refactor(account): 统一账号管理API、完善权限检查和操作审计

- 合并 customer_account 和 shop_account 路由到统一的 account 接口 - 新增统一认证接口 (auth handler) - 实现越权防护中间件和权限检查工具函数 - 新增操作审计日志模型和服务 - 更新数据库迁移 (版本 39: account_operation_log 表) - 补充集成测试覆盖权限检查和审计日志场景
2026-02-02 17:23:20 +08:00
parent 5851cc6403
commit 80f560df33
58 changed files with 10743 additions and 4915 deletions
--- a/internal/routes/admin.go
+++ b/internal/routes/admin.go
@@ -4,16 +4,12 @@ import (
 	"github.com/gofiber/fiber/v2"

 	"github.com/break/junhong_cmp_fiber/internal/bootstrap"
-	"github.com/break/junhong_cmp_fiber/internal/model/dto"
 	"github.com/break/junhong_cmp_fiber/pkg/openapi"
 )

 // RegisterAdminRoutes 注册管理后台相关路由
 func RegisterAdminRoutes(router fiber.Router, handlers *bootstrap.Handlers, middlewares *bootstrap.Middlewares, doc *openapi.Generator, basePath string) {
-	if handlers.AdminAuth != nil {
-		registerAdminAuthRoutes(router, handlers.AdminAuth, middlewares.AdminAuth, doc, basePath)
-	}
-
+	// 认证路由已迁移到 /api/auth，参见 RegisterAuthRoutes
 	authGroup := router.Group("", middlewares.AdminAuth)

 	if handlers.Account != nil {
@@ -28,9 +24,7 @@ func RegisterAdminRoutes(router fiber.Router, handlers *bootstrap.Handlers, midd
 	if handlers.Shop != nil {
 		registerShopRoutes(authGroup, handlers.Shop, doc, basePath)
 	}
-	if handlers.ShopAccount != nil {
-		registerShopAccountRoutes(authGroup, handlers.ShopAccount, doc, basePath)
-	}
+
 	if handlers.ShopCommission != nil {
 		registerShopCommissionRoutes(authGroup, handlers.ShopCommission, doc, basePath)
 	}
@@ -52,9 +46,7 @@ func RegisterAdminRoutes(router fiber.Router, handlers *bootstrap.Handlers, midd
 	if handlers.Authorization != nil {
 		registerAuthorizationRoutes(authGroup, handlers.Authorization, doc, basePath)
 	}
-	if handlers.CustomerAccount != nil {
-		registerCustomerAccountRoutes(authGroup, handlers.CustomerAccount, doc, basePath)
-	}
+
 	if handlers.MyCommission != nil {
 		registerMyCommissionRoutes(authGroup, handlers.MyCommission, doc, basePath)
 	}
@@ -95,55 +87,3 @@ func RegisterAdminRoutes(router fiber.Router, handlers *bootstrap.Handlers, midd
 		registerAdminOrderRoutes(authGroup, handlers.AdminOrder, doc, basePath)
 	}
 }
-
-func registerAdminAuthRoutes(router fiber.Router, handler interface{}, authMiddleware fiber.Handler, doc *openapi.Generator, basePath string) {
-	h := handler.(interface {
-		Login(c *fiber.Ctx) error
-		Logout(c *fiber.Ctx) error
-		RefreshToken(c *fiber.Ctx) error
-		GetMe(c *fiber.Ctx) error
-		ChangePassword(c *fiber.Ctx) error
-	})
-
-	Register(router, doc, basePath, "POST", "/login", h.Login, RouteSpec{
-		Summary: "后台登录",
-		Tags:    []string{"认证"},
-		Input:   new(dto.LoginRequest),
-		Output:  new(dto.LoginResponse),
-		Auth:    false,
-	})
-
-	Register(router, doc, basePath, "POST", "/refresh-token", h.RefreshToken, RouteSpec{
-		Summary: "刷新 Token",
-		Tags:    []string{"认证"},
-		Input:   new(dto.RefreshTokenRequest),
-		Output:  new(dto.RefreshTokenResponse),
-		Auth:    false,
-	})
-
-	authGroup := router.Group("", authMiddleware)
-
-	Register(authGroup, doc, basePath, "POST", "/logout", h.Logout, RouteSpec{
-		Summary: "登出",
-		Tags:    []string{"认证"},
-		Input:   nil,
-		Output:  nil,
-		Auth:    true,
-	})
-
-	Register(authGroup, doc, basePath, "GET", "/me", h.GetMe, RouteSpec{
-		Summary: "获取当前用户信息",
-		Tags:    []string{"认证"},
-		Input:   nil,
-		Output:  new(dto.UserInfo),
-		Auth:    true,
-	})
-
-	Register(authGroup, doc, basePath, "PUT", "/password", h.ChangePassword, RouteSpec{
-		Summary: "修改密码",
-		Tags:    []string{"认证"},
-		Input:   new(dto.ChangePasswordRequest),
-		Output:  nil,
-		Auth:    true,
-	})
-}