easydo-echo_win7/handlers/auth.go

package handlers

import (
	"net/http"
	"time"
	
	"easydo-echo_win7/models"
	"easydo-echo_win7/services"
	"easydo-echo_win7/utils"
	
	"github.com/labstack/echo-contrib/session"
	"github.com/labstack/echo/v4"
)

func Add_auth_to_routes(e *echo.Echo) {
	// 公共API路由（不需要认证）
	authGroup := e.Group("/auth")
	authGroup.GET("/health", healthCheck)
	authGroup.GET("/code", generateCaptcha)
	authGroup.POST("/login", login)
	authGroup.POST("/logout", logout)
	
}

// HealthCheck 健康检查
func healthCheck(c echo.Context) error {
	return c.JSON(http.StatusOK, utils.SuccessResponse("服务运行正常"))
}

// Login 用户登录
func login(c echo.Context) error {
	req := new(models.UserLoginRequest)
	
	// 验证请求参数
	if err := c.Bind(req); err != nil {
		return c.JSON(http.StatusBadRequest, utils.ErrorResponse("请求参数错误", err.Error()))
	}
	username := req.Username
	password := req.Password
	captchaID := req.CaptchaID
	captchaCode := req.CaptchaCode
	
	// 验证必填字段
	if username == "" || password == "" || captchaID == "" || captchaCode == "" {
		return c.JSON(http.StatusBadRequest, utils.ErrorResponse("请填写完整信息", ""))
	}
	
	// 检查登录尝试
	if ok, msg := services.CheckLoginAttempts(username); !ok {
		return c.JSON(http.StatusBadRequest, utils.ErrorResponse(msg, ""))
	}

	// 验证验证码
	if !services.VerifyCaptcha(captchaID, captchaCode) {
		services.RecordLoginAttempt(username, false)
		return c.JSON(http.StatusBadRequest, utils.ErrorResponse("验证码错误或已失效", ""))
	}

	// 验证用户凭据
	user := new(models.SysUser) 

	user.Username = &username
	err := services.JdbcClient.GetJdbcModel(user)

	if err != nil || *user.ID == 0  || user.TenantId == nil {
		services.RecordLoginAttempt(username, false)
		return c.JSON(http.StatusBadRequest, utils.ErrorResponse("用户不存在", ""))
	}
	tenant := new(models.Tenant)
	tenant.ID = user.TenantId

	err = services.JdbcClient.GetJdbcModelById(tenant)
	if err != nil {
		return c.JSON(http.StatusBadRequest, utils.ErrorResponse("企业不存在", ""))
	}
	if tenant.Status == nil || *tenant.Status != models.Status_Enable {
		return c.JSON(http.StatusBadRequest, utils.ErrorResponse("企业已被禁用", ""))
	}
	user.Tenant = tenant

	// 验证密码
	if !user.CheckPassword(password) {
		services.RecordLoginAttempt(username, false)
		return c.JSON(http.StatusBadRequest, utils.ErrorResponse("用户名或密码错误", ""))
	}
	// 创建会话
	sess, _ := session.Get("auth_session", c)
	sess.Values["user_id"] = user.ID
	sess.Values["username"] = user.Username
	sess.Values["is_authenticated"] = true
	sess.Values["login_time"] = time.Now().Unix()
	
	if err := sess.Save(c.Request(), c.Response()); err != nil {
		return c.JSON(http.StatusBadRequest, utils.ErrorResponse("会话创建失败", err.Error()))
	}
	dept := new(models.SysDept)
	dept.ID = user.DeptId

	err = services.JdbcClient.GetJdbcModelById(dept)
	if err != nil {
		return c.JSON(http.StatusBadRequest, utils.ErrorResponse("用户所属部门不存在", ""))
	}
	user.Dept = dept

	paramMap :=  map[string]interface{}{
		"userId": user.ID,
	}
	p_result,_ := services.JdbcClient.GetJdbcList(paramMap,models.SysUsersRoles{})
	p_list := utils.ConvertInterface[[]models.SysUsersRoles](p_result)
	role_id_list :=utils.Map(p_list, func(user_role models.SysUsersRoles) int64 {
		return *user_role.RoleID
	})

	for k := range paramMap {
		delete(paramMap, k)
	}
	paramMap["idIn"] = role_id_list
	r_result,_ := services.JdbcClient.GetJdbcList(paramMap,models.SysRole{})
	role_list := utils.ConvertInterface[[]models.SysRole](r_result)
	user.RoleList = &role_list
	// 记录成功登录
	services.RecordLoginAttempt(username, true)

	// 返回成功响应
	return c.JSON(http.StatusOK, map[string]interface{}{
		"token":"-",
		"user": user,
		"session_expires": time.Now().Add(7 * 24 * time.Hour).Unix(),
	})
	
}

// Logout 用户登出
func logout(c echo.Context) error {
	sess, _ := session.Get("auth_session", c)
	
	// 清除会话
	sess.Options.MaxAge = -1
	sess.Values = make(map[interface{}]interface{})
	
	if err := sess.Save(c.Request(), c.Response()); err != nil {
		return c.JSON(http.StatusBadRequest, utils.ErrorResponse("登出失败", err.Error()))
	}
	
	return c.JSON(http.StatusOK, utils.SuccessResponse("登出成功"))
}