f

2026-02-02 14:58:48 +08:00
parent 67eea00b63
commit 11c1c2f930
18 changed files with 124 additions and 37 deletions
--- a/app/main/api/desc/admin/platform_user.api
+++ b/app/main/api/desc/admin/platform_user.api
@@ -61,6 +61,7 @@ type (
 		Nickname   string `json:"nickname"`    // 昵称
 		Info       string `json:"info"`        // 备注信息
 		Inside     int64  `json:"inside"`      // 是否内部用户 1-是 0-否
+		Disable    int64  `json:"disable"`     // 封禁状态 0-可用 1-禁用
 		CreateTime string `json:"create_time"` // 创建时间
 		UpdateTime string `json:"update_time"` // 更新时间
 	}
@@ -77,6 +78,7 @@ type (
 		Nickname   string `json:"nickname"`    // 昵称
 		Info       string `json:"info"`        // 备注信息
 		Inside     int64  `json:"inside"`      // 是否内部用户 1-是 0-否
+		Disable    int64  `json:"disable"`     // 封禁状态 0-可用 1-禁用
 		CreateTime string `json:"create_time"` // 创建时间
 		UpdateTime string `json:"update_time"` // 更新时间
 	}
@@ -103,6 +105,7 @@ type (
 		Nickname *string `json:"nickname,optional"` // 昵称
 		Info     *string `json:"info,optional"`     // 备注信息
 		Inside   *int64  `json:"inside,optional"`   // 是否内部用户 1-是 0-否
+		Disable  *int64  `json:"disable,optional"`  // 封禁状态 0-可用 1-禁用
 	}

 	// 更新响应
--- a/app/main/api/internal/logic/admin_platform_user/admingetplatformuserdetaillogic.go
+++ b/app/main/api/internal/logic/admin_platform_user/admingetplatformuserdetaillogic.go
@@ -43,6 +43,7 @@ func (l *AdminGetPlatformUserDetailLogic) AdminGetPlatformUserDetail(req *types.
 		Nickname:   "",
 		Info:       user.Info,
 		Inside:     user.Inside,
+		Disable:    user.Disable,
 		CreateTime: user.CreateTime.Format("2006-01-02 15:04:05"),
 		UpdateTime: user.UpdateTime.Format("2006-01-02 15:04:05"),
 	}
--- a/app/main/api/internal/logic/admin_platform_user/admingetplatformuserlistlogic.go
+++ b/app/main/api/internal/logic/admin_platform_user/admingetplatformuserlistlogic.go
@@ -30,8 +30,14 @@ func NewAdminGetPlatformUserListLogic(ctx context.Context, svcCtx *svc.ServiceCo

 func (l *AdminGetPlatformUserListLogic) AdminGetPlatformUserList(req *types.AdminGetPlatformUserListReq) (resp *types.AdminGetPlatformUserListResp, err error) {
 	builder := l.svcCtx.UserModel.SelectBuilder()
+	secretKey := l.svcCtx.Config.Encrypt.SecretKey
 	if req.Mobile != "" {
-		builder = builder.Where("mobile = ?", req.Mobile)
+		// 数据库存密文，搜索时把明文手机号加密后再查询
+		encryptedMobile, err := crypto.EncryptMobile(req.Mobile, secretKey)
+		if err != nil {
+			return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "手机号加密失败: %v", err)
+		}
+		builder = builder.Where("mobile = ?", encryptedMobile)
 	}
 	if req.Nickname != "" {
 		builder = builder.Where("nickname = ?", req.Nickname)
@@ -55,7 +61,6 @@ func (l *AdminGetPlatformUserListLogic) AdminGetPlatformUserList(req *types.Admi
 		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询用户分页失败: %v", err)
 	}
 	var items []types.PlatformUserListItem
-	secretKey := l.svcCtx.Config.Encrypt.SecretKey

 	for _, user := range users {
 		mobile := user.Mobile
@@ -72,6 +77,7 @@ func (l *AdminGetPlatformUserListLogic) AdminGetPlatformUserList(req *types.Admi
 			Nickname:   "",
 			Info:       user.Info,
 			Inside:     user.Inside,
+			Disable:    user.Disable,
 			CreateTime: user.CreateTime.Format("2006-01-02 15:04:05"),
 			UpdateTime: user.UpdateTime.Format("2006-01-02 15:04:05"),
 		}
--- a/app/main/api/internal/logic/admin_platform_user/adminupdateplatformuserlogic.go
+++ b/app/main/api/internal/logic/admin_platform_user/adminupdateplatformuserlogic.go
@@ -52,6 +52,12 @@ func (l *AdminUpdatePlatformUserLogic) AdminUpdatePlatformUser(req *types.AdminU
 		}
 		user.Inside = *req.Inside
 	}
+	if req.Disable != nil {
+		if *req.Disable != 1 && *req.Disable != 0 {
+			return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "封禁状态错误: %d，0-可用 1-禁用", *req.Disable)
+		}
+		user.Disable = *req.Disable
+	}
 	if req.Password != nil {
 		user.Password = sql.NullString{String: *req.Password, Valid: *req.Password != ""}
 	}
--- a/app/main/api/internal/logic/agent/applyforagentlogic.go
+++ b/app/main/api/internal/logic/agent/applyforagentlogic.go
@@ -79,6 +79,10 @@ func (l *ApplyForAgentLogic) ApplyForAgent(req *types.AgentApplyReq) (resp *type
 				return errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "代理申请, 注册用户失败: %+v", err)
 			}
 		} else {
+			// 被封禁用户禁止登录/申请
+			if user.Disable == 1 {
+				return errors.Wrapf(xerr.NewErrCode(xerr.USER_DISABLED), "账号已被封禁")
+			}
 			if claims != nil && claims.UserType == model.UserTypeTemp {
 				// 临时用户，转为正式用户
 				err = l.svcCtx.UserService.TempUserBindUser(l.ctx, session, user.Id)
--- a/app/main/api/internal/logic/user/bindmobilelogic.go
+++ b/app/main/api/internal/logic/user/bindmobilelogic.go
@@ -64,6 +64,10 @@ func (l *BindMobileLogic) BindMobile(req *types.BindMobileReq) (resp *types.Bind
 		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "绑定手机号, %v", err)
 	}
 	if user != nil {
+		// 被封禁用户禁止绑定/登录
+		if user.Disable == 1 {
+			return nil, errors.Wrapf(xerr.NewErrCode(xerr.USER_DISABLED), "账号已被封禁")
+		}
 		// 进行平台绑定
 		if claims != nil {
 			if req.Mobile != "18889793585" {
--- a/app/main/api/internal/logic/user/gettokenlogic.go
+++ b/app/main/api/internal/logic/user/gettokenlogic.go
@@ -33,6 +33,14 @@ func (l *GetTokenLogic) GetToken() (resp *types.MobileCodeLoginResp, err error)
 	if err != nil {
 		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "用户信息, %v", err)
 	}
+	// 被封禁用户禁止刷新 token
+	user, err := l.svcCtx.UserModel.FindOne(l.ctx, claims.UserId)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "用户信息, %v", err)
+	}
+	if user.Disable == 1 {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.USER_DISABLED), "账号已被封禁")
+	}
 	token, err := l.svcCtx.UserService.GeneralUserToken(l.ctx, claims.UserId, claims.UserType)
 	if err != nil {
 		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "用户信息, %v", err)
--- a/app/main/api/internal/logic/user/mobilecodeloginlogic.go
+++ b/app/main/api/internal/logic/user/mobilecodeloginlogic.go
@@ -64,6 +64,10 @@ func (l *MobileCodeLoginLogic) MobileCodeLogin(req *types.MobileCodeLoginReq) (r
 			return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "手机登录, 注册用户失败: %+v", err)
 		}
 	} else {
+		// 被封禁用户禁止登录
+		if user.Disable == 1 {
+			return nil, errors.Wrapf(xerr.NewErrCode(xerr.USER_DISABLED), "账号已被封禁")
+		}
 		userID = user.Id
 	}
 	token, err := l.svcCtx.UserService.GeneralUserToken(l.ctx, userID, model.UserTypeNormal)
--- a/app/main/api/internal/logic/user/wxh5authlogic.go
+++ b/app/main/api/internal/logic/user/wxh5authlogic.go
@@ -49,7 +49,14 @@ func (l *WxH5AuthLogic) WxH5Auth(req *types.WXH5AuthReq) (resp *types.WXH5AuthRe
 	var userID int64
 	var userType int64
 	if userAuth != nil {
-		// 已存在用户，直接登录
+		// 已存在用户，直接登录（被封禁用户禁止登录）
+		user, err := l.svcCtx.UserModel.FindOne(l.ctx, userAuth.UserId)
+		if err != nil {
+			return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询用户失败: %v", err)
+		}
+		if user.Disable == 1 {
+			return nil, errors.Wrapf(xerr.NewErrCode(xerr.USER_DISABLED), "账号已被封禁")
+		}
 		userID = userAuth.UserId
 		userType = model.UserTypeNormal
 	} else {
--- a/app/main/api/internal/logic/user/wxminiauthlogic.go
+++ b/app/main/api/internal/logic/user/wxminiauthlogic.go
@@ -48,7 +48,14 @@ func (l *WxMiniAuthLogic) WxMiniAuth(req *types.WXMiniAuthReq) (resp *types.WXMi
 	var userID int64
 	var userType int64
 	if userAuth != nil {
-		// 已存在用户，直接登录
+		// 已存在用户，直接登录（被封禁用户禁止登录）
+		user, err := l.svcCtx.UserModel.FindOne(l.ctx, userAuth.UserId)
+		if err != nil {
+			return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询用户失败: %v", err)
+		}
+		if user.Disable == 1 {
+			return nil, errors.Wrapf(xerr.NewErrCode(xerr.USER_DISABLED), "账号已被封禁")
+		}
 		userID = userAuth.UserId
 		userType = model.UserTypeNormal
 	} else {
--- a/app/main/api/internal/middleware/userauthinterceptormiddleware.go
+++ b/app/main/api/internal/middleware/userauthinterceptormiddleware.go
@@ -1,33 +1,60 @@
 package middleware

 import (
+	"net/http"
+
 	"tydata-server/app/main/model"
 	"tydata-server/common/ctxdata"
+	"tydata-server/common/result"
 	"tydata-server/common/xerr"
-	"net/http"

 	"github.com/pkg/errors"
 	"github.com/zeromicro/go-zero/rest/httpx"
 )

+// 用户封禁状态：0 可用，1 禁用
+const userDisableStatus = 1
+
 type UserAuthInterceptorMiddleware struct {
+	UserModel model.UserModel
 }

-func NewUserAuthInterceptorMiddleware() *UserAuthInterceptorMiddleware {
-	return &UserAuthInterceptorMiddleware{}
+func NewUserAuthInterceptorMiddleware(userModel model.UserModel) *UserAuthInterceptorMiddleware {
+	return &UserAuthInterceptorMiddleware{UserModel: userModel}
 }

 func (m *UserAuthInterceptorMiddleware) Handle(next http.HandlerFunc) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		claims, err := ctxdata.GetClaimsFromCtx(r.Context())
 		if err != nil {
-			httpx.Error(w, errors.Wrapf(xerr.NewErrCode(ErrCodeUnauthorized), "token解析失败: %v", err))
+			m.writeErrorResponse(w, http.StatusUnauthorized, errors.Wrapf(xerr.NewErrCode(ErrCodeUnauthorized), "token解析失败: %v", err))
 			return
 		}
 		if claims.UserType == model.UserTypeTemp {
-			httpx.Error(w, errors.Wrapf(xerr.NewErrCode(xerr.USER_NEED_BIND_MOBILE), "token解析失败: %v", err))
+			m.writeErrorResponse(w, http.StatusUnauthorized, errors.Wrapf(xerr.NewErrCode(xerr.USER_NEED_BIND_MOBILE), "请先绑定手机号"))
+			return
+		}
+		// 封禁校验：用户已被禁用则直接拒绝
+		user, err := m.UserModel.FindOne(r.Context(), claims.UserId)
+		if err != nil {
+			m.writeErrorResponse(w, http.StatusUnauthorized, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "获取用户信息失败: %v", err))
+			return
+		}
+		if user.Disable == userDisableStatus {
+			m.writeErrorResponse(w, http.StatusForbidden, xerr.NewErrCode(xerr.USER_DISABLED))
 			return
 		}
 		next(w, r)
 	}
 }
+
+// writeErrorResponse 统一返回 code + msg，便于前端展示提示信息
+func (m *UserAuthInterceptorMiddleware) writeErrorResponse(w http.ResponseWriter, statusCode int, err error) {
+	errcode := xerr.SERVER_COMMON_ERROR
+	errmsg := xerr.MapErrMsg(errcode)
+	if e, ok := errors.Cause(err).(*xerr.CodeError); ok {
+		errcode = e.GetErrCode()
+		errmsg = e.GetErrMsg()
+	}
+	httpx.WriteJson(w, statusCode, result.Error(errcode, errmsg))
+}
--- a/app/main/api/internal/svc/servicecontext.go
+++ b/app/main/api/internal/svc/servicecontext.go
@@ -223,7 +223,7 @@ func NewServiceContext(c config.Config) *ServiceContext {
 		Config:              c,
 		Redis:               redisClient,
 		AuthInterceptor:     middleware.NewAuthInterceptorMiddleware(c).Handle,
-		UserAuthInterceptor: middleware.NewUserAuthInterceptorMiddleware().Handle,
+		UserAuthInterceptor: middleware.NewUserAuthInterceptorMiddleware(userModel).Handle,
 		AdminAuthInterceptor: middleware.NewAdminAuthInterceptorMiddleware(c,
 			adminUserModel, adminUserRoleModel, adminRoleModel, adminApiModel, adminRoleApiModel).Handle,

--- a/app/main/api/internal/types/types.go
+++ b/app/main/api/internal/types/types.go
@@ -568,6 +568,7 @@ type AdminGetPlatformUserDetailResp struct {
 	Nickname   string `json:"nickname"`    // 昵称
 	Info       string `json:"info"`        // 备注信息
 	Inside     int64  `json:"inside"`      // 是否内部用户 1-是 0-否
+	Disable    int64  `json:"disable"`     // 封禁状态 0-可用 1-禁用
 	CreateTime string `json:"create_time"` // 创建时间
 	UpdateTime string `json:"update_time"` // 更新时间
 }
@@ -949,6 +950,7 @@ type AdminUpdatePlatformUserReq struct {
 	Nickname *string `json:"nickname,optional"` // 昵称
 	Info     *string `json:"info,optional"`     // 备注信息
 	Inside   *int64  `json:"inside,optional"`   // 是否内部用户 1-是 0-否
+	Disable  *int64  `json:"disable,optional"`  // 封禁状态 0-可用 1-禁用
 }

 type AdminUpdatePlatformUserResp struct {
@@ -1854,6 +1856,7 @@ type PlatformUserListItem struct {
 	Nickname   string `json:"nickname"`    // 昵称
 	Info       string `json:"info"`        // 备注信息
 	Inside     int64  `json:"inside"`      // 是否内部用户 1-是 0-否
+	Disable    int64  `json:"disable"`     // 封禁状态 0-可用 1-禁用
 	CreateTime string `json:"create_time"` // 创建时间
 	UpdateTime string `json:"update_time"` // 更新时间
 }