f7589ebbb8
- 创建Repository接口定义(UserRepository、ProfileRepository、TextureRepository等) - 创建Repository接口实现 - 创建依赖注入容器(container.Container) - 改造Handler层使用依赖注入(AuthHandler、UserHandler、TextureHandler) - 创建新的路由注册方式(RegisterRoutesWithDI) - 提供main.go示例文件展示如何使用依赖注入 同时包含之前的安全修复: - CORS配置安全加固 - 头像URL验证安全修复 - JWT algorithm confusion漏洞修复 - Recovery中间件增强 - 敏感错误信息泄露修复 - 类型断言安全修复
182 lines
4.8 KiB
Go
182 lines
4.8 KiB
Go
package handler
|
||
|
||
import (
|
||
"carrotskin/internal/model"
|
||
"carrotskin/internal/types"
|
||
"net/http"
|
||
"strconv"
|
||
|
||
"github.com/gin-gonic/gin"
|
||
)
|
||
|
||
// parseIntWithDefault 将字符串解析为整数,解析失败返回默认值
|
||
func parseIntWithDefault(s string, defaultVal int) int {
|
||
val, err := strconv.Atoi(s)
|
||
if err != nil {
|
||
return defaultVal
|
||
}
|
||
return val
|
||
}
|
||
|
||
// GetUserIDFromContext 从上下文获取用户ID,如果不存在返回未授权响应
|
||
// 返回值: userID, ok (如果ok为false,已经发送了错误响应)
|
||
func GetUserIDFromContext(c *gin.Context) (int64, bool) {
|
||
userIDValue, exists := c.Get("user_id")
|
||
if !exists {
|
||
c.JSON(http.StatusUnauthorized, model.NewErrorResponse(
|
||
model.CodeUnauthorized,
|
||
model.MsgUnauthorized,
|
||
nil,
|
||
))
|
||
return 0, false
|
||
}
|
||
|
||
// 安全的类型断言
|
||
userID, ok := userIDValue.(int64)
|
||
if !ok {
|
||
c.JSON(http.StatusInternalServerError, model.NewErrorResponse(
|
||
model.CodeServerError,
|
||
"用户ID类型错误",
|
||
nil,
|
||
))
|
||
return 0, false
|
||
}
|
||
|
||
return userID, true
|
||
}
|
||
|
||
// UserToUserInfo 将 User 模型转换为 UserInfo 响应
|
||
func UserToUserInfo(user *model.User) *types.UserInfo {
|
||
return &types.UserInfo{
|
||
ID: user.ID,
|
||
Username: user.Username,
|
||
Email: user.Email,
|
||
Avatar: user.Avatar,
|
||
Points: user.Points,
|
||
Role: user.Role,
|
||
Status: user.Status,
|
||
LastLoginAt: user.LastLoginAt,
|
||
CreatedAt: user.CreatedAt,
|
||
UpdatedAt: user.UpdatedAt,
|
||
}
|
||
}
|
||
|
||
// ProfileToProfileInfo 将 Profile 模型转换为 ProfileInfo 响应
|
||
func ProfileToProfileInfo(profile *model.Profile) *types.ProfileInfo {
|
||
return &types.ProfileInfo{
|
||
UUID: profile.UUID,
|
||
UserID: profile.UserID,
|
||
Name: profile.Name,
|
||
SkinID: profile.SkinID,
|
||
CapeID: profile.CapeID,
|
||
IsActive: profile.IsActive,
|
||
LastUsedAt: profile.LastUsedAt,
|
||
CreatedAt: profile.CreatedAt,
|
||
UpdatedAt: profile.UpdatedAt,
|
||
}
|
||
}
|
||
|
||
// ProfilesToProfileInfos 批量转换 Profile 模型为 ProfileInfo 响应
|
||
func ProfilesToProfileInfos(profiles []*model.Profile) []*types.ProfileInfo {
|
||
result := make([]*types.ProfileInfo, 0, len(profiles))
|
||
for _, profile := range profiles {
|
||
result = append(result, ProfileToProfileInfo(profile))
|
||
}
|
||
return result
|
||
}
|
||
|
||
// TextureToTextureInfo 将 Texture 模型转换为 TextureInfo 响应
|
||
func TextureToTextureInfo(texture *model.Texture) *types.TextureInfo {
|
||
return &types.TextureInfo{
|
||
ID: texture.ID,
|
||
UploaderID: texture.UploaderID,
|
||
Name: texture.Name,
|
||
Description: texture.Description,
|
||
Type: types.TextureType(texture.Type),
|
||
URL: texture.URL,
|
||
Hash: texture.Hash,
|
||
Size: texture.Size,
|
||
IsPublic: texture.IsPublic,
|
||
DownloadCount: texture.DownloadCount,
|
||
FavoriteCount: texture.FavoriteCount,
|
||
IsSlim: texture.IsSlim,
|
||
Status: texture.Status,
|
||
CreatedAt: texture.CreatedAt,
|
||
UpdatedAt: texture.UpdatedAt,
|
||
}
|
||
}
|
||
|
||
// TexturesToTextureInfos 批量转换 Texture 模型为 TextureInfo 响应
|
||
func TexturesToTextureInfos(textures []*model.Texture) []*types.TextureInfo {
|
||
result := make([]*types.TextureInfo, len(textures))
|
||
for i, texture := range textures {
|
||
result[i] = TextureToTextureInfo(texture)
|
||
}
|
||
return result
|
||
}
|
||
|
||
// RespondBadRequest 返回400错误响应
|
||
func RespondBadRequest(c *gin.Context, message string, err error) {
|
||
c.JSON(http.StatusBadRequest, model.NewErrorResponse(
|
||
model.CodeBadRequest,
|
||
message,
|
||
err,
|
||
))
|
||
}
|
||
|
||
// RespondUnauthorized 返回401错误响应
|
||
func RespondUnauthorized(c *gin.Context, message string) {
|
||
c.JSON(http.StatusUnauthorized, model.NewErrorResponse(
|
||
model.CodeUnauthorized,
|
||
message,
|
||
nil,
|
||
))
|
||
}
|
||
|
||
// RespondForbidden 返回403错误响应
|
||
func RespondForbidden(c *gin.Context, message string) {
|
||
c.JSON(http.StatusForbidden, model.NewErrorResponse(
|
||
model.CodeForbidden,
|
||
message,
|
||
nil,
|
||
))
|
||
}
|
||
|
||
// RespondNotFound 返回404错误响应
|
||
func RespondNotFound(c *gin.Context, message string) {
|
||
c.JSON(http.StatusNotFound, model.NewErrorResponse(
|
||
model.CodeNotFound,
|
||
message,
|
||
nil,
|
||
))
|
||
}
|
||
|
||
// RespondServerError 返回500错误响应
|
||
func RespondServerError(c *gin.Context, message string, err error) {
|
||
c.JSON(http.StatusInternalServerError, model.NewErrorResponse(
|
||
model.CodeServerError,
|
||
message,
|
||
err,
|
||
))
|
||
}
|
||
|
||
// RespondSuccess 返回成功响应
|
||
func RespondSuccess(c *gin.Context, data interface{}) {
|
||
c.JSON(http.StatusOK, model.NewSuccessResponse(data))
|
||
}
|
||
|
||
// RespondWithError 根据错误消息自动选择状态码
|
||
func RespondWithError(c *gin.Context, err error) {
|
||
msg := err.Error()
|
||
switch msg {
|
||
case "档案不存在", "用户不存在", "材质不存在":
|
||
RespondNotFound(c, msg)
|
||
case "无权操作此档案", "无权操作此材质":
|
||
RespondForbidden(c, msg)
|
||
case "未授权":
|
||
RespondUnauthorized(c, msg)
|
||
default:
|
||
RespondServerError(c, msg, nil)
|
||
}
|
||
}
|