weiym
/
perms-system-server


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101
							package user

import (
	"context"
	"regexp"
	"time"

	"perms-system-server/internal/consts"
	authHelper "perms-system-server/internal/logic/auth"
	"perms-system-server/internal/middleware"
	userModel "perms-system-server/internal/model/user"
	"perms-system-server/internal/response"
	"perms-system-server/internal/svc"
	"perms-system-server/internal/types"
	"perms-system-server/internal/util"

	"github.com/zeromicro/go-zero/core/logx"
	"golang.org/x/crypto/bcrypt"
)

var usernameRegexp = regexp.MustCompile(`^[a-zA-Z0-9_]{2,64}$`)

type CreateUserLogic struct {
	logx.Logger
	ctx    context.Context
	svcCtx *svc.ServiceContext
}

func NewCreateUserLogic(ctx context.Context, svcCtx *svc.ServiceContext) *CreateUserLogic {
	return &CreateUserLogic{
		Logger: logx.WithContext(ctx),
		ctx:    ctx,
		svcCtx: svcCtx,
	}
}

// CreateUser 创建用户。新建系统用户账号，可指定部门归属。超管或当前产品 ADMIN 可调用。
// 注意：产品 ADMIN 创建的用户为系统级用户，不自动加入任何产品，需通过 AddMember 接口手动关联。
func (l *CreateUserLogic) CreateUser(req *types.CreateUserReq) (resp *types.IdResp, err error) {
	productCode := middleware.GetProductCode(l.ctx)
	if err := authHelper.RequireProductAdminFor(l.ctx, productCode); err != nil {
		return nil, err
	}

	if msg := util.ValidatePassword(req.Password); msg != "" {
		return nil, response.ErrBadRequest(msg)
	}
	if !usernameRegexp.MatchString(req.Username) {
		return nil, response.ErrBadRequest("用户名只能包含字母、数字和下划线，长度2-64个字符")
	}
	if len(req.Nickname) > 64 {
		return nil, response.ErrBadRequest("昵称长度不能超过64个字符")
	}
	if len(req.Remark) > 255 {
		return nil, response.ErrBadRequest("备注长度不能超过255个字符")
	}

	if req.Email != "" && !util.IsValidEmail(req.Email) {
		return nil, response.ErrBadRequest("邮箱格式不正确")
	}
	if req.Phone != "" && !util.IsValidPhone(req.Phone) {
		return nil, response.ErrBadRequest("手机号格式不正确")
	}

	if req.DeptId > 0 {
		if _, err := l.svcCtx.SysDeptModel.FindOne(l.ctx, req.DeptId); err != nil {
			return nil, response.ErrBadRequest("部门不存在")
		}
	}

	hashedPwd, err := bcrypt.GenerateFromPassword([]byte(req.Password), bcrypt.DefaultCost)
	if err != nil {
		return nil, err
	}

	now := time.Now().Unix()
	result, err := l.svcCtx.SysUserModel.Insert(l.ctx, &userModel.SysUser{
		Username:           req.Username,
		Password:           string(hashedPwd),
		Nickname:           req.Nickname,
		Email:              req.Email,
		Phone:              req.Phone,
		Remark:             req.Remark,
		DeptId:             req.DeptId,
		IsSuperAdmin:       consts.IsSuperAdminNo,
		// 管理员代填的初始密码默认要求首次登录必须修改，降低"管理员口头下发后长期不换、口令库泄露即广义失陷"的风险（见审计 L-1）。
		MustChangePassword: consts.MustChangePasswordYes,
		Status:             consts.StatusEnabled,
		CreateTime:         now,
		UpdateTime:         now,
	})
	if err != nil {
		if util.IsDuplicateEntryErr(err) {
			return nil, response.ErrConflict("用户名已存在")
		}
		return nil, err
	}

	id, _ := result.LastInsertId()
	return &types.IdResp{Id: id}, nil
}