From 39c51aa4a28d889726376fcc4e3d0fa2bfcb90ae Mon Sep 17 00:00:00 2001
From: Mrx <18278715334@163.com>
Date: Wed, 4 Feb 2026 15:18:37 +0800
Subject: [PATCH] f

---
 .../adminupdateplatformuserlogic.go           |  5 ++
 .../middleware/authinterceptormiddleware.go   | 41 ++++++++++++++---
 .../userauthinterceptormiddleware.go          | 46 ++++++++++++++++---
 app/main/api/internal/svc/servicecontext.go   |  4 +-
 app/main/api/internal/types/cache.go          |  4 ++
 common/xerr/errMsg.go                         |  2 +-
 6 files changed, 86 insertions(+), 16 deletions(-)

diff --git a/app/main/api/internal/logic/admin_platform_user/adminupdateplatformuserlogic.go b/app/main/api/internal/logic/admin_platform_user/adminupdateplatformuserlogic.go
index f995403..48d695f 100644
--- a/app/main/api/internal/logic/admin_platform_user/adminupdateplatformuserlogic.go
+++ b/app/main/api/internal/logic/admin_platform_user/adminupdateplatformuserlogic.go
@@ -3,6 +3,8 @@ package admin_platform_user
 import (
 	"context"
 	"database/sql"
+	"fmt"
+	"strconv"
 
 	"xingfucha-server/app/main/api/internal/svc"
 	"xingfucha-server/app/main/api/internal/types"
@@ -65,6 +67,9 @@ func (l *AdminUpdatePlatformUserLogic) AdminUpdatePlatformUser(req *types.AdminU
 	if err != nil {
 		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "更新用户失败: %v", err)
 	}
+	// 更新封禁状态缓存，使封禁/解封即时生效，避免中间件继续用旧缓存
+	disableKey := fmt.Sprintf(types.UserDisableCacheKey, req.Id)
+	_ = l.svcCtx.Redis.Setex(disableKey, strconv.FormatInt(user.Disable, 10), types.UserDisableCacheTTL)
 	resp = &types.AdminUpdatePlatformUserResp{Success: true}
 	return resp, nil
 }
diff --git a/app/main/api/internal/middleware/authinterceptormiddleware.go b/app/main/api/internal/middleware/authinterceptormiddleware.go
index d411c11..92eeccd 100644
--- a/app/main/api/internal/middleware/authinterceptormiddleware.go
+++ b/app/main/api/internal/middleware/authinterceptormiddleware.go
@@ -2,14 +2,19 @@ package middleware
 
 import (
 	"context"
+	"fmt"
 	"net/http"
+	"strconv"
 
 	"xingfucha-server/app/main/api/internal/config"
+	"xingfucha-server/app/main/api/internal/types"
 	"xingfucha-server/app/main/model"
 	jwtx "xingfucha-server/common/jwt"
+	"xingfucha-server/common/result"
 	"xingfucha-server/common/xerr"
 
 	"github.com/pkg/errors"
+	"github.com/redis/go-redis/v9"
 	"github.com/zeromicro/go-zero/rest/httpx"
 )
 
@@ -21,12 +26,14 @@ const (
 type AuthInterceptorMiddleware struct {
 	Config    config.Config
 	UserModel model.UserModel
+	Redis     RedisStore
 }
 
-func NewAuthInterceptorMiddleware(c config.Config, userModel model.UserModel) *AuthInterceptorMiddleware {
+func NewAuthInterceptorMiddleware(c config.Config, userModel model.UserModel, redisStore RedisStore) *AuthInterceptorMiddleware {
 	return &AuthInterceptorMiddleware{
 		Config:    c,
 		UserModel: userModel,
+		Redis:     redisStore,
 	}
 }
 
@@ -49,11 +56,15 @@ func (m *AuthInterceptorMiddleware) Handle(next http.HandlerFunc) http.HandlerFu
 			return
 		}
 
-		// 携带token的请求：校验用户是否被封禁（保证封禁即时生效）
-		if m.UserModel != nil && claims.UserId > 0 {
-			user, err := m.UserModel.FindOne(r.Context(), claims.UserId)
-			if err == nil && user.Disable == model.UserDisableBanned {
-				httpx.Error(w, xerr.NewErrCode(xerr.USER_DISABLED))
+		// 携带 token 的请求：先查 Redis 封禁缓存，未命中再查库，减少轮询
+		if m.UserModel != nil && m.Redis != nil && claims.UserId > 0 {
+			disabled, err := m.isUserDisabled(r.Context(), w, claims.UserId)
+			if err != nil {
+				return
+			}
+			if disabled {
+				msg := xerr.MapErrMsg(xerr.USER_DISABLED)
+				httpx.WriteJson(w, http.StatusOK, result.Error(xerr.USER_DISABLED, msg))
 				return
 			}
 		}
@@ -64,3 +75,21 @@ func (m *AuthInterceptorMiddleware) Handle(next http.HandlerFunc) http.HandlerFu
 		next(w, r.WithContext(ctx))
 	}
 }
+
+// isUserDisabled 先查 Redis 封禁缓存，未命中再查 DB 并回写缓存
+func (m *AuthInterceptorMiddleware) isUserDisabled(ctx context.Context, w http.ResponseWriter, userID int64) (bool, error) {
+	key := fmt.Sprintf(types.UserDisableCacheKey, userID)
+	val, err := m.Redis.Get(key)
+	if err == nil {
+		return val == "1", nil
+	}
+	if err != redis.Nil {
+		// Redis 异常时降级为查库
+	}
+	user, err := m.UserModel.FindOne(ctx, userID)
+	if err != nil {
+		return false, nil // 用户不存在时放行，由业务层处理
+	}
+	_ = m.Redis.Setex(key, strconv.FormatInt(user.Disable, 10), types.UserDisableCacheTTL)
+	return user.Disable == model.UserDisableBanned, nil
+}
diff --git a/app/main/api/internal/middleware/userauthinterceptormiddleware.go b/app/main/api/internal/middleware/userauthinterceptormiddleware.go
index d24cad4..6fd7570 100644
--- a/app/main/api/internal/middleware/userauthinterceptormiddleware.go
+++ b/app/main/api/internal/middleware/userauthinterceptormiddleware.go
@@ -1,22 +1,35 @@
 package middleware
 
 import (
+	"context"
+	"fmt"
 	"net/http"
+	"strconv"
 
+	"xingfucha-server/app/main/api/internal/types"
 	"xingfucha-server/app/main/model"
 	"xingfucha-server/common/ctxdata"
+	"xingfucha-server/common/result"
 	"xingfucha-server/common/xerr"
 
 	"github.com/pkg/errors"
+	"github.com/redis/go-redis/v9"
 	"github.com/zeromicro/go-zero/rest/httpx"
 )
 
 type UserAuthInterceptorMiddleware struct {
 	UserModel model.UserModel
+	Redis     RedisStore
 }
 
-func NewUserAuthInterceptorMiddleware(userModel model.UserModel) *UserAuthInterceptorMiddleware {
-	return &UserAuthInterceptorMiddleware{UserModel: userModel}
+// RedisStore 仅用于封禁状态缓存的只读+写入接口，避免中间件依赖完整 Redis
+type RedisStore interface {
+	Get(key string) (string, error)
+	Setex(key, value string, seconds int) error
+}
+
+func NewUserAuthInterceptorMiddleware(userModel model.UserModel, redisStore RedisStore) *UserAuthInterceptorMiddleware {
+	return &UserAuthInterceptorMiddleware{UserModel: userModel, Redis: redisStore}
 }
 
 func (m *UserAuthInterceptorMiddleware) Handle(next http.HandlerFunc) http.HandlerFunc {
@@ -30,15 +43,34 @@ func (m *UserAuthInterceptorMiddleware) Handle(next http.HandlerFunc) http.Handl
 			httpx.Error(w, errors.Wrapf(xerr.NewErrCode(xerr.USER_NEED_BIND_MOBILE), "token解析失败: %v", err))
 			return
 		}
-		user, err := m.UserModel.FindOne(r.Context(), claims.UserId)
+		disabled, err := m.isUserDisabled(r.Context(), w, claims.UserId)
 		if err != nil {
-			httpx.Error(w, errors.Wrapf(xerr.NewErrCode(ErrCodeUnauthorized), "用户不存在: %v", err))
-			return
+			return // 用户不存在时 isUserDisabled 已写响应
 		}
-		if user.Disable == model.UserDisableBanned {
-			httpx.Error(w, xerr.NewErrCode(xerr.USER_DISABLED))
+		if disabled {
+			msg := xerr.MapErrMsg(xerr.USER_DISABLED)
+			httpx.WriteJson(w, http.StatusOK, result.Error(xerr.USER_DISABLED, msg))
 			return
 		}
 		next(w, r)
 	}
 }
+
+// isUserDisabled 先查 Redis 封禁缓存，未命中再查 DB 并回写缓存，减少对 DB/模型缓存的轮询
+func (m *UserAuthInterceptorMiddleware) isUserDisabled(ctx context.Context, w http.ResponseWriter, userID int64) (bool, error) {
+	key := fmt.Sprintf(types.UserDisableCacheKey, userID)
+	val, err := m.Redis.Get(key)
+	if err == nil {
+		return val == "1", nil
+	}
+	if err != redis.Nil {
+		// Redis 异常时降级为查库，不阻塞请求
+	}
+	user, err := m.UserModel.FindOne(ctx, userID)
+	if err != nil {
+		httpx.Error(w, errors.Wrapf(xerr.NewErrCode(ErrCodeUnauthorized), "用户不存在: %v", err))
+		return false, err
+	}
+	_ = m.Redis.Setex(key, strconv.FormatInt(user.Disable, 10), types.UserDisableCacheTTL)
+	return user.Disable == model.UserDisableBanned, nil
+}
diff --git a/app/main/api/internal/svc/servicecontext.go b/app/main/api/internal/svc/servicecontext.go
index 43344ef..adea73c 100644
--- a/app/main/api/internal/svc/servicecontext.go
+++ b/app/main/api/internal/svc/servicecontext.go
@@ -222,8 +222,8 @@ func NewServiceContext(c config.Config) *ServiceContext {
 	return &ServiceContext{
 		Config:              c,
 		Redis:               redisClient,
-		AuthInterceptor:     middleware.NewAuthInterceptorMiddleware(c, userModel).Handle,
-		UserAuthInterceptor: middleware.NewUserAuthInterceptorMiddleware(userModel).Handle,
+		AuthInterceptor:     middleware.NewAuthInterceptorMiddleware(c, userModel, redisClient).Handle,
+		UserAuthInterceptor: middleware.NewUserAuthInterceptorMiddleware(userModel, redisClient).Handle,
 		AdminAuthInterceptor: middleware.NewAdminAuthInterceptorMiddleware(c,
 			adminUserModel, adminUserRoleModel, adminRoleModel, adminApiModel, adminRoleApiModel).Handle,
 
diff --git a/app/main/api/internal/types/cache.go b/app/main/api/internal/types/cache.go
index ecd68cc..5e49191 100644
--- a/app/main/api/internal/types/cache.go
+++ b/app/main/api/internal/types/cache.go
@@ -3,6 +3,10 @@ package types
 const QueryCacheKey = "query:%d:%s"
 const AgentVipCacheKey = "agentVip:%d:%s"
 
+// UserDisableCacheKey 用户封禁状态缓存，value 为 "0" 或 "1"，TTL 5 分钟，避免每次请求查库
+const UserDisableCacheKey = "user:disable:%d"
+const UserDisableCacheTTL = 300 // 秒
+
 type QueryCache struct {
 	Name    string `json:"name"`
 	IDCard  string `json:"id_card"`
diff --git a/common/xerr/errMsg.go b/common/xerr/errMsg.go
index 10f6e9d..577c026 100644
--- a/common/xerr/errMsg.go
+++ b/common/xerr/errMsg.go
@@ -11,7 +11,7 @@ func init() {
 	message[TOKEN_GENERATE_ERROR] = "生成token失败"
 	message[DB_ERROR] = "系统维护升级中,请稍后再试"
 	message[DB_UPDATE_AFFECTED_ZERO_ERROR] = "更新数据影响行数为0"
-	message[USER_DISABLED] = "您已被封禁"
+	message[USER_DISABLED] = "封禁通知：您的账号已被封禁，无法使用相关功能。如需申诉请联系客服。"
 }
 
 func MapErrMsg(errcode uint32) string {