weiym
/
perms-system-server


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207
							package product

import (
	"context"
	"crypto/rand"
	"encoding/hex"
	"encoding/json"
	"fmt"
	"regexp"
	"time"

	"perms-system-server/internal/consts"
	authHelper "perms-system-server/internal/logic/auth"
	productModel "perms-system-server/internal/model/product"
	"perms-system-server/internal/model/productmember"
	userModel "perms-system-server/internal/model/user"
	"perms-system-server/internal/response"
	"perms-system-server/internal/svc"
	"perms-system-server/internal/types"
	"perms-system-server/internal/util"

	"github.com/zeromicro/go-zero/core/logx"
	"github.com/zeromicro/go-zero/core/stores/sqlx"
	"golang.org/x/crypto/bcrypt"
)

// 审计 M-4：CreateProduct 不再把 adminPassword/appSecret 明文写入响应体；改为把"真正的初始凭证"
// 暂存 Redis，并只把一次性消费票据放进响应。票据本身是短期（5 分钟）+ 一次性，即使被上游日志/APM
// 错误记录，也只能换一次而无法长期复用。
const (
	initialCredentialsTTL       = 5 * time.Minute
	initialCredentialsKeyPrefix = "pm:initcred:"
)

// initialCredentialsPayload 实际落 Redis 的凭证载荷。放在内部文件以避免跨包暴露结构。
type initialCredentialsPayload struct {
	AppKey        string `json:"appKey"`
	AppSecret     string `json:"appSecret"`
	AdminUser     string `json:"adminUser"`
	AdminPassword string `json:"adminPassword"`
}

var productCodeRegexp = regexp.MustCompile(`^[a-zA-Z][a-zA-Z0-9_-]{1,63}$`)

type CreateProductLogic struct {
	logx.Logger
	ctx    context.Context
	svcCtx *svc.ServiceContext
}

func NewCreateProductLogic(ctx context.Context, svcCtx *svc.ServiceContext) *CreateProductLogic {
	return &CreateProductLogic{
		Logger: logx.WithContext(ctx),
		ctx:    ctx,
		svcCtx: svcCtx,
	}
}

// CreateProduct 创建产品。仅超管可调用，自动生成 appKey/appSecret 和产品专属管理员账号，用于接入新的业务产品。
func (l *CreateProductLogic) CreateProduct(req *types.CreateProductReq) (resp *types.CreateProductResp, err error) {
	if err := authHelper.RequireSuperAdmin(l.ctx); err != nil {
		return nil, err
	}

	if !productCodeRegexp.MatchString(req.Code) {
		return nil, response.ErrBadRequest("产品编码只能包含字母、数字、下划线和中划线，须以字母开头，长度2-64")
	}
	if len(req.Name) > 64 {
		return nil, response.ErrBadRequest("产品名称长度不能超过64个字符")
	}
	if len(req.Remark) > 255 {
		return nil, response.ErrBadRequest("备注长度不能超过255个字符")
	}

	_, findErr := l.svcCtx.SysProductModel.FindOneByCode(l.ctx, req.Code)
	if findErr == nil {
		return nil, response.ErrConflict("产品编码已存在")
	}

	appKey, err := generateRandomHex(16)
	if err != nil {
		return nil, err
	}
	rawAppSecret, err := generateRandomHex(32)
	if err != nil {
		return nil, err
	}
	appSecretHash, err := bcrypt.GenerateFromPassword([]byte(rawAppSecret), bcrypt.DefaultCost)
	if err != nil {
		return nil, err
	}
	now := time.Now().Unix()

	adminUsername := fmt.Sprintf("admin_%s", req.Code)
	if _, err := l.svcCtx.SysUserModel.FindOneByUsername(l.ctx, adminUsername); err == nil {
		return nil, response.ErrConflict(fmt.Sprintf("用户名 %s 已存在，无法自动创建管理员账号", adminUsername))
	}
	adminPassword, err := generateRandomHex(12)
	if err != nil {
		return nil, err
	}
	hashedPwd, err := bcrypt.GenerateFromPassword([]byte(adminPassword), bcrypt.DefaultCost)
	if err != nil {
		return nil, err
	}

	var productId int64

	err = l.svcCtx.SysProductModel.TransactCtx(l.ctx, func(ctx context.Context, session sqlx.Session) error {
		result, err := l.svcCtx.SysProductModel.InsertWithTx(ctx, session, &productModel.SysProduct{
			Code:       req.Code,
			Name:       req.Name,
			AppKey:     appKey,
			AppSecret:  string(appSecretHash),
			Remark:     req.Remark,
			Status:     consts.StatusEnabled,
			CreateTime: now,
			UpdateTime: now,
		})
		if err != nil {
			return err
		}
		productId, _ = result.LastInsertId()

		userResult, err := l.svcCtx.SysUserModel.InsertWithTx(ctx, session, &userModel.SysUser{
			Username:           adminUsername,
			Password:           string(hashedPwd),
			Nickname:           fmt.Sprintf("%s管理员", req.Name),
			IsSuperAdmin:       consts.IsSuperAdminNo,
			MustChangePassword: consts.MustChangePasswordYes,
			Status:             consts.StatusEnabled,
			CreateTime:         now,
			UpdateTime:         now,
		})
		if err != nil {
			return err
		}
		userId, _ := userResult.LastInsertId()

		_, err = l.svcCtx.SysProductMemberModel.InsertWithTx(ctx, session, &productmember.SysProductMember{
			ProductCode: req.Code,
			UserId:      userId,
			MemberType:  consts.MemberTypeAdmin,
			Status:      consts.StatusEnabled,
			CreateTime:  now,
			UpdateTime:  now,
		})
		return err
	})

	if err != nil {
		// 前置的 FindOneByCode / FindOneByUsername 已经在大多数合法请求里把"产品码/用户名已存在"
		// 分辨清楚并返回具体文案。落到这里的 1062 基本都是同秒并发创建的稀有竞态，按审计 M-5 的
		// 建议不再用 strings.Contains 匹配 MySQL 错误消息中的索引名（不同版本的文案不稳定，
		// 改索引名会导致静默降级成通用冲突）；直接统一回通用冲突让前端重试，由 pre-check 负责语义。
		if util.IsDuplicateEntryErr(err) {
			return nil, response.ErrConflict("数据冲突，请稍后重试")
		}
		return nil, err
	}

	// 生成一次性凭证票据（32 字节随机，hex 编码）。
	ticket, err := generateRandomHex(32)
	if err != nil {
		// 退化策略：Redis 写入失败时不该返回明文密码（那样就回到了 M-4 的老毛病）。
		// 这里直接 500，让运维查链路；调用方可根据业务决定重启流程。
		logx.WithContext(l.ctx).Errorf("CreateProduct: generate credentials ticket failed: %v", err)
		return nil, response.NewCodeError(500, "生成初始凭证票据失败，请稍后重试")
	}
	payload := initialCredentialsPayload{
		AppKey:        appKey,
		AppSecret:     rawAppSecret,
		AdminUser:     adminUsername,
		AdminPassword: adminPassword,
	}
	buf, mErr := json.Marshal(&payload)
	if mErr != nil {
		logx.WithContext(l.ctx).Errorf("CreateProduct: marshal credentials payload failed: %v", mErr)
		return nil, response.NewCodeError(500, "封装初始凭证失败，请稍后重试")
	}
	ticketKey := initialCredentialsKeyPrefix + ticket
	if setErr := l.svcCtx.Redis.SetexCtx(l.ctx, ticketKey, string(buf), int(initialCredentialsTTL/time.Second)); setErr != nil {
		logx.WithContext(l.ctx).Errorf("CreateProduct: stash credentials to redis failed: %v", setErr)
		return nil, response.NewCodeError(500, "暂存初始凭证失败，请稍后重试")
	}

	// 仅脱敏字段 + ticket 落响应体。productCode / adminUser 属于可公开的管理信息。
	logx.WithContext(l.ctx).Infof("CreateProduct: product=%s admin=%s credentialsTicketIssued ttl=%s",
		req.Code, adminUsername, initialCredentialsTTL)

	return &types.CreateProductResp{
		Id:                   productId,
		Code:                 req.Code,
		AppKey:               appKey,
		AdminUser:            adminUsername,
		CredentialsTicket:    ticket,
		CredentialsExpiresAt: time.Now().Add(initialCredentialsTTL).Unix(),
	}, nil
}

func generateRandomHex(byteLen int) (string, error) {
	b := make([]byte, byteLen)
	if _, err := rand.Read(b); err != nil {
		return "", fmt.Errorf("generate random bytes failed: %w", err)
	}
	return hex.EncodeToString(b), nil
}