HI-VPN/hi-server
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(user): 重构设备解绑逻辑,改为迁移设备到新用户而非删除
All checks were successful
Build docker and publish / build (20.15.1) (push) Successful in 6m44s
Details

Browse Source 
修改设备解绑逻辑,不再删除设备而是将其迁移到新创建的用户账户下
同时优化了事务处理和错误日志记录
This commit is contained in:
shanshanzhong 2025-11-30 19:14:09 -08:00
parent 109f708652
commit 41b52992e4
2 changed files with 346 additions and 122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

301
etc/nginx.conf Normal file
View File

@ -0,0 +1,301 @@
第一个文件
server {
listen 80;
server_name airoport.org www.airoport.org api.airoport.win;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
server_name airoport.org;
ssl_certificate /etc/letsencrypt/live/airoport.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/airoport.org/privkey.pem;
return 301 https://airoport.co$request_uri;
}
server {
listen 443 ssl http2;
server_name www.airoport.org;
ssl_certificate /etc/letsencrypt/live/www.airoport.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.airoport.org/privkey.pem;
return 301 https://www.airoport.co$request_uri;
}
server {
listen 443 ssl http2;
server_name api.airoport.win;
client_max_body_size 150M;
ssl_certificate /etc/letsencrypt/live/api.airoport.win/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.airoport.win/privkey.pem;
# 安全头
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 443 ssl http2;
server_name xqwbmzy8.de99e242.airoport.org;
client_max_body_size 150M;
ssl_certificate /etc/letsencrypt/live/xqwbmzy8.de99e242.airoport.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xqwbmzy8.de99e242.airoport.org/privkey.pem;
# 安全头
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
# Gzip压缩
gzip on;
gzip_vary on;
gzip_min_length 1024;
gzip_types text/plain text/css text/xml text/javascript application/javascript application/xml+rss application/json image/svg+xml;
# 静态资源缓存
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
proxy_pass http://localhost8315:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
expires 1y;
add_header Cache-Control "public, immutable";
}
location ^~ / {
proxy_pass http://127.0.0.1:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_http_version 1.1;
add_header X-Cache $upstream_cache_status;
add_header Cache-Control no-cache;
proxy_ssl_server_name off;
proxy_ssl_name $proxy_host;
}
}
第二个文件:
server {
listen 80;
server_name airoport.co www.airoport.co api.airoport.co de99e242.airoport.co xqwbmzy8.de99e242.airoport.co api.airoport.win;
location / {
return 301 https://$host$request_uri;
}
}
# 主域名和www指向3002 (用户界面)
server {
listen 443 ssl http2;
server_name airoport.co;
client_max_body_size 150M;
ssl_certificate /etc/letsencrypt/live/airoport.co-0003/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/airoport.co-0003/privkey.pem;
# 安全头
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
location /md {
alias /var/www/md/;
# 启用目录浏览
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
# 设置默认文档为README.md
index README.md;
# 跨域处理
add_header Access-Control-Allow-Origin "*" always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
add_header Access-Control-Allow-Headers "Content-Type, Authorization" always;
add_header Access-Control-Allow-Credentials "true" always;
# 处理OPTIONS预检请求
if ($request_method = OPTIONS) {
add_header Access-Control-Allow-Origin "*";
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Authorization";
add_header Content-Length 0;
add_header Content-Type text/plain;
return 204;
}
# 处理.md文件
location ~* \.md$ {
add_header Content-Type "text/markdown; charset=utf-8";
add_header Cache-Control "no-cache, no-store, must-revalidate";
add_header Pragma "no-cache";
# 跨域处理
add_header Access-Control-Allow-Origin "*" always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
add_header Access-Control-Allow-Headers "Content-Type, Authorization" always;
}
# 静态资源缓存优化
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
expires 1y;
add_header Cache-Control "public, immutable";
add_header X-Content-Type-Options nosniff;
# 跨域处理
add_header Access-Control-Allow-Origin "*" always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
add_header Access-Control-Allow-Headers "Content-Type, Authorization" always;
}
}
location ^~ / {
proxy_pass http://127.0.0.1:3002;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_http_version 1.1;
add_header X-Cache $upstream_cache_status;
add_header Cache-Control no-cache;
proxy_ssl_server_name off;
proxy_ssl_name $proxy_host;
}
}
server {
listen 443 ssl http2;
server_name www.airoport.co;
client_max_body_size 150M;
ssl_certificate /etc/letsencrypt/live/www.airoport.co/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.airoport.co/privkey.pem;
# 安全头
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
location ^~ / {
proxy_pass http://127.0.0.1:3002;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_http_version 1.1;
add_header X-Cache $upstream_cache_status;
add_header Cache-Control no-cache;
proxy_ssl_server_name off;
proxy_ssl_name $proxy_host;
}
}
server {
listen 443 ssl http2;
server_name api.airoport.co;
client_max_body_size 150M;
ssl_certificate /etc/letsencrypt/live/api.airoport.co/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.airoport.co/privkey.pem;
# 安全头
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 443 ssl http2;
server_name api.airoport.win;
client_max_body_size 150M;
ssl_certificate /etc/letsencrypt/live/api.airoport.win/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.airoport.win/privkey.pem;
# 安全头
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
# de99e242子域名指向3001 (管理界面)
server {
listen 443 ssl http2;
server_name xqwbmzy8.de99e242.airoport.co;
client_max_body_size 150M;
ssl_certificate /etc/letsencrypt/live/xqwbmzy8.de99e242.airoport.co/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xqwbmzy8.de99e242.airoport.co/privkey.pem;
# 安全头
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
# Gzip压缩
gzip on;
gzip_vary on;
gzip_min_length 1024;
gzip_types text/plain text/css text/xml text/javascript application/javascript application/xml+rss application/json image/svg+xml;
location ^~ / {
proxy_pass http://127.0.0.1:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_http_version 1.1;
add_header X-Cache $upstream_cache_status;
add_header Cache-Control no-cache;
proxy_ssl_server_name off;
proxy_ssl_name $proxy_host;
}
}

163
internal/logic/public/user/unbindDeviceLogic.go
View File

@ -32,148 +32,71 @@ func NewUnbindDeviceLogic(ctx context.Context, svcCtx *svc.ServiceContext) *Unbi
}
func (l *UnbindDeviceLogic) UnbindDevice(req *types.UnbindDeviceRequest) error {
// 获取当前 token 登录的用户
userInfo := l.ctx.Value(constant.CtxKeyUser).(*user.User)
// 查询解绑设备是否存在
device, err := l.svcCtx.UserModel.FindOneDevice(l.ctx, req.Id)
if err != nil {
return errors.Wrapf(xerr.NewErrCode(xerr.DeviceNotExist), "find device")
}
if device.UserId != userInfo.Id {
return errors.Wrapf(xerr.NewErrCode(xerr.InvalidParams), "device not belong to user")
}
identifier := device.Identifier
l.svcCtx.DB.Transaction(func(tx *gorm.DB) error {
// 业务逻辑修改: 如果解绑; 那么 就把 设备关系 和 邮箱关系 拆开
var deleteDevice user.Device
// 删除了 设备 记录
err = tx.Model(&deleteDevice).Where("id = ?", req.Id).First(&deleteDevice).Error
if err != nil {
return errors.Wrapf(xerr.NewErrCode(xerr.QueueEnqueueError), "find device err: %v", err)
return l.svcCtx.DB.Transaction(func(tx *gorm.DB) error {
newUser := &user.User{
Salt: "default",
OnlyFirstPurchase: &l.svcCtx.Config.Invite.OnlyFirstPurchase,
}
err = tx.Delete(deleteDevice).Error
if err != nil {
return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseDeletedError), "delete device err: %v", err)
if err := tx.Create(newUser).Error; err != nil {
return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseInsertError), "create user failed: %v", err)
}
var userAuth user.AuthMethods
err = tx.Model(&userAuth).Where("auth_identifier = ? and auth_type = ?", deleteDevice.Identifier, "device").First(&userAuth).Error
if err != nil {
if errors.Is(err, gorm.ErrRecordNotFound) {
return nil
newUser.ReferCode = uuidx.UserInviteCode(newUser.Id)
if err := tx.Model(newUser).Update("refer_code", newUser.ReferCode).Error; err != nil {
return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseUpdateError), "update refer code failed: %v", err)
}
return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseQueryError), "find device online record err: %v", err)
oldUserId := device.UserId
if err := tx.Model(&user.Device{}).Where("id = ?", device.Id).Update("user_id", newUser.Id).Error; err != nil {
return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseUpdateError), "update device owner failed: %v", err)
}
var authMethod user.AuthMethods
amErr := tx.Where("auth_identifier = ? and auth_type = ?", device.Identifier, "device").First(&authMethod).Error
if amErr != nil {
if errors.Is(amErr, gorm.ErrRecordNotFound) {
newAuth := &user.AuthMethods{
UserId: newUser.Id,
AuthType: "device",
AuthIdentifier: device.Identifier,
Verified: true,
}
if err := tx.Create(newAuth).Error; err != nil {
return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseInsertError), "create auth method failed: %v", err)
}
} else {
return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseQueryError), "find auth method failed: %v", amErr)
}
} else {
if err := tx.Model(&authMethod).Update("user_id", newUser.Id).Error; err != nil {
return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseUpdateError), "update auth method failed: %v", err)
}
err = tx.Delete(&userAuth).Error
if err != nil {
return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseDeletedError), "delete device online record err: %v", err)
}
var count int64
err = tx.Model(user.AuthMethods{}).Where("user_id = ?", deleteDevice.UserId).Count(&count).Error
if err != nil {
if err := tx.Model(&user.AuthMethods{}).Where("user_id = ?", oldUserId).Count(&count).Error; err != nil {
return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseQueryError), "count user auth methods err: %v", err)
}
if count < 1 {
_ = tx.Where("id = ?", deleteDevice.UserId).Delete(&user.User{}).Error
if count == 0 {
if err := tx.Delete(&user.User{}, oldUserId).Error; err != nil {
return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseDeletedError), "delete old user failed: %v", err)
}
//remove device cache
deviceCacheKey := fmt.Sprintf("%v:%v", config.DeviceCacheKeyKey, deleteDevice.Identifier)
}
deviceCacheKey := fmt.Sprintf("%v:%v", config.DeviceCacheKeyKey, device.Identifier)
if sessionId, err := l.svcCtx.Redis.Get(l.ctx, deviceCacheKey).Result(); err == nil && sessionId != "" {
_ = l.svcCtx.Redis.Del(l.ctx, deviceCacheKey).Err()
sessionIdCacheKey := fmt.Sprintf("%v:%v", config.SessionIdKey, sessionId)
_ = l.svcCtx.Redis.Del(l.ctx, sessionIdCacheKey).Err()
}
l.Infow("device unbound and migrated to new user",
logger.Field("device_id", device.Id),
logger.Field("old_user_id", oldUserId),
logger.Field("new_user_id", newUser.Id),
)
return nil
})
// 最后 创建一个 新的 设备 用户信息 绕过 赠送套餐
l.registerUserAndDevice(identifier)
return nil
}
func (l *UnbindDeviceLogic) registerUserAndDevice(identifier string) (*user.User, error) {
l.Infow("删除新建 设备 用户",
logger.Field("identifier", identifier),
)
var userInfo *user.User
err := l.svcCtx.UserModel.Transaction(l.ctx, func(db *gorm.DB) error {
// Create new user
userInfo = &user.User{
Salt: "default",
OnlyFirstPurchase: &l.svcCtx.Config.Invite.OnlyFirstPurchase,
}
if err := db.Create(userInfo).Error; err != nil {
l.Errorw("failed to create user",
logger.Field("error", err.Error()),
)
return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseInsertError), "create user failed: %v", err)
}
// Update refer code
userInfo.ReferCode = uuidx.UserInviteCode(userInfo.Id)
if err := db.Model(&user.User{}).Where("id = ?", userInfo.Id).Update("refer_code", userInfo.ReferCode).Error; err != nil {
l.Errorw("failed to update refer code",
logger.Field("user_id", userInfo.Id),
logger.Field("error", err.Error()),
)
return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseUpdateError), "update refer code failed: %v", err)
}
// Create device auth method
authMethod := &user.AuthMethods{
UserId: userInfo.Id,
AuthType: "device",
AuthIdentifier: identifier,
Verified: true,
}
if err := db.Create(authMethod).Error; err != nil {
l.Errorw("failed to create device auth method",
logger.Field("user_id", userInfo.Id),
logger.Field("identifier", identifier),
logger.Field("error", err.Error()),
)
return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseInsertError), "create device auth method failed: %v", err)
}
// Insert device record
deviceInfo := &user.Device{
Ip: "",
UserId: userInfo.Id,
UserAgent: "",
Identifier: identifier,
Enabled: true,
Online: false,
}
if err := db.Create(deviceInfo).Error; err != nil {
l.Errorw("failed to insert device",
logger.Field("user_id", userInfo.Id),
logger.Field("identifier", identifier),
logger.Field("error", err.Error()),
)
return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseInsertError), "insert device failed: %v", err)
}
return nil
})
if err != nil {
l.Errorw("device registration failed",
logger.Field("identifier", identifier),
logger.Field("error", err.Error()),
)
return nil, err
}
l.Infow("device registration completed successfully",
logger.Field("user_id", userInfo.Id),
logger.Field("identifier", identifier),
logger.Field("refer_code", userInfo.ReferCode),
)
return userInfo, nil
}