refactor(server): decouple services and improve architecture
- Introduce interfaces for all major services (JWT, PostAI, Comment, Message, Notification, QRCodeLogin, Upload, Vote, etc.) to support dependency inversion. - Move query parameters from `internal/dto` to a new `internal/query` package to separate request payloads from data transfer objects. - Refactor `internal/router` to use embedded `RouterDeps` for cleaner dependency management. - Decouple handlers from repositories by injecting services instead of direct repository access, ensuring proper layering. - Improve database initialization by moving it from `internal/model` to `internal/database`. - Optimize message decryption by implementing a more efficient `BatchDecrypt` method in `MessageEncryptor` using a worker pool. - Enhance error handling and security by implementing fail-fast checks for encryption key length during startup. - Clean up unused code, including the `avatar` package and several unused DTOs.
This commit is contained in:
@@ -1,4 +1,4 @@
|
||||
package wire
|
||||
package wire
|
||||
|
||||
import (
|
||||
"time"
|
||||
@@ -7,8 +7,8 @@ import (
|
||||
"with_you/internal/grpc/runner"
|
||||
"with_you/internal/pkg/redis"
|
||||
|
||||
"github.com/google/wire"
|
||||
"github.com/google/uuid"
|
||||
"github.com/google/wire"
|
||||
"go.uber.org/zap"
|
||||
)
|
||||
|
||||
|
||||
@@ -1,10 +1,9 @@
|
||||
package wire
|
||||
package wire
|
||||
|
||||
import (
|
||||
"with_you/internal/config"
|
||||
"with_you/internal/handler"
|
||||
"with_you/internal/pkg/ws"
|
||||
"with_you/internal/repository"
|
||||
"with_you/internal/service"
|
||||
|
||||
"github.com/google/wire"
|
||||
@@ -66,7 +65,7 @@ func ProvideUserHandler(
|
||||
|
||||
func ProvideMessageHandler(
|
||||
chatService service.ChatService,
|
||||
messageService *service.MessageService,
|
||||
messageService service.MessageService,
|
||||
userService service.UserService,
|
||||
groupService service.GroupService,
|
||||
publisher ws.MessagePublisher,
|
||||
@@ -102,11 +101,11 @@ func ProvideWSHandler(
|
||||
publisher ws.MessagePublisher,
|
||||
chatService service.ChatService,
|
||||
groupService service.GroupService,
|
||||
jwtService *service.JWTService,
|
||||
jwtService service.JWTService,
|
||||
callService service.CallService,
|
||||
userRepo repository.UserRepository,
|
||||
userService service.UserService,
|
||||
) *handler.WSHandler {
|
||||
return handler.NewWSHandler(publisher, chatService, groupService, jwtService, callService, userRepo)
|
||||
return handler.NewWSHandler(publisher, chatService, groupService, jwtService, callService, userService)
|
||||
}
|
||||
|
||||
// ProvideLiveKitHandler 提供 LiveKit 处理器
|
||||
@@ -122,9 +121,9 @@ func ProvideLiveKitHandler(
|
||||
// ProvideAdminVerificationHandler 提供管理端身份认证处理器
|
||||
func ProvideAdminVerificationHandler(
|
||||
adminVerificationService service.AdminVerificationService,
|
||||
userRepo repository.UserRepository,
|
||||
userService service.UserService,
|
||||
) *handler.AdminVerificationHandler {
|
||||
return handler.NewAdminVerificationHandler(adminVerificationService, userRepo)
|
||||
return handler.NewAdminVerificationHandler(adminVerificationService, userService)
|
||||
}
|
||||
|
||||
func ProvideSetupHandler(
|
||||
|
||||
@@ -1,11 +1,12 @@
|
||||
package wire
|
||||
package wire
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"time"
|
||||
|
||||
"with_you/internal/cache"
|
||||
"with_you/internal/config"
|
||||
"with_you/internal/model"
|
||||
"with_you/internal/database"
|
||||
"with_you/internal/pkg/crypto"
|
||||
"with_you/internal/pkg/email"
|
||||
"with_you/internal/pkg/hook"
|
||||
@@ -18,8 +19,8 @@ import (
|
||||
"with_you/internal/repository"
|
||||
"with_you/internal/service"
|
||||
|
||||
redisPkg "github.com/redis/go-redis/v9"
|
||||
"github.com/google/wire"
|
||||
redisPkg "github.com/redis/go-redis/v9"
|
||||
"go.uber.org/zap"
|
||||
"gorm.io/gorm"
|
||||
)
|
||||
@@ -74,7 +75,7 @@ func ProvideConfig() (*config.Config, error) {
|
||||
|
||||
// ProvideDB 提供数据库连接
|
||||
func ProvideDB(cfg *config.Config) (*gorm.DB, error) {
|
||||
return model.NewDB(&cfg.Database)
|
||||
return database.NewDB(&cfg.Database)
|
||||
}
|
||||
|
||||
// ProvideRedisClient 提供 Redis 客户端
|
||||
@@ -145,7 +146,7 @@ func ProvideBuiltinHooks(manager *hook.Manager) *hook.BuiltinHooks {
|
||||
// ProvideModerationHooks 注册审核钩子
|
||||
func ProvideModerationHooks(
|
||||
manager *hook.Manager,
|
||||
postAIService *service.PostAIService,
|
||||
postAIService service.PostAIService,
|
||||
postRepo repository.PostRepository,
|
||||
commentRepo repository.CommentRepository,
|
||||
userRepo repository.UserRepository,
|
||||
@@ -248,6 +249,7 @@ func ProvideTransactionManager(db *gorm.DB) repository.TransactionManager {
|
||||
}
|
||||
|
||||
// ProvideMessageEncryptor 提供消息加密器
|
||||
// 加密启用时密钥必须是 32 字节(AES-256),否则视为致命配置错误,启动期 fail-fast。
|
||||
func ProvideMessageEncryptor(cfg *config.Config) error {
|
||||
if !cfg.Encryption.Enabled {
|
||||
zap.L().Info("Message encryption is disabled")
|
||||
@@ -255,15 +257,12 @@ func ProvideMessageEncryptor(cfg *config.Config) error {
|
||||
}
|
||||
|
||||
if len(cfg.Encryption.Key) != 32 {
|
||||
zap.L().Error("Encryption key must be 32 bytes for AES-256",
|
||||
zap.Int("actual_length", len(cfg.Encryption.Key)),
|
||||
)
|
||||
return nil
|
||||
// 致命安全配置:不允许降级为「加密已启用但实际不加密」
|
||||
return fmt.Errorf("encryption is enabled but key must be 32 bytes for AES-256, got %d", len(cfg.Encryption.Key))
|
||||
}
|
||||
|
||||
if err := crypto.InitMessageEncryptor(cfg.Encryption.Key, cfg.Encryption.KeyVersion); err != nil {
|
||||
zap.L().Error("Failed to initialize message encryptor", zap.Error(err))
|
||||
return err
|
||||
return fmt.Errorf("failed to initialize message encryptor: %w", err)
|
||||
}
|
||||
|
||||
zap.L().Info("Message encryption initialized successfully",
|
||||
|
||||
91
internal/wire/infrastructure_test.go
Normal file
91
internal/wire/infrastructure_test.go
Normal file
@@ -0,0 +1,91 @@
|
||||
package wire
|
||||
|
||||
import (
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"with_you/internal/config"
|
||||
"with_you/internal/pkg/crypto"
|
||||
)
|
||||
|
||||
// validTestKey 是用于测试的 32 字节 AES-256 密钥(仅测试用,不含敏感信息)。
|
||||
const validTestKey = "12345678901234567890123456789012"
|
||||
|
||||
// TestProvideMessageEncryptor_Disabled 校验:加密关闭时应返回 nil 且不初始化加密器。
|
||||
func TestProvideMessageEncryptor_Disabled(t *testing.T) {
|
||||
cfg := &config.Config{
|
||||
Encryption: config.EncryptionConfig{
|
||||
Enabled: false,
|
||||
Key: "",
|
||||
},
|
||||
}
|
||||
|
||||
err := ProvideMessageEncryptor(cfg)
|
||||
if err != nil {
|
||||
t.Fatalf("disabled encryption should return nil error, got: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
// TestProvideMessageEncryptor_EnabledBadKey 校验:加密启用但密钥非 32 字节时,
|
||||
// 必须 fail-fast 返回 error,且 error 信息提示长度问题。
|
||||
func TestProvideMessageEncryptor_EnabledBadKey(t *testing.T) {
|
||||
cases := []struct {
|
||||
name string
|
||||
key string
|
||||
}{
|
||||
{"empty", ""},
|
||||
{"too_short", "shortkey"},
|
||||
{"too_long", strings.Repeat("a", 64)},
|
||||
}
|
||||
|
||||
for _, tc := range cases {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
cfg := &config.Config{
|
||||
Encryption: config.EncryptionConfig{
|
||||
Enabled: true,
|
||||
Key: tc.key,
|
||||
KeyVersion: 1,
|
||||
},
|
||||
}
|
||||
|
||||
err := ProvideMessageEncryptor(cfg)
|
||||
if err == nil {
|
||||
t.Fatalf("enabled encryption with bad key (len=%d) must fail-fast, got nil", len(tc.key))
|
||||
}
|
||||
// 错误信息应包含 "32 bytes" 提示
|
||||
if !strings.Contains(err.Error(), "32 bytes") {
|
||||
t.Errorf("error should mention 32 bytes requirement, got: %v", err)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
// TestProvideMessageEncryptor_EnabledValidKey 校验:加密启用且密钥合法时返回 nil,
|
||||
// 且加密器被正确初始化(GetKeyVersion 与配置一致)。
|
||||
// 注意:crypto 用 sync.Once 初始化,同一进程只生效一次。
|
||||
// 该用例必须最先在 fail-fast 用例之前运行以保证 Once 在合法状态下被消费;
|
||||
// 为避免测试顺序耦合,本用例独立 t.Run 顺序中放最后,并在合法 key 下幂等。
|
||||
func TestProvideMessageEncryptor_EnabledValidKey(t *testing.T) {
|
||||
// 确保加密器在合法状态:直接以合法 key 初始化一次
|
||||
if err := crypto.InitMessageEncryptor(validTestKey, 1); err != nil {
|
||||
t.Fatalf("pre-init encryptor failed: %v", err)
|
||||
}
|
||||
|
||||
cfg := &config.Config{
|
||||
Encryption: config.EncryptionConfig{
|
||||
Enabled: true,
|
||||
Key: validTestKey,
|
||||
KeyVersion: 1,
|
||||
},
|
||||
}
|
||||
|
||||
err := ProvideMessageEncryptor(cfg)
|
||||
if err != nil {
|
||||
t.Fatalf("valid encryption config should succeed, got: %v", err)
|
||||
}
|
||||
|
||||
enc := crypto.GetMessageEncryptor()
|
||||
if enc == nil {
|
||||
t.Fatal("encryptor should be initialized after valid config")
|
||||
}
|
||||
}
|
||||
@@ -1,4 +1,4 @@
|
||||
package wire
|
||||
package wire
|
||||
|
||||
import (
|
||||
"with_you/internal/cache"
|
||||
@@ -24,9 +24,9 @@ var RepositorySet = wire.NewSet(
|
||||
repository.NewVoteRepository,
|
||||
repository.NewChannelRepository,
|
||||
repository.NewScheduleRepository,
|
||||
repository.NewGradeRepository,
|
||||
repository.NewExamRepository,
|
||||
repository.NewEmptyClassroomRepository,
|
||||
repository.NewGradeRepository,
|
||||
repository.NewExamRepository,
|
||||
repository.NewEmptyClassroomRepository,
|
||||
repository.NewMaterialSubjectRepository,
|
||||
repository.NewMaterialFileRepository,
|
||||
repository.NewCallRepository,
|
||||
@@ -53,8 +53,8 @@ var RepositorySet = wire.NewSet(
|
||||
// 二手交易相关
|
||||
repository.NewTradeRepository,
|
||||
|
||||
// 版本日志同步
|
||||
repository.NewConversationVersionLogRepository,
|
||||
// 版本日志同步
|
||||
repository.NewConversationVersionLogRepository,
|
||||
)
|
||||
|
||||
// ProvideUserActivityRepository 提供用户活跃数据仓储
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
package wire
|
||||
package wire
|
||||
|
||||
import (
|
||||
"time"
|
||||
@@ -46,9 +46,9 @@ var ServiceSet = wire.NewSet(
|
||||
ProvideChatService,
|
||||
ProvideScheduleService,
|
||||
ProvideScheduleSyncService,
|
||||
ProvideGradeSyncService,
|
||||
ProvideExamSyncService,
|
||||
ProvideEmptyClassroomSyncService,
|
||||
ProvideGradeSyncService,
|
||||
ProvideExamSyncService,
|
||||
ProvideEmptyClassroomSyncService,
|
||||
ProvideGroupService,
|
||||
ProvideUploadService,
|
||||
ProvideUserActivityService,
|
||||
@@ -87,7 +87,7 @@ var ServiceSet = wire.NewSet(
|
||||
)
|
||||
|
||||
// ProvideJWTService 提供 JWT 服务
|
||||
func ProvideJWTService(cfg *config.Config) *service.JWTService {
|
||||
func ProvideJWTService(cfg *config.Config) service.JWTService {
|
||||
return service.NewJWTService(
|
||||
cfg.JWT.Secret,
|
||||
int64(cfg.JWT.AccessTokenExpire.Seconds()),
|
||||
@@ -101,7 +101,7 @@ func ProvideEmailService(client email.Client) service.EmailService {
|
||||
}
|
||||
|
||||
// ProvidePostAIService 提供 AI 服务
|
||||
func ProvidePostAIService(openAIClient openai.Client, tencentClient tencent.Client, cfg *config.Config) *service.PostAIService {
|
||||
func ProvidePostAIService(openAIClient openai.Client, tencentClient tencent.Client, cfg *config.Config) service.PostAIService {
|
||||
return service.NewPostAIService(openAIClient, tencentClient, cfg.OpenAI.StrictModeration)
|
||||
}
|
||||
|
||||
@@ -130,7 +130,7 @@ func ProvideSystemMessageService(
|
||||
func ProvidePostService(
|
||||
postRepo repository.PostRepository,
|
||||
systemMessageService service.SystemMessageService,
|
||||
postAIService *service.PostAIService,
|
||||
postAIService service.PostAIService,
|
||||
cacheBackend cache.Cache,
|
||||
txManager repository.TransactionManager,
|
||||
hookManager *hook.Manager,
|
||||
@@ -145,11 +145,11 @@ func ProvideCommentService(
|
||||
commentRepo repository.CommentRepository,
|
||||
postRepo repository.PostRepository,
|
||||
systemMessageService service.SystemMessageService,
|
||||
postAIService *service.PostAIService,
|
||||
postAIService service.PostAIService,
|
||||
cacheBackend cache.Cache,
|
||||
hookManager *hook.Manager,
|
||||
logService *service.LogService,
|
||||
) *service.CommentService {
|
||||
) service.CommentService {
|
||||
return service.NewCommentService(commentRepo, postRepo, systemMessageService, postAIService, cacheBackend, hookManager, logService)
|
||||
}
|
||||
|
||||
@@ -157,8 +157,8 @@ func ProvideCommentService(
|
||||
func ProvideMessageService(
|
||||
messageRepo repository.MessageRepository,
|
||||
cacheBackend cache.Cache,
|
||||
uploadService *service.UploadService,
|
||||
) *service.MessageService {
|
||||
uploadService service.UploadService,
|
||||
) service.MessageService {
|
||||
return service.NewMessageService(messageRepo, cacheBackend, uploadService)
|
||||
}
|
||||
|
||||
@@ -166,7 +166,7 @@ func ProvideMessageService(
|
||||
func ProvideNotificationService(
|
||||
notificationRepo repository.NotificationRepository,
|
||||
cacheBackend cache.Cache,
|
||||
) *service.NotificationService {
|
||||
) service.NotificationService {
|
||||
return service.NewNotificationService(notificationRepo, cacheBackend)
|
||||
}
|
||||
|
||||
@@ -193,11 +193,11 @@ func ProvideVoteService(
|
||||
voteRepo repository.VoteRepository,
|
||||
postRepo repository.PostRepository,
|
||||
cache cache.Cache,
|
||||
postAIService *service.PostAIService,
|
||||
postAIService service.PostAIService,
|
||||
systemMessageService service.SystemMessageService,
|
||||
hookManager *hook.Manager,
|
||||
logService *service.LogService,
|
||||
) *service.VoteService {
|
||||
) service.VoteService {
|
||||
return service.NewVoteService(voteRepo, postRepo, cache, postAIService, systemMessageService, hookManager, logService)
|
||||
}
|
||||
|
||||
@@ -212,7 +212,7 @@ func ProvideChatService(
|
||||
userRepo repository.UserRepository,
|
||||
publisher ws.MessagePublisher,
|
||||
cacheBackend cache.Cache,
|
||||
uploadService *service.UploadService,
|
||||
uploadService service.UploadService,
|
||||
pushService service.PushService,
|
||||
seqBufferMgr *cache.SeqBufferManager,
|
||||
pushWorker *service.PushWorker,
|
||||
@@ -291,7 +291,7 @@ func ProvideGroupService(
|
||||
func ProvideUploadService(
|
||||
s3Client *s3.Client,
|
||||
userService service.UserService,
|
||||
) *service.UploadService {
|
||||
) service.UploadService {
|
||||
return service.NewUploadService(s3Client, userService)
|
||||
}
|
||||
|
||||
@@ -432,11 +432,11 @@ func ProvideHotRankWorker(cfg *config.Config, postRepo repository.PostRepository
|
||||
func ProvideQRCodeLoginService(
|
||||
redisClient *redis.Client,
|
||||
publisher ws.MessagePublisher,
|
||||
jwtService *service.JWTService,
|
||||
jwtService service.JWTService,
|
||||
userService service.UserService,
|
||||
activityService service.UserActivityService,
|
||||
logService *service.LogService,
|
||||
) *service.QRCodeLoginService {
|
||||
) service.QRCodeLoginService {
|
||||
return service.NewQRCodeLoginService(redisClient, publisher, jwtService, userService, activityService, logService)
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user