package service import ( "errors" "time" "x-agents/server/internal/model" "x-agents/server/internal/repository" "github.com/golang-jwt/jwt/v5" "github.com/google/uuid" "golang.org/x/crypto/bcrypt" ) var ( ErrInvalidCredentials = errors.New("invalid credentials") ErrUserNotFound = errors.New("user not found") ) type AuthService struct { jwtSecret string userRepo *repository.UserRepository } func NewAuthService(jwtSecret string, userRepo *repository.UserRepository) *AuthService { return &AuthService{ jwtSecret: jwtSecret, userRepo: userRepo, } } type LoginRequest struct { Username string `json:"username" binding:"required"` Password string `json:"password" binding:"required"` } type LoginResponse struct { Token string `json:"token"` User *model.User `json:"user"` } func (s *AuthService) Login(req LoginRequest) (*LoginResponse, error) { // 查找用户 user, err := s.userRepo.FindByUsername(req.Username) if err != nil { return nil, ErrInvalidCredentials } // 验证密码 if err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(req.Password)); err != nil { return nil, ErrInvalidCredentials } // 生成Token token, err := s.generateToken(user) if err != nil { return nil, err } return &LoginResponse{ Token: token, User: user, }, nil } func (s *AuthService) generateToken(user *model.User) (string, error) { claims := jwt.MapClaims{ "sub": user.ID, "username": user.Username, "role": user.RoleID, "exp": time.Now().Add(time.Hour * 24 * 7).Unix(), // 7天有效期 "iat": time.Now().Unix(), "expires_at": time.Now().Add(time.Hour * 24 * 7).Format(time.RFC3339), } token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) return token.SignedString([]byte(s.jwtSecret)) } func (s *AuthService) ValidateToken(tokenString string) (jwt.MapClaims, error) { token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) { if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok { return nil, errors.New("unexpected signing method") } return []byte(s.jwtSecret), nil }) if err != nil { return nil, err } if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid { return claims, nil } return nil, errors.New("invalid token") } func (s *AuthService) Register(username, password, email string) (*model.User, error) { // 检查用户是否已存在 _, err := s.userRepo.FindByUsername(username) if err == nil { return nil, errors.New("user already exists") } // 加密密码 hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost) if err != nil { return nil, err } // 创建用户 user := &model.User{ ID: uuid.New().String(), Username: username, Password: string(hashedPassword), Email: email, RoleID: "user", IsActive: true, } // 如果没有用户,创建默认管理员角色 role, err := s.userRepo.FindRoleByID(user.RoleID) if err != nil { // 创建默认角色 role = &model.Role{ ID: "user", Name: "user", Permissions: []model.PermissionLevel{model.PermissionRead, model.PermissionWrite}, } s.userRepo.CreateRole(role) user.Role = role } if err := s.userRepo.Create(user); err != nil { return nil, err } return user, nil } // GetUserByID 根据ID获取用户 func (s *AuthService) GetUserByID(id string) (*model.User, error) { return s.userRepo.FindByID(id) }