zhilv/scriptforge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
5414c9c865121f6f3ea55950f2a4f038e2bc3160
scriptforge/backend/internal/auth/auth.go
zhilv 5414c9c865 feat: 分类/变体体系 + 用户认证 + 管理后台 
- 运行时分类体系:Shell/Python/JavaScript/Ruby/PHP 各含变体
- 用户注册/登录(JWT + bcrypt),首个注册用户为管理员
- 管理后台 /admin 动态管理分类和变体
- 脚本市场支持按分类筛选
- CodeMirror 语言模式根据分类名称自动切换
- 结果页展示该分类下所有变体的运行命令
- source 命令变体用于 Shell 类继承环境变量

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-29 15:02:20 +08:00

122 lines
2.8 KiB
Go
Raw Blame History

package auth
import (
"errors"
"time"
"github.com/golang-jwt/jwt/v5"
"golang.org/x/crypto/bcrypt"
"gorm.io/gorm"
"gitea.kmux.cn/zhilv/scriptforge/internal/model"
)
var (
ErrUserExists = errors.New("username already exists")
ErrInvalidCredentials = errors.New("invalid username or password")
)
type AuthService struct {
db *gorm.DB
jwtKey []byte
}
func NewAuthService(db *gorm.DB, jwtKey string) *AuthService {
return &AuthService{db: db, jwtKey: []byte(jwtKey)}
}
type Claims struct {
UserID uint `json:"user_id"`
Username string `json:"username"`
Role string `json:"role"`
jwt.RegisteredClaims
}
func (s *AuthService) Register(username, password string) (*model.User, error) {
var existing model.User
if err := s.db.Where("username = ?", username).First(&existing).Error; err == nil {
return nil, ErrUserExists
}
hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
if err != nil {
return nil, err
}
// First user becomes admin
var userCount int64
s.db.Model(&model.User{}).Count(&userCount)
role := "user"
if userCount == 0 {
role = "admin"
}
user := model.User{
Username: username,
PasswordHash: string(hash),
Role: role,
}
if err := s.db.Create(&user).Error; err != nil {
return nil, err
}
return &user, nil
}
func (s *AuthService) Login(username, password string) (*model.User, string, error) {
var user model.User
if err := s.db.Where("username = ?", username).First(&user).Error; err != nil {
return nil, "", ErrInvalidCredentials
}
if err := bcrypt.CompareHashAndPassword([]byte(user.PasswordHash), []byte(password)); err != nil {
return nil, "", ErrInvalidCredentials
}
token, err := s.GenerateToken(user.ID, user.Username, user.Role)
if err != nil {
return nil, "", err
}
return &user, token, nil
}
func (s *AuthService) GenerateToken(userID uint, username, role string) (string, error) {
claims := Claims{
UserID: userID,
Username: username,
Role: role,
RegisteredClaims: jwt.RegisteredClaims{
ExpiresAt: jwt.NewNumericDate(time.Now().Add(7 * 24 * time.Hour)),
},
}
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
return token.SignedString(s.jwtKey)
}
func (s *AuthService) ParseToken(tokenStr string) (*Claims, error) {
token, err := jwt.ParseWithClaims(tokenStr, &Claims{}, func(t *jwt.Token) (interface{}, error) {
return s.jwtKey, nil
})
if err != nil {
return nil, err
}
claims, ok := token.Claims.(*Claims)
if !ok {
return nil, errors.New("invalid claims")
}
return claims, nil
}
func (s *AuthService) GetUserByID(id uint) (*model.User, error) {
var user model.User
err := s.db.First(&user, id).Error
return &user, err
}
func (s *AuthService) IsAdmin(userID uint) bool {
var user model.User
if err := s.db.First(&user, userID).Error; err != nil {
return false
}
return user.Role == "admin"
}
Reference in New Issue View Git Blame Copy Permalink