initial commit

2026-03-01 09:13:24 +08:00
commit 72baa341cc
43 changed files with 12560 additions and 0 deletions
--- a/server/internal/handlers/auth.go
+++ b/server/internal/handlers/auth.go
@@ -0,0 +1,195 @@
+package handlers
+
+import (
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+	"github.com/novablog/server/internal/database"
+	"github.com/novablog/server/internal/middleware"
+	"github.com/novablog/server/internal/models"
+	"github.com/novablog/server/internal/utils"
+	"gorm.io/gorm"
+)
+
+// AuthHandler 认证处理器
+type AuthHandler struct {
+	jwtManager *utils.JWTManager
+}
+
+// NewAuthHandler 创建认证处理器
+func NewAuthHandler(jwtManager *utils.JWTManager) *AuthHandler {
+	return &AuthHandler{
+		jwtManager: jwtManager,
+	}
+}
+
+// RegisterRequest 注册请求
+type RegisterRequest struct {
+	Username string `json:"username" binding:"required,min=3,max=50"`
+	Email    string `json:"email" binding:"required,email"`
+	Password string `json:"password" binding:"required,min=6,max=50"`
+	Nickname string `json:"nickname"`
+}
+
+// LoginRequest 登录请求
+type LoginRequest struct {
+	Username string `json:"username" binding:"required"`
+	Password string `json:"password" binding:"required"`
+}
+
+// AuthResponse 认证响应
+type AuthResponse struct {
+	Token string      `json:"token"`
+	User  models.User `json:"user"`
+}
+
+// Register 用户注册
+func (h *AuthHandler) Register(c *gin.Context) {
+	var req RegisterRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	// 检查用户名是否已存在
+	var existingUser models.User
+	if err := database.DB.Where("username = ?", req.Username).First(&existingUser).Error; err == nil {
+		c.JSON(http.StatusConflict, gin.H{"error": "username already exists"})
+		return
+	}
+
+	// 检查邮箱是否已存在
+	if err := database.DB.Where("email = ?", req.Email).First(&existingUser).Error; err == nil {
+		c.JSON(http.StatusConflict, gin.H{"error": "email already exists"})
+		return
+	}
+
+	// 哈希密码
+	hashedPassword, err := utils.HashPassword(req.Password)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to hash password"})
+		return
+	}
+
+	// 创建用户
+	user := models.User{
+		Username: req.Username,
+		Email:    req.Email,
+		Password: hashedPassword,
+		Nickname: req.Nickname,
+		Role:     "user",
+	}
+
+	if err := database.DB.Create(&user).Error; err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to create user"})
+		return
+	}
+
+	// 生成 Token
+	token, err := h.jwtManager.GenerateToken(user.ID, user.Username, user.Role)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate token"})
+		return
+	}
+
+	c.JSON(http.StatusCreated, AuthResponse{
+		Token: token,
+		User:  user,
+	})
+}
+
+// Login 用户登录
+func (h *AuthHandler) Login(c *gin.Context) {
+	var req LoginRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	// 查找用户（支持用户名或邮箱登录）
+	var user models.User
+	if err := database.DB.Where("username = ? OR email = ?", req.Username, req.Username).First(&user).Error; err != nil {
+		if err == gorm.ErrRecordNotFound {
+			c.JSON(http.StatusUnauthorized, gin.H{"error": "invalid credentials"})
+			return
+		}
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "database error"})
+		return
+	}
+
+	// 验证密码
+	if !utils.CheckPassword(req.Password, user.Password) {
+		c.JSON(http.StatusUnauthorized, gin.H{"error": "invalid credentials"})
+		return
+	}
+
+	// 生成 Token
+	token, err := h.jwtManager.GenerateToken(user.ID, user.Username, user.Role)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate token"})
+		return
+	}
+
+	c.JSON(http.StatusOK, AuthResponse{
+		Token: token,
+		User:  user,
+	})
+}
+
+// GetProfile 获取当前用户信息
+func (h *AuthHandler) GetProfile(c *gin.Context) {
+	userID, _ := middleware.GetUserID(c)
+
+	var user models.User
+	if err := database.DB.First(&user, userID).Error; err != nil {
+		if err == gorm.ErrRecordNotFound {
+			c.JSON(http.StatusNotFound, gin.H{"error": "user not found"})
+			return
+		}
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "database error"})
+		return
+	}
+
+	c.JSON(http.StatusOK, user)
+}
+
+// UpdateProfileRequest 更新用户信息请求
+type UpdateProfileRequest struct {
+	Nickname string `json:"nickname"`
+	Avatar   string `json:"avatar"`
+	Bio      string `json:"bio"`
+}
+
+// UpdateProfile 更新用户信息
+func (h *AuthHandler) UpdateProfile(c *gin.Context) {
+	userID, _ := middleware.GetUserID(c)
+
+	var req UpdateProfileRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	// 更新用户信息
+	updates := map[string]interface{}{}
+	if req.Nickname != "" {
+		updates["nickname"] = req.Nickname
+	}
+	if req.Avatar != "" {
+		updates["avatar"] = req.Avatar
+	}
+	if req.Bio != "" {
+		updates["bio"] = req.Bio
+	}
+
+	if err := database.DB.Model(&models.User{}).Where("id = ?", userID).Updates(updates).Error; err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to update profile"})
+		return
+	}
+
+	// 返回更新后的用户信息
+	var user models.User
+	database.DB.First(&user, userID)
+
+	c.JSON(http.StatusOK, user)
+}
--- a/server/internal/handlers/comment.go
+++ b/server/internal/handlers/comment.go
@@ -0,0 +1,141 @@
+package handlers
+
+import (
+	"net/http"
+	"strconv"
+
+	"github.com/gin-gonic/gin"
+	"github.com/novablog/server/internal/database"
+	"github.com/novablog/server/internal/middleware"
+	"github.com/novablog/server/internal/models"
+	"gorm.io/gorm"
+)
+
+// CommentHandler 评论处理器
+type CommentHandler struct{}
+
+// NewCommentHandler 创建评论处理器
+func NewCommentHandler() *CommentHandler {
+	return &CommentHandler{}
+}
+
+// CreateCommentRequest 创建评论请求
+type CreateCommentRequest struct {
+	PostID   string `json:"post_id" binding:"required"`
+	ParentID *uint  `json:"parent_id"`
+	Content  string `json:"content" binding:"required,min=1,max=2000"`
+}
+
+// CreateComment 创建评论
+func (h *CommentHandler) CreateComment(c *gin.Context) {
+	userID, _ := middleware.GetUserID(c)
+
+	var req CreateCommentRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	comment := models.Comment{
+		PostID:   req.PostID,
+		UserID:   userID,
+		ParentID: req.ParentID,
+		Content:  req.Content,
+		Status:   "approved", // 默认直接通过，可改为 pending 需审核
+	}
+
+	if err := database.DB.Create(&comment).Error; err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to create comment"})
+		return
+	}
+
+	// 加载用户信息
+	database.DB.Preload("User").First(&comment, comment.ID)
+
+	c.JSON(http.StatusCreated, comment)
+}
+
+// GetComments 获取文章评论列表
+func (h *CommentHandler) GetComments(c *gin.Context) {
+	postID := c.Query("post_id")
+	if postID == "" {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "post_id is required"})
+		return
+	}
+
+	// 分页参数
+	page, _ := strconv.Atoi(c.DefaultQuery("page", "1"))
+	pageSize, _ := strconv.Atoi(c.DefaultQuery("page_size", "20"))
+	if page < 1 {
+		page = 1
+	}
+	if pageSize < 1 || pageSize > 100 {
+		pageSize = 20
+	}
+
+	// 获取顶级评论（非回复）
+	var comments []models.Comment
+	var total int64
+
+	query := database.DB.Model(&models.Comment{}).
+		Where("post_id = ? AND status = ? AND parent_id IS NULL", postID, "approved")
+
+	query.Count(&total)
+
+	if err := query.Preload("User").
+		Preload("Replies.User").
+		Order("created_at DESC").
+		Offset((page - 1) * pageSize).
+		Limit(pageSize).
+		Find(&comments).Error; err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to get comments"})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"data": comments,
+		"pagination": gin.H{
+			"page":       page,
+			"page_size":  pageSize,
+			"total":      total,
+			"total_page": (total + int64(pageSize) - 1) / int64(pageSize),
+		},
+	})
+}
+
+// DeleteComment 删除评论（仅限本人或管理员）
+func (h *CommentHandler) DeleteComment(c *gin.Context) {
+	userID, _ := middleware.GetUserID(c)
+	role, _ := c.Get("role")
+
+	idStr := c.Param("id")
+	id, err := strconv.ParseUint(idStr, 10, 32)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid comment id"})
+		return
+	}
+
+	var comment models.Comment
+	if err := database.DB.First(&comment, id).Error; err != nil {
+		if err == gorm.ErrRecordNotFound {
+			c.JSON(http.StatusNotFound, gin.H{"error": "comment not found"})
+			return
+		}
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "database error"})
+		return
+	}
+
+	// 检查权限：本人或管理员可删除
+	if comment.UserID != userID && role != "admin" {
+		c.JSON(http.StatusForbidden, gin.H{"error": "permission denied"})
+		return
+	}
+
+	// 软删除
+	if err := database.DB.Delete(&comment).Error; err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to delete comment"})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{"message": "comment deleted"})
+}
--- a/server/internal/handlers/like.go
+++ b/server/internal/handlers/like.go
@@ -0,0 +1,169 @@
+package handlers
+
+import (
+	"crypto/sha256"
+	"encoding/hex"
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+	"github.com/novablog/server/internal/database"
+	"github.com/novablog/server/internal/middleware"
+	"github.com/novablog/server/internal/models"
+	"gorm.io/gorm"
+)
+
+// LikeHandler 点赞处理器
+type LikeHandler struct{}
+
+// NewLikeHandler 创建点赞处理器
+func NewLikeHandler() *LikeHandler {
+	return &LikeHandler{}
+}
+
+// LikeRequest 点赞请求
+type LikeRequest struct {
+	PostID string `json:"post_id" binding:"required"`
+}
+
+// LikeResponse 点赞响应
+type LikeResponse struct {
+	Liked    bool `json:"liked"`
+	LikeCount int  `json:"like_count"`
+}
+
+// ToggleLike 切换点赞状态（点赞/取消点赞）
+func (h *LikeHandler) ToggleLike(c *gin.Context) {
+	var req LikeRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	// 获取用户 ID（可选，支持未登录用户）
+	userID, isLoggedIn := middleware.GetUserID(c)
+
+	// 获取访客 IP Hash（用于未登录用户的防刷）
+	ipHash := ""
+	if !isLoggedIn {
+		ip := c.ClientIP()
+		hash := sha256.Sum256([]byte(ip + "novablog-salt")) // 加盐防止反向推导
+		ipHash = hex.EncodeToString(hash[:])[:64]
+	}
+
+	// 检查是否已点赞
+	var existingLike models.Like
+	var err error
+
+	if isLoggedIn {
+		err = database.DB.Where("post_id = ? AND user_id = ?", req.PostID, userID).First(&existingLike).Error
+	} else {
+		err = database.DB.Where("post_id = ? AND ip_hash = ?", req.PostID, ipHash).First(&existingLike).Error
+	}
+
+	liked := false
+	if err == gorm.ErrRecordNotFound {
+		// 未点赞，创建点赞记录
+		like := models.Like{
+			PostID: req.PostID,
+			IPHash: ipHash,
+		}
+		if isLoggedIn {
+			like.UserID = &userID
+		}
+
+		if err := database.DB.Create(&like).Error; err != nil {
+			c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to like"})
+			return
+		}
+		liked = true
+
+		// 更新点赞计数
+		h.updateLikeCount(req.PostID, 1)
+	} else if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "database error"})
+		return
+	} else {
+		// 已点赞，取消点赞
+		if err := database.DB.Delete(&existingLike).Error; err != nil {
+			c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to unlike"})
+			return
+		}
+		liked = false
+
+		// 更新点赞计数
+		h.updateLikeCount(req.PostID, -1)
+	}
+
+	// 获取当前点赞数
+	likeCount := h.getLikeCount(req.PostID)
+
+	c.JSON(http.StatusOK, LikeResponse{
+		Liked:     liked,
+		LikeCount: likeCount,
+	})
+}
+
+// GetLikeStatus 获取点赞状态
+func (h *LikeHandler) GetLikeStatus(c *gin.Context) {
+	postID := c.Query("post_id")
+	if postID == "" {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "post_id is required"})
+		return
+	}
+
+	// 获取用户 ID（可选）
+	userID, isLoggedIn := middleware.GetUserID(c)
+
+	// 获取访客 IP Hash
+	ipHash := ""
+	if !isLoggedIn {
+		ip := c.ClientIP()
+		hash := sha256.Sum256([]byte(ip + "novablog-salt"))
+		ipHash = hex.EncodeToString(hash[:])[:64]
+	}
+
+	// 检查是否已点赞
+	var existingLike models.Like
+	var err error
+
+	if isLoggedIn {
+		err = database.DB.Where("post_id = ? AND user_id = ?", postID, userID).First(&existingLike).Error
+	} else {
+		err = database.DB.Where("post_id = ? AND ip_hash = ?", postID, ipHash).First(&existingLike).Error
+	}
+
+	liked := err == nil
+
+	// 获取点赞数
+	likeCount := h.getLikeCount(postID)
+
+	c.JSON(http.StatusOK, LikeResponse{
+		Liked:     liked,
+		LikeCount: likeCount,
+	})
+}
+
+// updateLikeCount 更新点赞计数
+func (h *LikeHandler) updateLikeCount(postID string, delta int) {
+	var likeCount models.LikeCount
+	result := database.DB.FirstOrCreate(&likeCount, models.LikeCount{PostID: postID})
+	if result.Error != nil {
+		return
+	}
+
+	likeCount.Count += delta
+	if likeCount.Count < 0 {
+		likeCount.Count = 0
+	}
+
+	database.DB.Save(&likeCount)
+}
+
+// getLikeCount 获取点赞数
+func (h *LikeHandler) getLikeCount(postID string) int {
+	var likeCount models.LikeCount
+	if err := database.DB.Where("post_id = ?", postID).First(&likeCount).Error; err != nil {
+		return 0
+	}
+	return likeCount.Count
+}