取用户详情 | - -## 清理规则 - -### 用户删除规则 - -脚本会删除符合以下条件的用户: - -```go -isTestUser := strings.HasPrefix(user.Email, testEmailPrefix) || - strings.Contains(user.Email, "test") || - strings.Contains(user.Email, "example.com") -``` - -### 数据清理范围 - -根据 `internal/model/user/default.go` 中的 `Delete` 方法,删除用户时会自动清理: - -- 用户基本信息 (`User` 表) -- 用户认证方式 (`AuthMethods` 表) -- 用户订阅信息 (`Subscribe` 表) -- 用户设备信息 (`Device` 表) -- 相关缓存数据 - -## 安全注意事项 - -⚠️ **重要提醒**: - -1. **仅在测试环境使用**: 此脚本会删除用户数据,请勿在生产环境运行 -2. **备份数据**: 运行前建议备份数据库 -3. **确认配置**: 确保管理员账户信息正确 -4. **检查规则**: 确认测试用户识别规则符合预期 - -## 故障排除 - -### 常见错误 - -1. **登录失败** - ``` - ❌ 管理员登录失败: 登录失败 (Code: 401): Invalid credentials - ``` - - 检查管理员邮箱和密码是否正确 - - 确认服务器是否正在运行 - -2. **连接失败** - ``` - ❌ 管理员登录失败: 登录请求失败: dial tcp [::1]:8080: connect: connection refused - ``` - - 检查服务器地址是否正确 - - 确认服务器是否启动 - -3. **权限不足** - ``` - ❌ 获取用户列表失败: 获取用户列表失败 (Code: 403): Forbidden - ``` - - 确认使用的是管理员账户 - - 检查管理员权限配置 - -### 验证清理效果 - -清理完成后,可以重新运行测试脚本验证: - -```bash -cd test -go run device.go -``` - -如果清理成功,应该不再出现 "record not found" 错误。 - -## 相关文件 - -- `test/device.go` - 测试脚本 -- `internal/logic/admin/user/deleteUserLogic.go` - 单个用户删除逻辑 -- `internal/logic/admin/user/batchDeleteUserLogic.go` - 批量用户删除逻辑 -- `internal/model/user/default.go` - 用户模型删除方法 -- `apis/admin/user.api` - 管理员用户API定义 \ No newline at end of file diff --git a/scripts/cleanup_test_data.go b/scripts/cleanup_test_data.go deleted file mode 100644 index 27edbfb..0000000 --- a/scripts/cleanup_test_data.go +++ /dev/null @@ -1,339 +0,0 @@ -package main - -import ( - "bytes" - "encoding/json" - "fmt" - "io" - "net/http" - "os" - "strconv" - "strings" - "time" -) - -const ( - // 服务器地址 - 根据实际情况修改 - baseURL = "http://localhost:8080" - - // 管理员认证信息 - 需要根据实际情况修改 - adminEmail = "admin@example.com" - adminPassword = "admin123" - - // 测试用户邮箱前缀,用于识别测试数据 - testEmailPrefix = "test_" -) - -// 管理员登录响应 -type AdminLoginResponse struct { - Code int `json:"code"` - Data struct { - Token string `json:"token"` - } `json:"data"` - Message string `json:"message"` -} - -// 用户列表响应 -type UserListResponse struct { - Code int `json:"code"` - Data struct { - List []struct { - ID int64 `json:"id"` - Email string `json:"email"` - } `json:"list"` - Total int64 `json:"total"` - } `json:"data"` - Message string `json:"message"` -} - -// 通用响应结构 -type CommonResponse struct { - Code int `json:"code"` - Message string `json:"message"` -} - -// HTTP客户端 -var client = &http.Client{ - Timeout: 30 * time.Second, -} - -// 管理员token -var adminToken string - -func main() { - // 检查是否显示帮助信息 - if len(os.Args) > 1 && os.Args[1] == "--help" { - showHelp() - return - } - - fmt.Println("=== 测试数据清理脚本 ===") - fmt.Printf("服务器地址: %s\n", baseURL) - fmt.Printf("管理员邮箱: %s\n", adminEmail) - fmt.Println() - - // 1. 管理员登录获取token - fmt.Println("步骤 1: 管理员登录...") - if err := adminLogin(); err != nil { - fmt.Printf("❌ 管理员登录失败: %v\n", err) - fmt.Println("\n请检查:") - fmt.Println("- 服务器是否正在运行") - fmt.Println("- 管理员邮箱和密码是否正确") - fmt.Println("- 服务器地址是否正确") - return - } - fmt.Println("✅ 管理员登录成功") - - // 2. 清理测试用户数据 - fmt.Println("\n步骤 2: 清理测试用户...") - if err := cleanupTestUsers(); err != nil { - fmt.Printf("❌ 清理测试用户失败: %v\n", err) - } - - // 3. 清理孤立的设备数据(如果有相应的API) - fmt.Println("\n步骤 3: 检查数据一致性...") - checkDataConsistency() - - fmt.Println("\n=== 清理完成 ===") -} - -// 显示帮助信息 -func showHelp() { - fmt.Println(`测试数据清理脚本使用说明: - -📋 功能说明: - 本脚本用于清理测试过程中产生的用户数据,解决数据不一致问题 - -🔧 配置修改: - 请在脚本中修改以下配置: - - baseURL: 服务器地址 (当前: http://localhost:8080) - - adminEmail: 管理员邮箱 - - adminPassword: 管理员密码 - - testEmailPrefix: 测试用户邮箱前缀 (当前: test_) - -🚀 运行方式: - go run cleanup_test_data.go - -📊 清理规则: - - 删除邮箱包含 "test" 的用户 - - 删除邮箱包含 "example.com" 的用户 - - 删除邮箱以 "test_" 开头的用户 - - 检查数据一致性问题 - -🔗 使用的API接口: - - POST /v1/auth/login - 管理员登录 - - GET /v1/admin/user - 获取用户列表 - - DELETE /v1/admin/user/batch - 批量删除用户 - - GET /v1/admin/user/{id} - 检查用户详情 - -⚠️ 安全提示: - - 仅在测试环境中使用 - - 生产环境请谨慎操作 - - 建议先备份数据库 - - 确认管理员账户信息正确 - -🐛 问题排查: - 如果遇到 "record not found" 错误: - 1. 运行此脚本清理测试数据 - 2. 检查数据库外键约束 - 3. 确保测试流程的数据清理完整性`) -} - -// 管理员登录 -func adminLogin() error { - loginData := map[string]string{ - "email": adminEmail, - "password": adminPassword, - } - - jsonData, _ := json.Marshal(loginData) - - resp, err := client.Post(baseURL+"/v1/auth/login", "application/json", bytes.NewBuffer(jsonData)) - if err != nil { - return fmt.Errorf("登录请求失败: %v", err) - } - defer resp.Body.Close() - - body, err := io.ReadAll(resp.Body) - if err != nil { - return fmt.Errorf("读取响应失败: %v", err) - } - - var loginResp AdminLoginResponse - if err := json.Unmarshal(body, &loginResp); err != nil { - return fmt.Errorf("解析登录响应失败: %v", err) - } - - if loginResp.Code != 200 { - return fmt.Errorf("登录失败 (Code: %d): %s", loginResp.Code, loginResp.Message) - } - - adminToken = loginResp.Data.Token - return nil -} - -// 清理测试用户 -func cleanupTestUsers() error { - // 获取用户列表 - users, err := getUserList() - if err != nil { - return fmt.Errorf("获取用户列表失败: %v", err) - } - - fmt.Printf("📊 总用户数: %d\n", len(users)) - - var testUserIDs []int64 - var testUsers []string - - for _, user := range users { - // 识别测试用户的规则 - isTestUser := strings.HasPrefix(user.Email, testEmailPrefix) || - strings.Contains(user.Email, "test") || - strings.Contains(user.Email, "example.com") - - if isTestUser { - testUserIDs = append(testUserIDs, user.ID) - testUsers = append(testUsers, fmt.Sprintf("ID=%d, Email=%s", user.ID, user.Email)) - } - } - - if len(testUserIDs) == 0 { - fmt.Println("✅ 未发现测试用户,数据已清理") - return nil - } - - fmt.Printf("🔍 发现 %d 个测试用户:\n", len(testUserIDs)) - for _, userInfo := range testUsers { - fmt.Printf(" - %s\n", userInfo) - } - - // 批量删除测试用户 - fmt.Printf("\n🗑️ 正在删除 %d 个测试用户...\n", len(testUserIDs)) - if err := batchDeleteUsers(testUserIDs); err != nil { - return fmt.Errorf("批量删除用户失败: %v", err) - } - - fmt.Printf("✅ 成功删除 %d 个测试用户\n", len(testUserIDs)) - return nil -} - -// 检查数据一致性 -func checkDataConsistency() { - fmt.Println("🔍 检查数据一致性...") - - // 获取用户列表,检查是否还有问题用户 - users, err := getUserList() - if err != nil { - fmt.Printf("❌ 无法获取用户列表: %v\n", err) - return - } - - problemUsers := 0 - for _, user := range users { - // 检查用户详情是否可以正常获取 - if !checkUserDetail(user.ID) { - problemUsers++ - fmt.Printf("⚠️ 用户 ID=%d Email=%s 可能存在数据问题\n", user.ID, user.Email) - } - } - - if problemUsers == 0 { - fmt.Println("✅ 数据一致性检查通过") - } else { - fmt.Printf("⚠️ 发现 %d 个可能有问题的用户记录\n", problemUsers) - } -} - -// 获取用户列表 -func getUserList() ([]struct { - ID int64 `json:"id"` - Email string `json:"email"` -}, error) { - req, err := http.NewRequest("GET", baseURL+"/v1/admin/user?page=1&size=1000", nil) - if err != nil { - return nil, err - } - - req.Header.Set("Authorization", "Bearer "+adminToken) - req.Header.Set("Content-Type", "application/json") - - resp, err := client.Do(req) - if err != nil { - return nil, err - } - defer resp.Body.Close() - - body, err := io.ReadAll(resp.Body) - if err != nil { - return nil, err - } - - var userResp UserListResponse - if err := json.Unmarshal(body, &userResp); err != nil { - return nil, err - } - - if userResp.Code != 200 { - return nil, fmt.Errorf("获取用户列表失败 (Code: %d): %s", userResp.Code, userResp.Message) - } - - return userResp.Data.List, nil -} - -// 批量删除用户 -func batchDeleteUsers(userIDs []int64) error { - deleteData := map[string][]int64{ - "ids": userIDs, - } - - jsonData, _ := json.Marshal(deleteData) - - req, err := http.NewRequest("DELETE", baseURL+"/v1/admin/user/batch", bytes.NewBuffer(jsonData)) - if err != nil { - return err - } - - req.Header.Set("Authorization", "Bearer "+adminToken) - req.Header.Set("Content-Type", "application/json") - - resp, err := client.Do(req) - if err != nil { - return err - } - defer resp.Body.Close() - - body, err := io.ReadAll(resp.Body) - if err != nil { - return err - } - - if resp.StatusCode != 200 { - return fmt.Errorf("删除用户失败,状态码: %d, 响应: %s", resp.StatusCode, string(body)) - } - - var commonResp CommonResponse - if err := json.Unmarshal(body, &commonResp); err == nil && commonResp.Code != 200 { - return fmt.Errorf("删除用户失败 (Code: %d): %s", commonResp.Code, commonResp.Message) - } - - return nil -} - -// 检查用户详情 -func checkUserDetail(userID int64) bool { - req, err := http.NewRequest("GET", baseURL+"/v1/admin/user/"+strconv.FormatInt(userID, 10), nil) - if err != nil { - return false - } - - req.Header.Set("Authorization", "Bearer "+adminToken) - req.Header.Set("Content-Type", "application/json") - - resp, err := client.Do(req) - if err != nil { - return false - } - defer resp.Body.Close() - - return resp.StatusCode == 200 -} \ No newline at end of file diff --git a/用户绑定.md b/用户绑定.md new file mode 100644 index 0000000..c7e0c48 --- /dev/null +++ b/用户绑定.md @@ -0,0 +1,21 @@ +用户表 user 主表 +用户关联表 user_auth_methods +用户设备表 user_device + + +现有的逻辑: +-> 根据 token 获取当前用户ID +-> 从 token 中获取用户 获取当前用户的设备标识符 + -> 检查邮箱是否已经被其他用户绑定 + -> 邮箱已存在,使用现有的邮箱用户 + -> 邮箱不存在,创建新的邮箱用户 + +----> 设备绑定逻辑 + 1. 更新 user_auth_methods 表 - 将设备认证方式转移到邮箱用户 + 2. 更新 user_device 表 - 将设备记录转移到邮箱用户 + +----> 完成绑定 + 邮箱存在的情况下: + 用户设备记录 和 认证方式 都会迁移到 邮箱主用户下; 使用邮箱主用户的资源, 设备用户资源丢弃 + 邮箱不存在的情况下: + 临时创建一个新的邮箱用户, 并将设备认证方式和记录转移到这个新用户下 \ No newline at end of file