f
This commit is contained in:
@@ -3,6 +3,8 @@ package admin_platform_user
|
|||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"database/sql"
|
"database/sql"
|
||||||
|
"fmt"
|
||||||
|
"strconv"
|
||||||
|
|
||||||
"xingfucha-server/app/main/api/internal/svc"
|
"xingfucha-server/app/main/api/internal/svc"
|
||||||
"xingfucha-server/app/main/api/internal/types"
|
"xingfucha-server/app/main/api/internal/types"
|
||||||
@@ -65,6 +67,9 @@ func (l *AdminUpdatePlatformUserLogic) AdminUpdatePlatformUser(req *types.AdminU
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "更新用户失败: %v", err)
|
return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "更新用户失败: %v", err)
|
||||||
}
|
}
|
||||||
|
// 更新封禁状态缓存,使封禁/解封即时生效,避免中间件继续用旧缓存
|
||||||
|
disableKey := fmt.Sprintf(types.UserDisableCacheKey, req.Id)
|
||||||
|
_ = l.svcCtx.Redis.Setex(disableKey, strconv.FormatInt(user.Disable, 10), types.UserDisableCacheTTL)
|
||||||
resp = &types.AdminUpdatePlatformUserResp{Success: true}
|
resp = &types.AdminUpdatePlatformUserResp{Success: true}
|
||||||
return resp, nil
|
return resp, nil
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -2,14 +2,19 @@ package middleware
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"strconv"
|
||||||
|
|
||||||
"xingfucha-server/app/main/api/internal/config"
|
"xingfucha-server/app/main/api/internal/config"
|
||||||
|
"xingfucha-server/app/main/api/internal/types"
|
||||||
"xingfucha-server/app/main/model"
|
"xingfucha-server/app/main/model"
|
||||||
jwtx "xingfucha-server/common/jwt"
|
jwtx "xingfucha-server/common/jwt"
|
||||||
|
"xingfucha-server/common/result"
|
||||||
"xingfucha-server/common/xerr"
|
"xingfucha-server/common/xerr"
|
||||||
|
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
|
"github.com/redis/go-redis/v9"
|
||||||
"github.com/zeromicro/go-zero/rest/httpx"
|
"github.com/zeromicro/go-zero/rest/httpx"
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -21,12 +26,14 @@ const (
|
|||||||
type AuthInterceptorMiddleware struct {
|
type AuthInterceptorMiddleware struct {
|
||||||
Config config.Config
|
Config config.Config
|
||||||
UserModel model.UserModel
|
UserModel model.UserModel
|
||||||
|
Redis RedisStore
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewAuthInterceptorMiddleware(c config.Config, userModel model.UserModel) *AuthInterceptorMiddleware {
|
func NewAuthInterceptorMiddleware(c config.Config, userModel model.UserModel, redisStore RedisStore) *AuthInterceptorMiddleware {
|
||||||
return &AuthInterceptorMiddleware{
|
return &AuthInterceptorMiddleware{
|
||||||
Config: c,
|
Config: c,
|
||||||
UserModel: userModel,
|
UserModel: userModel,
|
||||||
|
Redis: redisStore,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -49,11 +56,15 @@ func (m *AuthInterceptorMiddleware) Handle(next http.HandlerFunc) http.HandlerFu
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// 携带token的请求:校验用户是否被封禁(保证封禁即时生效)
|
// 携带 token 的请求:先查 Redis 封禁缓存,未命中再查库,减少轮询
|
||||||
if m.UserModel != nil && claims.UserId > 0 {
|
if m.UserModel != nil && m.Redis != nil && claims.UserId > 0 {
|
||||||
user, err := m.UserModel.FindOne(r.Context(), claims.UserId)
|
disabled, err := m.isUserDisabled(r.Context(), w, claims.UserId)
|
||||||
if err == nil && user.Disable == model.UserDisableBanned {
|
if err != nil {
|
||||||
httpx.Error(w, xerr.NewErrCode(xerr.USER_DISABLED))
|
return
|
||||||
|
}
|
||||||
|
if disabled {
|
||||||
|
msg := xerr.MapErrMsg(xerr.USER_DISABLED)
|
||||||
|
httpx.WriteJson(w, http.StatusOK, result.Error(xerr.USER_DISABLED, msg))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -64,3 +75,21 @@ func (m *AuthInterceptorMiddleware) Handle(next http.HandlerFunc) http.HandlerFu
|
|||||||
next(w, r.WithContext(ctx))
|
next(w, r.WithContext(ctx))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// isUserDisabled 先查 Redis 封禁缓存,未命中再查 DB 并回写缓存
|
||||||
|
func (m *AuthInterceptorMiddleware) isUserDisabled(ctx context.Context, w http.ResponseWriter, userID int64) (bool, error) {
|
||||||
|
key := fmt.Sprintf(types.UserDisableCacheKey, userID)
|
||||||
|
val, err := m.Redis.Get(key)
|
||||||
|
if err == nil {
|
||||||
|
return val == "1", nil
|
||||||
|
}
|
||||||
|
if err != redis.Nil {
|
||||||
|
// Redis 异常时降级为查库
|
||||||
|
}
|
||||||
|
user, err := m.UserModel.FindOne(ctx, userID)
|
||||||
|
if err != nil {
|
||||||
|
return false, nil // 用户不存在时放行,由业务层处理
|
||||||
|
}
|
||||||
|
_ = m.Redis.Setex(key, strconv.FormatInt(user.Disable, 10), types.UserDisableCacheTTL)
|
||||||
|
return user.Disable == model.UserDisableBanned, nil
|
||||||
|
}
|
||||||
|
|||||||
@@ -1,22 +1,35 @@
|
|||||||
package middleware
|
package middleware
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"context"
|
||||||
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"strconv"
|
||||||
|
|
||||||
|
"xingfucha-server/app/main/api/internal/types"
|
||||||
"xingfucha-server/app/main/model"
|
"xingfucha-server/app/main/model"
|
||||||
"xingfucha-server/common/ctxdata"
|
"xingfucha-server/common/ctxdata"
|
||||||
|
"xingfucha-server/common/result"
|
||||||
"xingfucha-server/common/xerr"
|
"xingfucha-server/common/xerr"
|
||||||
|
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
|
"github.com/redis/go-redis/v9"
|
||||||
"github.com/zeromicro/go-zero/rest/httpx"
|
"github.com/zeromicro/go-zero/rest/httpx"
|
||||||
)
|
)
|
||||||
|
|
||||||
type UserAuthInterceptorMiddleware struct {
|
type UserAuthInterceptorMiddleware struct {
|
||||||
UserModel model.UserModel
|
UserModel model.UserModel
|
||||||
|
Redis RedisStore
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewUserAuthInterceptorMiddleware(userModel model.UserModel) *UserAuthInterceptorMiddleware {
|
// RedisStore 仅用于封禁状态缓存的只读+写入接口,避免中间件依赖完整 Redis
|
||||||
return &UserAuthInterceptorMiddleware{UserModel: userModel}
|
type RedisStore interface {
|
||||||
|
Get(key string) (string, error)
|
||||||
|
Setex(key, value string, seconds int) error
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewUserAuthInterceptorMiddleware(userModel model.UserModel, redisStore RedisStore) *UserAuthInterceptorMiddleware {
|
||||||
|
return &UserAuthInterceptorMiddleware{UserModel: userModel, Redis: redisStore}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *UserAuthInterceptorMiddleware) Handle(next http.HandlerFunc) http.HandlerFunc {
|
func (m *UserAuthInterceptorMiddleware) Handle(next http.HandlerFunc) http.HandlerFunc {
|
||||||
@@ -30,15 +43,34 @@ func (m *UserAuthInterceptorMiddleware) Handle(next http.HandlerFunc) http.Handl
|
|||||||
httpx.Error(w, errors.Wrapf(xerr.NewErrCode(xerr.USER_NEED_BIND_MOBILE), "token解析失败: %v", err))
|
httpx.Error(w, errors.Wrapf(xerr.NewErrCode(xerr.USER_NEED_BIND_MOBILE), "token解析失败: %v", err))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
user, err := m.UserModel.FindOne(r.Context(), claims.UserId)
|
disabled, err := m.isUserDisabled(r.Context(), w, claims.UserId)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
httpx.Error(w, errors.Wrapf(xerr.NewErrCode(ErrCodeUnauthorized), "用户不存在: %v", err))
|
return // 用户不存在时 isUserDisabled 已写响应
|
||||||
return
|
|
||||||
}
|
}
|
||||||
if user.Disable == model.UserDisableBanned {
|
if disabled {
|
||||||
httpx.Error(w, xerr.NewErrCode(xerr.USER_DISABLED))
|
msg := xerr.MapErrMsg(xerr.USER_DISABLED)
|
||||||
|
httpx.WriteJson(w, http.StatusOK, result.Error(xerr.USER_DISABLED, msg))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
next(w, r)
|
next(w, r)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// isUserDisabled 先查 Redis 封禁缓存,未命中再查 DB 并回写缓存,减少对 DB/模型缓存的轮询
|
||||||
|
func (m *UserAuthInterceptorMiddleware) isUserDisabled(ctx context.Context, w http.ResponseWriter, userID int64) (bool, error) {
|
||||||
|
key := fmt.Sprintf(types.UserDisableCacheKey, userID)
|
||||||
|
val, err := m.Redis.Get(key)
|
||||||
|
if err == nil {
|
||||||
|
return val == "1", nil
|
||||||
|
}
|
||||||
|
if err != redis.Nil {
|
||||||
|
// Redis 异常时降级为查库,不阻塞请求
|
||||||
|
}
|
||||||
|
user, err := m.UserModel.FindOne(ctx, userID)
|
||||||
|
if err != nil {
|
||||||
|
httpx.Error(w, errors.Wrapf(xerr.NewErrCode(ErrCodeUnauthorized), "用户不存在: %v", err))
|
||||||
|
return false, err
|
||||||
|
}
|
||||||
|
_ = m.Redis.Setex(key, strconv.FormatInt(user.Disable, 10), types.UserDisableCacheTTL)
|
||||||
|
return user.Disable == model.UserDisableBanned, nil
|
||||||
|
}
|
||||||
|
|||||||
@@ -222,8 +222,8 @@ func NewServiceContext(c config.Config) *ServiceContext {
|
|||||||
return &ServiceContext{
|
return &ServiceContext{
|
||||||
Config: c,
|
Config: c,
|
||||||
Redis: redisClient,
|
Redis: redisClient,
|
||||||
AuthInterceptor: middleware.NewAuthInterceptorMiddleware(c, userModel).Handle,
|
AuthInterceptor: middleware.NewAuthInterceptorMiddleware(c, userModel, redisClient).Handle,
|
||||||
UserAuthInterceptor: middleware.NewUserAuthInterceptorMiddleware(userModel).Handle,
|
UserAuthInterceptor: middleware.NewUserAuthInterceptorMiddleware(userModel, redisClient).Handle,
|
||||||
AdminAuthInterceptor: middleware.NewAdminAuthInterceptorMiddleware(c,
|
AdminAuthInterceptor: middleware.NewAdminAuthInterceptorMiddleware(c,
|
||||||
adminUserModel, adminUserRoleModel, adminRoleModel, adminApiModel, adminRoleApiModel).Handle,
|
adminUserModel, adminUserRoleModel, adminRoleModel, adminApiModel, adminRoleApiModel).Handle,
|
||||||
|
|
||||||
|
|||||||
@@ -3,6 +3,10 @@ package types
|
|||||||
const QueryCacheKey = "query:%d:%s"
|
const QueryCacheKey = "query:%d:%s"
|
||||||
const AgentVipCacheKey = "agentVip:%d:%s"
|
const AgentVipCacheKey = "agentVip:%d:%s"
|
||||||
|
|
||||||
|
// UserDisableCacheKey 用户封禁状态缓存,value 为 "0" 或 "1",TTL 5 分钟,避免每次请求查库
|
||||||
|
const UserDisableCacheKey = "user:disable:%d"
|
||||||
|
const UserDisableCacheTTL = 300 // 秒
|
||||||
|
|
||||||
type QueryCache struct {
|
type QueryCache struct {
|
||||||
Name string `json:"name"`
|
Name string `json:"name"`
|
||||||
IDCard string `json:"id_card"`
|
IDCard string `json:"id_card"`
|
||||||
|
|||||||
@@ -11,7 +11,7 @@ func init() {
|
|||||||
message[TOKEN_GENERATE_ERROR] = "生成token失败"
|
message[TOKEN_GENERATE_ERROR] = "生成token失败"
|
||||||
message[DB_ERROR] = "系统维护升级中,请稍后再试"
|
message[DB_ERROR] = "系统维护升级中,请稍后再试"
|
||||||
message[DB_UPDATE_AFFECTED_ZERO_ERROR] = "更新数据影响行数为0"
|
message[DB_UPDATE_AFFECTED_ZERO_ERROR] = "更新数据影响行数为0"
|
||||||
message[USER_DISABLED] = "您已被封禁"
|
message[USER_DISABLED] = "封禁通知:您的账号已被封禁,无法使用相关功能。如需申诉请联系客服。"
|
||||||
}
|
}
|
||||||
|
|
||||||
func MapErrMsg(errcode uint32) string {
|
func MapErrMsg(errcode uint32) string {
|
||||||
|
|||||||
Reference in New Issue
Block a user