From 41b52992e4aed7267e78363a8bd84c4c9b7fbf24 Mon Sep 17 00:00:00 2001 From: shanshanzhong Date: Sun, 30 Nov 2025 19:14:09 -0800 Subject: [PATCH] =?UTF-8?q?refactor(user):=20=E9=87=8D=E6=9E=84=E8=AE=BE?= =?UTF-8?q?=E5=A4=87=E8=A7=A3=E7=BB=91=E9=80=BB=E8=BE=91=EF=BC=8C=E6=94=B9?= =?UTF-8?q?=E4=B8=BA=E8=BF=81=E7=A7=BB=E8=AE=BE=E5=A4=87=E5=88=B0=E6=96=B0?= =?UTF-8?q?=E7=94=A8=E6=88=B7=E8=80=8C=E9=9D=9E=E5=88=A0=E9=99=A4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 修改设备解绑逻辑,不再删除设备而是将其迁移到新创建的用户账户下 同时优化了事务处理和错误日志记录 --- etc/nginx.conf | 301 ++++++++++++++++++ .../logic/public/user/unbindDeviceLogic.go | 167 +++------- 2 files changed, 346 insertions(+), 122 deletions(-) create mode 100644 etc/nginx.conf diff --git a/etc/nginx.conf b/etc/nginx.conf new file mode 100644 index 0000000..afed473 --- /dev/null +++ b/etc/nginx.conf @@ -0,0 +1,301 @@ +第一个文件 +server { + listen 80; + server_name airoport.org www.airoport.org api.airoport.win; + + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 443 ssl http2; + server_name airoport.org; + ssl_certificate /etc/letsencrypt/live/airoport.org/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/airoport.org/privkey.pem; + return 301 https://airoport.co$request_uri; +} + +server { + listen 443 ssl http2; + server_name www.airoport.org; + ssl_certificate /etc/letsencrypt/live/www.airoport.org/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/www.airoport.org/privkey.pem; + return 301 https://www.airoport.co$request_uri; +} + + +server { + listen 443 ssl http2; + server_name api.airoport.win; + client_max_body_size 150M; + + ssl_certificate /etc/letsencrypt/live/api.airoport.win/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/api.airoport.win/privkey.pem; + # 安全头 + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + add_header X-Frame-Options DENY; + add_header X-Content-Type-Options nosniff; + + location / { + proxy_pass http://127.0.0.1:8080; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} + +server { + listen 443 ssl http2; + server_name xqwbmzy8.de99e242.airoport.org; + client_max_body_size 150M; + + ssl_certificate /etc/letsencrypt/live/xqwbmzy8.de99e242.airoport.org/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/xqwbmzy8.de99e242.airoport.org/privkey.pem; + + # 安全头 + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + add_header X-Frame-Options DENY; + add_header X-Content-Type-Options nosniff; + + # Gzip压缩 + gzip on; + gzip_vary on; + gzip_min_length 1024; + gzip_types text/plain text/css text/xml text/javascript application/javascript application/xml+rss application/json image/svg+xml; + + # 静态资源缓存 + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ { + proxy_pass http://localhost8315:3001; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + expires 1y; + add_header Cache-Control "public, immutable"; + } + location ^~ / { + proxy_pass http://127.0.0.1:3001; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header REMOTE-HOST $remote_addr; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $http_connection; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Port $server_port; + proxy_http_version 1.1; + add_header X-Cache $upstream_cache_status; + add_header Cache-Control no-cache; + proxy_ssl_server_name off; + proxy_ssl_name $proxy_host; +} +} + + + + +第二个文件: + +server { + listen 80; + server_name airoport.co www.airoport.co api.airoport.co de99e242.airoport.co xqwbmzy8.de99e242.airoport.co api.airoport.win; + + location / { + return 301 https://$host$request_uri; + } +} +# 主域名和www指向3002 (用户界面) +server { + listen 443 ssl http2; + server_name airoport.co; + client_max_body_size 150M; + + ssl_certificate /etc/letsencrypt/live/airoport.co-0003/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/airoport.co-0003/privkey.pem; + + # 安全头 + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + add_header X-Frame-Options DENY; + add_header X-Content-Type-Options nosniff; + location /md { + alias /var/www/md/; + # 启用目录浏览 + autoindex on; + autoindex_exact_size off; + autoindex_localtime on; + # 设置默认文档为README.md + index README.md; + # 跨域处理 + add_header Access-Control-Allow-Origin "*" always; + add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always; + add_header Access-Control-Allow-Headers "Content-Type, Authorization" always; + add_header Access-Control-Allow-Credentials "true" always; + # 处理OPTIONS预检请求 + if ($request_method = OPTIONS) { + add_header Access-Control-Allow-Origin "*"; + add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; + add_header Access-Control-Allow-Headers "Content-Type, Authorization"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 204; + } + + # 处理.md文件 + location ~* \.md$ { + add_header Content-Type "text/markdown; charset=utf-8"; + add_header Cache-Control "no-cache, no-store, must-revalidate"; + add_header Pragma "no-cache"; + + # 跨域处理 + add_header Access-Control-Allow-Origin "*" always; + add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always; + add_header Access-Control-Allow-Headers "Content-Type, Authorization" always; + } + + # 静态资源缓存优化 + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ { + expires 1y; + add_header Cache-Control "public, immutable"; + add_header X-Content-Type-Options nosniff; + + # 跨域处理 + add_header Access-Control-Allow-Origin "*" always; + add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always; + add_header Access-Control-Allow-Headers "Content-Type, Authorization" always; + } + } + + location ^~ / { + proxy_pass http://127.0.0.1:3002; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header REMOTE-HOST $remote_addr; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $http_connection; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Port $server_port; + proxy_http_version 1.1; + add_header X-Cache $upstream_cache_status; + add_header Cache-Control no-cache; + proxy_ssl_server_name off; + proxy_ssl_name $proxy_host; + } +} + +server { + listen 443 ssl http2; + server_name www.airoport.co; + client_max_body_size 150M; + + ssl_certificate /etc/letsencrypt/live/www.airoport.co/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/www.airoport.co/privkey.pem; + + # 安全头 + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + add_header X-Frame-Options DENY; + add_header X-Content-Type-Options nosniff; + + location ^~ / { + proxy_pass http://127.0.0.1:3002; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header REMOTE-HOST $remote_addr; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $http_connection; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Port $server_port; + proxy_http_version 1.1; + add_header X-Cache $upstream_cache_status; + add_header Cache-Control no-cache; + proxy_ssl_server_name off; + proxy_ssl_name $proxy_host; + } +} + + +server { + listen 443 ssl http2; + server_name api.airoport.co; + client_max_body_size 150M; + + ssl_certificate /etc/letsencrypt/live/api.airoport.co/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/api.airoport.co/privkey.pem; + # 安全头 + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + add_header X-Frame-Options DENY; + add_header X-Content-Type-Options nosniff; + + location / { + proxy_pass http://127.0.0.1:8080; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} + +server { + listen 443 ssl http2; + server_name api.airoport.win; + client_max_body_size 150M; + + ssl_certificate /etc/letsencrypt/live/api.airoport.win/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/api.airoport.win/privkey.pem; + # 安全头 + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + add_header X-Frame-Options DENY; + add_header X-Content-Type-Options nosniff; + + location / { + proxy_pass http://127.0.0.1:8080; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + } +# de99e242子域名指向3001 (管理界面) +server { + listen 443 ssl http2; + server_name xqwbmzy8.de99e242.airoport.co; + client_max_body_size 150M; + + ssl_certificate /etc/letsencrypt/live/xqwbmzy8.de99e242.airoport.co/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/xqwbmzy8.de99e242.airoport.co/privkey.pem; + + # 安全头 + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + add_header X-Frame-Options DENY; + add_header X-Content-Type-Options nosniff; + + # Gzip压缩 + gzip on; + gzip_vary on; + gzip_min_length 1024; + gzip_types text/plain text/css text/xml text/javascript application/javascript application/xml+rss application/json image/svg+xml; + + location ^~ / { + proxy_pass http://127.0.0.1:3001; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header REMOTE-HOST $remote_addr; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $http_connection; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Port $server_port; + proxy_http_version 1.1; + add_header X-Cache $upstream_cache_status; + add_header Cache-Control no-cache; + proxy_ssl_server_name off; + proxy_ssl_name $proxy_host; + } +} \ No newline at end of file diff --git a/internal/logic/public/user/unbindDeviceLogic.go b/internal/logic/public/user/unbindDeviceLogic.go index abdd863..e05ca6c 100644 --- a/internal/logic/public/user/unbindDeviceLogic.go +++ b/internal/logic/public/user/unbindDeviceLogic.go @@ -32,148 +32,71 @@ func NewUnbindDeviceLogic(ctx context.Context, svcCtx *svc.ServiceContext) *Unbi } func (l *UnbindDeviceLogic) UnbindDevice(req *types.UnbindDeviceRequest) error { - // 获取当前 token 登录的用户 userInfo := l.ctx.Value(constant.CtxKeyUser).(*user.User) - // 查询解绑设备是否存在 device, err := l.svcCtx.UserModel.FindOneDevice(l.ctx, req.Id) if err != nil { return errors.Wrapf(xerr.NewErrCode(xerr.DeviceNotExist), "find device") } - if device.UserId != userInfo.Id { return errors.Wrapf(xerr.NewErrCode(xerr.InvalidParams), "device not belong to user") } - identifier := device.Identifier - l.svcCtx.DB.Transaction(func(tx *gorm.DB) error { - // 业务逻辑修改: 如果解绑; 那么 就把 设备关系 和 邮箱关系 拆开 - var deleteDevice user.Device - // 删除了 设备 记录 - err = tx.Model(&deleteDevice).Where("id = ?", req.Id).First(&deleteDevice).Error - if err != nil { - return errors.Wrapf(xerr.NewErrCode(xerr.QueueEnqueueError), "find device err: %v", err) + return l.svcCtx.DB.Transaction(func(tx *gorm.DB) error { + newUser := &user.User{ + Salt: "default", + OnlyFirstPurchase: &l.svcCtx.Config.Invite.OnlyFirstPurchase, } - err = tx.Delete(deleteDevice).Error - if err != nil { - return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseDeletedError), "delete device err: %v", err) + if err := tx.Create(newUser).Error; err != nil { + return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseInsertError), "create user failed: %v", err) } - var userAuth user.AuthMethods - err = tx.Model(&userAuth).Where("auth_identifier = ? and auth_type = ?", deleteDevice.Identifier, "device").First(&userAuth).Error - if err != nil { - if errors.Is(err, gorm.ErrRecordNotFound) { - return nil + newUser.ReferCode = uuidx.UserInviteCode(newUser.Id) + if err := tx.Model(newUser).Update("refer_code", newUser.ReferCode).Error; err != nil { + return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseUpdateError), "update refer code failed: %v", err) + } + oldUserId := device.UserId + if err := tx.Model(&user.Device{}).Where("id = ?", device.Id).Update("user_id", newUser.Id).Error; err != nil { + return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseUpdateError), "update device owner failed: %v", err) + } + var authMethod user.AuthMethods + amErr := tx.Where("auth_identifier = ? and auth_type = ?", device.Identifier, "device").First(&authMethod).Error + if amErr != nil { + if errors.Is(amErr, gorm.ErrRecordNotFound) { + newAuth := &user.AuthMethods{ + UserId: newUser.Id, + AuthType: "device", + AuthIdentifier: device.Identifier, + Verified: true, + } + if err := tx.Create(newAuth).Error; err != nil { + return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseInsertError), "create auth method failed: %v", err) + } + } else { + return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseQueryError), "find auth method failed: %v", amErr) + } + } else { + if err := tx.Model(&authMethod).Update("user_id", newUser.Id).Error; err != nil { + return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseUpdateError), "update auth method failed: %v", err) } - return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseQueryError), "find device online record err: %v", err) - } - - err = tx.Delete(&userAuth).Error - if err != nil { - return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseDeletedError), "delete device online record err: %v", err) } var count int64 - err = tx.Model(user.AuthMethods{}).Where("user_id = ?", deleteDevice.UserId).Count(&count).Error - if err != nil { + if err := tx.Model(&user.AuthMethods{}).Where("user_id = ?", oldUserId).Count(&count).Error; err != nil { return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseQueryError), "count user auth methods err: %v", err) } - - if count < 1 { - _ = tx.Where("id = ?", deleteDevice.UserId).Delete(&user.User{}).Error + if count == 0 { + if err := tx.Delete(&user.User{}, oldUserId).Error; err != nil { + return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseDeletedError), "delete old user failed: %v", err) + } } - - //remove device cache - deviceCacheKey := fmt.Sprintf("%v:%v", config.DeviceCacheKeyKey, deleteDevice.Identifier) + deviceCacheKey := fmt.Sprintf("%v:%v", config.DeviceCacheKeyKey, device.Identifier) if sessionId, err := l.svcCtx.Redis.Get(l.ctx, deviceCacheKey).Result(); err == nil && sessionId != "" { _ = l.svcCtx.Redis.Del(l.ctx, deviceCacheKey).Err() sessionIdCacheKey := fmt.Sprintf("%v:%v", config.SessionIdKey, sessionId) _ = l.svcCtx.Redis.Del(l.ctx, sessionIdCacheKey).Err() } - - return nil - }) - // 最后 创建一个 新的 设备 用户信息 绕过 赠送套餐 - l.registerUserAndDevice(identifier) - - return nil -} - -func (l *UnbindDeviceLogic) registerUserAndDevice(identifier string) (*user.User, error) { - l.Infow("删除新建 设备 用户", - logger.Field("identifier", identifier), - ) - - var userInfo *user.User - err := l.svcCtx.UserModel.Transaction(l.ctx, func(db *gorm.DB) error { - // Create new user - userInfo = &user.User{ - Salt: "default", - OnlyFirstPurchase: &l.svcCtx.Config.Invite.OnlyFirstPurchase, - } - if err := db.Create(userInfo).Error; err != nil { - l.Errorw("failed to create user", - logger.Field("error", err.Error()), - ) - return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseInsertError), "create user failed: %v", err) - } - - // Update refer code - userInfo.ReferCode = uuidx.UserInviteCode(userInfo.Id) - if err := db.Model(&user.User{}).Where("id = ?", userInfo.Id).Update("refer_code", userInfo.ReferCode).Error; err != nil { - l.Errorw("failed to update refer code", - logger.Field("user_id", userInfo.Id), - logger.Field("error", err.Error()), - ) - return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseUpdateError), "update refer code failed: %v", err) - } - - // Create device auth method - authMethod := &user.AuthMethods{ - UserId: userInfo.Id, - AuthType: "device", - AuthIdentifier: identifier, - Verified: true, - } - if err := db.Create(authMethod).Error; err != nil { - l.Errorw("failed to create device auth method", - logger.Field("user_id", userInfo.Id), - logger.Field("identifier", identifier), - logger.Field("error", err.Error()), - ) - return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseInsertError), "create device auth method failed: %v", err) - } - - // Insert device record - deviceInfo := &user.Device{ - Ip: "", - UserId: userInfo.Id, - UserAgent: "", - Identifier: identifier, - Enabled: true, - Online: false, - } - if err := db.Create(deviceInfo).Error; err != nil { - l.Errorw("failed to insert device", - logger.Field("user_id", userInfo.Id), - logger.Field("identifier", identifier), - logger.Field("error", err.Error()), - ) - return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseInsertError), "insert device failed: %v", err) - } - - return nil - }) - - if err != nil { - l.Errorw("device registration failed", - logger.Field("identifier", identifier), - logger.Field("error", err.Error()), + l.Infow("device unbound and migrated to new user", + logger.Field("device_id", device.Id), + logger.Field("old_user_id", oldUserId), + logger.Field("new_user_id", newUser.Id), ) - return nil, err - } - - l.Infow("device registration completed successfully", - logger.Field("user_id", userInfo.Id), - logger.Field("identifier", identifier), - logger.Field("refer_code", userInfo.ReferCode), - ) - - return userInfo, nil + return nil + }) }