perf: 文件上传接口

README.md

@@ -424,7 +424,7 @@ flowchart LR
 | 用户注销 (logout) | 已登录即可 | 递增 tokenVersion，所有已签发令牌即时失效 |
 | **公开接口** | | |
 | 产品端登录 (login) | 无需鉴权 | cap.js 未启用时需携带图片验证码；超级管理员被拒绝，productCode 必传 |
-| 产品端 cap.js 登录 (user/login/cap) | 无需鉴权 | cap.js 必须已启用；提交 cap token 完成人机验证后登录 |
+| 产品端 cap.js 登录 (auth/login/cap) | 无需鉴权 | cap.js 必须已启用；提交 cap token 完成人机验证后登录 |
 | 管理后台登录 (adminLogin) | 无需鉴权 | cap.js 未启用时需携带图片验证码；需验证 managementKey |
 | 管理后台 cap.js 登录 (adminLogin/cap) | 无需鉴权 | cap.js 必须已启用；提交 cap token 完成人机验证后登录 |
 | 获取图片验证码 (captcha/get) | 无需鉴权 | cap.js 未启用时前端调用此接口展示图片验证码 |
@@ -795,7 +795,7 @@ Content-Type: application/json
 - 产品必须处于启用状态，否则拒绝登录
 - 用户必须是该产品的有效成员（`status=1`），且账号未冻结
 - 受 IP 维度限流保护，防止暴力破解；仅对已存在的用户名消耗限流配额
-- **验证机制二选一**：cap.js 启用时无需图片验证码，直接使用 `/auth/login`；cap.js 未启用时必须携带图片验证码，或改用 `/user/login/cap`（但此时 cap.js 未启用该路径也会被拒绝）
+- **验证机制二选一**：cap.js 启用时无需图片验证码，直接使用 `/auth/login`；cap.js 未启用时必须携带图片验证码，或改用 `/auth/login/cap`（但此时 cap.js 未启用该路径也会被拒绝）
 
 | 字段 | 类型 | 必填 | 说明 |
 | ------ | ------ | ------ | ------ |
@@ -814,7 +814,7 @@ Content-Type: application/json
 | expires | int64 | accessToken 过期时间（Unix 时间戳，秒） |
 | userInfo | object | 用户信息（含 `perms` 权限码数组，前端据此控制菜单/按钮显隐） |
 
-#### POST /api/user/login/cap — 产品端 cap.js 登录
+#### POST /api/auth/login/cap — 产品端 cap.js 登录
 
 产品端使用 cap.js 人机验证令牌登录。前端从 cap.js 挂件获得 `capToken` 后调用此接口，服务端向 cap.js 服务端验证令牌后执行与 `/auth/login` 相同的业务逻辑。
 

etc/perm-api-dev.yaml

@@ -36,10 +36,10 @@ Capjs:
 
 Minio:
   Name: "minio-perms"
-  AccessKeyId: "S4ac2AQ6t4QQrJjDOS4X"
-  AccessKeySecret: "QJUMpcteib326jwXWv35WcLp0AhT7vOJpduIUjPq"
-  Endpoint: "minio-endpoint.znomo.com"
-  Domain: "https://minio-endpoint.znomo.com"
+  AccessKeyId: "jP0ykUhzxqFSc2nJPHk3"
+  AccessKeySecret: "L2DIfYcqtChyDDL9vTI7ixiPtpS2TCtg5NPHgyIv"
+  Endpoint: "minioapi.fkey.win"
+  Domain: "https://res.fkey.win"
   UseSSL: true
   FileType:
     avatar:

etc/perm-api-prod.yaml

@@ -36,10 +36,10 @@ Capjs:
 
 Minio:
   Name: "minio-perms"
-  AccessKeyId: "S4ac2AQ6t4QQrJjDOS4X"
-  AccessKeySecret: "QJUMpcteib326jwXWv35WcLp0AhT7vOJpduIUjPq"
-  Endpoint: "minio-endpoint.znomo.com"
-  Domain: "https://minio-endpoint.znomo.com"
+  AccessKeyId: "jP0ykUhzxqFSc2nJPHk3"
+  AccessKeySecret: "L2DIfYcqtChyDDL9vTI7ixiPtpS2TCtg5NPHgyIv"
+  Endpoint: "minioapi.fkey.win"
+  Domain: "https://res.fkey.win"
   UseSSL: true
   FileType:
     avatar:

etc/perm-api-test.yaml

@@ -36,10 +36,10 @@ Capjs:
 
 Minio:
   Name: "minio-perms"
-  AccessKeyId: "S4ac2AQ6t4QQrJjDOS4X"
-  AccessKeySecret: "QJUMpcteib326jwXWv35WcLp0AhT7vOJpduIUjPq"
-  Endpoint: "minio-endpoint.znomo.com"
-  Domain: "https://minio-endpoint.znomo.com"
+  AccessKeyId: "jP0ykUhzxqFSc2nJPHk3"
+  AccessKeySecret: "L2DIfYcqtChyDDL9vTI7ixiPtpS2TCtg5NPHgyIv"
+  Endpoint: "minioapi.fkey.win"
+  Domain: "https://res.fkey.win"
   UseSSL: true
   FileType:
     avatar:

internal/handler/auth/minioUploadHandler.go → internal/handler/minio/minioUploadHandler.go

@@ -1,12 +1,12 @@
 // Code scaffolded by goctl. Safe to edit.
 // goctl 1.10.1
 
-package auth
+package minio
 
 import (
 	"net/http"
 
-	"perms-system-server/internal/logic/auth"
+	"perms-system-server/internal/logic/minio"
 	"perms-system-server/internal/svc"
 
 	"github.com/zeromicro/go-zero/rest/httpx"
@@ -28,7 +28,7 @@ func MinioUploadHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
 
 		fileType := r.FormValue("fileType")
 
-		l := auth.NewMinioUploadLogic(r.Context(), svcCtx)
+		l := minio.NewMinioUploadLogic(r.Context(), svcCtx)
 		result, err := l.MinioUpload(fileHeader, file, fileType)
 		if err != nil {
 			httpx.ErrorCtx(r.Context(), w, err)

internal/handler/routes.go

@@ -9,6 +9,7 @@ import (
 	auth "perms-system-server/internal/handler/auth"
 	dept "perms-system-server/internal/handler/dept"
 	member "perms-system-server/internal/handler/member"
+	minio "perms-system-server/internal/handler/minio"
 	perm "perms-system-server/internal/handler/perm"
 	product "perms-system-server/internal/handler/product"
 	pub "perms-system-server/internal/handler/pub"
@@ -44,11 +45,6 @@ func RegisterHandlers(server *rest.Server, serverCtx *svc.ServiceContext) {
 					Path:    "/auth/userInfo",
 					Handler: auth.UserInfoHandler(serverCtx),
 				},
-				{
-					Method:  http.MethodPost,
-					Path:    "/minio/upload",
-					Handler: auth.MinioUploadHandler(serverCtx),
-				},
 			}...,
 		),
 		rest.WithPrefix("/api"),
@@ -112,6 +108,20 @@ func RegisterHandlers(server *rest.Server, serverCtx *svc.ServiceContext) {
 		rest.WithPrefix("/api/member"),
 	)
 
+	server.AddRoutes(
+		rest.WithMiddlewares(
+			[]rest.Middleware{serverCtx.JwtAuth},
+			[]rest.Route{
+				{
+					Method:  http.MethodPost,
+					Path:    "/minio/upload",
+					Handler: minio.MinioUploadHandler(serverCtx),
+				},
+			}...,
+		),
+		rest.WithPrefix("/api"),
+	)
+
 	server.AddRoutes(
 		rest.WithMiddlewares(
 			[]rest.Middleware{serverCtx.JwtAuth},
@@ -206,7 +216,7 @@ func RegisterHandlers(server *rest.Server, serverCtx *svc.ServiceContext) {
 				},
 				{
 					Method:  http.MethodPost,
-					Path:    "/user/login/cap",
+					Path:    "/auth/login/cap",
 					Handler: pub.LoginByCapHandler(serverCtx),
 				},
 			}...,

internal/logic/auth/minioUploadLogic.go → internal/logic/minio/minioUploadLogic.go

@@ -1,7 +1,7 @@
 // Code scaffolded by goctl. Safe to edit.
 // goctl 1.10.1
 
-package auth
+package minio
 
 import (
 	"context"
@@ -18,7 +18,7 @@ import (
 	"perms-system-server/internal/response"
 	"perms-system-server/internal/svc"
 
-	"github.com/minio/minio-go/v7"
+	miniogo "github.com/minio/minio-go/v7"
 	"github.com/zeromicro/go-zero/core/logx"
 )
 
@@ -83,7 +83,7 @@ func (l *MinioUploadLogic) MinioUpload(fileHeader *multipart.FileHeader, file mu
 	}
 	objectPath := fmt.Sprintf("%s%s%s", dir, fileMd5, fileExt)
 
-	stat, statErr := l.svcCtx.MinioClient.StatObject(l.ctx, minioFileType.Bucket, objectPath, minio.StatObjectOptions{})
+	stat, statErr := l.svcCtx.MinioClient.StatObject(l.ctx, minioFileType.Bucket, objectPath, miniogo.StatObjectOptions{})
 	if statErr == nil {
 		objectFullPath := fmt.Sprintf("%s/%s", minioFileType.Bucket, objectPath)
 		return &MinioUploadResult{
@@ -94,9 +94,9 @@ func (l *MinioUploadLogic) MinioUpload(fileHeader *multipart.FileHeader, file mu
 		}, nil
 	}
 
-	errCode := minio.ToErrorResponse(statErr).Code
+	errCode := miniogo.ToErrorResponse(statErr).Code
 	if errCode == "AccessDenied" || errCode == "NoSuchKey" {
-		info, err := l.svcCtx.MinioClient.PutObject(l.ctx, minioFileType.Bucket, objectPath, file, fileHeader.Size, minio.PutObjectOptions{
+		info, err := l.svcCtx.MinioClient.PutObject(l.ctx, minioFileType.Bucket, objectPath, file, fileHeader.Size, miniogo.PutObjectOptions{
 			ContentType: contentType,
 		})
 		if err != nil {
@@ -121,7 +121,7 @@ func (l *MinioUploadLogic) ensureBucketExists(bucket string) error {
 		return err
 	}
 	if !exists {
-		return l.svcCtx.MinioClient.MakeBucket(l.ctx, bucket, minio.MakeBucketOptions{})
+		return l.svcCtx.MinioClient.MakeBucket(l.ctx, bucket, miniogo.MakeBucketOptions{})
 	}
 	return nil
 }

perm.api

@@ -395,7 +395,7 @@ service perm-api {
 
 	// LoginByCap 使用 cap.js 人机验证令牌登录，验证通过后执行与 Login 相同的业务逻辑
 	@handler LoginByCap
-	post /user/login/cap (LoginByCapReq) returns (LoginResp)
+	post /auth/login/cap (LoginByCapReq) returns (LoginResp)
 }
 
 // 令牌刷新，不需要鉴权中间件，自行验证 refreshToken 有效性；受 IP 维度限流保护，防止签名爆破/CPU 放大 DoS
@@ -445,7 +445,15 @@ service perm-api {
 	// UpdateSelfInfo 修改当前登录用户自身信息。仅允许修改昵称、头像、邮箱、手机，userId 从 JWT 获取
 	@handler UpdateSelfInfo
 	post /auth/updateInfo (UpdateSelfInfoReq)
+}
 
+// 文件上传（MinIO 对象存储）
+@server (
+	prefix:     /api
+	group:      minio
+	middleware: JwtAuth
+)
+service perm-api {
 	// MinioUpload 文件上传。上传文件到 MinIO 对象存储，根据 fileType 参数路由到对应 bucket 和目录
 	@handler MinioUpload
 	post /minio/upload