feat: 引入依赖注入模式

- 创建Repository接口定义（UserRepository、ProfileRepository、TextureRepository等）
- 创建Repository接口实现
- 创建依赖注入容器（container.Container）
- 改造Handler层使用依赖注入（AuthHandler、UserHandler、TextureHandler）
- 创建新的路由注册方式（RegisterRoutesWithDI）
- 提供main.go示例文件展示如何使用依赖注入

同时包含之前的安全修复：
- CORS配置安全加固
- 头像URL验证安全修复
- JWT algorithm confusion漏洞修复
- Recovery中间件增强
- 敏感错误信息泄露修复
- 类型断言安全修复

internal/handler/auth_handler_di.go

@@ -0,0 +1,177 @@
+package handler
+
+import (
+	"carrotskin/internal/container"
+	"carrotskin/internal/service"
+	"carrotskin/internal/types"
+	"carrotskin/pkg/email"
+
+	"github.com/gin-gonic/gin"
+	"go.uber.org/zap"
+)
+
+// AuthHandler 认证处理器（依赖注入版本）
+type AuthHandler struct {
+	container *container.Container
+	logger    *zap.Logger
+}
+
+// NewAuthHandler 创建AuthHandler实例
+func NewAuthHandler(c *container.Container) *AuthHandler {
+	return &AuthHandler{
+		container: c,
+		logger:    c.Logger,
+	}
+}
+
+// Register 用户注册
+// @Summary 用户注册
+// @Description 注册新用户账号
+// @Tags auth
+// @Accept json
+// @Produce json
+// @Param request body types.RegisterRequest true "注册信息"
+// @Success 200 {object} model.Response "注册成功"
+// @Failure 400 {object} model.ErrorResponse "请求参数错误"
+// @Router /api/v1/auth/register [post]
+func (h *AuthHandler) Register(c *gin.Context) {
+	var req types.RegisterRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		RespondBadRequest(c, "请求参数错误", err)
+		return
+	}
+
+	// 验证邮箱验证码
+	if err := service.VerifyCode(c.Request.Context(), h.container.Redis, req.Email, req.VerificationCode, service.VerificationTypeRegister); err != nil {
+		h.logger.Warn("验证码验证失败", zap.String("email", req.Email), zap.Error(err))
+		RespondBadRequest(c, err.Error(), nil)
+		return
+	}
+
+	// 注册用户
+	user, token, err := service.RegisterUser(h.container.JWT, req.Username, req.Password, req.Email, req.Avatar)
+	if err != nil {
+		h.logger.Error("用户注册失败", zap.Error(err))
+		RespondBadRequest(c, err.Error(), nil)
+		return
+	}
+
+	RespondSuccess(c, &types.LoginResponse{
+		Token:    token,
+		UserInfo: UserToUserInfo(user),
+	})
+}
+
+// Login 用户登录
+// @Summary 用户登录
+// @Description 用户登录获取JWT Token，支持用户名或邮箱登录
+// @Tags auth
+// @Accept json
+// @Produce json
+// @Param request body types.LoginRequest true "登录信息（username字段支持用户名或邮箱）"
+// @Success 200 {object} model.Response{data=types.LoginResponse} "登录成功"
+// @Failure 400 {object} model.ErrorResponse "请求参数错误"
+// @Failure 401 {object} model.ErrorResponse "登录失败"
+// @Router /api/v1/auth/login [post]
+func (h *AuthHandler) Login(c *gin.Context) {
+	var req types.LoginRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		RespondBadRequest(c, "请求参数错误", err)
+		return
+	}
+
+	ipAddress := c.ClientIP()
+	userAgent := c.GetHeader("User-Agent")
+
+	user, token, err := service.LoginUserWithRateLimit(h.container.Redis, h.container.JWT, req.Username, req.Password, ipAddress, userAgent)
+	if err != nil {
+		h.logger.Warn("用户登录失败",
+			zap.String("username_or_email", req.Username),
+			zap.String("ip", ipAddress),
+			zap.Error(err),
+		)
+		RespondUnauthorized(c, err.Error())
+		return
+	}
+
+	RespondSuccess(c, &types.LoginResponse{
+		Token:    token,
+		UserInfo: UserToUserInfo(user),
+	})
+}
+
+// SendVerificationCode 发送验证码
+// @Summary 发送验证码
+// @Description 发送邮箱验证码（注册/重置密码/更换邮箱）
+// @Tags auth
+// @Accept json
+// @Produce json
+// @Param request body types.SendVerificationCodeRequest true "发送验证码请求"
+// @Success 200 {object} model.Response "发送成功"
+// @Failure 400 {object} model.ErrorResponse "请求参数错误"
+// @Router /api/v1/auth/send-code [post]
+func (h *AuthHandler) SendVerificationCode(c *gin.Context) {
+	var req types.SendVerificationCodeRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		RespondBadRequest(c, "请求参数错误", err)
+		return
+	}
+
+	emailService, err := h.getEmailService()
+	if err != nil {
+		RespondServerError(c, "邮件服务不可用", err)
+		return
+	}
+
+	if err := service.SendVerificationCode(c.Request.Context(), h.container.Redis, emailService, req.Email, req.Type); err != nil {
+		h.logger.Error("发送验证码失败",
+			zap.String("email", req.Email),
+			zap.String("type", req.Type),
+			zap.Error(err),
+		)
+		RespondBadRequest(c, err.Error(), nil)
+		return
+	}
+
+	RespondSuccess(c, gin.H{"message": "验证码已发送，请查收邮件"})
+}
+
+// ResetPassword 重置密码
+// @Summary 重置密码
+// @Description 通过邮箱验证码重置密码
+// @Tags auth
+// @Accept json
+// @Produce json
+// @Param request body types.ResetPasswordRequest true "重置密码请求"
+// @Success 200 {object} model.Response "重置成功"
+// @Failure 400 {object} model.ErrorResponse "请求参数错误"
+// @Router /api/v1/auth/reset-password [post]
+func (h *AuthHandler) ResetPassword(c *gin.Context) {
+	var req types.ResetPasswordRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		RespondBadRequest(c, "请求参数错误", err)
+		return
+	}
+
+	// 验证验证码
+	if err := service.VerifyCode(c.Request.Context(), h.container.Redis, req.Email, req.VerificationCode, service.VerificationTypeResetPassword); err != nil {
+		h.logger.Warn("验证码验证失败", zap.String("email", req.Email), zap.Error(err))
+		RespondBadRequest(c, err.Error(), nil)
+		return
+	}
+
+	// 重置密码
+	if err := service.ResetUserPassword(req.Email, req.NewPassword); err != nil {
+		h.logger.Error("重置密码失败", zap.String("email", req.Email), zap.Error(err))
+		RespondServerError(c, err.Error(), nil)
+		return
+	}
+
+	RespondSuccess(c, gin.H{"message": "密码重置成功"})
+}
+
+// getEmailService 获取邮件服务（暂时使用全局方式，后续可改为依赖注入）
+func (h *AuthHandler) getEmailService() (*email.Service, error) {
+	return email.GetService()
+}
+

internal/handler/helpers.go

@@ -4,14 +4,24 @@ import (
 	"carrotskin/internal/model"
 	"carrotskin/internal/types"
 	"net/http"
+	"strconv"
 
 	"github.com/gin-gonic/gin"
 )
 
+// parseIntWithDefault 将字符串解析为整数，解析失败返回默认值
+func parseIntWithDefault(s string, defaultVal int) int {
+	val, err := strconv.Atoi(s)
+	if err != nil {
+		return defaultVal
+	}
+	return val
+}
+
 // GetUserIDFromContext 从上下文获取用户ID，如果不存在返回未授权响应
 // 返回值: userID, ok (如果ok为false，已经发送了错误响应)
 func GetUserIDFromContext(c *gin.Context) (int64, bool) {
-	userID, exists := c.Get("user_id")
+	userIDValue, exists := c.Get("user_id")
 	if !exists {
 		c.JSON(http.StatusUnauthorized, model.NewErrorResponse(
 			model.CodeUnauthorized,
@@ -20,7 +30,19 @@ func GetUserIDFromContext(c *gin.Context) (int64, bool) {
 		))
 		return 0, false
 	}
-	return userID.(int64), true
+
+	// 安全的类型断言
+	userID, ok := userIDValue.(int64)
+	if !ok {
+		c.JSON(http.StatusInternalServerError, model.NewErrorResponse(
+			model.CodeServerError,
+			"用户ID类型错误",
+			nil,
+		))
+		return 0, false
+	}
+
+	return userID, true
 }
 
 // UserToUserInfo 将 User 模型转换为 UserInfo 响应
@@ -157,4 +179,3 @@ func RespondWithError(c *gin.Context, err error) {
 		RespondServerError(c, msg, nil)
 	}
 }
-

internal/handler/routes_di.go

@@ -0,0 +1,191 @@
+package handler
+
+import (
+	"carrotskin/internal/container"
+	"carrotskin/internal/middleware"
+	"carrotskin/internal/model"
+
+	"github.com/gin-gonic/gin"
+)
+
+// Handlers 集中管理所有Handler
+type Handlers struct {
+	Auth    *AuthHandler
+	User    *UserHandler
+	Texture *TextureHandler
+	// Profile  *ProfileHandler   // 后续添加
+	// Captcha  *CaptchaHandler   // 后续添加
+	// Yggdrasil *YggdrasilHandler // 后续添加
+}
+
+// NewHandlers 创建所有Handler实例
+func NewHandlers(c *container.Container) *Handlers {
+	return &Handlers{
+		Auth:    NewAuthHandler(c),
+		User:    NewUserHandler(c),
+		Texture: NewTextureHandler(c),
+	}
+}
+
+// RegisterRoutesWithDI 使用依赖注入注册所有路由
+func RegisterRoutesWithDI(router *gin.Engine, c *container.Container) {
+	// 设置Swagger文档
+	SetupSwagger(router)
+
+	// 创建Handler实例
+	h := NewHandlers(c)
+
+	// API路由组
+	v1 := router.Group("/api/v1")
+	{
+		// 认证路由（无需JWT）
+		registerAuthRoutes(v1, h.Auth)
+
+		// 用户路由（需要JWT认证）
+		registerUserRoutes(v1, h.User)
+
+		// 材质路由
+		registerTextureRoutes(v1, h.Texture)
+
+		// 档案路由（暂时保持原有方式）
+		registerProfileRoutes(v1)
+
+		// 验证码路由（暂时保持原有方式）
+		registerCaptchaRoutes(v1)
+
+		// Yggdrasil API路由组（暂时保持原有方式）
+		registerYggdrasilRoutes(v1)
+
+		// 系统路由
+		registerSystemRoutes(v1)
+	}
+}
+
+// registerAuthRoutes 注册认证路由
+func registerAuthRoutes(v1 *gin.RouterGroup, h *AuthHandler) {
+	authGroup := v1.Group("/auth")
+	{
+		authGroup.POST("/register", h.Register)
+		authGroup.POST("/login", h.Login)
+		authGroup.POST("/send-code", h.SendVerificationCode)
+		authGroup.POST("/reset-password", h.ResetPassword)
+	}
+}
+
+// registerUserRoutes 注册用户路由
+func registerUserRoutes(v1 *gin.RouterGroup, h *UserHandler) {
+	userGroup := v1.Group("/user")
+	userGroup.Use(middleware.AuthMiddleware())
+	{
+		userGroup.GET("/profile", h.GetProfile)
+		userGroup.PUT("/profile", h.UpdateProfile)
+
+		// 头像相关
+		userGroup.POST("/avatar/upload-url", h.GenerateAvatarUploadURL)
+		userGroup.PUT("/avatar", h.UpdateAvatar)
+
+		// 更换邮箱
+		userGroup.POST("/change-email", h.ChangeEmail)
+
+		// Yggdrasil密码相关
+		userGroup.POST("/yggdrasil-password/reset", h.ResetYggdrasilPassword)
+	}
+}
+
+// registerTextureRoutes 注册材质路由
+func registerTextureRoutes(v1 *gin.RouterGroup, h *TextureHandler) {
+	textureGroup := v1.Group("/texture")
+	{
+		// 公开路由（无需认证）
+		textureGroup.GET("", h.Search)
+		textureGroup.GET("/:id", h.Get)
+
+		// 需要认证的路由
+		textureAuth := textureGroup.Group("")
+		textureAuth.Use(middleware.AuthMiddleware())
+		{
+			textureAuth.POST("/upload-url", h.GenerateUploadURL)
+			textureAuth.POST("", h.Create)
+			textureAuth.PUT("/:id", h.Update)
+			textureAuth.DELETE("/:id", h.Delete)
+			textureAuth.POST("/:id/favorite", h.ToggleFavorite)
+			textureAuth.GET("/my", h.GetUserTextures)
+			textureAuth.GET("/favorites", h.GetUserFavorites)
+		}
+	}
+}
+
+// registerProfileRoutes 注册档案路由（保持原有方式，后续改造）
+func registerProfileRoutes(v1 *gin.RouterGroup) {
+	profileGroup := v1.Group("/profile")
+	{
+		// 公开路由（无需认证）
+		profileGroup.GET("/:uuid", GetProfile)
+
+		// 需要认证的路由
+		profileAuth := profileGroup.Group("")
+		profileAuth.Use(middleware.AuthMiddleware())
+		{
+			profileAuth.POST("/", CreateProfile)
+			profileAuth.GET("/", GetProfiles)
+			profileAuth.PUT("/:uuid", UpdateProfile)
+			profileAuth.DELETE("/:uuid", DeleteProfile)
+			profileAuth.POST("/:uuid/activate", SetActiveProfile)
+		}
+	}
+}
+
+// registerCaptchaRoutes 注册验证码路由（保持原有方式）
+func registerCaptchaRoutes(v1 *gin.RouterGroup) {
+	captchaGroup := v1.Group("/captcha")
+	{
+		captchaGroup.GET("/generate", Generate)
+		captchaGroup.POST("/verify", Verify)
+	}
+}
+
+// registerYggdrasilRoutes 注册Yggdrasil API路由（保持原有方式）
+func registerYggdrasilRoutes(v1 *gin.RouterGroup) {
+	ygg := v1.Group("/yggdrasil")
+	{
+		ygg.GET("", GetMetaData)
+		ygg.POST("/minecraftservices/player/certificates", GetPlayerCertificates)
+		authserver := ygg.Group("/authserver")
+		{
+			authserver.POST("/authenticate", Authenticate)
+			authserver.POST("/validate", ValidToken)
+			authserver.POST("/refresh", RefreshToken)
+			authserver.POST("/invalidate", InvalidToken)
+			authserver.POST("/signout", SignOut)
+		}
+		sessionServer := ygg.Group("/sessionserver")
+		{
+			sessionServer.GET("/session/minecraft/profile/:uuid", GetProfileByUUID)
+			sessionServer.POST("/session/minecraft/join", JoinServer)
+			sessionServer.GET("/session/minecraft/hasJoined", HasJoinedServer)
+		}
+		api := ygg.Group("/api")
+		profiles := api.Group("/profiles")
+		{
+			profiles.POST("/minecraft", GetProfilesByName)
+		}
+	}
+}
+
+// registerSystemRoutes 注册系统路由
+func registerSystemRoutes(v1 *gin.RouterGroup) {
+	system := v1.Group("/system")
+	{
+		system.GET("/config", func(c *gin.Context) {
+			// TODO: 实现从数据库读取系统配置
+			c.JSON(200, model.NewSuccessResponse(gin.H{
+				"site_name":             "CarrotSkin",
+				"site_description":      "A Minecraft Skin Station",
+				"registration_enabled":  true,
+				"max_textures_per_user": 100,
+				"max_profiles_per_user": 5,
+			}))
+		})
+	}
+}
+

internal/handler/texture_handler.go

@@ -160,8 +160,8 @@ func SearchTextures(c *gin.Context) {
 	textureTypeStr := c.Query("type")
 	publicOnly := c.Query("public_only") == "true"
 
-	page, _ := strconv.Atoi(c.DefaultQuery("page", "1"))
-	pageSize, _ := strconv.Atoi(c.DefaultQuery("page_size", "20"))
+	page := parseIntWithDefault(c.DefaultQuery("page", "1"), 1)
+	pageSize := parseIntWithDefault(c.DefaultQuery("page_size", "20"), 20)
 
 	var textureType model.TextureType
 	switch textureTypeStr {
@@ -314,8 +314,8 @@ func GetUserTextures(c *gin.Context) {
 		return
 	}
 
-	page, _ := strconv.Atoi(c.DefaultQuery("page", "1"))
-	pageSize, _ := strconv.Atoi(c.DefaultQuery("page_size", "20"))
+	page := parseIntWithDefault(c.DefaultQuery("page", "1"), 1)
+	pageSize := parseIntWithDefault(c.DefaultQuery("page_size", "20"), 20)
 
 	textures, total, err := service.GetUserTextures(database.MustGetDB(), userID, page, pageSize)
 	if err != nil {
@@ -344,8 +344,8 @@ func GetUserFavorites(c *gin.Context) {
 		return
 	}
 
-	page, _ := strconv.Atoi(c.DefaultQuery("page", "1"))
-	pageSize, _ := strconv.Atoi(c.DefaultQuery("page_size", "20"))
+	page := parseIntWithDefault(c.DefaultQuery("page", "1"), 1)
+	pageSize := parseIntWithDefault(c.DefaultQuery("page_size", "20"), 20)
 
 	textures, total, err := service.GetUserTextureFavorites(database.MustGetDB(), userID, page, pageSize)
 	if err != nil {

internal/handler/texture_handler_di.go

@@ -0,0 +1,284 @@
+package handler
+
+import (
+	"carrotskin/internal/container"
+	"carrotskin/internal/model"
+	"carrotskin/internal/service"
+	"carrotskin/internal/types"
+	"strconv"
+
+	"github.com/gin-gonic/gin"
+	"go.uber.org/zap"
+)
+
+// TextureHandler 材质处理器（依赖注入版本）
+type TextureHandler struct {
+	container *container.Container
+	logger    *zap.Logger
+}
+
+// NewTextureHandler 创建TextureHandler实例
+func NewTextureHandler(c *container.Container) *TextureHandler {
+	return &TextureHandler{
+		container: c,
+		logger:    c.Logger,
+	}
+}
+
+// GenerateUploadURL 生成材质上传URL
+func (h *TextureHandler) GenerateUploadURL(c *gin.Context) {
+	userID, ok := GetUserIDFromContext(c)
+	if !ok {
+		return
+	}
+
+	var req types.GenerateTextureUploadURLRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		RespondBadRequest(c, "请求参数错误", err)
+		return
+	}
+
+	if h.container.Storage == nil {
+		RespondServerError(c, "存储服务不可用", nil)
+		return
+	}
+
+	result, err := service.GenerateTextureUploadURL(
+		c.Request.Context(),
+		h.container.Storage,
+		userID,
+		req.FileName,
+		string(req.TextureType),
+	)
+	if err != nil {
+		h.logger.Error("生成材质上传URL失败",
+			zap.Int64("user_id", userID),
+			zap.String("file_name", req.FileName),
+			zap.String("texture_type", string(req.TextureType)),
+			zap.Error(err),
+		)
+		RespondBadRequest(c, err.Error(), nil)
+		return
+	}
+
+	RespondSuccess(c, &types.GenerateTextureUploadURLResponse{
+		PostURL:    result.PostURL,
+		FormData:   result.FormData,
+		TextureURL: result.FileURL,
+		ExpiresIn:  900,
+	})
+}
+
+// Create 创建材质记录
+func (h *TextureHandler) Create(c *gin.Context) {
+	userID, ok := GetUserIDFromContext(c)
+	if !ok {
+		return
+	}
+
+	var req types.CreateTextureRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		RespondBadRequest(c, "请求参数错误", err)
+		return
+	}
+
+	maxTextures := service.GetMaxTexturesPerUser()
+	if err := service.CheckTextureUploadLimit(h.container.DB, userID, maxTextures); err != nil {
+		RespondBadRequest(c, err.Error(), nil)
+		return
+	}
+
+	texture, err := service.CreateTexture(h.container.DB,
+		userID,
+		req.Name,
+		req.Description,
+		string(req.Type),
+		req.URL,
+		req.Hash,
+		req.Size,
+		req.IsPublic,
+		req.IsSlim,
+	)
+	if err != nil {
+		h.logger.Error("创建材质失败",
+			zap.Int64("user_id", userID),
+			zap.String("name", req.Name),
+			zap.Error(err),
+		)
+		RespondBadRequest(c, err.Error(), nil)
+		return
+	}
+
+	RespondSuccess(c, TextureToTextureInfo(texture))
+}
+
+// Get 获取材质详情
+func (h *TextureHandler) Get(c *gin.Context) {
+	id, err := strconv.ParseInt(c.Param("id"), 10, 64)
+	if err != nil {
+		RespondBadRequest(c, "无效的材质ID", err)
+		return
+	}
+
+	texture, err := service.GetTextureByID(h.container.DB, id)
+	if err != nil {
+		RespondNotFound(c, err.Error())
+		return
+	}
+
+	RespondSuccess(c, TextureToTextureInfo(texture))
+}
+
+// Search 搜索材质
+func (h *TextureHandler) Search(c *gin.Context) {
+	keyword := c.Query("keyword")
+	textureTypeStr := c.Query("type")
+	publicOnly := c.Query("public_only") == "true"
+
+	page := parseIntWithDefault(c.DefaultQuery("page", "1"), 1)
+	pageSize := parseIntWithDefault(c.DefaultQuery("page_size", "20"), 20)
+
+	var textureType model.TextureType
+	switch textureTypeStr {
+	case "SKIN":
+		textureType = model.TextureTypeSkin
+	case "CAPE":
+		textureType = model.TextureTypeCape
+	}
+
+	textures, total, err := service.SearchTextures(h.container.DB, keyword, textureType, publicOnly, page, pageSize)
+	if err != nil {
+		h.logger.Error("搜索材质失败", zap.String("keyword", keyword), zap.Error(err))
+		RespondServerError(c, "搜索材质失败", err)
+		return
+	}
+
+	c.JSON(200, model.NewPaginationResponse(TexturesToTextureInfos(textures), total, page, pageSize))
+}
+
+// Update 更新材质
+func (h *TextureHandler) Update(c *gin.Context) {
+	userID, ok := GetUserIDFromContext(c)
+	if !ok {
+		return
+	}
+
+	textureID, err := strconv.ParseInt(c.Param("id"), 10, 64)
+	if err != nil {
+		RespondBadRequest(c, "无效的材质ID", err)
+		return
+	}
+
+	var req types.UpdateTextureRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		RespondBadRequest(c, "请求参数错误", err)
+		return
+	}
+
+	texture, err := service.UpdateTexture(h.container.DB, textureID, userID, req.Name, req.Description, req.IsPublic)
+	if err != nil {
+		h.logger.Error("更新材质失败",
+			zap.Int64("user_id", userID),
+			zap.Int64("texture_id", textureID),
+			zap.Error(err),
+		)
+		RespondForbidden(c, err.Error())
+		return
+	}
+
+	RespondSuccess(c, TextureToTextureInfo(texture))
+}
+
+// Delete 删除材质
+func (h *TextureHandler) Delete(c *gin.Context) {
+	userID, ok := GetUserIDFromContext(c)
+	if !ok {
+		return
+	}
+
+	textureID, err := strconv.ParseInt(c.Param("id"), 10, 64)
+	if err != nil {
+		RespondBadRequest(c, "无效的材质ID", err)
+		return
+	}
+
+	if err := service.DeleteTexture(h.container.DB, textureID, userID); err != nil {
+		h.logger.Error("删除材质失败",
+			zap.Int64("user_id", userID),
+			zap.Int64("texture_id", textureID),
+			zap.Error(err),
+		)
+		RespondForbidden(c, err.Error())
+		return
+	}
+
+	RespondSuccess(c, nil)
+}
+
+// ToggleFavorite 切换收藏状态
+func (h *TextureHandler) ToggleFavorite(c *gin.Context) {
+	userID, ok := GetUserIDFromContext(c)
+	if !ok {
+		return
+	}
+
+	textureID, err := strconv.ParseInt(c.Param("id"), 10, 64)
+	if err != nil {
+		RespondBadRequest(c, "无效的材质ID", err)
+		return
+	}
+
+	isFavorited, err := service.ToggleTextureFavorite(h.container.DB, userID, textureID)
+	if err != nil {
+		h.logger.Error("切换收藏状态失败",
+			zap.Int64("user_id", userID),
+			zap.Int64("texture_id", textureID),
+			zap.Error(err),
+		)
+		RespondBadRequest(c, err.Error(), nil)
+		return
+	}
+
+	RespondSuccess(c, map[string]bool{"is_favorited": isFavorited})
+}
+
+// GetUserTextures 获取用户上传的材质列表
+func (h *TextureHandler) GetUserTextures(c *gin.Context) {
+	userID, ok := GetUserIDFromContext(c)
+	if !ok {
+		return
+	}
+
+	page := parseIntWithDefault(c.DefaultQuery("page", "1"), 1)
+	pageSize := parseIntWithDefault(c.DefaultQuery("page_size", "20"), 20)
+
+	textures, total, err := service.GetUserTextures(h.container.DB, userID, page, pageSize)
+	if err != nil {
+		h.logger.Error("获取用户材质列表失败", zap.Int64("user_id", userID), zap.Error(err))
+		RespondServerError(c, "获取材质列表失败", err)
+		return
+	}
+
+	c.JSON(200, model.NewPaginationResponse(TexturesToTextureInfos(textures), total, page, pageSize))
+}
+
+// GetUserFavorites 获取用户收藏的材质列表
+func (h *TextureHandler) GetUserFavorites(c *gin.Context) {
+	userID, ok := GetUserIDFromContext(c)
+	if !ok {
+		return
+	}
+
+	page := parseIntWithDefault(c.DefaultQuery("page", "1"), 1)
+	pageSize := parseIntWithDefault(c.DefaultQuery("page_size", "20"), 20)
+
+	textures, total, err := service.GetUserTextureFavorites(h.container.DB, userID, page, pageSize)
+	if err != nil {
+		h.logger.Error("获取用户收藏列表失败", zap.Int64("user_id", userID), zap.Error(err))
+		RespondServerError(c, "获取收藏列表失败", err)
+		return
+	}
+
+	c.JSON(200, model.NewPaginationResponse(TexturesToTextureInfos(textures), total, page, pageSize))
+}
+

internal/handler/user_handler_di.go

@@ -0,0 +1,233 @@
+package handler
+
+import (
+	"carrotskin/internal/container"
+	"carrotskin/internal/service"
+	"carrotskin/internal/types"
+
+	"github.com/gin-gonic/gin"
+	"go.uber.org/zap"
+)
+
+// UserHandler 用户处理器（依赖注入版本）
+type UserHandler struct {
+	container *container.Container
+	logger    *zap.Logger
+}
+
+// NewUserHandler 创建UserHandler实例
+func NewUserHandler(c *container.Container) *UserHandler {
+	return &UserHandler{
+		container: c,
+		logger:    c.Logger,
+	}
+}
+
+// GetProfile 获取用户信息
+func (h *UserHandler) GetProfile(c *gin.Context) {
+	userID, ok := GetUserIDFromContext(c)
+	if !ok {
+		return
+	}
+
+	user, err := service.GetUserByID(userID)
+	if err != nil || user == nil {
+		h.logger.Error("获取用户信息失败",
+			zap.Int64("user_id", userID),
+			zap.Error(err),
+		)
+		RespondNotFound(c, "用户不存在")
+		return
+	}
+
+	RespondSuccess(c, UserToUserInfo(user))
+}
+
+// UpdateProfile 更新用户信息
+func (h *UserHandler) UpdateProfile(c *gin.Context) {
+	userID, ok := GetUserIDFromContext(c)
+	if !ok {
+		return
+	}
+
+	var req types.UpdateUserRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		RespondBadRequest(c, "请求参数错误", err)
+		return
+	}
+
+	user, err := service.GetUserByID(userID)
+	if err != nil || user == nil {
+		RespondNotFound(c, "用户不存在")
+		return
+	}
+
+	// 处理密码修改
+	if req.NewPassword != "" {
+		if req.OldPassword == "" {
+			RespondBadRequest(c, "修改密码需要提供原密码", nil)
+			return
+		}
+
+		if err := service.ChangeUserPassword(userID, req.OldPassword, req.NewPassword); err != nil {
+			h.logger.Error("修改密码失败", zap.Int64("user_id", userID), zap.Error(err))
+			RespondBadRequest(c, err.Error(), nil)
+			return
+		}
+
+		h.logger.Info("用户修改密码成功", zap.Int64("user_id", userID))
+	}
+
+	// 更新头像
+	if req.Avatar != "" {
+		if err := service.ValidateAvatarURL(req.Avatar); err != nil {
+			RespondBadRequest(c, err.Error(), nil)
+			return
+		}
+		user.Avatar = req.Avatar
+		if err := service.UpdateUserInfo(user); err != nil {
+			h.logger.Error("更新用户信息失败", zap.Int64("user_id", user.ID), zap.Error(err))
+			RespondServerError(c, "更新失败", err)
+			return
+		}
+	}
+
+	// 重新获取更新后的用户信息
+	updatedUser, err := service.GetUserByID(userID)
+	if err != nil || updatedUser == nil {
+		RespondNotFound(c, "用户不存在")
+		return
+	}
+
+	RespondSuccess(c, UserToUserInfo(updatedUser))
+}
+
+// GenerateAvatarUploadURL 生成头像上传URL
+func (h *UserHandler) GenerateAvatarUploadURL(c *gin.Context) {
+	userID, ok := GetUserIDFromContext(c)
+	if !ok {
+		return
+	}
+
+	var req types.GenerateAvatarUploadURLRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		RespondBadRequest(c, "请求参数错误", err)
+		return
+	}
+
+	if h.container.Storage == nil {
+		RespondServerError(c, "存储服务不可用", nil)
+		return
+	}
+
+	result, err := service.GenerateAvatarUploadURL(c.Request.Context(), h.container.Storage, userID, req.FileName)
+	if err != nil {
+		h.logger.Error("生成头像上传URL失败",
+			zap.Int64("user_id", userID),
+			zap.String("file_name", req.FileName),
+			zap.Error(err),
+		)
+		RespondBadRequest(c, err.Error(), nil)
+		return
+	}
+
+	RespondSuccess(c, &types.GenerateAvatarUploadURLResponse{
+		PostURL:   result.PostURL,
+		FormData:  result.FormData,
+		AvatarURL: result.FileURL,
+		ExpiresIn: 900,
+	})
+}
+
+// UpdateAvatar 更新头像URL
+func (h *UserHandler) UpdateAvatar(c *gin.Context) {
+	userID, ok := GetUserIDFromContext(c)
+	if !ok {
+		return
+	}
+
+	avatarURL := c.Query("avatar_url")
+	if avatarURL == "" {
+		RespondBadRequest(c, "头像URL不能为空", nil)
+		return
+	}
+
+	if err := service.ValidateAvatarURL(avatarURL); err != nil {
+		RespondBadRequest(c, err.Error(), nil)
+		return
+	}
+
+	if err := service.UpdateUserAvatar(userID, avatarURL); err != nil {
+		h.logger.Error("更新头像失败",
+			zap.Int64("user_id", userID),
+			zap.String("avatar_url", avatarURL),
+			zap.Error(err),
+		)
+		RespondServerError(c, "更新头像失败", err)
+		return
+	}
+
+	user, err := service.GetUserByID(userID)
+	if err != nil || user == nil {
+		RespondNotFound(c, "用户不存在")
+		return
+	}
+
+	RespondSuccess(c, UserToUserInfo(user))
+}
+
+// ChangeEmail 更换邮箱
+func (h *UserHandler) ChangeEmail(c *gin.Context) {
+	userID, ok := GetUserIDFromContext(c)
+	if !ok {
+		return
+	}
+
+	var req types.ChangeEmailRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		RespondBadRequest(c, "请求参数错误", err)
+		return
+	}
+
+	if err := service.VerifyCode(c.Request.Context(), h.container.Redis, req.NewEmail, req.VerificationCode, service.VerificationTypeChangeEmail); err != nil {
+		h.logger.Warn("验证码验证失败", zap.String("new_email", req.NewEmail), zap.Error(err))
+		RespondBadRequest(c, err.Error(), nil)
+		return
+	}
+
+	if err := service.ChangeUserEmail(userID, req.NewEmail); err != nil {
+		h.logger.Error("更换邮箱失败",
+			zap.Int64("user_id", userID),
+			zap.String("new_email", req.NewEmail),
+			zap.Error(err),
+		)
+		RespondBadRequest(c, err.Error(), nil)
+		return
+	}
+
+	user, err := service.GetUserByID(userID)
+	if err != nil || user == nil {
+		RespondNotFound(c, "用户不存在")
+		return
+	}
+
+	RespondSuccess(c, UserToUserInfo(user))
+}
+
+// ResetYggdrasilPassword 重置Yggdrasil密码
+func (h *UserHandler) ResetYggdrasilPassword(c *gin.Context) {
+	userID, ok := GetUserIDFromContext(c)
+	if !ok {
+		return
+	}
+
+	newPassword, err := service.ResetYggdrasilPassword(h.container.DB, userID)
+	if err != nil {
+		h.logger.Error("重置Yggdrasil密码失败", zap.Error(err), zap.Int64("userId", userID))
+		RespondServerError(c, "重置Yggdrasil密码失败", nil)
+		return
+	}
+
+	h.logger.Info("Yggdrasil密码重置成功", zap.Int64("userId", userID))
+	RespondSuccess(c, gin.H{"password": newPassword})
+}