feat: 引入依赖注入模式

- 创建Repository接口定义（UserRepository、ProfileRepository、TextureRepository等） - 创建Repository接口实现 - 创建依赖注入容器（container.Container） - 改造Handler层使用依赖注入（AuthHandler、UserHandler、TextureHandler） - 创建新的路由注册方式（RegisterRoutesWithDI） - 提供main.go示例文件展示如何使用依赖注入同时包含之前的安全修复： - CORS配置安全加固 - 头像URL验证安全修复 - JWT algorithm confusion漏洞修复 - Recovery中间件增强 - 敏感错误信息泄露修复 - 类型断言安全修复
2025-12-02 17:40:39 +08:00
parent 373c61f625
commit f7589ebbb8
25 changed files with 2029 additions and 139 deletions
--- a/internal/repository/user_repository_impl.go
+++ b/internal/repository/user_repository_impl.go
@@ -0,0 +1,103 @@
+package repository
+
+import (
+	"carrotskin/internal/model"
+	"errors"
+
+	"gorm.io/gorm"
+)
+
+// userRepositoryImpl UserRepository的实现
+type userRepositoryImpl struct {
+	db *gorm.DB
+}
+
+// NewUserRepository 创建UserRepository实例
+func NewUserRepository(db *gorm.DB) UserRepository {
+	return &userRepositoryImpl{db: db}
+}
+
+func (r *userRepositoryImpl) Create(user *model.User) error {
+	return r.db.Create(user).Error
+}
+
+func (r *userRepositoryImpl) FindByID(id int64) (*model.User, error) {
+	var user model.User
+	err := r.db.Where("id = ? AND status != -1", id).First(&user).Error
+	return handleNotFoundResult(&user, err)
+}
+
+func (r *userRepositoryImpl) FindByUsername(username string) (*model.User, error) {
+	var user model.User
+	err := r.db.Where("username = ? AND status != -1", username).First(&user).Error
+	return handleNotFoundResult(&user, err)
+}
+
+func (r *userRepositoryImpl) FindByEmail(email string) (*model.User, error) {
+	var user model.User
+	err := r.db.Where("email = ? AND status != -1", email).First(&user).Error
+	return handleNotFoundResult(&user, err)
+}
+
+func (r *userRepositoryImpl) Update(user *model.User) error {
+	return r.db.Save(user).Error
+}
+
+func (r *userRepositoryImpl) UpdateFields(id int64, fields map[string]interface{}) error {
+	return r.db.Model(&model.User{}).Where("id = ?", id).Updates(fields).Error
+}
+
+func (r *userRepositoryImpl) Delete(id int64) error {
+	return r.db.Model(&model.User{}).Where("id = ?", id).Update("status", -1).Error
+}
+
+func (r *userRepositoryImpl) CreateLoginLog(log *model.UserLoginLog) error {
+	return r.db.Create(log).Error
+}
+
+func (r *userRepositoryImpl) CreatePointLog(log *model.UserPointLog) error {
+	return r.db.Create(log).Error
+}
+
+func (r *userRepositoryImpl) UpdatePoints(userID int64, amount int, changeType, reason string) error {
+	return r.db.Transaction(func(tx *gorm.DB) error {
+		var user model.User
+		if err := tx.Where("id = ?", userID).First(&user).Error; err != nil {
+			return err
+		}
+
+		balanceBefore := user.Points
+		balanceAfter := balanceBefore + amount
+
+		if balanceAfter < 0 {
+			return errors.New("积分不足")
+		}
+
+		if err := tx.Model(&user).Update("points", balanceAfter).Error; err != nil {
+			return err
+		}
+
+		log := &model.UserPointLog{
+			UserID:        userID,
+			ChangeType:    changeType,
+			Amount:        amount,
+			BalanceBefore: balanceBefore,
+			BalanceAfter:  balanceAfter,
+			Reason:        reason,
+		}
+
+		return tx.Create(log).Error
+	})
+}
+
+// handleNotFoundResult 处理记录未找到的情况
+func handleNotFoundResult[T any](result *T, err error) (*T, error) {
+	if err != nil {
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			return nil, nil
+		}
+		return nil, err
+	}
+	return result, nil
+}
+