initial commit

server/Dockerfile

@@ -0,0 +1,43 @@
+# 构建阶段
+FROM golang:1.21-alpine AS builder
+
+WORKDIR /app
+
+# 安装依赖
+RUN apk add --no-cache git gcc musl-dev
+
+# 复制 go.mod 和 go.sum
+COPY go.mod go.sum ./
+
+# 下载依赖
+RUN go mod download
+
+# 复制源代码
+COPY . .
+
+# 构建二进制文件
+RUN CGO_ENABLED=1 GOOS=linux go build -a -installsuffix cgo -o novablog-server ./cmd/server
+
+# 运行阶段
+FROM alpine:latest
+
+WORKDIR /app
+
+# 安装 ca-certificates（用于 HTTPS 请求）
+RUN apk --no-cache add ca-certificates tzdata
+
+# 从构建阶段复制二进制文件
+COPY --from=builder /app/novablog-server .
+
+# 创建数据目录
+RUN mkdir -p /app/data
+
+# 暴露端口
+EXPOSE 8080
+
+# 设置环境变量
+ENV GIN_MODE=release
+ENV DB_PATH=/app/data/novablog.db
+
+# 运行
+CMD ["./novablog-server"]

server/cmd/server/main.go

@@ -0,0 +1,104 @@
+package main
+
+import (
+	"log"
+	"os"
+
+	"github.com/gin-contrib/cors"
+	"github.com/gin-gonic/gin"
+	"github.com/novablog/server/internal/config"
+	"github.com/novablog/server/internal/database"
+	"github.com/novablog/server/internal/handlers"
+	"github.com/novablog/server/internal/middleware"
+	"github.com/novablog/server/internal/utils"
+)
+
+func main() {
+	// 加载配置
+	cfg := config.Load()
+
+	// 设置运行模式
+	gin.SetMode(cfg.Server.Mode)
+
+	// 初始化数据库
+	if err := database.Initialize(cfg); err != nil {
+		log.Fatalf("Failed to initialize database: %v", err)
+	}
+	defer database.Close()
+
+	// 创建 JWT 管理器
+	jwtManager := utils.NewJWTManager(cfg.JWT.Secret, cfg.JWT.ExpireTime)
+
+	// 创建处理器
+	authHandler := handlers.NewAuthHandler(jwtManager)
+	commentHandler := handlers.NewCommentHandler()
+	likeHandler := handlers.NewLikeHandler()
+
+	// 创建路由
+	r := gin.New()
+
+	// 中间件
+	r.Use(gin.Logger())
+	r.Use(gin.Recovery())
+
+	// CORS 配置
+	corsConfig := cors.Config{
+		AllowOrigins:     cfg.CORS.AllowOrigins,
+		AllowMethods:     []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"},
+		AllowHeaders:     []string{"Origin", "Content-Type", "Authorization"},
+		ExposeHeaders:    []string{"Content-Length"},
+		AllowCredentials: true,
+	}
+	r.Use(cors.New(corsConfig))
+
+	// 健康检查
+	r.GET("/health", func(c *gin.Context) {
+		c.JSON(200, gin.H{
+			"status": "ok",
+			"message": "NovaBlog API is running",
+		})
+	})
+
+	// API 路由组
+	api := r.Group("/api")
+	{
+		// 公开接口
+		api.POST("/auth/register", authHandler.Register)
+		api.POST("/auth/login", authHandler.Login)
+		api.GET("/comments", commentHandler.GetComments)
+		api.POST("/comments", commentHandler.CreateComment) // 允许访客评论
+		api.GET("/likes", likeHandler.GetLikeStatus)
+		api.POST("/likes", likeHandler.ToggleLike) // 允许访客点赞（基于 IP Hash）
+
+		// 需要认证的接口
+		authGroup := api.Group("")
+		authGroup.Use(middleware.AuthMiddleware(jwtManager))
+		{
+			// 用户相关
+			authGroup.GET("/auth/profile", authHandler.GetProfile)
+			authGroup.PUT("/auth/profile", authHandler.UpdateProfile)
+
+			// 评论相关（用户删除自己的评论）
+			authGroup.DELETE("/comments/:id", commentHandler.DeleteComment)
+		}
+
+		// 管理员接口
+		adminGroup := api.Group("/admin")
+		adminGroup.Use(middleware.AuthMiddleware(jwtManager))
+		adminGroup.Use(middleware.AdminMiddleware())
+		{
+			// 管理员接口（未来扩展）
+		}
+	}
+
+	// 启动服务器
+	port := os.Getenv("PORT")
+	if port == "" {
+		port = cfg.Server.Port
+	}
+
+	log.Printf("Server starting on port %s...", port)
+	if err := r.Run(":" + port); err != nil {
+		log.Fatalf("Failed to start server: %v", err)
+	}
+}

server/go.mod

@@ -0,0 +1,43 @@
+module github.com/novablog/server
+
+go 1.21
+
+require (
+	github.com/gin-contrib/cors v1.5.0
+	github.com/gin-gonic/gin v1.9.1
+	github.com/golang-jwt/jwt/v5 v5.2.0
+	golang.org/x/crypto v0.21.0
+	gorm.io/driver/sqlite v1.5.5
+	gorm.io/gorm v1.25.7
+)
+
+require (
+	github.com/bytedance/sonic v1.10.1 // indirect
+	github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d // indirect
+	github.com/chenzhuoyu/iasm v0.9.0 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.2 // indirect
+	github.com/gin-contrib/sse v0.1.0 // indirect
+	github.com/go-playground/locales v0.14.1 // indirect
+	github.com/go-playground/universal-translator v0.18.1 // indirect
+	github.com/go-playground/validator/v10 v10.15.5 // indirect
+	github.com/goccy/go-json v0.10.2 // indirect
+	github.com/jinzhu/inflection v1.0.0 // indirect
+	github.com/jinzhu/now v1.1.5 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.5 // indirect
+	github.com/kr/text v0.2.0 // indirect
+	github.com/leodido/go-urn v1.2.4 // indirect
+	github.com/mattn/go-isatty v0.0.19 // indirect
+	github.com/mattn/go-sqlite3 v1.14.22 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/pelletier/go-toml/v2 v2.1.0 // indirect
+	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
+	github.com/ugorji/go/codec v1.2.11 // indirect
+	golang.org/x/arch v0.5.0 // indirect
+	golang.org/x/net v0.21.0 // indirect
+	golang.org/x/sys v0.18.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)

server/go.sum

@@ -0,0 +1,114 @@
+github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM=
+github.com/bytedance/sonic v1.10.0-rc/go.mod h1:ElCzW+ufi8qKqNW0FY314xriJhyJhuoJ3gFZdAHF7NM=
+github.com/bytedance/sonic v1.10.1 h1:7a1wuFXL1cMy7a3f7/VFcEtriuXQnUBhtoVfOZiaysc=
+github.com/bytedance/sonic v1.10.1/go.mod h1:iZcSUejdk5aukTND/Eu/ivjQuEL0Cu9/rf50Hi0u/g4=
+github.com/chenzhuoyu/base64x v0.0.0-20211019084208-fb5309c8db06/go.mod h1:DH46F32mSOjUmXrMHnKwZdA8wcEefY7UVqBKYGjpdQY=
+github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311/go.mod h1:b583jCggY9gE99b6G5LEC39OIiVsWj+R97kbl5odCEk=
+github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d h1:77cEq6EriyTZ0g/qfRdp61a3Uu/AWrgIq2s0ClJV1g0=
+github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d/go.mod h1:8EPpVsBuRksnlj1mLy4AWzRNQYxauNi62uWcE3to6eA=
+github.com/chenzhuoyu/iasm v0.9.0 h1:9fhXjVzq5hUy2gkhhgHl95zG2cEAhw9OSGs8toWWAwo=
+github.com/chenzhuoyu/iasm v0.9.0/go.mod h1:Xjy2NpN3h7aUqeqM+woSuuvxmIe6+DDsiNLIrkAmYog=
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q7OhCmWKU=
+github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA=
+github.com/gin-contrib/cors v1.5.0 h1:DgGKV7DDoOn36DFkNtbHrjoRiT5ExCe+PC9/xp7aKvk=
+github.com/gin-contrib/cors v1.5.0/go.mod h1:TvU7MAZ3EwrPLI2ztzTt3tqgvBCq+wn8WpZmfADjupI=
+github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
+github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
+github.com/gin-gonic/gin v1.9.1 h1:4idEAncQnU5cB7BeOkPtxjfCSye0AAm1R0RVIqJ+Jmg=
+github.com/gin-gonic/gin v1.9.1/go.mod h1:hPrL7YrpYKXt5YId3A/Tnip5kqbEAP+KLuI3SUcPTeU=
+github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
+github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
+github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
+github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
+github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
+github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
+github.com/go-playground/validator/v10 v10.15.5 h1:LEBecTWb/1j5TNY1YYG2RcOUN3R7NLylN+x8TTueE24=
+github.com/go-playground/validator/v10 v10.15.5/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
+github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
+github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
+github.com/golang-jwt/jwt/v5 v5.2.0 h1:d/ix8ftRUorsN+5eMIlF4T6J8CAt9rch3My2winC1Jw=
+github.com/golang-jwt/jwt/v5 v5.2.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
+github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
+github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ=
+github.com/jinzhu/now v1.1.5/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
+github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
+github.com/klauspost/cpuid/v2 v2.2.5 h1:0E5MSMDEoAulmXNFquVs//DdoomxaoTY1kUhbc/qbZg=
+github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
+github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
+github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
+github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/leodido/go-urn v1.2.4 h1:XlAE/cm/ms7TE/VMVoduSpNBoyc2dOxHs5MZSwAN63Q=
+github.com/leodido/go-urn v1.2.4/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4=
+github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
+github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU=
+github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/pelletier/go-toml/v2 v2.1.0 h1:FnwAJ4oYMvbT/34k9zzHuZNrhlz48GB3/s6at6/MHO4=
+github.com/pelletier/go-toml/v2 v2.1.0/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8=
+github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
+github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
+github.com/ugorji/go/codec v1.2.11 h1:BMaWp1Bb6fHwEtbplGBGJ498wD+LKlNSl25MjdZY4dU=
+github.com/ugorji/go/codec v1.2.11/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
+golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
+golang.org/x/arch v0.5.0 h1:jpGode6huXQxcskEIpOCvrU+tzo81b6+oFLUYXWtH/Y=
+golang.org/x/arch v0.5.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
+golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
+golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
+golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4=
+golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
+golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
+google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gorm.io/driver/sqlite v1.5.5 h1:7MDMtUZhV065SilG62E0MquljeArQZNfJnjd9i9gx3E=
+gorm.io/driver/sqlite v1.5.5/go.mod h1:6NgQ7sQWAIFsPrJJl1lSNSu2TABh0ZZ/zm5fosATavE=
+gorm.io/gorm v1.25.7 h1:VsD6acwRjz2zFxGO50gPO6AkNs7KKnvfzUjHQhZDz/A=
+gorm.io/gorm v1.25.7/go.mod h1:hbnx/Oo0ChWMn1BIhpy1oYozzpM15i4YPuHDmfYtwg8=
+nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
+rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=

server/internal/config/config.go

@@ -0,0 +1,74 @@
+package config
+
+import (
+	"os"
+	"strconv"
+)
+
+// Config 应用配置
+type Config struct {
+	Server   ServerConfig
+	Database DatabaseConfig
+	JWT      JWTConfig
+	CORS     CORSConfig
+}
+
+// ServerConfig 服务器配置
+type ServerConfig struct {
+	Port string
+	Mode string // debug, release, test
+}
+
+// DatabaseConfig 数据库配置
+type DatabaseConfig struct {
+	Path string
+}
+
+// JWTConfig JWT 配置
+type JWTConfig struct {
+	Secret     string
+	ExpireTime int // 过期时间（小时）
+}
+
+// CORSConfig CORS 配置
+type CORSConfig struct {
+	AllowOrigins []string
+}
+
+// Load 从环境变量加载配置
+func Load() *Config {
+	return &Config{
+		Server: ServerConfig{
+			Port: getEnv("SERVER_PORT", "8080"),
+			Mode: getEnv("GIN_MODE", "release"),
+		},
+		Database: DatabaseConfig{
+			Path: getEnv("DB_PATH", "./data/novablog.db"),
+		},
+		JWT: JWTConfig{
+			Secret:     getEnv("JWT_SECRET", "novablog-secret-key-change-in-production"),
+			ExpireTime: getEnvAsInt("JWT_EXPIRE_HOURS", 24*7), // 默认 7 天
+		},
+		CORS: CORSConfig{
+			AllowOrigins: []string{
+				getEnv("CORS_ORIGIN", "http://localhost:4321"),
+			},
+		},
+	}
+}
+
+func getEnv(key, defaultValue string) string {
+	if value := os.Getenv(key); value != "" {
+		return value
+	}
+	return defaultValue
+}
+
+func getEnvAsInt(key string, defaultValue int) int {
+	if value := os.Getenv(key); value != "" {
+		if intValue, err := strconv.Atoi(value); err == nil {
+			return intValue
+		}
+	}
+	return defaultValue
+}

server/internal/database/database.go

@@ -0,0 +1,61 @@
+package database
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"github.com/novablog/server/internal/config"
+	"github.com/novablog/server/internal/models"
+	"gorm.io/driver/sqlite"
+	"gorm.io/gorm"
+	"gorm.io/gorm/logger"
+)
+
+var DB *gorm.DB
+
+// Initialize 初始化数据库连接
+func Initialize(cfg *config.Config) error {
+	var err error
+
+	// 确保数据目录存在
+	dbDir := filepath.Dir(cfg.Database.Path)
+	if err := os.MkdirAll(dbDir, 0755); err != nil {
+		return fmt.Errorf("failed to create database directory: %w", err)
+	}
+
+	// 连接 SQLite 数据库
+	DB, err = gorm.Open(sqlite.Open(cfg.Database.Path), &gorm.Config{
+		Logger: logger.Default.LogMode(logger.Info),
+	})
+	if err != nil {
+		return fmt.Errorf("failed to connect database: %w", err)
+	}
+
+	// 自动迁移数据库表
+	if err := autoMigrate(); err != nil {
+		return fmt.Errorf("failed to migrate database: %w", err)
+	}
+
+	return nil
+}
+
+// autoMigrate 自动迁移数据库表结构
+func autoMigrate() error {
+	return DB.AutoMigrate(
+		&models.User{},
+		&models.Comment{},
+		&models.Like{},
+		&models.LikeCount{},
+		&models.PostMeta{},
+	)
+}
+
+// Close 关闭数据库连接
+func Close() error {
+	sqlDB, err := DB.DB()
+	if err != nil {
+		return err
+	}
+	return sqlDB.Close()
+}

server/internal/handlers/auth.go

@@ -0,0 +1,195 @@
+package handlers
+
+import (
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+	"github.com/novablog/server/internal/database"
+	"github.com/novablog/server/internal/middleware"
+	"github.com/novablog/server/internal/models"
+	"github.com/novablog/server/internal/utils"
+	"gorm.io/gorm"
+)
+
+// AuthHandler 认证处理器
+type AuthHandler struct {
+	jwtManager *utils.JWTManager
+}
+
+// NewAuthHandler 创建认证处理器
+func NewAuthHandler(jwtManager *utils.JWTManager) *AuthHandler {
+	return &AuthHandler{
+		jwtManager: jwtManager,
+	}
+}
+
+// RegisterRequest 注册请求
+type RegisterRequest struct {
+	Username string `json:"username" binding:"required,min=3,max=50"`
+	Email    string `json:"email" binding:"required,email"`
+	Password string `json:"password" binding:"required,min=6,max=50"`
+	Nickname string `json:"nickname"`
+}
+
+// LoginRequest 登录请求
+type LoginRequest struct {
+	Username string `json:"username" binding:"required"`
+	Password string `json:"password" binding:"required"`
+}
+
+// AuthResponse 认证响应
+type AuthResponse struct {
+	Token string      `json:"token"`
+	User  models.User `json:"user"`
+}
+
+// Register 用户注册
+func (h *AuthHandler) Register(c *gin.Context) {
+	var req RegisterRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	// 检查用户名是否已存在
+	var existingUser models.User
+	if err := database.DB.Where("username = ?", req.Username).First(&existingUser).Error; err == nil {
+		c.JSON(http.StatusConflict, gin.H{"error": "username already exists"})
+		return
+	}
+
+	// 检查邮箱是否已存在
+	if err := database.DB.Where("email = ?", req.Email).First(&existingUser).Error; err == nil {
+		c.JSON(http.StatusConflict, gin.H{"error": "email already exists"})
+		return
+	}
+
+	// 哈希密码
+	hashedPassword, err := utils.HashPassword(req.Password)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to hash password"})
+		return
+	}
+
+	// 创建用户
+	user := models.User{
+		Username: req.Username,
+		Email:    req.Email,
+		Password: hashedPassword,
+		Nickname: req.Nickname,
+		Role:     "user",
+	}
+
+	if err := database.DB.Create(&user).Error; err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to create user"})
+		return
+	}
+
+	// 生成 Token
+	token, err := h.jwtManager.GenerateToken(user.ID, user.Username, user.Role)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate token"})
+		return
+	}
+
+	c.JSON(http.StatusCreated, AuthResponse{
+		Token: token,
+		User:  user,
+	})
+}
+
+// Login 用户登录
+func (h *AuthHandler) Login(c *gin.Context) {
+	var req LoginRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	// 查找用户（支持用户名或邮箱登录）
+	var user models.User
+	if err := database.DB.Where("username = ? OR email = ?", req.Username, req.Username).First(&user).Error; err != nil {
+		if err == gorm.ErrRecordNotFound {
+			c.JSON(http.StatusUnauthorized, gin.H{"error": "invalid credentials"})
+			return
+		}
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "database error"})
+		return
+	}
+
+	// 验证密码
+	if !utils.CheckPassword(req.Password, user.Password) {
+		c.JSON(http.StatusUnauthorized, gin.H{"error": "invalid credentials"})
+		return
+	}
+
+	// 生成 Token
+	token, err := h.jwtManager.GenerateToken(user.ID, user.Username, user.Role)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate token"})
+		return
+	}
+
+	c.JSON(http.StatusOK, AuthResponse{
+		Token: token,
+		User:  user,
+	})
+}
+
+// GetProfile 获取当前用户信息
+func (h *AuthHandler) GetProfile(c *gin.Context) {
+	userID, _ := middleware.GetUserID(c)
+
+	var user models.User
+	if err := database.DB.First(&user, userID).Error; err != nil {
+		if err == gorm.ErrRecordNotFound {
+			c.JSON(http.StatusNotFound, gin.H{"error": "user not found"})
+			return
+		}
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "database error"})
+		return
+	}
+
+	c.JSON(http.StatusOK, user)
+}
+
+// UpdateProfileRequest 更新用户信息请求
+type UpdateProfileRequest struct {
+	Nickname string `json:"nickname"`
+	Avatar   string `json:"avatar"`
+	Bio      string `json:"bio"`
+}
+
+// UpdateProfile 更新用户信息
+func (h *AuthHandler) UpdateProfile(c *gin.Context) {
+	userID, _ := middleware.GetUserID(c)
+
+	var req UpdateProfileRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	// 更新用户信息
+	updates := map[string]interface{}{}
+	if req.Nickname != "" {
+		updates["nickname"] = req.Nickname
+	}
+	if req.Avatar != "" {
+		updates["avatar"] = req.Avatar
+	}
+	if req.Bio != "" {
+		updates["bio"] = req.Bio
+	}
+
+	if err := database.DB.Model(&models.User{}).Where("id = ?", userID).Updates(updates).Error; err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to update profile"})
+		return
+	}
+
+	// 返回更新后的用户信息
+	var user models.User
+	database.DB.First(&user, userID)
+
+	c.JSON(http.StatusOK, user)
+}

server/internal/handlers/comment.go

@@ -0,0 +1,141 @@
+package handlers
+
+import (
+	"net/http"
+	"strconv"
+
+	"github.com/gin-gonic/gin"
+	"github.com/novablog/server/internal/database"
+	"github.com/novablog/server/internal/middleware"
+	"github.com/novablog/server/internal/models"
+	"gorm.io/gorm"
+)
+
+// CommentHandler 评论处理器
+type CommentHandler struct{}
+
+// NewCommentHandler 创建评论处理器
+func NewCommentHandler() *CommentHandler {
+	return &CommentHandler{}
+}
+
+// CreateCommentRequest 创建评论请求
+type CreateCommentRequest struct {
+	PostID   string `json:"post_id" binding:"required"`
+	ParentID *uint  `json:"parent_id"`
+	Content  string `json:"content" binding:"required,min=1,max=2000"`
+}
+
+// CreateComment 创建评论
+func (h *CommentHandler) CreateComment(c *gin.Context) {
+	userID, _ := middleware.GetUserID(c)
+
+	var req CreateCommentRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	comment := models.Comment{
+		PostID:   req.PostID,
+		UserID:   userID,
+		ParentID: req.ParentID,
+		Content:  req.Content,
+		Status:   "approved", // 默认直接通过，可改为 pending 需审核
+	}
+
+	if err := database.DB.Create(&comment).Error; err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to create comment"})
+		return
+	}
+
+	// 加载用户信息
+	database.DB.Preload("User").First(&comment, comment.ID)
+
+	c.JSON(http.StatusCreated, comment)
+}
+
+// GetComments 获取文章评论列表
+func (h *CommentHandler) GetComments(c *gin.Context) {
+	postID := c.Query("post_id")
+	if postID == "" {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "post_id is required"})
+		return
+	}
+
+	// 分页参数
+	page, _ := strconv.Atoi(c.DefaultQuery("page", "1"))
+	pageSize, _ := strconv.Atoi(c.DefaultQuery("page_size", "20"))
+	if page < 1 {
+		page = 1
+	}
+	if pageSize < 1 || pageSize > 100 {
+		pageSize = 20
+	}
+
+	// 获取顶级评论（非回复）
+	var comments []models.Comment
+	var total int64
+
+	query := database.DB.Model(&models.Comment{}).
+		Where("post_id = ? AND status = ? AND parent_id IS NULL", postID, "approved")
+
+	query.Count(&total)
+
+	if err := query.Preload("User").
+		Preload("Replies.User").
+		Order("created_at DESC").
+		Offset((page - 1) * pageSize).
+		Limit(pageSize).
+		Find(&comments).Error; err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to get comments"})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"data": comments,
+		"pagination": gin.H{
+			"page":       page,
+			"page_size":  pageSize,
+			"total":      total,
+			"total_page": (total + int64(pageSize) - 1) / int64(pageSize),
+		},
+	})
+}
+
+// DeleteComment 删除评论（仅限本人或管理员）
+func (h *CommentHandler) DeleteComment(c *gin.Context) {
+	userID, _ := middleware.GetUserID(c)
+	role, _ := c.Get("role")
+
+	idStr := c.Param("id")
+	id, err := strconv.ParseUint(idStr, 10, 32)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid comment id"})
+		return
+	}
+
+	var comment models.Comment
+	if err := database.DB.First(&comment, id).Error; err != nil {
+		if err == gorm.ErrRecordNotFound {
+			c.JSON(http.StatusNotFound, gin.H{"error": "comment not found"})
+			return
+		}
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "database error"})
+		return
+	}
+
+	// 检查权限：本人或管理员可删除
+	if comment.UserID != userID && role != "admin" {
+		c.JSON(http.StatusForbidden, gin.H{"error": "permission denied"})
+		return
+	}
+
+	// 软删除
+	if err := database.DB.Delete(&comment).Error; err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to delete comment"})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{"message": "comment deleted"})
+}

server/internal/handlers/like.go

@@ -0,0 +1,169 @@
+package handlers
+
+import (
+	"crypto/sha256"
+	"encoding/hex"
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+	"github.com/novablog/server/internal/database"
+	"github.com/novablog/server/internal/middleware"
+	"github.com/novablog/server/internal/models"
+	"gorm.io/gorm"
+)
+
+// LikeHandler 点赞处理器
+type LikeHandler struct{}
+
+// NewLikeHandler 创建点赞处理器
+func NewLikeHandler() *LikeHandler {
+	return &LikeHandler{}
+}
+
+// LikeRequest 点赞请求
+type LikeRequest struct {
+	PostID string `json:"post_id" binding:"required"`
+}
+
+// LikeResponse 点赞响应
+type LikeResponse struct {
+	Liked    bool `json:"liked"`
+	LikeCount int  `json:"like_count"`
+}
+
+// ToggleLike 切换点赞状态（点赞/取消点赞）
+func (h *LikeHandler) ToggleLike(c *gin.Context) {
+	var req LikeRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	// 获取用户 ID（可选，支持未登录用户）
+	userID, isLoggedIn := middleware.GetUserID(c)
+
+	// 获取访客 IP Hash（用于未登录用户的防刷）
+	ipHash := ""
+	if !isLoggedIn {
+		ip := c.ClientIP()
+		hash := sha256.Sum256([]byte(ip + "novablog-salt")) // 加盐防止反向推导
+		ipHash = hex.EncodeToString(hash[:])[:64]
+	}
+
+	// 检查是否已点赞
+	var existingLike models.Like
+	var err error
+
+	if isLoggedIn {
+		err = database.DB.Where("post_id = ? AND user_id = ?", req.PostID, userID).First(&existingLike).Error
+	} else {
+		err = database.DB.Where("post_id = ? AND ip_hash = ?", req.PostID, ipHash).First(&existingLike).Error
+	}
+
+	liked := false
+	if err == gorm.ErrRecordNotFound {
+		// 未点赞，创建点赞记录
+		like := models.Like{
+			PostID: req.PostID,
+			IPHash: ipHash,
+		}
+		if isLoggedIn {
+			like.UserID = &userID
+		}
+
+		if err := database.DB.Create(&like).Error; err != nil {
+			c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to like"})
+			return
+		}
+		liked = true
+
+		// 更新点赞计数
+		h.updateLikeCount(req.PostID, 1)
+	} else if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "database error"})
+		return
+	} else {
+		// 已点赞，取消点赞
+		if err := database.DB.Delete(&existingLike).Error; err != nil {
+			c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to unlike"})
+			return
+		}
+		liked = false
+
+		// 更新点赞计数
+		h.updateLikeCount(req.PostID, -1)
+	}
+
+	// 获取当前点赞数
+	likeCount := h.getLikeCount(req.PostID)
+
+	c.JSON(http.StatusOK, LikeResponse{
+		Liked:     liked,
+		LikeCount: likeCount,
+	})
+}
+
+// GetLikeStatus 获取点赞状态
+func (h *LikeHandler) GetLikeStatus(c *gin.Context) {
+	postID := c.Query("post_id")
+	if postID == "" {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "post_id is required"})
+		return
+	}
+
+	// 获取用户 ID（可选）
+	userID, isLoggedIn := middleware.GetUserID(c)
+
+	// 获取访客 IP Hash
+	ipHash := ""
+	if !isLoggedIn {
+		ip := c.ClientIP()
+		hash := sha256.Sum256([]byte(ip + "novablog-salt"))
+		ipHash = hex.EncodeToString(hash[:])[:64]
+	}
+
+	// 检查是否已点赞
+	var existingLike models.Like
+	var err error
+
+	if isLoggedIn {
+		err = database.DB.Where("post_id = ? AND user_id = ?", postID, userID).First(&existingLike).Error
+	} else {
+		err = database.DB.Where("post_id = ? AND ip_hash = ?", postID, ipHash).First(&existingLike).Error
+	}
+
+	liked := err == nil
+
+	// 获取点赞数
+	likeCount := h.getLikeCount(postID)
+
+	c.JSON(http.StatusOK, LikeResponse{
+		Liked:     liked,
+		LikeCount: likeCount,
+	})
+}
+
+// updateLikeCount 更新点赞计数
+func (h *LikeHandler) updateLikeCount(postID string, delta int) {
+	var likeCount models.LikeCount
+	result := database.DB.FirstOrCreate(&likeCount, models.LikeCount{PostID: postID})
+	if result.Error != nil {
+		return
+	}
+
+	likeCount.Count += delta
+	if likeCount.Count < 0 {
+		likeCount.Count = 0
+	}
+
+	database.DB.Save(&likeCount)
+}
+
+// getLikeCount 获取点赞数
+func (h *LikeHandler) getLikeCount(postID string) int {
+	var likeCount models.LikeCount
+	if err := database.DB.Where("post_id = ?", postID).First(&likeCount).Error; err != nil {
+		return 0
+	}
+	return likeCount.Count
+}

server/internal/middleware/auth.go

@@ -0,0 +1,86 @@
+package middleware
+
+import (
+	"net/http"
+	"strings"
+
+	"github.com/gin-gonic/gin"
+	"github.com/novablog/server/internal/utils"
+)
+
+// AuthMiddleware JWT 认证中间件
+func AuthMiddleware(jwtManager *utils.JWTManager) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		// 从 Header 获取 Token
+		authHeader := c.GetHeader("Authorization")
+		if authHeader == "" {
+			c.JSON(http.StatusUnauthorized, gin.H{
+				"error": "authorization header is required",
+			})
+			c.Abort()
+			return
+		}
+
+		// 解析 Bearer Token
+		parts := strings.SplitN(authHeader, " ", 2)
+		if len(parts) != 2 || parts[0] != "Bearer" {
+			c.JSON(http.StatusUnauthorized, gin.H{
+				"error": "invalid authorization header format",
+			})
+			c.Abort()
+			return
+		}
+
+		tokenString := parts[1]
+
+		// 验证 Token
+		claims, err := jwtManager.ParseToken(tokenString)
+		if err != nil {
+			c.JSON(http.StatusUnauthorized, gin.H{
+				"error": err.Error(),
+			})
+			c.Abort()
+			return
+		}
+
+		// 将用户信息存入上下文
+		c.Set("userID", claims.UserID)
+		c.Set("username", claims.Username)
+		c.Set("role", claims.Role)
+
+		c.Next()
+	}
+}
+
+// AdminMiddleware 管理员权限中间件
+func AdminMiddleware() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		role, exists := c.Get("role")
+		if !exists || role != "admin" {
+			c.JSON(http.StatusForbidden, gin.H{
+				"error": "admin permission required",
+			})
+			c.Abort()
+			return
+		}
+		c.Next()
+	}
+}
+
+// GetUserID 从上下文获取用户 ID
+func GetUserID(c *gin.Context) (uint, bool) {
+	userID, exists := c.Get("userID")
+	if !exists {
+		return 0, false
+	}
+	return userID.(uint), true
+}
+
+// GetUsername 从上下文获取用户名
+func GetUsername(c *gin.Context) (string, bool) {
+	username, exists := c.Get("username")
+	if !exists {
+		return "", false
+	}
+	return username.(string), true
+}

server/internal/models/models.go

@@ -0,0 +1,64 @@
+package models
+
+import (
+	"time"
+
+	"gorm.io/gorm"
+)
+
+// User 用户模型
+type User struct {
+	ID        uint           `json:"id" gorm:"primaryKey"`
+	CreatedAt time.Time      `json:"created_at"`
+	UpdatedAt time.Time      `json:"updated_at"`
+	DeletedAt gorm.DeletedAt `json:"-" gorm:"index"`
+	Username  string         `json:"username" gorm:"uniqueIndex;size:50;not null"`
+	Email     string         `json:"email" gorm:"uniqueIndex;size:100;not null"`
+	Password  string         `json:"-" gorm:"size:255;not null"` // 不返回给前端
+	Nickname  string         `json:"nickname" gorm:"size:50"`
+	Avatar    string         `json:"avatar" gorm:"size:255"`
+	Role      string         `json:"role" gorm:"size:20;default:'user'"` // admin, user
+	Bio       string         `json:"bio" gorm:"size:500"`
+	Comments  []Comment      `json:"-" gorm:"foreignKey:UserID"`
+	Likes     []Like         `json:"-" gorm:"foreignKey:UserID"`
+}
+
+// Comment 评论模型
+type Comment struct {
+	ID        uint           `json:"id" gorm:"primaryKey"`
+	CreatedAt time.Time      `json:"created_at"`
+	UpdatedAt time.Time      `json:"updated_at"`
+	DeletedAt gorm.DeletedAt `json:"-" gorm:"index"`
+	PostID    string         `json:"post_id" gorm:"index;size:100;not null"` // 文章 ID（slug）
+	UserID    uint           `json:"user_id" gorm:"index;not null"`
+	ParentID  *uint          `json:"parent_id" gorm:"index"` // 父评论 ID（用于嵌套回复）
+	Content   string         `json:"content" gorm:"type:text;not null"`
+	Status    string         `json:"status" gorm:"size:20;default:'approved'"` // pending, approved, spam
+	User      User           `json:"user" gorm:"foreignKey:UserID"`
+	Replies   []Comment      `json:"replies,omitempty" gorm:"foreignKey:ParentID"`
+}
+
+// Like 点赞模型
+type Like struct {
+	ID        uint      `json:"id" gorm:"primaryKey"`
+	CreatedAt time.Time `json:"created_at"`
+	PostID    string    `json:"post_id" gorm:"uniqueIndex:idx_post_user;size:100;not null"` // 文章 ID
+	UserID    *uint     `json:"user_id" gorm:"uniqueIndex:idx_post_user;index"`             // 登录用户 ID
+	IPHash    string    `json:"-" gorm:"uniqueIndex:idx_post_ip;size:64"`                   // 访客 IP Hash
+}
+
+// LikeCount 文章点赞计数（缓存表）
+type LikeCount struct {
+	PostID string `json:"post_id" gorm:"primaryKey;size:100"`
+	Count  int    `json:"count" gorm:"default:0"`
+}
+
+// PostMeta 文章元数据（可选，用于存储文章额外信息）
+type PostMeta struct {
+	ID         uint      `json:"id" gorm:"primaryKey"`
+	PostID     string    `json:"post_id" gorm:"uniqueIndex;size:100;not null"`
+	ViewCount  int       `json:"view_count" gorm:"default:0"`
+	LikeCount  int       `json:"like_count" gorm:"default:0"`
+	CreatedAt  time.Time `json:"created_at"`
+	UpdatedAt  time.Time `json:"updated_at"`
+}

server/internal/utils/jwt.go

@@ -0,0 +1,80 @@
+package utils
+
+import (
+	"errors"
+	"time"
+
+	"github.com/golang-jwt/jwt/v5"
+)
+
+var (
+	ErrInvalidToken = errors.New("invalid token")
+	ErrExpiredToken = errors.New("token has expired")
+)
+
+// Claims JWT 声明
+type Claims struct {
+	UserID   uint   `json:"user_id"`
+	Username string `json:"username"`
+	Role     string `json:"role"`
+	jwt.RegisteredClaims
+}
+
+// JWTConfig JWT 配置
+type JWTConfig struct {
+	Secret     string
+	ExpireTime int // 过期时间（小时）
+}
+
+// JWTManager JWT 管理器
+type JWTManager struct {
+	config JWTConfig
+}
+
+// NewJWTManager 创建 JWT 管理器
+func NewJWTManager(secret string, expireTime int) *JWTManager {
+	return &JWTManager{
+		config: JWTConfig{
+			Secret:     secret,
+			ExpireTime: expireTime,
+		},
+	}
+}
+
+// GenerateToken 生成 JWT Token
+func (m *JWTManager) GenerateToken(userID uint, username, role string) (string, error) {
+	claims := &Claims{
+		UserID:   userID,
+		Username: username,
+		Role:     role,
+		RegisteredClaims: jwt.RegisteredClaims{
+			ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Duration(m.config.ExpireTime) * time.Hour)),
+			IssuedAt:  jwt.NewNumericDate(time.Now()),
+			NotBefore: jwt.NewNumericDate(time.Now()),
+			Issuer:    "novablog",
+		},
+	}
+
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+	return token.SignedString([]byte(m.config.Secret))
+}
+
+// ParseToken 解析 JWT Token
+func (m *JWTManager) ParseToken(tokenString string) (*Claims, error) {
+	token, err := jwt.ParseWithClaims(tokenString, &Claims{}, func(token *jwt.Token) (interface{}, error) {
+		return []byte(m.config.Secret), nil
+	})
+
+	if err != nil {
+		if errors.Is(err, jwt.ErrTokenExpired) {
+			return nil, ErrExpiredToken
+		}
+		return nil, ErrInvalidToken
+	}
+
+	if claims, ok := token.Claims.(*Claims); ok && token.Valid {
+		return claims, nil
+	}
+
+	return nil, ErrInvalidToken
+}

server/internal/utils/password.go

@@ -0,0 +1,20 @@
+package utils
+
+import (
+	"golang.org/x/crypto/bcrypt"
+)
+
+// HashPassword 对密码进行哈希
+func HashPassword(password string) (string, error) {
+	bytes, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
+	if err != nil {
+		return "", err
+	}
+	return string(bytes), nil
+}
+
+// CheckPassword 验证密码
+func CheckPassword(password, hash string) bool {
+	err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
+	return err == nil
+}