AskaEth/Cyrene
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
78e3f450c2b6c52a9a4df46096dc517d97248fe0
Cyrene/backend/gateway/internal/handler/auth_handler.go
T
AskaEth 07781eda0e fix: 管理员登录安全修复 + 第三轮测试报告 
1. 修复管理员登录密码错误时静默降级为普通用户的安全漏洞
2. 添加第三轮端到端测试总结文档
2026-05-17 21:42:01 +08:00

140 lines
3.7 KiB
Go
Raw Blame History

package handler
import (
"net/http"
"strings"
"time"
"github.com/gin-gonic/gin"
"github.com/yourname/cyrene-ai/gateway/internal/config"
)
// AuthHandler 认证处理器
type AuthHandler struct {
cfg *config.Config
}
// NewAuthHandler 创建认证处理器
func NewAuthHandler(cfg *config.Config) *AuthHandler {
return &AuthHandler{cfg: cfg}
}
// Register 用户注册 (需要邮箱验证码)
func (h *AuthHandler) Register(c *gin.Context) {
// 检查注册开关
if !h.cfg.RegistrationEnabled {
c.JSON(http.StatusForbidden, gin.H{"error": "当前不开放公开注册,请使用管理员账户登录"})
return
}
var req struct {
Username string `json:"username" binding:"required,min=2,max=32"`
Password string `json:"password" binding:"required,min=6,max=64"`
Email string `json:"email" binding:"required,email"`
// MVP阶段:验证码仅做格式校验,后续接入邮件服务
VerifyCode string `json:"verify_code" binding:"required,len=6"`
}
if err := c.ShouldBindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": "请求参数无效: " + err.Error()})
return
}
// MVP阶段:验证码简单校验 (开发环境接受 "000000")
if req.VerifyCode != "000000" {
c.JSON(http.StatusBadRequest, gin.H{"error": "验证码错误 (开发阶段请使用 000000)"})
return
}
// 邮箱域名简单校验
if !strings.Contains(req.Email, "@") || !strings.Contains(req.Email, ".") {
c.JSON(http.StatusBadRequest, gin.H{"error": "邮箱格式无效"})
return
}
// MVP阶段:使用username直接作为userID
// 后续需要接入用户服务进行真实注册
userID := "user_" + req.Username
// 生成JWT
token, err := h.cfg.GenerateToken(userID)
if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": "生成令牌失败"})
return
}
c.JSON(http.StatusCreated, gin.H{
"user_id": userID,
"token": token,
"expires": time.Now().Add(h.cfg.JWTExpiryHours).Unix(),
})
}
// Login 用户登录 (支持管理员账户)
func (h *AuthHandler) Login(c *gin.Context) {
var req struct {
Username string `json:"username" binding:"required"`
Password string `json:"password" binding:"required"`
}
if err := c.ShouldBindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": "请求参数无效"})
return
}
var userID string
// 管理员账户验证
if req.Username == h.cfg.AdminUsername {
// 管理员必须提供正确的密码
if req.Password != h.cfg.AdminPassword {
c.JSON(http.StatusUnauthorized, gin.H{"error": "管理员密码错误"})
return
}
userID = "admin_" + req.Username
} else {
// MVP阶段:普通用户登录 (简化逻辑,后续需要验证密码哈希)
userID = "user_" + req.Username
}
token, err := h.cfg.GenerateToken(userID)
if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": "生成令牌失败"})
return
}
c.JSON(http.StatusOK, gin.H{
"user_id": userID,
"token": token,
"expires": time.Now().Add(h.cfg.JWTExpiryHours).Unix(),
})
}
// RefreshToken 刷新令牌
func (h *AuthHandler) RefreshToken(c *gin.Context) {
authHeader := c.GetHeader("Authorization")
if authHeader == "" || len(authHeader) < 8 {
c.JSON(http.StatusUnauthorized, gin.H{"error": "未提供认证令牌"})
return
}
tokenString := authHeader[7:] // 去掉 "Bearer "
userID, err := h.cfg.ValidateToken(tokenString)
if err != nil {
c.JSON(http.StatusUnauthorized, gin.H{"error": "令牌无效或已过期"})
return
}
newToken, err := h.cfg.GenerateToken(userID)
if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": "刷新令牌失败"})
return
}
c.JSON(http.StatusOK, gin.H{
"token": newToken,
"expires": time.Now().Add(h.cfg.JWTExpiryHours).Unix(),
})
}
Reference in New Issue View Git Blame Copy Permalink