package auth import ( "context" "github.com/perfect-panel/server/internal/model/user" "github.com/perfect-panel/server/internal/svc" "github.com/perfect-panel/server/pkg/logger" "github.com/perfect-panel/server/pkg/xerr" "github.com/pkg/errors" "gorm.io/gorm" ) type BindDeviceLogic struct { logger.Logger ctx context.Context svcCtx *svc.ServiceContext } func NewBindDeviceLogic(ctx context.Context, svcCtx *svc.ServiceContext) *BindDeviceLogic { return &BindDeviceLogic{ Logger: logger.WithContext(ctx), ctx: ctx, svcCtx: svcCtx, } } // BindDeviceToUser binds a device to a user // If the device is already bound to another user, it will disable that user and bind the device to the current user func (l *BindDeviceLogic) BindDeviceToUser(identifier, ip, userAgent string, currentUserId int64) error { if identifier == "" { // No device identifier provided, skip binding return nil } l.Infow("binding device to user", logger.Field("identifier", identifier), logger.Field("user_id", currentUserId), logger.Field("ip", ip), ) // Check if device exists deviceInfo, err := l.svcCtx.UserModel.FindOneDeviceByIdentifier(l.ctx, identifier) if err != nil { if errors.Is(err, gorm.ErrRecordNotFound) { // Device not found, create new device record return l.createDeviceForUser(identifier, ip, userAgent, currentUserId) } l.Errorw("failed to query device", logger.Field("identifier", identifier), logger.Field("error", err.Error()), ) return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseQueryError), "query device failed: %v", err.Error()) } // Device exists, check if it's bound to current user if deviceInfo.UserId == currentUserId { // Already bound to current user, just update IP and UserAgent l.Infow("device already bound to current user, updating info", logger.Field("identifier", identifier), logger.Field("user_id", currentUserId), ) deviceInfo.Ip = ip deviceInfo.UserAgent = userAgent if err := l.svcCtx.UserModel.UpdateDevice(l.ctx, deviceInfo); err != nil { l.Errorw("failed to update device", logger.Field("identifier", identifier), logger.Field("error", err.Error()), ) return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseUpdateError), "update device failed: %v", err.Error()) } return nil } // Device is bound to another user, need to disable old user and rebind l.Infow("device bound to another user, rebinding", logger.Field("identifier", identifier), logger.Field("old_user_id", deviceInfo.UserId), logger.Field("new_user_id", currentUserId), ) return l.rebindDeviceToNewUser(deviceInfo, ip, userAgent, currentUserId) } func (l *BindDeviceLogic) createDeviceForUser(identifier, ip, userAgent string, userId int64) error { l.Infow("creating new device for user", logger.Field("identifier", identifier), logger.Field("user_id", userId), ) err := l.svcCtx.UserModel.Transaction(l.ctx, func(db *gorm.DB) error { // Create device auth method authMethod := &user.AuthMethods{ UserId: userId, AuthType: "device", AuthIdentifier: identifier, Verified: true, } if err := db.Create(authMethod).Error; err != nil { l.Errorw("failed to create device auth method", logger.Field("user_id", userId), logger.Field("identifier", identifier), logger.Field("error", err.Error()), ) return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseInsertError), "create device auth method failed: %v", err) } // Create device record deviceInfo := &user.Device{ Ip: ip, UserId: userId, UserAgent: userAgent, Identifier: identifier, Enabled: true, Online: false, } if err := db.Create(deviceInfo).Error; err != nil { l.Errorw("failed to create device", logger.Field("user_id", userId), logger.Field("identifier", identifier), logger.Field("error", err.Error()), ) return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseInsertError), "create device failed: %v", err) } return nil }) if err != nil { l.Errorw("device creation failed", logger.Field("identifier", identifier), logger.Field("user_id", userId), logger.Field("error", err.Error()), ) return err } l.Infow("device created successfully", logger.Field("identifier", identifier), logger.Field("user_id", userId), ) return nil } func (l *BindDeviceLogic) rebindDeviceToNewUser(deviceInfo *user.Device, ip, userAgent string, newUserId int64) error { oldUserId := deviceInfo.UserId var users []*user.User err := l.svcCtx.DB.Where("id in (?)", []int64{oldUserId, newUserId}).Find(&users).Error if err != nil { l.Errorw("failed to query users for rebinding", logger.Field("old_user_id", oldUserId), logger.Field("new_user_id", newUserId), logger.Field("error", err.Error()), ) return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseQueryError), "query users failed: %v", err) } err = l.svcCtx.UserModel.Transaction(l.ctx, func(tx *gorm.DB) error { //检查旧设备是否存在认证方式 var authMethod user.AuthMethods err := tx.Where("auth_type = ? AND auth_identifier = ?", "device", deviceInfo.Identifier).Find(&authMethod).Error if err != nil && !errors.Is(err, gorm.ErrRecordNotFound) { l.Errorw("failed to query device auth method", logger.Field("identifier", deviceInfo.Identifier), logger.Field("error", err.Error()), ) return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseQueryError), "query device auth method failed: %v", err) } //未找到设备认证方式信息,创建新的设备认证方式 if err != nil { authMethod = user.AuthMethods{ UserId: newUserId, AuthType: "device", AuthIdentifier: deviceInfo.Identifier, Verified: true, } logger.Infof("create auth method: %v", authMethod) if err := tx.Create(&authMethod).Error; err != nil { l.Errorw("failed to create device auth method", logger.Field("new_user_id", newUserId), logger.Field("error", err.Error())) return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseInsertError), "create device auth method failed: %v", err) } } else { //更新设备认证方式的用户ID为新用户ID authMethod.UserId = newUserId if err := tx.Save(&authMethod).Error; err != nil { l.Errorw("failed to update device auth method", logger.Field("identifier", deviceInfo.Identifier), logger.Field("error", err.Error()), ) return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseUpdateError), "update device auth method failed: %v", err) } } //检查旧用户是否还有其他认证方式 var count int64 if err := tx.Model(&user.AuthMethods{}).Where("user_id = ?", oldUserId).Count(&count).Error; err != nil { l.Errorw("failed to query auth methods for old user", logger.Field("old_user_id", oldUserId), logger.Field("error", err.Error()), ) return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseQueryError), "query auth methods failed: %v", err) } //如果没有其他认证方式,禁用旧用户账号 if count < 1 { if err := tx.Model(&user.User{}).Where("id = ?", oldUserId).Delete(&user.User{}).Error; err != nil { l.Errorw("failed to disable old user", logger.Field("old_user_id", oldUserId), logger.Field("error", err.Error()), ) return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseUpdateError), "disable old user failed: %v", err) } } l.Infow("disabled old user (no other auth methods)", logger.Field("old_user_id", oldUserId), ) // 更新设备绑定的用户id deviceInfo.UserId = newUserId deviceInfo.Ip = ip deviceInfo.UserAgent = userAgent deviceInfo.Enabled = true if err := tx.Save(deviceInfo).Error; err != nil { l.Errorw("failed to update device", logger.Field("identifier", deviceInfo.Identifier), logger.Field("error", err.Error()), ) return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseUpdateError), "update device failed: %v", err) } return nil }) if err != nil { l.Errorw("device rebinding failed", logger.Field("identifier", deviceInfo.Identifier), logger.Field("old_user_id", oldUserId), logger.Field("new_user_id", newUserId), logger.Field("error", err.Error()), ) return err } err = l.svcCtx.UserModel.ClearUserCache(l.ctx, users...) if err != nil { l.Errorw("failed to clear user cache after rebinding", logger.Field("old_user_id", oldUserId), logger.Field("new_user_id", newUserId), logger.Field("error", err.Error()), ) } l.Infow("device rebound successfully", logger.Field("identifier", deviceInfo.Identifier), logger.Field("old_user_id", oldUserId), logger.Field("new_user_id", newUserId), ) return nil }