v0.1

2025-07-28 01:46:39 +08:00
parent b03129667a
commit 357639462a
219 changed files with 21634 additions and 8138 deletions
--- a/internal/domains/api/entities/api_user.go
+++ b/internal/domains/api/entities/api_user.go
@@ -0,0 +1,193 @@
+package entities
+
+import (
+	"crypto/rand"
+	"encoding/hex"
+	"errors"
+	"io"
+	"net"
+	"time"
+
+	"github.com/google/uuid"
+	"gorm.io/gorm"
+)
+
+// ApiUserStatus API用户状态
+const (
+	ApiUserStatusNormal = "normal"
+	ApiUserStatusFrozen = "frozen"
+)
+
+// ApiUser API用户（聚合根）
+type ApiUser struct {
+	ID        string    `gorm:"primaryKey;type:varchar(64)" json:"id"`
+	UserId    string    `gorm:"type:varchar(36);not null;uniqueIndex" json:"user_id"`
+	AccessId  string    `gorm:"type:varchar(64);not null;uniqueIndex" json:"access_id"`
+	SecretKey string    `gorm:"type:varchar(128);not null" json:"secret_key"`
+	Status    string    `gorm:"type:varchar(20);not null;default:'normal'" json:"status"`
+	WhiteList []string  `gorm:"type:json;serializer:json;default:'[]'" json:"white_list"` // 支持多个白名单
+	CreatedAt time.Time `gorm:"autoCreateTime" json:"created_at"`
+	UpdatedAt time.Time `gorm:"autoUpdateTime" json:"updated_at"`
+}
+
+// IsWhiteListed 校验IP/域名是否在白名单
+func (u *ApiUser) IsWhiteListed(target string) bool {
+	for _, w := range u.WhiteList {
+		if w == target {
+			return true
+		}
+	}
+	return false
+}
+
+// IsActive 是否可用
+func (u *ApiUser) IsActive() bool {
+	return u.Status == ApiUserStatusNormal
+}
+
+// IsFrozen 是否冻结
+func (u *ApiUser) IsFrozen() bool {
+	return u.Status == ApiUserStatusFrozen
+}
+
+// NewApiUser 工厂方法
+func NewApiUser(userId string) (*ApiUser, error) {
+	if userId == "" {
+		return nil, errors.New("用户ID不能为空")
+	}
+	accessId, err := GenerateSecretId()
+	if err != nil {
+		return nil, err
+	}
+	secretKey, err := GenerateSecretKey()
+	if err != nil {
+		return nil, err
+	}
+	return &ApiUser{
+		ID:        uuid.New().String(),
+		UserId:    userId,
+		AccessId:  accessId,
+		SecretKey: secretKey,
+		Status:    ApiUserStatusNormal,
+		WhiteList: []string{},
+	}, nil
+}
+
+// 领域行为
+func (u *ApiUser) Freeze() {
+	u.Status = ApiUserStatusFrozen
+}
+func (u *ApiUser) Unfreeze() {
+	u.Status = ApiUserStatusNormal
+}
+func (u *ApiUser) UpdateWhiteList(list []string) {
+	u.WhiteList = list
+}
+
+// AddToWhiteList 新增白名单项（防御性校验）
+func (u *ApiUser) AddToWhiteList(entry string) error {
+	if len(u.WhiteList) >= 10 {
+		return errors.New("白名单最多只能有10个")
+	}
+	if net.ParseIP(entry) == nil {
+		return errors.New("非法IP")
+	}
+	for _, w := range u.WhiteList {
+		if w == entry {
+			return errors.New("白名单已存在")
+		}
+	}
+	u.WhiteList = append(u.WhiteList, entry)
+	return nil
+}
+
+// BeforeUpdate GORM钩子：更新前确保WhiteList不为nil
+func (u *ApiUser) BeforeUpdate(tx *gorm.DB) error {
+	if u.WhiteList == nil {
+		u.WhiteList = []string{}
+	}
+	return nil
+}
+
+// RemoveFromWhiteList 删除白名单项
+func (u *ApiUser) RemoveFromWhiteList(entry string) error {
+	newList := make([]string, 0, len(u.WhiteList))
+	for _, w := range u.WhiteList {
+		if w != entry {
+			newList = append(newList, w)
+		}
+	}
+	if len(newList) == len(u.WhiteList) {
+		return errors.New("白名单不存在")
+	}
+	u.WhiteList = newList
+	return nil
+}
+
+// Validate 校验ApiUser聚合根的业务规则
+func (u *ApiUser) Validate() error {
+	if u.UserId == "" {
+		return errors.New("用户ID不能为空")
+	}
+	if u.AccessId == "" {
+		return errors.New("AccessId不能为空")
+	}
+	if u.SecretKey == "" {
+		return errors.New("SecretKey不能为空")
+	}
+	switch u.Status {
+	case ApiUserStatusNormal, ApiUserStatusFrozen:
+		// ok
+	default:
+		return errors.New("无效的用户状态")
+	}
+	if len(u.WhiteList) > 10 {
+		return errors.New("白名单最多只能有10个")
+	}
+	for _, ip := range u.WhiteList {
+		if net.ParseIP(ip) == nil {
+			return errors.New("白名单项必须为合法IP地址: " + ip)
+		}
+	}
+	return nil
+}
+
+// 生成AES-128密钥的函数，符合市面规范
+func GenerateSecretKey() (string, error) {
+	key := make([]byte, 16) // 16字节密钥
+	_, err := io.ReadFull(rand.Reader, key)
+	if err != nil {
+		return "", err
+	}
+	return hex.EncodeToString(key), nil
+}
+
+func GenerateSecretId() (string, error) {
+	// 创建一个字节数组，用于存储随机数据
+	bytes := make([]byte, 8) // 因为每个字节表示两个16进制字符
+
+	// 读取随机字节到数组中
+	_, err := rand.Read(bytes)
+	if err != nil {
+		return "", err
+	}
+
+	// 将字节数组转换为16进制字符串
+	return hex.EncodeToString(bytes), nil
+}
+
+// TableName 指定数据库表名
+func (ApiUser) TableName() string {
+	return "api_users"
+}
+
+// BeforeCreate GORM钩子：创建前自动生成UUID并确保WhiteList不为nil
+func (c *ApiUser) BeforeCreate(tx *gorm.DB) error {
+	if c.ID == "" {
+		c.ID = uuid.New().String()
+	}
+	if c.WhiteList == nil {
+		c.WhiteList = []string{}
+	}
+	return nil
+}