重构认证授权模块，统一到 auth 包下

2025-12-29 10:18:01 +08:00
parent bf8f001a30
commit 1262a8dae4
8 changed files with 407 additions and 269 deletions
--- a/web/handlers/auth.go
+++ b/web/handlers/auth.go
@@ -1,97 +0,0 @@
-package handlers
-
-import (
-	"platform/pkg/u"
-	auth2 "platform/web/auth"
-	m "platform/web/models"
-	q "platform/web/queries"
-
-	"github.com/gofiber/fiber/v2"
-)
-
-// region /revoke
-
-type RevokeReq struct {
-	AccessToken  string `json:"access_token"`
-	RefreshToken string `json:"refresh_token"`
-}
-
-func Revoke(c *fiber.Ctx) error {
-	_, err := auth2.GetAuthCtx(c).PermitUser()
-	if err != nil {
-		// 用户未登录
-		return nil
-	}
-
-	// 解析请求参数
-	req := new(RevokeReq)
-	if err := c.BodyParser(req); err != nil {
-		return err
-	}
-
-	// 删除会话
-	err = auth2.RemoveSession(c.Context(), req.AccessToken, req.RefreshToken)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// endregion
-
-// region /profile
-
-type IntrospectResp struct {
-	m.User
-	HasPassword bool `json:"has_password"` // 是否设置了密码
-}
-
-func Introspect(c *fiber.Ctx) error {
-	// 验证权限
-	authCtx, err := auth2.GetAuthCtx(c).PermitUser()
-	if err != nil {
-		return err
-	}
-
-	// 获取用户信息
-	profile, err := q.User.
-		Where(q.User.ID.Eq(authCtx.User.ID)).
-		Omit(q.User.DeletedAt).
-		Take()
-	if err != nil {
-		return err
-	}
-
-	// 检查用户是否设置了密码
-	hasPassword := false
-	if profile.Password != nil && *profile.Password != "" {
-		hasPassword = true
-		profile.Password = nil // 不返回密码
-	}
-
-	// 掩码敏感信息
-	if profile.Phone != "" {
-		profile.Phone = maskPhone(profile.Phone)
-	}
-	if profile.IDNo != nil && *profile.IDNo != "" {
-		profile.IDNo = u.P(maskIdNo(*profile.IDNo))
-	}
-	return c.JSON(IntrospectResp{*profile, hasPassword})
-}
-
-func maskPhone(phone string) string {
-	if len(phone) < 11 {
-		return phone
-	}
-	return phone[:3] + "****" + phone[7:]
-}
-
-func maskIdNo(idNo string) string {
-	if len(idNo) < 18 {
-		return idNo
-	}
-	return idNo[:3] + "*********" + idNo[14:]
-}
-
-// endregion