fix: 种子用户日志和密码配置化 + 第2轮调试文档
This commit is contained in:
Executable
BIN
Binary file not shown.
@@ -63,9 +63,12 @@ func main() {
|
||||
if existingAdmin, err := store.GetUserByUsername(s.DB(), cfg.AdminUsername); err != nil {
|
||||
log.Printf("⚠ 查询管理员用户失败: %v", err)
|
||||
} else if existingAdmin == nil {
|
||||
log.Println("🔧 未找到管理员用户,创建默认 admin (username: admin, password: admin123)...")
|
||||
// 使用默认密码 "admin123" 作为种子密码
|
||||
defaultAdminPassword := "admin123"
|
||||
log.Printf("🔧 未找到管理员用户,创建默认 %s (username: %s)...", cfg.AdminUsername, cfg.AdminUsername)
|
||||
// 优先使用环境变量 ADMIN_PASSWORD,否则回退到 "admin123"
|
||||
defaultAdminPassword := os.Getenv("ADMIN_PASSWORD")
|
||||
if defaultAdminPassword == "" {
|
||||
defaultAdminPassword = "admin123"
|
||||
}
|
||||
passwordHash, err := bcrypt.GenerateFromPassword([]byte(defaultAdminPassword), bcrypt.DefaultCost)
|
||||
if err != nil {
|
||||
log.Printf("⚠ 管理员密码哈希生成失败: %v", err)
|
||||
@@ -73,7 +76,7 @@ func main() {
|
||||
if _, err := store.CreateUser(s.DB(), cfg.AdminUsername, string(passwordHash), true); err != nil {
|
||||
log.Printf("⚠ 创建默认管理员失败: %v", err)
|
||||
} else {
|
||||
log.Println("✅ 默认管理员用户已创建 (username: admin, password: admin123)")
|
||||
log.Printf("✅ 默认管理员用户已创建 (username: %s)", cfg.AdminUsername)
|
||||
}
|
||||
}
|
||||
} else {
|
||||
|
||||
BIN
Binary file not shown.
Executable
BIN
Binary file not shown.
@@ -0,0 +1,239 @@
|
||||
# 持续性调试第2轮: 用户认证流程端到端 + 服务集成测试
|
||||
|
||||
> 日期: 2026-05-20 13:58 CST (UTC+8)
|
||||
> 基于第1轮 REG1 修复 (commit `9dd1582`): users 表缺失已修复
|
||||
> 测试环境: Gateway 编译后后台运行, PostgreSQL 通过 SSH 隧道连接
|
||||
|
||||
---
|
||||
|
||||
## 1. 环境准备
|
||||
|
||||
| 检查项 | 状态 | 详情 |
|
||||
|--------|------|------|
|
||||
| SSH 隧道 (PostgreSQL 5432) | ✅ | `ssh` 进程监听 127.0.0.1:5432 |
|
||||
| 旧 gateway 进程 | ✅ 已停止 | PID 12619 已被 kill |
|
||||
| 编译新 gateway | ✅ 成功 | `go build -o ./cmd/gateway ./cmd/main.go` |
|
||||
| Gateway 后台启动 | ✅ | PID 19265, 端口 8080 |
|
||||
|
||||
---
|
||||
|
||||
## 2. users 表 + 种子管理员验证
|
||||
|
||||
### 2.1 启动日志 (关键行)
|
||||
|
||||
```
|
||||
2026/05/20 13:55:44 ✅ Users 表已就绪
|
||||
2026/05/20 13:55:45 🔧 未找到管理员用户,创建默认 admin (username: admin, password: admin123)...
|
||||
2026/05/20 13:55:45 ✅ 默认管理员用户已创建 (username: admin, password: admin123)
|
||||
```
|
||||
|
||||
### 2.2 PostgreSQL 查询确认
|
||||
|
||||
```sql
|
||||
SELECT id, username, is_admin, created_at FROM users ORDER BY id;
|
||||
```
|
||||
|
||||
| id | username | is_admin | created_at |
|
||||
|----|-----------|----------|----------------------------|
|
||||
| 1 | yeij0942 | t | 2026-05-20 05:55:45+00 |
|
||||
| 2 | testuser1 | f | 2026-05-20 05:57:13+00 |
|
||||
|
||||
### 2.3 发现的问题
|
||||
|
||||
**🟡 ISSUE-1: 种子日志文案与实际用户名不一致**
|
||||
|
||||
- [`main.go:66`](backend/gateway/cmd/main.go:66) 日志写 "username: admin, password: admin123"
|
||||
- 实际 `cfg.AdminUsername` 来自 `.env` = `yeij0942`
|
||||
- `main.go:68` 种子密码硬编码 `admin123`,与 `.env` 中 `ADMIN_PASSWORD=Jiang1143218570` 不一致
|
||||
- **影响**: 日志误导,但功能正常。种子用户名为 `yeij0942`,密码为 `admin123`
|
||||
- **根因**: 日志文案使用字面量 "admin" 而代码使用 `cfg.AdminUsername`
|
||||
|
||||
**🟡 ISSUE-2: 种子密码硬编码**
|
||||
|
||||
- [`main.go:68`](backend/gateway/cmd/main.go:68) `defaultAdminPassword := "admin123"` 硬编码
|
||||
- `.env` 中 `ADMIN_PASSWORD=Jiang1143218570` 未被使用
|
||||
- **影响**: 低。种子只在首次创建时使用,后续登录走 bcrypt 验证
|
||||
|
||||
---
|
||||
|
||||
## 3. 用户认证端到端测试
|
||||
|
||||
### 3.1 注册新用户
|
||||
|
||||
```bash
|
||||
POST /api/v1/auth/register
|
||||
{"username":"testuser1","password":"testpass123","email":"test@example.com","nickname":"测试用户","verify_code":"000000"}
|
||||
```
|
||||
|
||||
**结果**: ✅ `201 Created`
|
||||
|
||||
```json
|
||||
{
|
||||
"user_id": "user_testuser1",
|
||||
"token": "eyJ...",
|
||||
"expires": 1781848633,
|
||||
"nickname": "测试用户"
|
||||
}
|
||||
```
|
||||
|
||||
验证点:
|
||||
- ✅ `REGISTRATION_ENABLED=true` 生效
|
||||
- ✅ bcrypt 密码哈希写入 users 表
|
||||
- ✅ JWT token 成功生成 (user_id 前缀为 `user_`)
|
||||
- ✅ 验证码 `000000` MVP 阶段通过
|
||||
|
||||
### 3.2 新用户登录 (bcrypt 密码验证)
|
||||
|
||||
```bash
|
||||
POST /api/v1/auth/login
|
||||
{"username":"testuser1","password":"testpass123"}
|
||||
```
|
||||
|
||||
**结果**: ✅ `200 OK`
|
||||
|
||||
验证点:
|
||||
- ✅ `verifyUserPassword` 从 DB 查询用户 → bcrypt `CompareHashAndPassword` 成功
|
||||
- ✅ userID 前缀为 `user_` (非 admin)
|
||||
|
||||
### 3.3 管理员登录
|
||||
|
||||
```bash
|
||||
POST /api/v1/auth/login
|
||||
{"username":"yeij0942","password":"admin123"}
|
||||
```
|
||||
|
||||
**结果**: ✅ `200 OK`
|
||||
|
||||
```json
|
||||
{
|
||||
"user_id": "admin_yeij0942",
|
||||
"token": "eyJ..."
|
||||
}
|
||||
```
|
||||
|
||||
验证点:
|
||||
- ✅ 种子 admin 通过 bcrypt 验证 (DB 中存在且密码匹配)
|
||||
- ✅ userID 前缀为 `admin_`
|
||||
|
||||
### 3.4 Token 访问受保护 API
|
||||
|
||||
**新用户 token**:
|
||||
```bash
|
||||
GET /api/v1/sessions
|
||||
Authorization: Bearer <user_testuser1_token>
|
||||
```
|
||||
✅ `200 OK`, `{"sessions": []}` (空列表,符合预期)
|
||||
|
||||
**管理员 token**:
|
||||
```bash
|
||||
GET /api/v1/sessions
|
||||
Authorization: Bearer <admin_yeij0942_token>
|
||||
```
|
||||
✅ `200 OK`, 返回 2 条已有会话
|
||||
|
||||
**未认证访问**:
|
||||
```bash
|
||||
GET /api/v1/sessions (无 Authorization header)
|
||||
```
|
||||
✅ `401 Unauthorized`, `{"error": "未提供认证令牌"}` — JWTAuth 中间件正常
|
||||
|
||||
**错误密码**:
|
||||
```bash
|
||||
POST /api/v1/auth/login
|
||||
{"username":"testuser1","password":"wrongpass"}
|
||||
```
|
||||
✅ `401 Unauthorized`, `{"error": "用户名或密码错误"}` — bcrypt 比对拒绝
|
||||
|
||||
---
|
||||
|
||||
## 4. 多服务集成测试
|
||||
|
||||
### 4.1 Memory Service (8091)
|
||||
|
||||
```bash
|
||||
GET /api/v1/memory (via Gateway, with auth)
|
||||
```
|
||||
|
||||
**结果**: ✅ 正常转发,返回 1 条已有记忆
|
||||
|
||||
```json
|
||||
{
|
||||
"memories": [{
|
||||
"id": "8f8af3b7-...",
|
||||
"content": "测试记忆内容",
|
||||
"user_id": "admin_yeij0942",
|
||||
...
|
||||
}],
|
||||
"total": 1
|
||||
}
|
||||
```
|
||||
|
||||
### 4.2 Tool-Engine (8092)
|
||||
|
||||
**结果**: ⚠️ 进程在运行 (端口 8092 监听),但无 `/health` 端点 (返回 404),这是预期行为 — tool-engine 未定义该路由。
|
||||
|
||||
### 4.3 当前运行的服务
|
||||
|
||||
| 服务 | 端口 | 状态 |
|
||||
|------|------|------|
|
||||
| Gateway | 8080 | ✅ 运行中 |
|
||||
| Memory Service | 8091 | ✅ 运行中 |
|
||||
| Tool Engine | 8092 | ✅ 运行中 |
|
||||
| PostgreSQL | 5432 | ✅ SSH 隧道 |
|
||||
|
||||
---
|
||||
|
||||
## 5. 前端 TypeScript 编译
|
||||
|
||||
```bash
|
||||
cd frontend/web && npx tsc --noEmit
|
||||
```
|
||||
|
||||
**结果**: ✅ 无错误,编译通过。
|
||||
|
||||
---
|
||||
|
||||
## 6. 系统时间
|
||||
|
||||
- **UTC**: 2026-05-20 05:58:47 UTC
|
||||
- **本地 (CST)**: 2026-05-20 13:58:47 CST
|
||||
|
||||
---
|
||||
|
||||
## 7. 验证点矩阵
|
||||
|
||||
| # | 验证点 | 结果 |
|
||||
|---|--------|------|
|
||||
| 1 | users 表自动创建 | ✅ |
|
||||
| 2 | 种子管理员创建 | ✅ (用户名 yeij0942, 密码 admin123) |
|
||||
| 3 | 普通用户注册 | ✅ |
|
||||
| 4 | 新用户登录 (bcrypt) | ✅ |
|
||||
| 5 | 管理员登录 | ✅ |
|
||||
| 6 | JWT token 访问受保护 API | ✅ |
|
||||
| 7 | 未认证拒绝 (401) | ✅ |
|
||||
| 8 | 错误密码拒绝 (401) | ✅ |
|
||||
| 9 | Memory 服务转发 | ✅ |
|
||||
| 10 | 前端 TypeScript 编译 | ✅ |
|
||||
|
||||
---
|
||||
|
||||
## 8. 发现的问题
|
||||
|
||||
| ID | 严重程度 | 描述 | 位置 |
|
||||
|----|----------|------|------|
|
||||
| ISSUE-1 | 🟡 低 | 种子日志文案写死 "admin" 但实际用户名为 `cfg.AdminUsername` | [`main.go:66`](backend/gateway/cmd/main.go:66) |
|
||||
| ISSUE-2 | 🟡 低 | 种子密码硬编码 `admin123`,未使用 `.env` 的 `ADMIN_PASSWORD` | [`main.go:68`](backend/gateway/cmd/main.go:68) |
|
||||
|
||||
---
|
||||
|
||||
## 9. 结论
|
||||
|
||||
**认证流程端到端完全可用**。第1轮发现的 REG1 (users 表缺失) 已修复,所有关键路径验证通过:
|
||||
|
||||
1. users 表在 gateway 启动时自动创建
|
||||
2. 种子管理员通过 bcrypt 哈希存入 DB
|
||||
3. 普通用户可以注册 (bcrypt 哈希存储)
|
||||
4. 所有用户 (admin + 普通) 可以通过 bcrypt 密码验证登录
|
||||
5. JWT 中间件正确保护受保护路由
|
||||
6. Gateway → Memory Service 转发正常
|
||||
7. 前端编译无错误
|
||||
Reference in New Issue
Block a user