first commit

2026-06-02 08:19:39 +08:00 · 2026-03-17 13:29:09 +08:00
commit eadd3f8961
219 changed files with 22394 additions and 0 deletions
--- a/server/internal/httpapi/auth_handler.go
+++ b/server/internal/httpapi/auth_handler.go
@@ -0,0 +1,98 @@
+//go:build ignore
+
+package httpapi
+
+import (
+	"net/http"
+
+	"backupx/server/internal/service"
+	"backupx/server/pkg/response"
+	"github.com/gin-gonic/gin"
+	"go.uber.org/zap"
+)
+
+type authHandler struct {
+	service *service.AuthService
+	logger  *zap.Logger
+}
+
+type setupRequest struct {
+	Username    string `json:"username" binding:"required,min=3,max=64"`
+	Password    string `json:"password" binding:"required,min=8,max=128"`
+	DisplayName string `json:"displayName" binding:"required,min=1,max=128"`
+}
+
+type loginRequest struct {
+	Username string `json:"username" binding:"required,min=3,max=64"`
+	Password string `json:"password" binding:"required,min=8,max=128"`
+}
+
+func newAuthHandler(service *service.AuthService, logger *zap.Logger) *authHandler {
+	return &authHandler{service: service, logger: logger}
+}
+
+func (h *authHandler) registerRoutes(router gin.IRouter, protected gin.IRouter) {
+	router.GET("/auth/setup/status", h.getSetupStatus)
+	router.POST("/auth/setup", h.setup)
+	router.POST("/auth/login", h.login)
+	protected.GET("/auth/profile", h.profile)
+}
+
+func (h *authHandler) getSetupStatus(c *gin.Context) {
+	initialized, err := h.service.GetSetupStatus(c.Request.Context())
+	if err != nil {
+		writeError(c, h.logger, err)
+		return
+	}
+	response.Success(c, gin.H{"initialized": initialized})
+}
+
+func (h *authHandler) setup(c *gin.Context) {
+	payload, err := bindJSON[setupRequest](c, h.logger)
+	if err != nil {
+		writeError(c, h.logger, err)
+		return
+	}
+	result, err := h.service.Setup(c.Request.Context(), service.SetupInput{
+		Username:    payload.Username,
+		Password:    payload.Password,
+		DisplayName: payload.DisplayName,
+	})
+	if err != nil {
+		writeError(c, h.logger, err)
+		return
+	}
+	c.JSON(http.StatusCreated, response.Envelope{Code: "OK", Message: "success", Data: result})
+}
+
+func (h *authHandler) login(c *gin.Context) {
+	payload, err := bindJSON[loginRequest](c, h.logger)
+	if err != nil {
+		writeError(c, h.logger, err)
+		return
+	}
+	result, err := h.service.Login(c.Request.Context(), service.LoginInput{
+		Username:   payload.Username,
+		Password:   payload.Password,
+		RemoteAddr: c.ClientIP(),
+	})
+	if err != nil {
+		writeError(c, h.logger, err)
+		return
+	}
+	response.Success(c, result)
+}
+
+func (h *authHandler) profile(c *gin.Context) {
+	userID, err := getUserID(c)
+	if err != nil {
+		response.Error(c, http.StatusUnauthorized, "AUTH_UNAUTHORIZED", "认证信息无效")
+		return
+	}
+	result, err := h.service.GetCurrentUser(c.Request.Context(), userID)
+	if err != nil {
+		writeError(c, h.logger, err)
+		return
+	}
+	response.Success(c, result)
+}
--- a/server/internal/httpapi/context.go
+++ b/server/internal/httpapi/context.go
@@ -0,0 +1,23 @@
+//go:build ignore
+
+package httpapi
+
+import (
+	"fmt"
+
+	"github.com/gin-gonic/gin"
+)
+
+const claimsContextKey = "authClaims"
+
+func getUserID(c *gin.Context) (uint, error) {
+	value, ok := c.Get(claimsContextKey)
+	if !ok {
+		return 0, fmt.Errorf("missing auth claims")
+	}
+	claims, ok := value.(AuthClaims)
+	if !ok {
+		return 0, fmt.Errorf("invalid auth claims")
+	}
+	return claims.UserID, nil
+}
--- a/server/internal/httpapi/middleware.go
+++ b/server/internal/httpapi/middleware.go
@@ -0,0 +1,92 @@
+//go:build ignore
+
+package httpapi
+
+import (
+	"errors"
+	"fmt"
+	"net/http"
+	"strings"
+
+	"backupx/server/internal/apperror"
+	"backupx/server/internal/security"
+	"backupx/server/pkg/response"
+	"github.com/gin-gonic/gin"
+	"go.uber.org/zap"
+)
+
+type AuthClaims struct {
+	UserID   uint
+	Username string
+	Role     string
+}
+
+func Recovery(logger *zap.Logger) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		defer func() {
+			if recovered := recover(); recovered != nil {
+				logger.Error("panic recovered", zap.Any("panic", recovered), zap.String("path", c.Request.URL.Path))
+				response.Error(c, http.StatusInternalServerError, "INTERNAL_ERROR", "服务器内部错误")
+				c.Abort()
+			}
+		}()
+		c.Next()
+	}
+}
+
+func RequestLogger(logger *zap.Logger) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		c.Next()
+		logger.Info("http request",
+			zap.String("method", c.Request.Method),
+			zap.String("path", c.Request.URL.Path),
+			zap.Int("status", c.Writer.Status()),
+			zap.String("client_ip", c.ClientIP()),
+		)
+	}
+}
+
+func AuthMiddleware(jwtManager *security.JWTManager) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		authorization := strings.TrimSpace(c.GetHeader("Authorization"))
+		if authorization == "" || !strings.HasPrefix(strings.ToLower(authorization), "bearer ") {
+			response.Error(c, http.StatusUnauthorized, "AUTH_UNAUTHORIZED", "缺少有效的认证令牌")
+			c.Abort()
+			return
+		}
+		tokenValue := strings.TrimSpace(strings.TrimPrefix(authorization, "Bearer"))
+		if tokenValue == authorization {
+			tokenValue = strings.TrimSpace(strings.TrimPrefix(authorization, "bearer"))
+		}
+		claims, err := jwtManager.Parse(tokenValue)
+		if err != nil {
+			response.Error(c, http.StatusUnauthorized, "AUTH_UNAUTHORIZED", "认证令牌无效或已过期")
+			c.Abort()
+			return
+		}
+		c.Set(claimsContextKey, AuthClaims{UserID: claims.UserID, Username: claims.Username, Role: claims.Role})
+		c.Next()
+	}
+}
+
+func writeError(c *gin.Context, logger *zap.Logger, err error) {
+	var appErr *apperror.AppError
+	if errors.As(err, &appErr) {
+		if appErr.Err != nil {
+			logger.Warn("request failed", zap.String("code", appErr.Code), zap.Error(appErr.Err))
+		}
+		response.Error(c, appErr.Status, appErr.Code, appErr.Message)
+		return
+	}
+	logger.Error("unexpected error", zap.Error(err))
+	response.Error(c, http.StatusInternalServerError, "INTERNAL_ERROR", "服务器内部错误")
+}
+
+func bindJSON[T any](c *gin.Context, logger *zap.Logger) (*T, error) {
+	var payload T
+	if err := c.ShouldBindJSON(&payload); err != nil {
+		logger.Warn("bind json failed", zap.Error(err))
+		return nil, apperror.Wrap(http.StatusBadRequest, "INVALID_REQUEST", fmt.Sprintf("请求参数错误: %v", err), err)
+	}
+	return &payload, nil
+}
--- a/server/internal/httpapi/router.go
+++ b/server/internal/httpapi/router.go
@@ -0,0 +1,38 @@
+//go:build ignore
+
+package httpapi
+
+import (
+	"backupx/server/internal/security"
+	"backupx/server/internal/service"
+	"github.com/gin-gonic/gin"
+	"go.uber.org/zap"
+)
+
+type Dependencies struct {
+	Logger        *zap.Logger
+	AuthService   *service.AuthService
+	SystemService *service.SystemService
+	JWTManager    *security.JWTManager
+	Mode          string
+}
+
+func NewRouter(deps Dependencies) *gin.Engine {
+	gin.SetMode(deps.Mode)
+	router := gin.New()
+	router.Use(Recovery(deps.Logger), RequestLogger(deps.Logger))
+
+	api := router.Group("/api")
+	authHandler := newAuthHandler(deps.AuthService, deps.Logger)
+	systemHandler := newSystemHandler(deps.SystemService)
+	protected := api.Group("")
+	protected.Use(AuthMiddleware(deps.JWTManager))
+
+	authHandler.registerRoutes(api, protected)
+	systemHandler.registerRoutes(protected)
+	api.GET("/healthz", func(c *gin.Context) {
+		c.JSON(200, gin.H{"status": "ok"})
+	})
+
+	return router
+}
--- a/server/internal/httpapi/router_test.go
+++ b/server/internal/httpapi/router_test.go
@@ -0,0 +1,96 @@
+//go:build ignore
+
+package httpapi
+
+import (
+	"bytes"
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"path/filepath"
+	"testing"
+	"time"
+
+	"backupx/server/internal/config"
+	"backupx/server/internal/database"
+	"backupx/server/internal/logger"
+	"backupx/server/internal/repository"
+	"backupx/server/internal/security"
+	"backupx/server/internal/service"
+)
+
+func TestSetupLoginProfileAndSystemInfo(t *testing.T) {
+	tmpDir := t.TempDir()
+	cfg := config.Config{
+		Server:   config.ServerConfig{Mode: "test"},
+		Database: config.DatabaseConfig{Path: filepath.Join(tmpDir, "backupx.db")},
+		Security: config.SecurityConfig{JWTSecret: "test-jwt-secret", JWTExpire: "1h", EncryptionKey: "test-encryption-key"},
+		Log:      config.LogConfig{Level: "error"},
+	}
+	log, err := logger.New(cfg.Log)
+	if err != nil {
+		t.Fatalf("logger.New() error = %v", err)
+	}
+	db, err := database.Open(cfg.Database, log)
+	if err != nil {
+		t.Fatalf("database.Open() error = %v", err)
+	}
+	jwtManager := security.NewJWTManager(cfg.Security.JWTSecret, time.Hour)
+	authService := service.NewAuthService(repository.NewUserRepository(db), jwtManager, security.NewLoginLimiter(5, time.Minute))
+	systemService := service.NewSystemService(cfg, "test", time.Now().Add(-time.Minute))
+	router := NewRouter(Dependencies{Logger: log, AuthService: authService, SystemService: systemService, JWTManager: jwtManager, Mode: "test"})
+
+	setupBody := map[string]string{"username": "admin", "password": "super-secret", "displayName": "管理员"}
+	setupResp := performJSONRequest(t, router, http.MethodPost, "/api/auth/setup", setupBody, "")
+	if setupResp.Code != http.StatusCreated {
+		t.Fatalf("unexpected setup status: %d body=%s", setupResp.Code, setupResp.Body.String())
+	}
+	var setupPayload struct {
+		Code string `json:"code"`
+		Data struct {
+			Token string `json:"token"`
+		} `json:"data"`
+	}
+	if err := json.Unmarshal(setupResp.Body.Bytes(), &setupPayload); err != nil {
+		t.Fatalf("decode setup response: %v", err)
+	}
+	if setupPayload.Data.Token == "" {
+		t.Fatal("expected token in setup response")
+	}
+
+	profileResp := performJSONRequest(t, router, http.MethodGet, "/api/auth/profile", nil, setupPayload.Data.Token)
+	if profileResp.Code != http.StatusOK {
+		t.Fatalf("unexpected profile status: %d body=%s", profileResp.Code, profileResp.Body.String())
+	}
+
+	loginBody := map[string]string{"username": "admin", "password": "super-secret"}
+	loginResp := performJSONRequest(t, router, http.MethodPost, "/api/auth/login", loginBody, "")
+	if loginResp.Code != http.StatusOK {
+		t.Fatalf("unexpected login status: %d body=%s", loginResp.Code, loginResp.Body.String())
+	}
+
+	systemResp := performJSONRequest(t, router, http.MethodGet, "/api/system/info", nil, setupPayload.Data.Token)
+	if systemResp.Code != http.StatusOK {
+		t.Fatalf("unexpected system info status: %d body=%s", systemResp.Code, systemResp.Body.String())
+	}
+}
+
+func performJSONRequest(t *testing.T, handler http.Handler, method string, path string, payload any, token string) *httptest.ResponseRecorder {
+	t.Helper()
+	var body []byte
+	if payload != nil {
+		encoded, err := json.Marshal(payload)
+		if err != nil {
+			t.Fatalf("json.Marshal() error = %v", err)
+		}
+		body = encoded
+	}
+	request := httptest.NewRequest(method, path, bytes.NewReader(body))
+	request.Header.Set("Content-Type", "application/json")
+	if token != "" {
+		request.Header.Set("Authorization", "Bearer "+token)
+	}
+	response := httptest.NewRecorder()
+	handler.ServeHTTP(response, request)
+	return response
+}
--- a/server/internal/httpapi/system_handler.go
+++ b/server/internal/httpapi/system_handler.go
@@ -0,0 +1,25 @@
+//go:build ignore
+
+package httpapi
+
+import (
+	"backupx/server/internal/service"
+	"backupx/server/pkg/response"
+	"github.com/gin-gonic/gin"
+)
+
+type systemHandler struct {
+	service *service.SystemService
+}
+
+func newSystemHandler(service *service.SystemService) *systemHandler {
+	return &systemHandler{service: service}
+}
+
+func (h *systemHandler) registerRoutes(protected gin.IRouter) {
+	protected.GET("/system/info", h.info)
+}
+
+func (h *systemHandler) info(c *gin.Context) {
+	response.Success(c, h.service.GetInfo())
+}