Initial backend repository commit.

Set up project files and add .gitignore to exclude local build/runtime artifacts. Made-with: Cursor
2026-03-09 21:28:58 +08:00
commit 4d8f2ec997
102 changed files with 25022 additions and 0 deletions
--- a/internal/middleware/auth.go
+++ b/internal/middleware/auth.go
@@ -0,0 +1,95 @@
+package middleware
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/gin-gonic/gin"
+
+	"carrot_bbs/internal/pkg/response"
+	"carrot_bbs/internal/service"
+)
+
+// Auth 认证中间件
+func Auth(jwtService *service.JWTService) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		authHeader := c.GetHeader("Authorization")
+		fmt.Printf("[DEBUG] Auth middleware: Authorization header = %q\n", authHeader)
+
+		if authHeader == "" {
+			fmt.Printf("[DEBUG] Auth middleware: no Authorization header, returning 401\n")
+			response.Unauthorized(c, "authorization header is required")
+			c.Abort()
+			return
+		}
+
+		// 提取Token
+		parts := strings.SplitN(authHeader, " ", 2)
+		if len(parts) != 2 || parts[0] != "Bearer" {
+			fmt.Printf("[DEBUG] Auth middleware: invalid Authorization header format\n")
+			response.Unauthorized(c, "invalid authorization header format")
+			c.Abort()
+			return
+		}
+
+		token := parts[1]
+		fmt.Printf("[DEBUG] Auth middleware: token = %q\n", token[:min(20, len(token))]+"...")
+
+		// 验证Token
+		claims, err := jwtService.ParseToken(token)
+		if err != nil {
+			fmt.Printf("[DEBUG] Auth middleware: failed to parse token: %v\n", err)
+			response.Unauthorized(c, "invalid token")
+			c.Abort()
+			return
+		}
+
+		fmt.Printf("[DEBUG] Auth middleware: parsed claims, user_id = %q, username = %q\n", claims.UserID, claims.Username)
+
+		// 将用户信息存入上下文
+		c.Set("user_id", claims.UserID)
+		c.Set("username", claims.Username)
+
+		c.Next()
+	}
+}
+
+func min(a, b int) int {
+	if a < b {
+		return a
+	}
+	return b
+}
+
+// OptionalAuth 可选认证中间件
+func OptionalAuth(jwtService *service.JWTService) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		authHeader := c.GetHeader("Authorization")
+		if authHeader == "" {
+			c.Next()
+			return
+		}
+
+		// 提取Token
+		parts := strings.SplitN(authHeader, " ", 2)
+		if len(parts) != 2 || parts[0] != "Bearer" {
+			c.Next()
+			return
+		}
+
+		token := parts[1]
+
+		// 验证Token
+		claims, err := jwtService.ParseToken(token)
+		if err != nil {
+			c.Next()
+			return
+		}
+
+		// 将用户信息存入上下文
+		c.Set("user_id", claims.UserID)
+		c.Set("username", claims.Username)
+
+		c.Next()
+	}
+}
--- a/internal/middleware/cors.go
+++ b/internal/middleware/cors.go
@@ -0,0 +1,46 @@
+package middleware
+
+import (
+	"log"
+	"strings"
+
+	"github.com/gin-gonic/gin"
+)
+
+// CORS CORS中间件
+func CORS() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		// 获取请求路径
+		path := c.Request.URL.Path
+
+		c.Header("Access-Control-Allow-Origin", "*")
+		c.Header("Access-Control-Allow-Methods", "GET, POST, PUT, PATCH, DELETE, OPTIONS")
+		// 添加 WebSocket 升级所需的头
+		c.Header("Access-Control-Allow-Headers", "Origin, Content-Type, Accept, Authorization, Connection, Upgrade, Sec-WebSocket-Key, Sec-WebSocket-Version, Sec-WebSocket-Protocol, Sec-WebSocket-Extensions")
+		c.Header("Access-Control-Expose-Headers", "Content-Length, Connection, Upgrade")
+		c.Header("Access-Control-Allow-Credentials", "true")
+
+		// 处理 WebSocket 升级请求的预检
+		if c.Request.Method == "OPTIONS" {
+			log.Printf("[CORS] OPTIONS 预检请求: %s", path)
+			c.AbortWithStatus(204)
+			return
+		}
+
+		// 针对 WebSocket 路径的特殊处理
+		if path == "/ws" {
+			connection := c.GetHeader("Connection")
+			upgrade := c.GetHeader("Upgrade")
+			log.Printf("[CORS] WebSocket 请求: Connection=%s, Upgrade=%s", connection, upgrade)
+
+			// 检查是否是有效的 WebSocket 升级请求
+			if strings.Contains(strings.ToLower(connection), "upgrade") && strings.ToLower(upgrade) == "websocket" {
+				log.Printf("[CORS] 有效的 WebSocket 升级请求")
+			} else {
+				log.Printf("[CORS] 警告: 不是有效的 WebSocket 升级请求!")
+			}
+		}
+
+		c.Next()
+	}
+}
--- a/internal/middleware/logger.go
+++ b/internal/middleware/logger.go
@@ -0,0 +1,49 @@
+package middleware
+
+import (
+	"time"
+
+	"github.com/gin-gonic/gin"
+	"go.uber.org/zap"
+)
+
+// Logger 日志中间件
+func Logger(logger *zap.Logger) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		start := time.Now()
+		path := c.Request.URL.Path
+
+		c.Next()
+
+		latency := time.Since(start)
+		statusCode := c.Writer.Status()
+
+		logger.Info("request",
+			zap.String("method", c.Request.Method),
+			zap.String("path", path),
+			zap.Int("status", statusCode),
+			zap.Duration("latency", latency),
+			zap.String("ip", c.ClientIP()),
+			zap.String("user-agent", c.Request.UserAgent()),
+		)
+	}
+}
+
+// Recovery 恢复中间件
+func Recovery(logger *zap.Logger) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		defer func() {
+			if err := recover(); err != nil {
+				logger.Error("panic recovered",
+					zap.Any("error", err),
+				)
+				c.JSON(500, gin.H{
+					"code":    500,
+					"message": "internal server error",
+				})
+				c.Abort()
+			}
+		}()
+		c.Next()
+	}
+}
--- a/internal/middleware/ratelimit.go
+++ b/internal/middleware/ratelimit.go
@@ -0,0 +1,102 @@
+package middleware
+
+import (
+	"net/http"
+	"sync"
+	"time"
+
+	"github.com/gin-gonic/gin"
+)
+
+// RateLimiter 限流器
+type RateLimiter struct {
+	requests map[string][]time.Time
+	mu       sync.Mutex
+	limit    int
+	window   time.Duration
+}
+
+// NewRateLimiter 创建限流器
+func NewRateLimiter(limit int, window time.Duration) *RateLimiter {
+	rl := &RateLimiter{
+		requests: make(map[string][]time.Time),
+		limit:    limit,
+		window:   window,
+	}
+
+	// 定期清理过期的记录
+	go func() {
+		for {
+			time.Sleep(window)
+			rl.cleanup()
+		}
+	}()
+
+	return rl
+}
+
+// cleanup 清理过期的记录
+func (rl *RateLimiter) cleanup() {
+	rl.mu.Lock()
+	defer rl.mu.Unlock()
+
+	now := time.Now()
+	for key, times := range rl.requests {
+		var valid []time.Time
+		for _, t := range times {
+			if now.Sub(t) < rl.window {
+				valid = append(valid, t)
+			}
+		}
+		if len(valid) == 0 {
+			delete(rl.requests, key)
+		} else {
+			rl.requests[key] = valid
+		}
+	}
+}
+
+// isAllowed 检查是否允许请求
+func (rl *RateLimiter) isAllowed(key string) bool {
+	rl.mu.Lock()
+	defer rl.mu.Unlock()
+
+	now := time.Now()
+	times := rl.requests[key]
+
+	// 过滤掉过期的
+	var valid []time.Time
+	for _, t := range times {
+		if now.Sub(t) < rl.window {
+			valid = append(valid, t)
+		}
+	}
+
+	if len(valid) >= rl.limit {
+		rl.requests[key] = valid
+		return false
+	}
+
+	rl.requests[key] = append(valid, now)
+	return true
+}
+
+// RateLimit 限流中间件
+func RateLimit(requestsPerMinute int) gin.HandlerFunc {
+	limiter := NewRateLimiter(requestsPerMinute, time.Minute)
+
+	return func(c *gin.Context) {
+		ip := c.ClientIP()
+
+		if !limiter.isAllowed(ip) {
+			c.JSON(http.StatusTooManyRequests, gin.H{
+				"code":    429,
+				"message": "too many requests",
+			})
+			c.Abort()
+			return
+		}
+
+		c.Next()
+	}
+}