package handler import ( "net/http" "strings" "time" "github.com/gin-gonic/gin" "github.com/yourname/cyrene-ai/gateway/internal/config" ) // AuthHandler 认证处理器 type AuthHandler struct { cfg *config.Config } // NewAuthHandler 创建认证处理器 func NewAuthHandler(cfg *config.Config) *AuthHandler { return &AuthHandler{cfg: cfg} } // Register 用户注册 (需要邮箱验证码) func (h *AuthHandler) Register(c *gin.Context) { // 检查注册开关 if !h.cfg.RegistrationEnabled { c.JSON(http.StatusForbidden, gin.H{"error": "当前不开放公开注册,请使用管理员账户登录"}) return } var req struct { Username string `json:"username" binding:"required,min=2,max=32"` Password string `json:"password" binding:"required,min=6,max=64"` Email string `json:"email" binding:"required,email"` // MVP阶段:验证码仅做格式校验,后续接入邮件服务 VerifyCode string `json:"verify_code" binding:"required,len=6"` } if err := c.ShouldBindJSON(&req); err != nil { c.JSON(http.StatusBadRequest, gin.H{"error": "请求参数无效: " + err.Error()}) return } // MVP阶段:验证码简单校验 (开发环境接受 "000000") if req.VerifyCode != "000000" { c.JSON(http.StatusBadRequest, gin.H{"error": "验证码错误 (开发阶段请使用 000000)"}) return } // 邮箱域名简单校验 if !strings.Contains(req.Email, "@") || !strings.Contains(req.Email, ".") { c.JSON(http.StatusBadRequest, gin.H{"error": "邮箱格式无效"}) return } // MVP阶段:使用username直接作为userID // 后续需要接入用户服务进行真实注册 userID := "user_" + req.Username // 生成JWT token, err := h.cfg.GenerateToken(userID) if err != nil { c.JSON(http.StatusInternalServerError, gin.H{"error": "生成令牌失败"}) return } c.JSON(http.StatusCreated, gin.H{ "user_id": userID, "token": token, "expires": time.Now().Add(h.cfg.JWTExpiryHours).Unix(), }) } // Login 用户登录 (支持管理员账户) func (h *AuthHandler) Login(c *gin.Context) { var req struct { Username string `json:"username" binding:"required"` Password string `json:"password" binding:"required"` } if err := c.ShouldBindJSON(&req); err != nil { c.JSON(http.StatusBadRequest, gin.H{"error": "请求参数无效"}) return } var userID string // 管理员账户验证 if req.Username == h.cfg.AdminUsername { // 管理员必须提供正确的密码 if req.Password != h.cfg.AdminPassword { c.JSON(http.StatusUnauthorized, gin.H{"error": "管理员密码错误"}) return } userID = "admin_" + req.Username } else { // MVP阶段:普通用户登录 (简化逻辑,后续需要验证密码哈希) userID = "user_" + req.Username } token, err := h.cfg.GenerateToken(userID) if err != nil { c.JSON(http.StatusInternalServerError, gin.H{"error": "生成令牌失败"}) return } c.JSON(http.StatusOK, gin.H{ "user_id": userID, "token": token, "expires": time.Now().Add(h.cfg.JWTExpiryHours).Unix(), }) } // RefreshToken 刷新令牌 func (h *AuthHandler) RefreshToken(c *gin.Context) { authHeader := c.GetHeader("Authorization") if authHeader == "" || len(authHeader) < 8 { c.JSON(http.StatusUnauthorized, gin.H{"error": "未提供认证令牌"}) return } tokenString := authHeader[7:] // 去掉 "Bearer " userID, err := h.cfg.ValidateToken(tokenString) if err != nil { c.JSON(http.StatusUnauthorized, gin.H{"error": "令牌无效或已过期"}) return } newToken, err := h.cfg.GenerateToken(userID) if err != nil { c.JSON(http.StatusInternalServerError, gin.H{"error": "刷新令牌失败"}) return } c.JSON(http.StatusOK, gin.H{ "token": newToken, "expires": time.Now().Add(h.cfg.JWTExpiryHours).Unix(), }) }