Add Session model, SessionService, and SessionRepository to track user login sessions and enable token revocation on auth-critical events. - Introduce explicit TokenType (access/refresh) in JWT claims to prevent refresh token misuse via access token endpoints - Add SessionID field to JWT claims, enabling stateless JWT validation against revoked sessions - Replace legacy Auth middleware with RequireAuth/OptionalAuth pipeline that validates token type, account status, and session validity - Implement session revocation on password change, reset, user ban/inactive, and explicit logout - Add Principal cache with active invalidation for banned/role-changed users - Fix IDOR vulnerability: GetMessagesByCursor now validates currentUserID is conversation participant via GetParticipantStrict - Add group member visibility checks: announcements, group info, member list now require group membership - Simplify Casbin policy: remove g grouping, use r.sub == p.sub matcher with globMatch; user_roles table is single source of truth for roles - Add migration logic to clean legacy casbin g rules and migrate old p rules from path-style to admin/<domain> resource naming
76 lines
2.2 KiB
Go
76 lines
2.2 KiB
Go
package wire
|
||
|
||
import (
|
||
"with_you/internal/cache"
|
||
"with_you/internal/repository"
|
||
|
||
"github.com/google/wire"
|
||
"gorm.io/gorm"
|
||
)
|
||
|
||
// RepositorySet Repository 层 Provider Set
|
||
var RepositorySet = wire.NewSet(
|
||
repository.NewUserRepository,
|
||
repository.NewPostRepository,
|
||
repository.NewCommentRepository,
|
||
repository.NewMessageRepository,
|
||
repository.NewNotificationRepository,
|
||
repository.NewPushRecordRepository,
|
||
repository.NewDeviceTokenRepository,
|
||
repository.NewSystemNotificationRepository,
|
||
repository.NewGroupRepository,
|
||
repository.NewGroupJoinRequestRepository,
|
||
repository.NewStickerRepository,
|
||
repository.NewVoteRepository,
|
||
repository.NewChannelRepository,
|
||
repository.NewScheduleRepository,
|
||
repository.NewGradeRepository,
|
||
repository.NewExamRepository,
|
||
repository.NewEmptyClassroomRepository,
|
||
repository.NewMaterialSubjectRepository,
|
||
repository.NewMaterialFileRepository,
|
||
repository.NewCallRepository,
|
||
repository.NewReportRepository,
|
||
ProvideUserActivityRepository,
|
||
|
||
// 日志相关仓储
|
||
repository.NewOperationLogRepository,
|
||
repository.NewLoginLogRepository,
|
||
repository.NewDataChangeLogRepository,
|
||
|
||
// 身份认证相关仓储
|
||
repository.NewVerificationRepository,
|
||
|
||
// 敏感词相关仓储
|
||
repository.NewSensitiveWordRepository,
|
||
|
||
// 用户资料审核相关仓储
|
||
repository.NewUserProfileAuditRepository,
|
||
|
||
// 帖子内链引用关系
|
||
repository.NewPostRefRepository,
|
||
|
||
// 二手交易相关
|
||
repository.NewTradeRepository,
|
||
|
||
// 版本日志同步
|
||
repository.NewConversationVersionLogRepository,
|
||
|
||
// 文件上传记录(聊天文件 TTL 过期清理)
|
||
repository.NewUploadedFileRepository,
|
||
|
||
// 会话(令牌撤销支持)
|
||
repository.NewSessionRepository,
|
||
)
|
||
|
||
// ProvideUserActivityRepository 提供用户活跃数据仓储
|
||
func ProvideUserActivityRepository(db *gorm.DB, cache cache.Cache) repository.UserActivityRepository {
|
||
return repository.NewUserActivityRepository(db, cache)
|
||
}
|
||
|
||
// Note: 以下 Repository 返回接口类型而非指针,需要单独处理
|
||
// - ScheduleRepository (repository.ScheduleRepository)
|
||
// - StickerRepository (repository.StickerRepository)
|
||
// - GroupRepository (repository.GroupRepository)
|
||
// 这些已经在各自的 New* 函数中正确返回接口类型,Wire 可以自动处理
|