weiym
/
perms-system-server


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161
							package product

import (
	"context"
	"crypto/rand"
	"encoding/hex"
	"fmt"
	"regexp"
	"time"

	"perms-system-server/internal/consts"
	authHelper "perms-system-server/internal/logic/auth"
	productModel "perms-system-server/internal/model/product"
	"perms-system-server/internal/model/productmember"
	userModel "perms-system-server/internal/model/user"
	"perms-system-server/internal/response"
	"perms-system-server/internal/svc"
	"perms-system-server/internal/types"
	"perms-system-server/internal/util"

	"github.com/zeromicro/go-zero/core/logx"
	"github.com/zeromicro/go-zero/core/stores/sqlx"
	"golang.org/x/crypto/bcrypt"
)

var productCodeRegexp = regexp.MustCompile(`^[a-zA-Z][a-zA-Z0-9_-]{1,63}$`)

type CreateProductLogic struct {
	logx.Logger
	ctx    context.Context
	svcCtx *svc.ServiceContext
}

func NewCreateProductLogic(ctx context.Context, svcCtx *svc.ServiceContext) *CreateProductLogic {
	return &CreateProductLogic{
		Logger: logx.WithContext(ctx),
		ctx:    ctx,
		svcCtx: svcCtx,
	}
}

// CreateProduct 创建产品。仅超管可调用，自动生成 appKey/appSecret 和产品专属管理员账号，用于接入新的业务产品。
func (l *CreateProductLogic) CreateProduct(req *types.CreateProductReq) (resp *types.CreateProductResp, err error) {
	if err := authHelper.RequireSuperAdmin(l.ctx); err != nil {
		return nil, err
	}

	if !productCodeRegexp.MatchString(req.Code) {
		return nil, response.ErrBadRequest("产品编码只能包含字母、数字、下划线和中划线，须以字母开头，长度2-64")
	}
	if len(req.Name) > 64 {
		return nil, response.ErrBadRequest("产品名称长度不能超过64个字符")
	}
	if len(req.Remark) > 255 {
		return nil, response.ErrBadRequest("备注长度不能超过255个字符")
	}

	_, findErr := l.svcCtx.SysProductModel.FindOneByCode(l.ctx, req.Code)
	if findErr == nil {
		return nil, response.ErrConflict("产品编码已存在")
	}

	appKey, err := generateRandomHex(16)
	if err != nil {
		return nil, err
	}
	rawAppSecret, err := generateRandomHex(32)
	if err != nil {
		return nil, err
	}
	appSecretHash, err := bcrypt.GenerateFromPassword([]byte(rawAppSecret), bcrypt.DefaultCost)
	if err != nil {
		return nil, err
	}
	now := time.Now().Unix()

	adminUsername := fmt.Sprintf("admin_%s", req.Code)
	if _, err := l.svcCtx.SysUserModel.FindOneByUsername(l.ctx, adminUsername); err == nil {
		return nil, response.ErrConflict(fmt.Sprintf("用户名 %s 已存在，无法自动创建管理员账号", adminUsername))
	}
	adminPassword, err := generateRandomHex(12)
	if err != nil {
		return nil, err
	}
	hashedPwd, err := bcrypt.GenerateFromPassword([]byte(adminPassword), bcrypt.DefaultCost)
	if err != nil {
		return nil, err
	}

	var productId int64

	err = l.svcCtx.SysProductModel.TransactCtx(l.ctx, func(ctx context.Context, session sqlx.Session) error {
		result, err := l.svcCtx.SysProductModel.InsertWithTx(ctx, session, &productModel.SysProduct{
			Code:       req.Code,
			Name:       req.Name,
			AppKey:     appKey,
			AppSecret:  string(appSecretHash),
			Remark:     req.Remark,
			Status:     consts.StatusEnabled,
			CreateTime: now,
			UpdateTime: now,
		})
		if err != nil {
			return err
		}
		productId, _ = result.LastInsertId()

		userResult, err := l.svcCtx.SysUserModel.InsertWithTx(ctx, session, &userModel.SysUser{
			Username:           adminUsername,
			Password:           string(hashedPwd),
			Nickname:           fmt.Sprintf("%s管理员", req.Name),
			IsSuperAdmin:       consts.IsSuperAdminNo,
			MustChangePassword: consts.MustChangePasswordYes,
			Status:             consts.StatusEnabled,
			CreateTime:         now,
			UpdateTime:         now,
		})
		if err != nil {
			return err
		}
		userId, _ := userResult.LastInsertId()

		_, err = l.svcCtx.SysProductMemberModel.InsertWithTx(ctx, session, &productmember.SysProductMember{
			ProductCode: req.Code,
			UserId:      userId,
			MemberType:  consts.MemberTypeAdmin,
			Status:      consts.StatusEnabled,
			CreateTime:  now,
			UpdateTime:  now,
		})
		return err
	})

	if err != nil {
		// 前置的 FindOneByCode / FindOneByUsername 已经在大多数合法请求里把"产品码/用户名已存在"
		// 分辨清楚并返回具体文案。落到这里的 1062 基本都是同秒并发创建的稀有竞态，按审计 M-5 的
		// 建议不再用 strings.Contains 匹配 MySQL 错误消息中的索引名（不同版本的文案不稳定，
		// 改索引名会导致静默降级成通用冲突）；直接统一回通用冲突让前端重试，由 pre-check 负责语义。
		if util.IsDuplicateEntryErr(err) {
			return nil, response.ErrConflict("数据冲突，请稍后重试")
		}
		return nil, err
	}

	return &types.CreateProductResp{
		Id:            productId,
		Code:          req.Code,
		AppKey:        appKey,
		AppSecret:     rawAppSecret,
		AdminUser:     adminUsername,
		AdminPassword: adminPassword,
	}, nil
}

func generateRandomHex(byteLen int) (string, error) {
	b := make([]byte, byteLen)
	if _, err := rand.Read(b); err != nil {
		return "", fmt.Errorf("generate random bytes failed: %w", err)
	}
	return hex.EncodeToString(b), nil
}