feat: 实现 C 端完整认证系统（client-auth-system）

实现面向个人客户的 7 个认证接口（A1-A7），覆盖资产验证、微信公众号/小程序登录、手机号绑定/换绑、退出登录完整流程。主要变更： - 新增 PersonalCustomerOpenID 模型，支持多 AppID 多 OpenID 管理 - 实现有状态 JWT（JWT + Redis 双重校验），支持服务端主动失效 - 扩展微信 SDK：小程序 Code2Session + 3 个 DB 动态工厂函数 - 实现 A1 资产验证 IP 限流（30/min）和 A4 三层验证码限流 - 新增 7 个错误码（1180-1186）和 6 个 Redis Key 函数 - 注册 /api/c/v1/auth/* 下 7 个端点并更新 OpenAPI 文档 - 数据库迁移 000083：新建 tb_personal_customer_openid 表
2026-03-19 11:33:41 +08:00
parent ec86dbf463
commit df76e33105
35 changed files with 4348 additions and 1362 deletions
--- a/internal/routes/personal.go
+++ b/internal/routes/personal.go
@@ -6,12 +6,74 @@ import (
 	"github.com/break/junhong_cmp_fiber/internal/bootstrap"
 	apphandler "github.com/break/junhong_cmp_fiber/internal/handler/app"
 	"github.com/break/junhong_cmp_fiber/internal/middleware"
+	"github.com/break/junhong_cmp_fiber/internal/model/dto"
 	"github.com/break/junhong_cmp_fiber/pkg/openapi"
 )

 // RegisterPersonalCustomerRoutes 注册个人客户路由
 // 路由挂载在 /api/c/v1 下
 func RegisterPersonalCustomerRoutes(router fiber.Router, doc *openapi.Generator, basePath string, handlers *bootstrap.Handlers, personalAuthMiddleware *middleware.PersonalAuthMiddleware) {
+	authBasePath := "/auth"
+	authPublicGroup := router.Group(authBasePath)
+	authProtectedGroup := router.Group(authBasePath)
+	authProtectedGroup.Use(personalAuthMiddleware.Authenticate())
+
+	Register(authPublicGroup, doc, basePath+authBasePath, "POST", "/verify-asset", handlers.ClientAuth.VerifyAsset, RouteSpec{
+		Summary: "资产验证",
+		Tags:    []string{"个人客户 - 认证"},
+		Auth:    false,
+		Input:   &dto.VerifyAssetRequest{},
+		Output:  &dto.VerifyAssetResponse{},
+	})
+
+	Register(authPublicGroup, doc, basePath+authBasePath, "POST", "/wechat-login", handlers.ClientAuth.WechatLogin, RouteSpec{
+		Summary: "公众号登录",
+		Tags:    []string{"个人客户 - 认证"},
+		Auth:    false,
+		Input:   &dto.WechatLoginRequest{},
+		Output:  &dto.WechatLoginResponse{},
+	})
+
+	Register(authPublicGroup, doc, basePath+authBasePath, "POST", "/miniapp-login", handlers.ClientAuth.MiniappLogin, RouteSpec{
+		Summary: "小程序登录",
+		Tags:    []string{"个人客户 - 认证"},
+		Auth:    false,
+		Input:   &dto.MiniappLoginRequest{},
+		Output:  &dto.WechatLoginResponse{},
+	})
+
+	Register(authPublicGroup, doc, basePath+authBasePath, "POST", "/send-code", handlers.ClientAuth.SendCode, RouteSpec{
+		Summary: "发送验证码",
+		Tags:    []string{"个人客户 - 认证"},
+		Auth:    false,
+		Input:   &dto.ClientSendCodeRequest{},
+		Output:  &dto.ClientSendCodeResponse{},
+	})
+
+	Register(authProtectedGroup, doc, basePath+authBasePath, "POST", "/bind-phone", handlers.ClientAuth.BindPhone, RouteSpec{
+		Summary: "绑定手机号",
+		Tags:    []string{"个人客户 - 认证"},
+		Auth:    true,
+		Input:   &dto.BindPhoneRequest{},
+		Output:  &dto.BindPhoneResponse{},
+	})
+
+	Register(authProtectedGroup, doc, basePath+authBasePath, "POST", "/change-phone", handlers.ClientAuth.ChangePhone, RouteSpec{
+		Summary: "更换手机号",
+		Tags:    []string{"个人客户 - 认证"},
+		Auth:    true,
+		Input:   &dto.ChangePhoneRequest{},
+		Output:  &dto.ChangePhoneResponse{},
+	})
+
+	Register(authProtectedGroup, doc, basePath+authBasePath, "POST", "/logout", handlers.ClientAuth.Logout, RouteSpec{
+		Summary: "退出登录",
+		Tags:    []string{"个人客户 - 认证"},
+		Auth:    true,
+		Input:   nil,
+		Output:  &dto.LogoutResponse{},
+	})
+
 	// 需要认证的路由
 	authGroup := router.Group("")
 	authGroup.Use(personalAuthMiddleware.Authenticate())