优化表结构，重构模型，重新实现基于白银网关的提取节点流程

web/auth/authenticate.go

@@ -7,7 +7,6 @@ import (
 	"fmt"
 	"log/slog"
 	"platform/web/core"
-	client2 "platform/web/domains/client"
 	m "platform/web/models"
 	q "platform/web/queries"
 	s "platform/web/services"
@@ -86,8 +85,8 @@ func authBearer(_ context.Context, token string) (*AuthCtx, error) {
 	}
 
 	scopes := []string{}
-	if session.Scopes_ != nil {
-		scopes = strings.Split(*session.Scopes_, " ")
+	if session.Scopes != nil {
+		scopes = strings.Split(*session.Scopes, " ")
 	}
 	return &AuthCtx{
 		User:    session.User,
@@ -138,8 +137,7 @@ func authClient(clientId, clientSecret string) (*m.Client, error) {
 	}
 
 	// 检查客户端密钥
-	spec := client2.Spec(client.Spec)
-	if spec == client2.SpecWeb || spec == client2.SpecApi {
+	if client.Spec == m.ClientSpecWeb || client.Spec == m.ClientSpecAPI {
 		if bcrypt.CompareHashAndPassword([]byte(client.ClientSecret), []byte(clientSecret)) != nil {
 			return nil, errors.New("客户端密钥错误")
 		}

web/auth/authorize.go

@@ -10,7 +10,6 @@ import (
 	"platform/pkg/env"
 	"platform/pkg/u"
 	"platform/web/core"
-	user2 "platform/web/domains/user"
 	g "platform/web/globals"
 	"platform/web/globals/orm"
 	m "platform/web/models"
@@ -162,7 +161,7 @@ func Token(c *fiber.Ctx) error {
 		AccessToken:  session.AccessToken,
 		RefreshToken: u.Z(session.RefreshToken),
 		ExpiresIn:    int(time.Time(session.AccessTokenExpires).Sub(now).Seconds()),
-		Scope:        u.Z(session.Scopes_),
+		Scope:        u.Z(session.Scopes),
 	})
 }
 
@@ -202,7 +201,7 @@ func authAuthorizationCode(ctx *fiber.Ctx, auth *AuthCtx, req *TokenReq, now tim
 
 	user, err := q.User.Where(
 		q.User.ID.Eq(codeCtx.UserID),
-		q.User.Status.Eq(int32(user2.StatusEnabled)),
+		q.User.Status.Eq(int(m.UserStatusEnabled)),
 	).First()
 	if err != nil {
 		return nil, err
@@ -211,18 +210,20 @@ func authAuthorizationCode(ctx *fiber.Ctx, auth *AuthCtx, req *TokenReq, now tim
 	// todo 检查 scope
 
 	// 生成会话
+	ip, _ := orm.ParseInet(ctx.Get(core.HeaderUserIP))
+	ua := ctx.Get(core.HeaderUserUA)
 	session := &m.Session{
-		IP:                 u.X(ctx.IP()),
-		UA:                 u.X(ctx.Get(fiber.HeaderUserAgent)),
+		IP:                 ip,
+		UA:                 u.X(ua),
 		UserID:             &user.ID,
 		ClientID:           &auth.Client.ID,
-		Scopes_:            u.P(strings.Join(codeCtx.Scopes, " ")),
+		Scopes:             u.P(strings.Join(codeCtx.Scopes, " ")),
 		AccessToken:        uuid.NewString(),
-		AccessTokenExpires: orm.LocalDateTime(now.Add(time.Duration(env.SessionAccessExpire) * time.Second)),
+		AccessTokenExpires: now.Add(time.Duration(env.SessionAccessExpire) * time.Second),
 	}
 	if codeCtx.Remember {
 		session.RefreshToken = u.P(uuid.NewString())
-		session.RefreshTokenExpires = u.P(orm.LocalDateTime(now.Add(time.Duration(env.SessionRefreshExpire) * time.Second)))
+		session.RefreshTokenExpires = u.P(now.Add(time.Duration(env.SessionRefreshExpire) * time.Second))
 	}
 
 	err = SaveSession(session)
@@ -237,12 +238,14 @@ func authClientCredential(ctx *fiber.Ctx, auth *AuthCtx, _ *TokenReq, now time.T
 	// todo 检查 scope
 
 	// 生成会话
+	ip, _ := orm.ParseInet(ctx.Get(core.HeaderUserIP))
+	ua := ctx.Get(core.HeaderUserUA)
 	session := &m.Session{
-		IP:                 u.X(ctx.IP()),
-		UA:                 u.X(ctx.Get(fiber.HeaderUserAgent)),
+		IP:                 ip,
+		UA:                 u.X(ua),
 		ClientID:           &auth.Client.ID,
 		AccessToken:        uuid.NewString(),
-		AccessTokenExpires: orm.LocalDateTime(now.Add(time.Duration(env.SessionAccessExpire) * time.Second)),
+		AccessTokenExpires: now.Add(time.Duration(env.SessionAccessExpire) * time.Second),
 	}
 
 	// 保存会话
@@ -255,6 +258,9 @@ func authClientCredential(ctx *fiber.Ctx, auth *AuthCtx, _ *TokenReq, now time.T
 }
 
 func authPassword(ctx *fiber.Ctx, auth *AuthCtx, req *TokenReq, now time.Time) (*m.Session, error) {
+	ip, _ := orm.ParseInet(ctx.Get(core.HeaderUserIP))
+	ua := ctx.Get(core.HeaderUserUA)
+
 	var user *m.User
 	err := q.Q.Transaction(func(tx *q.Query) (err error) {
 		switch req.LoginType {
@@ -267,7 +273,7 @@ func authPassword(ctx *fiber.Ctx, auth *AuthCtx, req *TokenReq, now time.Time) (
 				user = &m.User{
 					Phone:    req.Username,
 					Username: u.P(req.Username),
-					Status:   int32(user2.StatusEnabled),
+					Status:   m.UserStatusEnabled,
 				}
 			}
 		case GrantPasswordEmail:
@@ -285,15 +291,15 @@ func authPassword(ctx *fiber.Ctx, auth *AuthCtx, req *TokenReq, now time.Time) (
 		}
 
 		// 账户状态
-		if user2.Status(user.Status) == user2.StatusDisabled {
+		if user.Status == m.UserStatusDisabled {
 			slog.Debug("账户状态异常", "username", req.Username, "status", user.Status)
 			return core.NewBizErr("账号无法登录")
 		}
 
 		// 更新用户的登录时间
-		user.LastLogin = u.P(orm.LocalDateTime(time.Now()))
-		user.LastLoginHost = u.X(ctx.IP())
-		user.LastLoginAgent = u.X(ctx.Get(fiber.HeaderUserAgent))
+		user.LastLogin = u.P(time.Now())
+		user.LastLoginIP = ip
+		user.LastLoginUA = u.X(ua)
 		if err := tx.User.Save(user); err != nil {
 			return err
 		}
@@ -306,17 +312,17 @@ func authPassword(ctx *fiber.Ctx, auth *AuthCtx, req *TokenReq, now time.Time) (
 
 	// 生成会话
 	session := &m.Session{
-		IP:                 u.X(ctx.IP()),
-		UA:                 u.X(ctx.Get(fiber.HeaderUserAgent)),
+		IP:                 ip,
+		UA:                 u.X(ua),
 		UserID:             &user.ID,
 		ClientID:           &auth.Client.ID,
-		Scopes_:            u.X(req.Scope),
+		Scopes:             u.X(req.Scope),
 		AccessToken:        uuid.NewString(),
-		AccessTokenExpires: orm.LocalDateTime(now.Add(time.Duration(env.SessionAccessExpire) * time.Second)),
+		AccessTokenExpires: now.Add(time.Duration(env.SessionAccessExpire) * time.Second),
 	}
 	if req.Remember {
 		session.RefreshToken = u.P(uuid.NewString())
-		session.RefreshTokenExpires = u.P(orm.LocalDateTime(now.Add(time.Duration(env.SessionRefreshExpire) * time.Second)))
+		session.RefreshTokenExpires = u.P(now.Add(time.Duration(env.SessionRefreshExpire) * time.Second))
 	}
 
 	err = SaveSession(session)
@@ -340,10 +346,10 @@ func authRefreshToken(_ *fiber.Ctx, _ *AuthCtx, req *TokenReq, now time.Time) (*
 
 	// 生成令牌
 	session.AccessToken = uuid.NewString()
-	session.AccessTokenExpires = orm.LocalDateTime(now.Add(time.Duration(env.SessionAccessExpire) * time.Second))
+	session.AccessTokenExpires = now.Add(time.Duration(env.SessionAccessExpire) * time.Second)
 	if session.RefreshToken != nil {
 		session.RefreshToken = u.P(uuid.NewString())
-		session.RefreshTokenExpires = u.P(orm.LocalDateTime(now.Add(time.Duration(env.SessionRefreshExpire) * time.Second)))
+		session.RefreshTokenExpires = u.P(now.Add(time.Duration(env.SessionRefreshExpire) * time.Second))
 	}
 
 	// 保存令牌

web/auth/check.go

@@ -1,7 +1,6 @@
 package auth
 
 import (
-	"platform/web/domains/client"
 	m "platform/web/models"
 
 	"github.com/gofiber/fiber/v2"
@@ -40,8 +39,7 @@ func (a *AuthCtx) PermitSecretClient(scopes ...string) (*AuthCtx, error) {
 	if a.Client == nil {
 		return a, ErrAuthenticateForbidden
 	}
-	spec := client.Spec(a.Client.Spec)
-	if spec != client.SpecApi && spec != client.SpecWeb {
+	if a.Client.Spec != m.ClientSpecAPI && a.Client.Spec != m.ClientSpecWeb {
 		return a, ErrAuthenticateForbidden
 	}
 	if !a.checkScopes(scopes...) {
@@ -50,16 +48,14 @@ func (a *AuthCtx) PermitSecretClient(scopes ...string) (*AuthCtx, error) {
 	return a, nil
 }
 
-func (a *AuthCtx) PermitInternalClient(scopes ...string) (*AuthCtx, error) {
+func (a *AuthCtx) PermitOfficialClient(scopes ...string) (*AuthCtx, error) {
 	if a.Client == nil {
 		return a, ErrAuthenticateForbidden
 	}
-	spec := client.Spec(a.Client.Spec)
-	if spec != client.SpecApi && spec != client.SpecWeb {
+	if a.Client.Spec != m.ClientSpecAPI && a.Client.Spec != m.ClientSpecWeb {
 		return a, ErrAuthenticateForbidden
 	}
-	cType := client.Type(a.Client.Type)
-	if cType != client.TypeInternal {
+	if a.Client.Type != m.ClientTypeOfficial {
 		return a, ErrAuthenticateForbidden
 	}
 	if !a.checkScopes(scopes...) {

web/auth/session.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	"fmt"
 	g "platform/web/globals"
-	"platform/web/globals/orm"
 	m "platform/web/models"
 	q "platform/web/queries"
 	"time"
@@ -17,7 +16,7 @@ func FindSession(accessToken string, now time.Time) (*m.Session, error) {
 		Preload(field.Associations).
 		Where(
 			q.Session.AccessToken.Eq(accessToken),
-			q.Session.AccessTokenExpires.Gt(orm.LocalDateTime(now)),
+			q.Session.AccessTokenExpires.Gt(now),
 		).First()
 }
 
@@ -26,7 +25,7 @@ func FindSessionByRefresh(refreshToken string, now time.Time) (*m.Session, error
 		Preload(field.Associations).
 		Where(
 			q.Session.RefreshToken.Eq(refreshToken),
-			q.Session.RefreshTokenExpires.Gt(orm.LocalDateTime(now)),
+			q.Session.RefreshTokenExpires.Gt(now),
 		).First()
 }