go-platform/services/platform_auth.go

package services

import (
	"errors"
	"strings"

	"server/models"
	"server/pkg/jwtutil"
	"server/pkg/passwordutil"
)

type PlatformLoginUser struct {
	ID       uint64
	Account  string
	Name     string
	Tid      uint64
	Rid      uint64
	Avatar   string
	RoleName string
}

func adminRoleNameByID(roleID uint64) string {
	if roleID == 0 {
		return ""
	}
	var role models.AdminRole
	err := models.Orm.QueryTable(new(models.AdminRole)).Filter("id", roleID).One(&role)
	if err != nil {
		return ""
	}
	return role.Name
}

func toPlatformLoginUser(user *models.AdminUser) *PlatformLoginUser {
	name := ""
	if user.Name != nil {
		name = *user.Name
	}
	avatar := ""
	if user.Avatar != nil {
		avatar = *user.Avatar
	}
	return &PlatformLoginUser{
		ID:       user.ID,
		Account:  user.Account,
		Name:     name,
		Tid:      0,
		Rid:      user.RoleID,
		Avatar:   avatar,
		RoleName: adminRoleNameByID(user.RoleID),
	}
}

// PlatformAdminLogin 平台端登录：仅校验 yz_system_admin_user（不需要租户）
func PlatformAdminLogin(account, password string) (string, *PlatformLoginUser, error) {
	account = strings.TrimSpace(account)
	password = strings.TrimSpace(password)
	if account == "" || password == "" {
		return "", nil, errors.New("用户名或密码不能为空")
	}

	var user models.AdminUser
	err := models.Orm.QueryTable(new(models.AdminUser)).
		Filter("account", account).
		One(&user)
	if err != nil {
		return "", nil, errors.New("用户名或密码错误")
	}
	if user.Status == 0 {
		return "", nil, errors.New("账号已禁用")
	}
	if !passwordutil.Verify(user.Password, password) {
		return "", nil, errors.New("用户名或密码错误")
	}

	const tenantID = 0
	const userType = "platform"
	token, err := jwtutil.GenerateToken(int(user.ID), user.Account, tenantID, userType)
	if err != nil {
		return "", nil, err
	}

	loginUser := toPlatformLoginUser(&user)
	return token, loginUser, nil
}

// BackendLogin backend 登录：先校验租户，再校验租户下用户
func BackendLogin(tenantName, account, password string) (string, *PlatformLoginUser, error) {
	tenantName = strings.TrimSpace(tenantName)
	account = strings.TrimSpace(account)
	password = strings.TrimSpace(password)
	if tenantName == "" || account == "" || password == "" {
		return "", nil, errors.New("租户名称、用户名或密码不能为空")
	}

	// 1) 校验租户名称
	var tenant models.Tenant
	err := models.Orm.QueryTable(new(models.Tenant)).
		Filter("tenant_name", tenantName).
		One(&tenant)
	if err != nil {
		return "", nil, errors.New("租户不存在")
	}
	if tenant.Status != 1 {
		return "", nil, errors.New("租户已停用")
	}

	// 2) 在 tid 下校验租户用户账号和密码
	var tenantUser models.TenantUser
	err = models.Orm.QueryTable(new(models.TenantUser)).
		Filter("tid", tenant.ID).
		Filter("account", account).
		One(&tenantUser)
	if err != nil {
		return "", nil, errors.New("用户名或密码错误")
	}
	if tenantUser.Status == 0 {
		return "", nil, errors.New("账号已禁用")
	}
	if tenantUser.Password == nil || !passwordutil.Verify(*tenantUser.Password, password) {
		return "", nil, errors.New("用户名或密码错误")
	}

	tenantID := int(tenant.ID)
	const userType = "backend"
	token, err := jwtutil.GenerateToken(int(tenantUser.Uid), account, tenantID, userType)
	if err != nil {
		return "", nil, err
	}

	loginUser := &PlatformLoginUser{
		ID:       tenantUser.Uid,
		Account:  account,
		Name:     "",
		Tid:      tenant.ID,
		Rid:      0,
		Avatar:   "",
		RoleName: "",
	}
	if tenantUser.Account != nil && strings.TrimSpace(*tenantUser.Account) != "" {
		loginUser.Account = strings.TrimSpace(*tenantUser.Account)
	}
	if tenantUser.Name != nil {
		loginUser.Name = strings.TrimSpace(*tenantUser.Name)
	}
	return token, loginUser, nil
}

// PlatformGetCurrentUser 根据平台管理员用户 ID 返回登录用户信息（含角色名称）
func PlatformGetCurrentUser(uid uint64) (*PlatformLoginUser, error) {
	u, err := GetAdminUserByID(uid)
	if err != nil {
		return nil, errors.New("用户不存在")
	}
	if u.Status == 0 {
		return nil, errors.New("账号已禁用")
	}
	return toPlatformLoginUser(u), nil
}