hi-server/internal/logic/public/user/bindEmailWithPasswordLogic.go

package user

import (
	"context"
	"fmt"
	"time"

	"github.com/perfect-panel/server/internal/logic/auth"
	"github.com/perfect-panel/server/pkg/constant"
	"github.com/perfect-panel/server/pkg/tool"

	"github.com/perfect-panel/server/internal/config"
	"github.com/perfect-panel/server/internal/model/user"
	"github.com/perfect-panel/server/pkg/jwt"
	"github.com/perfect-panel/server/pkg/uuidx"
	"github.com/perfect-panel/server/pkg/xerr"
	"github.com/pkg/errors"
	"gorm.io/gorm"

	"github.com/perfect-panel/server/internal/svc"
	"github.com/perfect-panel/server/internal/types"
	"github.com/perfect-panel/server/pkg/logger"
)

type BindEmailWithPasswordLogic struct {
	logger.Logger
	ctx    context.Context
	svcCtx *svc.ServiceContext
}

// NewBindEmailWithPasswordLogic Bind Email With Password
func NewBindEmailWithPasswordLogic(ctx context.Context, svcCtx *svc.ServiceContext) *BindEmailWithPasswordLogic {
	return &BindEmailWithPasswordLogic{
		Logger: logger.WithContext(ctx),
		ctx:    ctx,
		svcCtx: svcCtx,
	}
}

func (l *BindEmailWithPasswordLogic) BindEmailWithPassword(req *types.BindEmailWithPasswordRequest) (*types.LoginResponse, error) {
	// 获取当前设备用户
	currentUser, ok := l.ctx.Value(constant.CtxKeyUser).(*user.User)
	if !ok {
		logger.Error("current user is not found in context")
		return nil, errors.Wrapf(xerr.NewErrCode(xerr.InvalidAccess), "Invalid Access")
	}

	// 验证邮箱和密码是否匹配现有用户
	emailUser, err := l.svcCtx.UserModel.FindOneByEmail(l.ctx, req.Email)
	if err != nil {
		if errors.Is(err, gorm.ErrRecordNotFound) {
			return nil, errors.Wrapf(xerr.NewErrCode(xerr.UserNotExist), "email not registered: %v", req.Email)
		}
		logger.WithContext(l.ctx).Error(err)
		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DatabaseQueryError), "query user by email failed: %v", err.Error())
	}

	// 验证密码
	if !tool.VerifyPassWord(req.Password, emailUser.Password) {
		return nil, errors.Wrapf(xerr.NewErrCode(xerr.UserPasswordError), "password incorrect")
	}

	// 检查当前用户是否已经绑定了邮箱
	currentEmailMethod, err := l.svcCtx.UserModel.FindUserAuthMethodByUserId(l.ctx, "email", currentUser.Id)
	if err != nil && !errors.Is(err, gorm.ErrRecordNotFound) {
		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DatabaseQueryError), "FindUserAuthMethodByUserId error")
	}

	// 最终用户ID（可能是当前用户或邮箱用户）
	finalUserId := currentUser.Id

	// 如果当前用户已经绑定了邮箱，检查是否是同一个邮箱
	if currentEmailMethod.Id > 0 {
		// 如果绑定的是同一个邮箱，直接生成Token返回
		if currentEmailMethod.AuthIdentifier == req.Email {
			l.Infow("user is binding the same email that is already bound",
				logger.Field("user_id", currentUser.Id),
				logger.Field("email", req.Email),
			)
			// 直接使用当前用户ID生成Token
		} else {
			// 如果是不同的邮箱，不允许重复绑定
			return nil, errors.Wrapf(xerr.NewErrCode(xerr.UserExist), "current user already has email bound")
		}
	} else {
		// 检查该邮箱是否已经被其他用户绑定
		existingEmailMethod, err := l.svcCtx.UserModel.FindUserAuthMethodByOpenID(l.ctx, "email", req.Email)
		if err != nil && !errors.Is(err, gorm.ErrRecordNotFound) {
			return nil, errors.Wrapf(xerr.NewErrCode(xerr.DatabaseQueryError), "FindUserAuthMethodByOpenID error")
		}

		// 如果邮箱已经被其他用户绑定，需要进行数据迁移
		if existingEmailMethod.Id > 0 && existingEmailMethod.UserId != currentUser.Id {
			// 调用设备绑定逻辑，这会触发数据迁移
			bindLogic := auth.NewBindDeviceLogic(l.ctx, l.svcCtx)

			// 获取当前用户的设备标识符
			deviceMethod, err := l.svcCtx.UserModel.FindUserAuthMethodByUserId(l.ctx, "device", currentUser.Id)
			if err != nil {
				return nil, errors.Wrapf(xerr.NewErrCode(xerr.DatabaseQueryError), "FindUserAuthMethodByUserId device error")
			}

			if deviceMethod.Id == 0 {
				return nil, errors.Wrapf(xerr.NewErrCode(xerr.InvalidAccess), "current user has no device identifier")
			}

			// 执行设备重新绑定，这会触发数据迁移
			if err := bindLogic.BindDeviceToUser(deviceMethod.AuthIdentifier, "", "", emailUser.Id); err != nil {
				l.Errorw("failed to bind device to email user",
					logger.Field("current_user_id", currentUser.Id),
					logger.Field("email_user_id", emailUser.Id),
					logger.Field("device_identifier", deviceMethod.AuthIdentifier),
					logger.Field("error", err.Error()),
				)
				return nil, errors.Wrapf(xerr.NewErrCode(xerr.DatabaseUpdateError), "bind device to email user failed")
			}

			l.Infow("successfully bound device to email user with data migration",
				logger.Field("current_user_id", currentUser.Id),
				logger.Field("email_user_id", emailUser.Id),
				logger.Field("device_identifier", deviceMethod.AuthIdentifier),
			)

			// 数据迁移后，使用邮箱用户的ID
			finalUserId = emailUser.Id
		} else {
			// 邮箱未被绑定，直接为当前用户创建邮箱绑定
			emailMethod := &user.AuthMethods{
				UserId:         currentUser.Id,
				AuthType:       "email",
				AuthIdentifier: req.Email,
				Verified:       true, // 通过密码验证，直接设为已验证
			}

			if err := l.svcCtx.UserModel.InsertUserAuthMethods(l.ctx, emailMethod); err != nil {
				return nil, errors.Wrapf(xerr.NewErrCode(xerr.DatabaseInsertError), "InsertUserAuthMethods error")
			}

			l.Infow("successfully bound email to current user",
				logger.Field("user_id", currentUser.Id),
				logger.Field("email", req.Email),
			)
		}
	}

	// 生成新的Token
	sessionId := uuidx.NewUUID().String()
	loginType := "device"
	if l.ctx.Value(constant.LoginType) != nil {
		loginType = l.ctx.Value(constant.LoginType).(string)
	}

	token, err := jwt.NewJwtToken(
		l.svcCtx.Config.JwtAuth.AccessSecret,
		time.Now().Unix(),
		l.svcCtx.Config.JwtAuth.AccessExpire,
		jwt.WithOption("UserId", finalUserId),
		jwt.WithOption("SessionId", sessionId),
		jwt.WithOption("LoginType", loginType),
	)
	if err != nil {
		l.Logger.Error("[BindEmailWithPassword] token generate error", logger.Field("error", err.Error()))
		return nil, errors.Wrapf(xerr.NewErrCode(xerr.ERROR), "token generate error: %v", err.Error())
	}

	// 设置session缓存
	sessionIdCacheKey := fmt.Sprintf("%v:%v", config.SessionIdKey, sessionId)
	if err = l.svcCtx.Redis.Set(l.ctx, sessionIdCacheKey, finalUserId, time.Duration(l.svcCtx.Config.JwtAuth.AccessExpire)*time.Second).Err(); err != nil {
		return nil, errors.Wrapf(xerr.NewErrCode(xerr.ERROR), "set session id error: %v", err.Error())
	}

	return &types.LoginResponse{
		Token: token,
	}, nil
}