package product import ( "context" "crypto/rand" "encoding/hex" "encoding/json" "fmt" "regexp" "time" "perms-system-server/internal/consts" authHelper "perms-system-server/internal/logic/auth" productModel "perms-system-server/internal/model/product" "perms-system-server/internal/model/productmember" userModel "perms-system-server/internal/model/user" "perms-system-server/internal/response" "perms-system-server/internal/svc" "perms-system-server/internal/types" "perms-system-server/internal/util" "github.com/zeromicro/go-zero/core/logx" "github.com/zeromicro/go-zero/core/stores/sqlx" "golang.org/x/crypto/bcrypt" ) // 审计 M-4:CreateProduct 不再把 adminPassword/appSecret 明文写入响应体;改为把"真正的初始凭证" // 暂存 Redis,并只把一次性消费票据放进响应。票据本身是短期(5 分钟)+ 一次性,即使被上游日志/APM // 错误记录,也只能换一次而无法长期复用。 const ( initialCredentialsTTL = 5 * time.Minute initialCredentialsKeyPrefix = "pm:initcred:" ) // initialCredentialsPayload 实际落 Redis 的凭证载荷。放在内部文件以避免跨包暴露结构。 type initialCredentialsPayload struct { AppKey string `json:"appKey"` AppSecret string `json:"appSecret"` AdminUser string `json:"adminUser"` AdminPassword string `json:"adminPassword"` } var productCodeRegexp = regexp.MustCompile(`^[a-zA-Z][a-zA-Z0-9_-]{1,63}$`) type CreateProductLogic struct { logx.Logger ctx context.Context svcCtx *svc.ServiceContext } func NewCreateProductLogic(ctx context.Context, svcCtx *svc.ServiceContext) *CreateProductLogic { return &CreateProductLogic{ Logger: logx.WithContext(ctx), ctx: ctx, svcCtx: svcCtx, } } // CreateProduct 创建产品。仅超管可调用,自动生成 appKey/appSecret 和产品专属管理员账号,用于接入新的业务产品。 func (l *CreateProductLogic) CreateProduct(req *types.CreateProductReq) (resp *types.CreateProductResp, err error) { if err := authHelper.RequireSuperAdmin(l.ctx); err != nil { return nil, err } if !productCodeRegexp.MatchString(req.Code) { return nil, response.ErrBadRequest("产品编码只能包含字母、数字、下划线和中划线,须以字母开头,长度2-64") } if len(req.Name) > 64 { return nil, response.ErrBadRequest("产品名称长度不能超过64个字符") } if len(req.Remark) > 255 { return nil, response.ErrBadRequest("备注长度不能超过255个字符") } _, findErr := l.svcCtx.SysProductModel.FindOneByCode(l.ctx, req.Code) if findErr == nil { return nil, response.ErrConflict("产品编码已存在") } appKey, err := generateRandomHex(16) if err != nil { return nil, err } rawAppSecret, err := generateRandomHex(32) if err != nil { return nil, err } appSecretHash, err := bcrypt.GenerateFromPassword([]byte(rawAppSecret), bcrypt.DefaultCost) if err != nil { return nil, err } now := time.Now().Unix() adminUsername := fmt.Sprintf("admin_%s", req.Code) if _, err := l.svcCtx.SysUserModel.FindOneByUsername(l.ctx, adminUsername); err == nil { return nil, response.ErrConflict(fmt.Sprintf("用户名 %s 已存在,无法自动创建管理员账号", adminUsername)) } adminPassword, err := generateRandomHex(12) if err != nil { return nil, err } hashedPwd, err := bcrypt.GenerateFromPassword([]byte(adminPassword), bcrypt.DefaultCost) if err != nil { return nil, err } var productId int64 err = l.svcCtx.SysProductModel.TransactCtx(l.ctx, func(ctx context.Context, session sqlx.Session) error { result, err := l.svcCtx.SysProductModel.InsertWithTx(ctx, session, &productModel.SysProduct{ Code: req.Code, Name: req.Name, AppKey: appKey, AppSecret: string(appSecretHash), Remark: req.Remark, Status: consts.StatusEnabled, CreateTime: now, UpdateTime: now, }) if err != nil { return err } productId, _ = result.LastInsertId() userResult, err := l.svcCtx.SysUserModel.InsertWithTx(ctx, session, &userModel.SysUser{ Username: adminUsername, Password: string(hashedPwd), Nickname: fmt.Sprintf("%s管理员", req.Name), IsSuperAdmin: consts.IsSuperAdminNo, MustChangePassword: consts.MustChangePasswordYes, Status: consts.StatusEnabled, CreateTime: now, UpdateTime: now, }) if err != nil { return err } userId, _ := userResult.LastInsertId() _, err = l.svcCtx.SysProductMemberModel.InsertWithTx(ctx, session, &productmember.SysProductMember{ ProductCode: req.Code, UserId: userId, MemberType: consts.MemberTypeAdmin, Status: consts.StatusEnabled, CreateTime: now, UpdateTime: now, }) return err }) if err != nil { // 前置的 FindOneByCode / FindOneByUsername 已经在大多数合法请求里把"产品码/用户名已存在" // 分辨清楚并返回具体文案。落到这里的 1062 基本都是同秒并发创建的稀有竞态,按审计 M-5 的 // 建议不再用 strings.Contains 匹配 MySQL 错误消息中的索引名(不同版本的文案不稳定, // 改索引名会导致静默降级成通用冲突);直接统一回通用冲突让前端重试,由 pre-check 负责语义。 if util.IsDuplicateEntryErr(err) { return nil, response.ErrConflict("数据冲突,请稍后重试") } return nil, err } // 生成一次性凭证票据(32 字节随机,hex 编码)。 ticket, err := generateRandomHex(32) if err != nil { // 退化策略:Redis 写入失败时不该返回明文密码(那样就回到了 M-4 的老毛病)。 // 这里直接 500,让运维查链路;调用方可根据业务决定重启流程。 logx.WithContext(l.ctx).Errorf("CreateProduct: generate credentials ticket failed: %v", err) return nil, response.NewCodeError(500, "生成初始凭证票据失败,请稍后重试") } payload := initialCredentialsPayload{ AppKey: appKey, AppSecret: rawAppSecret, AdminUser: adminUsername, AdminPassword: adminPassword, } buf, mErr := json.Marshal(&payload) if mErr != nil { logx.WithContext(l.ctx).Errorf("CreateProduct: marshal credentials payload failed: %v", mErr) return nil, response.NewCodeError(500, "封装初始凭证失败,请稍后重试") } ticketKey := initialCredentialsKeyPrefix + ticket if setErr := l.svcCtx.Redis.SetexCtx(l.ctx, ticketKey, string(buf), int(initialCredentialsTTL/time.Second)); setErr != nil { logx.WithContext(l.ctx).Errorf("CreateProduct: stash credentials to redis failed: %v", setErr) return nil, response.NewCodeError(500, "暂存初始凭证失败,请稍后重试") } // 仅脱敏字段 + ticket 落响应体。productCode / adminUser 属于可公开的管理信息。 logx.WithContext(l.ctx).Infof("CreateProduct: product=%s admin=%s credentialsTicketIssued ttl=%s", req.Code, adminUsername, initialCredentialsTTL) return &types.CreateProductResp{ Id: productId, Code: req.Code, AppKey: appKey, AdminUser: adminUsername, CredentialsTicket: ticket, CredentialsExpiresAt: time.Now().Add(initialCredentialsTTL).Unix(), }, nil } func generateRandomHex(byteLen int) (string, error) { b := make([]byte, byteLen) if _, err := rand.Read(b); err != nil { return "", fmt.Errorf("generate random bytes failed: %w", err) } return hex.EncodeToString(b), nil }