Files
backend/cmd/server/wire.go
lafay eb931bf1c6
All checks were successful
Build Backend / build (push) Successful in 2m19s
Build Backend / build-docker (push) Successful in 46s
feat(auth): implement session-based token management with revocation support
Add Session model, SessionService, and SessionRepository to track user login
sessions and enable token revocation on auth-critical events.

- Introduce explicit TokenType (access/refresh) in JWT claims to prevent
  refresh token misuse via access token endpoints
- Add SessionID field to JWT claims, enabling stateless JWT validation
  against revoked sessions
- Replace legacy Auth middleware with RequireAuth/OptionalAuth pipeline
  that validates token type, account status, and session validity
- Implement session revocation on password change, reset, user ban/inactive,
  and explicit logout
- Add Principal cache with active invalidation for banned/role-changed users
- Fix IDOR vulnerability: GetMessagesByCursor now validates currentUserID
  is conversation participant via GetParticipantStrict
- Add group member visibility checks: announcements, group info, member list
  now require group membership
- Simplify Casbin policy: remove g grouping, use r.sub == p.sub matcher
  with globMatch; user_roles table is single source of truth for roles
- Add migration logic to clean legacy casbin g rules and migrate old p rules
  from path-style to admin/<domain> resource naming
2026-07-05 18:28:08 +08:00

122 lines
4.2 KiB
Go

//go:build wireinject
// +build wireinject
package main
import (
"github.com/google/wire"
"with_you/internal/cache"
"with_you/internal/handler"
"with_you/internal/middleware"
"with_you/internal/repository"
"with_you/internal/router"
"with_you/internal/service"
appwire "with_you/internal/wire"
)
// InitializeApp 初始化应用程序
func InitializeApp() (*App, error) {
wire.Build(
appwire.AllSet,
NewApp,
ProvideRouter,
)
return nil, nil
}
// ProvideRouter 提供路由
func ProvideRouter(
userRepo repository.UserRepository,
userHandler *handler.UserHandler,
postHandler *handler.PostHandler,
commentHandler *handler.CommentHandler,
messageHandler *handler.MessageHandler,
notificationHandler *handler.NotificationHandler,
uploadHandler *handler.UploadHandler,
jwtService service.JWTService,
sessionService service.SessionService,
identityProvider middleware.IdentityProvider,
cache cache.Cache,
pushHandler *handler.PushHandler,
systemMessageHandler *handler.SystemMessageHandler,
groupHandler *handler.GroupHandler,
stickerHandler *handler.StickerHandler,
voteHandler *handler.VoteHandler,
channelHandler *handler.ChannelHandler,
scheduleHandler *handler.ScheduleHandler,
gradeHandler *handler.GradeHandler,
examHandler *handler.ExamHandler,
emptyClassroomHandler *handler.EmptyClassroomHandler,
roleHandler *handler.RoleHandler,
adminUserHandler *handler.AdminUserHandler,
adminPostHandler *handler.AdminPostHandler,
adminCommentHandler *handler.AdminCommentHandler,
adminGroupHandler *handler.AdminGroupHandler,
adminDashboardHandler *handler.AdminDashboardHandler,
adminLogHandler *handler.AdminLogHandler,
qrcodeHandler *handler.QRCodeHandler,
materialHandler *handler.MaterialHandler,
callHandler *handler.CallHandler,
reportHandler *handler.ReportHandler,
adminReportHandler *handler.AdminReportHandler,
verificationHandler *handler.VerificationHandler,
adminVerificationHandler *handler.AdminVerificationHandler,
adminProfileAuditHandler *handler.AdminProfileAuditHandler,
setupHandler *handler.SetupHandler,
tradeHandler *handler.TradeHandler,
logService *service.LogService,
activityService service.UserActivityService,
casbinService service.CasbinService,
userService service.UserService,
wsHandler *handler.WSHandler,
liveKitHandler *handler.LiveKitHandler,
) *router.Router {
return router.New(router.RouterDeps{
UserRepo: userRepo,
UserHandler: userHandler,
PostHandler: postHandler,
CommentHandler: commentHandler,
MessageHandler: messageHandler,
NotificationHandler: notificationHandler,
UploadHandler: uploadHandler,
JWTService: jwtService,
SessionService: sessionService,
IdentityProvider: identityProvider,
Cache: cache,
PushHandler: pushHandler,
SystemMessageHandler: systemMessageHandler,
GroupHandler: groupHandler,
StickerHandler: stickerHandler,
VoteHandler: voteHandler,
ChannelHandler: channelHandler,
ScheduleHandler: scheduleHandler,
GradeHandler: gradeHandler,
ExamHandler: examHandler,
EmptyClassroomHandler: emptyClassroomHandler,
RoleHandler: roleHandler,
AdminUserHandler: adminUserHandler,
AdminPostHandler: adminPostHandler,
AdminCommentHandler: adminCommentHandler,
AdminGroupHandler: adminGroupHandler,
AdminDashboardHandler: adminDashboardHandler,
AdminLogHandler: adminLogHandler,
QRCodeHandler: qrcodeHandler,
MaterialHandler: materialHandler,
CallHandler: callHandler,
LiveKitHandler: liveKitHandler,
ReportHandler: reportHandler,
AdminReportHandler: adminReportHandler,
VerificationHandler: verificationHandler,
AdminVerificationHandler: adminVerificationHandler,
AdminProfileAuditHandler: adminProfileAuditHandler,
SetupHandler: setupHandler,
TradeHandler: tradeHandler,
LogService: logService,
ActivityService: activityService,
CasbinService: casbinService,
UserService: userService,
WSHandler: wsHandler,
})
}