init

2026-01-25 21:59:00 +08:00
parent 7fd537bef3
commit 4cad3f0250
118 changed files with 30473 additions and 0 deletions
--- a/internal/handler/auth_handler.go
+++ b/internal/handler/auth_handler.go
@@ -0,0 +1,208 @@
+package handler
+
+import (
+	"errors"
+	"fmt"
+	"net/url"
+
+	"accounting-app/pkg/api"
+	"accounting-app/internal/config"
+	"accounting-app/internal/service"
+
+	"github.com/gin-gonic/gin"
+)
+
+type AuthHandler struct {
+	authService        *service.AuthService
+	gitHubOAuthService *service.GitHubOAuthService
+	cfg                *config.Config
+}
+
+func NewAuthHandler(authService *service.AuthService, gitHubOAuthService *service.GitHubOAuthService) *AuthHandler {
+	return &AuthHandler{authService: authService, gitHubOAuthService: gitHubOAuthService}
+}
+
+func NewAuthHandlerWithConfig(authService *service.AuthService, gitHubOAuthService *service.GitHubOAuthService, cfg *config.Config) *AuthHandler {
+	return &AuthHandler{authService: authService, gitHubOAuthService: gitHubOAuthService, cfg: cfg}
+}
+
+type RegisterRequest struct {
+	Email    string `json:"email" binding:"required"`
+	Password string `json:"password" binding:"required,min=8"`
+	Username string `json:"username" binding:"required,min=2,max=50"`
+}
+
+type LoginRequest struct {
+	Email    string `json:"email" binding:"required"`
+	Password string `json:"password" binding:"required"`
+}
+
+type RefreshRequest struct {
+	RefreshToken string `json:"refresh_token" binding:"required"`
+}
+
+func handleAuthError(c *gin.Context, err error) {
+	switch {
+	case errors.Is(err, service.ErrInvalidCredentials):
+		api.Unauthorized(c, "Invalid email or password")
+	case errors.Is(err, service.ErrInvalidEmail):
+		api.BadRequest(c, "Invalid email format")
+	case errors.Is(err, service.ErrWeakPassword):
+		api.BadRequest(c, "Password must be at least 8 characters")
+	case errors.Is(err, service.ErrUserNotActive):
+		api.Forbidden(c, "User account is not active")
+	case errors.Is(err, service.ErrInvalidToken):
+		api.Unauthorized(c, "Invalid token")
+	case errors.Is(err, service.ErrTokenExpired):
+		api.Unauthorized(c, "Token has expired")
+	case errors.Is(err, service.ErrUserExists):
+		api.Conflict(c, "User with this email already exists")
+	default:
+		api.InternalError(c, "Authentication failed: "+err.Error())
+	}
+}
+
+func (h *AuthHandler) Register(c *gin.Context) {
+	var req RegisterRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		api.ValidationError(c, "Invalid request body: "+err.Error())
+		return
+	}
+	input := service.RegisterInput{Email: req.Email, Password: req.Password, Username: req.Username}
+	user, tokens, err := h.authService.Register(input)
+	if err != nil {
+		handleAuthError(c, err)
+		return
+	}
+	api.Created(c, gin.H{"user": user, "tokens": tokens})
+}
+
+func (h *AuthHandler) Login(c *gin.Context) {
+	var req LoginRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		api.ValidationError(c, "Invalid request body: "+err.Error())
+		return
+	}
+	input := service.LoginInput{Email: req.Email, Password: req.Password}
+	user, tokens, err := h.authService.Login(input)
+	if err != nil {
+		handleAuthError(c, err)
+		return
+	}
+	api.Success(c, gin.H{"user": user, "tokens": tokens})
+}
+
+func (h *AuthHandler) RefreshToken(c *gin.Context) {
+	var req RefreshRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		api.ValidationError(c, "Invalid request body: "+err.Error())
+		return
+	}
+	tokens, err := h.authService.RefreshToken(req.RefreshToken)
+	if err != nil {
+		handleAuthError(c, err)
+		return
+	}
+	api.Success(c, tokens)
+}
+
+func (h *AuthHandler) GetCurrentUser(c *gin.Context) {
+	userID, exists := c.Get("user_id")
+	if !exists {
+		api.Unauthorized(c, "User not authenticated")
+		return
+	}
+	user, err := h.authService.GetUserByID(userID.(uint))
+	if err != nil {
+		api.NotFound(c, "User not found")
+		return
+	}
+	api.Success(c, user)
+}
+
+type UpdatePasswordRequest struct {
+	OldPassword string `json:"old_password" binding:"required"`
+	NewPassword string `json:"new_password" binding:"required,min=8"`
+}
+
+func (h *AuthHandler) UpdatePassword(c *gin.Context) {
+	userID, exists := c.Get("user_id")
+	if !exists {
+		api.Unauthorized(c, "User not authenticated")
+		return
+	}
+
+	var req UpdatePasswordRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		api.ValidationError(c, "Invalid request body: "+err.Error())
+		return
+	}
+
+	err := h.authService.UpdatePassword(userID.(uint), req.OldPassword, req.NewPassword)
+	if err != nil {
+		handleAuthError(c, err)
+		return
+	}
+
+	api.Success(c, gin.H{"message": "Password updated successfully"})
+}
+
+func (h *AuthHandler) RegisterRoutes(rg *gin.RouterGroup) {
+	auth := rg.Group("/auth")
+	auth.POST("/register", h.Register)
+	auth.POST("/login", h.Login)
+	auth.POST("/refresh", h.RefreshToken)
+	auth.GET("/github", h.GitHubLogin)
+	auth.GET("/github/callback", h.GitHubCallback)
+}
+
+func (h *AuthHandler) RegisterProtectedRoutes(rg *gin.RouterGroup) {
+	auth := rg.Group("/auth")
+	auth.GET("/me", h.GetCurrentUser)
+	auth.POST("/password", h.UpdatePassword)
+}
+
+func (h *AuthHandler) GitHubLogin(c *gin.Context) {
+	if h.gitHubOAuthService == nil {
+		api.BadRequest(c, "GitHub OAuth is not configured")
+		return
+	}
+	state := c.Query("state")
+	if state == "" {
+		state = "default"
+	}
+	authURL := h.gitHubOAuthService.GetAuthorizationURL(state)
+	c.Redirect(302, authURL)
+}
+
+func (h *AuthHandler) GitHubCallback(c *gin.Context) {
+	if h.gitHubOAuthService == nil {
+		api.BadRequest(c, "GitHub OAuth is not configured")
+		return
+	}
+
+	frontendURL := "http://localhost:5173"
+	if h.cfg != nil && h.cfg.FrontendURL != "" {
+		frontendURL = h.cfg.FrontendURL
+	}
+
+	code := c.Query("code")
+	if code == "" {
+		redirectURL := fmt.Sprintf("%s/login?error=missing_code", frontendURL)
+		c.Redirect(302, redirectURL)
+		return
+	}
+
+	user, tokens, err := h.gitHubOAuthService.HandleCallback(code)
+	if err != nil {
+		fmt.Printf("[Auth] GitHub callback failed: %v\n", err)
+		redirectURL := fmt.Sprintf("%s/login?error=%s", frontendURL, url.QueryEscape(err.Error()))
+		c.Redirect(302, redirectURL)
+		return
+	}
+
+	// 重定向到前端回调页面，带上token信息
+	redirectURL := fmt.Sprintf("%s/auth/github/callback?access_token=%s&refresh_token=%s&user_id=%d",
+		frontendURL, url.QueryEscape(tokens.AccessToken), url.QueryEscape(tokens.RefreshToken), user.ID)
+	c.Redirect(302, redirectURL)
+}