initial commit

2026-03-01 09:13:24 +08:00
commit 72baa341cc
43 changed files with 12560 additions and 0 deletions
--- a/server/internal/config/config.go
+++ b/server/internal/config/config.go
@@ -0,0 +1,74 @@
+package config
+
+import (
+	"os"
+	"strconv"
+)
+
+// Config 应用配置
+type Config struct {
+	Server   ServerConfig
+	Database DatabaseConfig
+	JWT      JWTConfig
+	CORS     CORSConfig
+}
+
+// ServerConfig 服务器配置
+type ServerConfig struct {
+	Port string
+	Mode string // debug, release, test
+}
+
+// DatabaseConfig 数据库配置
+type DatabaseConfig struct {
+	Path string
+}
+
+// JWTConfig JWT 配置
+type JWTConfig struct {
+	Secret     string
+	ExpireTime int // 过期时间（小时）
+}
+
+// CORSConfig CORS 配置
+type CORSConfig struct {
+	AllowOrigins []string
+}
+
+// Load 从环境变量加载配置
+func Load() *Config {
+	return &Config{
+		Server: ServerConfig{
+			Port: getEnv("SERVER_PORT", "8080"),
+			Mode: getEnv("GIN_MODE", "release"),
+		},
+		Database: DatabaseConfig{
+			Path: getEnv("DB_PATH", "./data/novablog.db"),
+		},
+		JWT: JWTConfig{
+			Secret:     getEnv("JWT_SECRET", "novablog-secret-key-change-in-production"),
+			ExpireTime: getEnvAsInt("JWT_EXPIRE_HOURS", 24*7), // 默认 7 天
+		},
+		CORS: CORSConfig{
+			AllowOrigins: []string{
+				getEnv("CORS_ORIGIN", "http://localhost:4321"),
+			},
+		},
+	}
+}
+
+func getEnv(key, defaultValue string) string {
+	if value := os.Getenv(key); value != "" {
+		return value
+	}
+	return defaultValue
+}
+
+func getEnvAsInt(key string, defaultValue int) int {
+	if value := os.Getenv(key); value != "" {
+		if intValue, err := strconv.Atoi(value); err == nil {
+			return intValue
+		}
+	}
+	return defaultValue
+}
--- a/server/internal/database/database.go
+++ b/server/internal/database/database.go
@@ -0,0 +1,61 @@
+package database
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"github.com/novablog/server/internal/config"
+	"github.com/novablog/server/internal/models"
+	"gorm.io/driver/sqlite"
+	"gorm.io/gorm"
+	"gorm.io/gorm/logger"
+)
+
+var DB *gorm.DB
+
+// Initialize 初始化数据库连接
+func Initialize(cfg *config.Config) error {
+	var err error
+
+	// 确保数据目录存在
+	dbDir := filepath.Dir(cfg.Database.Path)
+	if err := os.MkdirAll(dbDir, 0755); err != nil {
+		return fmt.Errorf("failed to create database directory: %w", err)
+	}
+
+	// 连接 SQLite 数据库
+	DB, err = gorm.Open(sqlite.Open(cfg.Database.Path), &gorm.Config{
+		Logger: logger.Default.LogMode(logger.Info),
+	})
+	if err != nil {
+		return fmt.Errorf("failed to connect database: %w", err)
+	}
+
+	// 自动迁移数据库表
+	if err := autoMigrate(); err != nil {
+		return fmt.Errorf("failed to migrate database: %w", err)
+	}
+
+	return nil
+}
+
+// autoMigrate 自动迁移数据库表结构
+func autoMigrate() error {
+	return DB.AutoMigrate(
+		&models.User{},
+		&models.Comment{},
+		&models.Like{},
+		&models.LikeCount{},
+		&models.PostMeta{},
+	)
+}
+
+// Close 关闭数据库连接
+func Close() error {
+	sqlDB, err := DB.DB()
+	if err != nil {
+		return err
+	}
+	return sqlDB.Close()
+}
--- a/server/internal/handlers/auth.go
+++ b/server/internal/handlers/auth.go
@@ -0,0 +1,195 @@
+package handlers
+
+import (
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+	"github.com/novablog/server/internal/database"
+	"github.com/novablog/server/internal/middleware"
+	"github.com/novablog/server/internal/models"
+	"github.com/novablog/server/internal/utils"
+	"gorm.io/gorm"
+)
+
+// AuthHandler 认证处理器
+type AuthHandler struct {
+	jwtManager *utils.JWTManager
+}
+
+// NewAuthHandler 创建认证处理器
+func NewAuthHandler(jwtManager *utils.JWTManager) *AuthHandler {
+	return &AuthHandler{
+		jwtManager: jwtManager,
+	}
+}
+
+// RegisterRequest 注册请求
+type RegisterRequest struct {
+	Username string `json:"username" binding:"required,min=3,max=50"`
+	Email    string `json:"email" binding:"required,email"`
+	Password string `json:"password" binding:"required,min=6,max=50"`
+	Nickname string `json:"nickname"`
+}
+
+// LoginRequest 登录请求
+type LoginRequest struct {
+	Username string `json:"username" binding:"required"`
+	Password string `json:"password" binding:"required"`
+}
+
+// AuthResponse 认证响应
+type AuthResponse struct {
+	Token string      `json:"token"`
+	User  models.User `json:"user"`
+}
+
+// Register 用户注册
+func (h *AuthHandler) Register(c *gin.Context) {
+	var req RegisterRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	// 检查用户名是否已存在
+	var existingUser models.User
+	if err := database.DB.Where("username = ?", req.Username).First(&existingUser).Error; err == nil {
+		c.JSON(http.StatusConflict, gin.H{"error": "username already exists"})
+		return
+	}
+
+	// 检查邮箱是否已存在
+	if err := database.DB.Where("email = ?", req.Email).First(&existingUser).Error; err == nil {
+		c.JSON(http.StatusConflict, gin.H{"error": "email already exists"})
+		return
+	}
+
+	// 哈希密码
+	hashedPassword, err := utils.HashPassword(req.Password)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to hash password"})
+		return
+	}
+
+	// 创建用户
+	user := models.User{
+		Username: req.Username,
+		Email:    req.Email,
+		Password: hashedPassword,
+		Nickname: req.Nickname,
+		Role:     "user",
+	}
+
+	if err := database.DB.Create(&user).Error; err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to create user"})
+		return
+	}
+
+	// 生成 Token
+	token, err := h.jwtManager.GenerateToken(user.ID, user.Username, user.Role)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate token"})
+		return
+	}
+
+	c.JSON(http.StatusCreated, AuthResponse{
+		Token: token,
+		User:  user,
+	})
+}
+
+// Login 用户登录
+func (h *AuthHandler) Login(c *gin.Context) {
+	var req LoginRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	// 查找用户（支持用户名或邮箱登录）
+	var user models.User
+	if err := database.DB.Where("username = ? OR email = ?", req.Username, req.Username).First(&user).Error; err != nil {
+		if err == gorm.ErrRecordNotFound {
+			c.JSON(http.StatusUnauthorized, gin.H{"error": "invalid credentials"})
+			return
+		}
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "database error"})
+		return
+	}
+
+	// 验证密码
+	if !utils.CheckPassword(req.Password, user.Password) {
+		c.JSON(http.StatusUnauthorized, gin.H{"error": "invalid credentials"})
+		return
+	}
+
+	// 生成 Token
+	token, err := h.jwtManager.GenerateToken(user.ID, user.Username, user.Role)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate token"})
+		return
+	}
+
+	c.JSON(http.StatusOK, AuthResponse{
+		Token: token,
+		User:  user,
+	})
+}
+
+// GetProfile 获取当前用户信息
+func (h *AuthHandler) GetProfile(c *gin.Context) {
+	userID, _ := middleware.GetUserID(c)
+
+	var user models.User
+	if err := database.DB.First(&user, userID).Error; err != nil {
+		if err == gorm.ErrRecordNotFound {
+			c.JSON(http.StatusNotFound, gin.H{"error": "user not found"})
+			return
+		}
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "database error"})
+		return
+	}
+
+	c.JSON(http.StatusOK, user)
+}
+
+// UpdateProfileRequest 更新用户信息请求
+type UpdateProfileRequest struct {
+	Nickname string `json:"nickname"`
+	Avatar   string `json:"avatar"`
+	Bio      string `json:"bio"`
+}
+
+// UpdateProfile 更新用户信息
+func (h *AuthHandler) UpdateProfile(c *gin.Context) {
+	userID, _ := middleware.GetUserID(c)
+
+	var req UpdateProfileRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	// 更新用户信息
+	updates := map[string]interface{}{}
+	if req.Nickname != "" {
+		updates["nickname"] = req.Nickname
+	}
+	if req.Avatar != "" {
+		updates["avatar"] = req.Avatar
+	}
+	if req.Bio != "" {
+		updates["bio"] = req.Bio
+	}
+
+	if err := database.DB.Model(&models.User{}).Where("id = ?", userID).Updates(updates).Error; err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to update profile"})
+		return
+	}
+
+	// 返回更新后的用户信息
+	var user models.User
+	database.DB.First(&user, userID)
+
+	c.JSON(http.StatusOK, user)
+}
--- a/server/internal/handlers/comment.go
+++ b/server/internal/handlers/comment.go
@@ -0,0 +1,141 @@
+package handlers
+
+import (
+	"net/http"
+	"strconv"
+
+	"github.com/gin-gonic/gin"
+	"github.com/novablog/server/internal/database"
+	"github.com/novablog/server/internal/middleware"
+	"github.com/novablog/server/internal/models"
+	"gorm.io/gorm"
+)
+
+// CommentHandler 评论处理器
+type CommentHandler struct{}
+
+// NewCommentHandler 创建评论处理器
+func NewCommentHandler() *CommentHandler {
+	return &CommentHandler{}
+}
+
+// CreateCommentRequest 创建评论请求
+type CreateCommentRequest struct {
+	PostID   string `json:"post_id" binding:"required"`
+	ParentID *uint  `json:"parent_id"`
+	Content  string `json:"content" binding:"required,min=1,max=2000"`
+}
+
+// CreateComment 创建评论
+func (h *CommentHandler) CreateComment(c *gin.Context) {
+	userID, _ := middleware.GetUserID(c)
+
+	var req CreateCommentRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	comment := models.Comment{
+		PostID:   req.PostID,
+		UserID:   userID,
+		ParentID: req.ParentID,
+		Content:  req.Content,
+		Status:   "approved", // 默认直接通过，可改为 pending 需审核
+	}
+
+	if err := database.DB.Create(&comment).Error; err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to create comment"})
+		return
+	}
+
+	// 加载用户信息
+	database.DB.Preload("User").First(&comment, comment.ID)
+
+	c.JSON(http.StatusCreated, comment)
+}
+
+// GetComments 获取文章评论列表
+func (h *CommentHandler) GetComments(c *gin.Context) {
+	postID := c.Query("post_id")
+	if postID == "" {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "post_id is required"})
+		return
+	}
+
+	// 分页参数
+	page, _ := strconv.Atoi(c.DefaultQuery("page", "1"))
+	pageSize, _ := strconv.Atoi(c.DefaultQuery("page_size", "20"))
+	if page < 1 {
+		page = 1
+	}
+	if pageSize < 1 || pageSize > 100 {
+		pageSize = 20
+	}
+
+	// 获取顶级评论（非回复）
+	var comments []models.Comment
+	var total int64
+
+	query := database.DB.Model(&models.Comment{}).
+		Where("post_id = ? AND status = ? AND parent_id IS NULL", postID, "approved")
+
+	query.Count(&total)
+
+	if err := query.Preload("User").
+		Preload("Replies.User").
+		Order("created_at DESC").
+		Offset((page - 1) * pageSize).
+		Limit(pageSize).
+		Find(&comments).Error; err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to get comments"})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"data": comments,
+		"pagination": gin.H{
+			"page":       page,
+			"page_size":  pageSize,
+			"total":      total,
+			"total_page": (total + int64(pageSize) - 1) / int64(pageSize),
+		},
+	})
+}
+
+// DeleteComment 删除评论（仅限本人或管理员）
+func (h *CommentHandler) DeleteComment(c *gin.Context) {
+	userID, _ := middleware.GetUserID(c)
+	role, _ := c.Get("role")
+
+	idStr := c.Param("id")
+	id, err := strconv.ParseUint(idStr, 10, 32)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid comment id"})
+		return
+	}
+
+	var comment models.Comment
+	if err := database.DB.First(&comment, id).Error; err != nil {
+		if err == gorm.ErrRecordNotFound {
+			c.JSON(http.StatusNotFound, gin.H{"error": "comment not found"})
+			return
+		}
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "database error"})
+		return
+	}
+
+	// 检查权限：本人或管理员可删除
+	if comment.UserID != userID && role != "admin" {
+		c.JSON(http.StatusForbidden, gin.H{"error": "permission denied"})
+		return
+	}
+
+	// 软删除
+	if err := database.DB.Delete(&comment).Error; err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to delete comment"})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{"message": "comment deleted"})
+}
--- a/server/internal/handlers/like.go
+++ b/server/internal/handlers/like.go
@@ -0,0 +1,169 @@
+package handlers
+
+import (
+	"crypto/sha256"
+	"encoding/hex"
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+	"github.com/novablog/server/internal/database"
+	"github.com/novablog/server/internal/middleware"
+	"github.com/novablog/server/internal/models"
+	"gorm.io/gorm"
+)
+
+// LikeHandler 点赞处理器
+type LikeHandler struct{}
+
+// NewLikeHandler 创建点赞处理器
+func NewLikeHandler() *LikeHandler {
+	return &LikeHandler{}
+}
+
+// LikeRequest 点赞请求
+type LikeRequest struct {
+	PostID string `json:"post_id" binding:"required"`
+}
+
+// LikeResponse 点赞响应
+type LikeResponse struct {
+	Liked    bool `json:"liked"`
+	LikeCount int  `json:"like_count"`
+}
+
+// ToggleLike 切换点赞状态（点赞/取消点赞）
+func (h *LikeHandler) ToggleLike(c *gin.Context) {
+	var req LikeRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	// 获取用户 ID（可选，支持未登录用户）
+	userID, isLoggedIn := middleware.GetUserID(c)
+
+	// 获取访客 IP Hash（用于未登录用户的防刷）
+	ipHash := ""
+	if !isLoggedIn {
+		ip := c.ClientIP()
+		hash := sha256.Sum256([]byte(ip + "novablog-salt")) // 加盐防止反向推导
+		ipHash = hex.EncodeToString(hash[:])[:64]
+	}
+
+	// 检查是否已点赞
+	var existingLike models.Like
+	var err error
+
+	if isLoggedIn {
+		err = database.DB.Where("post_id = ? AND user_id = ?", req.PostID, userID).First(&existingLike).Error
+	} else {
+		err = database.DB.Where("post_id = ? AND ip_hash = ?", req.PostID, ipHash).First(&existingLike).Error
+	}
+
+	liked := false
+	if err == gorm.ErrRecordNotFound {
+		// 未点赞，创建点赞记录
+		like := models.Like{
+			PostID: req.PostID,
+			IPHash: ipHash,
+		}
+		if isLoggedIn {
+			like.UserID = &userID
+		}
+
+		if err := database.DB.Create(&like).Error; err != nil {
+			c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to like"})
+			return
+		}
+		liked = true
+
+		// 更新点赞计数
+		h.updateLikeCount(req.PostID, 1)
+	} else if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "database error"})
+		return
+	} else {
+		// 已点赞，取消点赞
+		if err := database.DB.Delete(&existingLike).Error; err != nil {
+			c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to unlike"})
+			return
+		}
+		liked = false
+
+		// 更新点赞计数
+		h.updateLikeCount(req.PostID, -1)
+	}
+
+	// 获取当前点赞数
+	likeCount := h.getLikeCount(req.PostID)
+
+	c.JSON(http.StatusOK, LikeResponse{
+		Liked:     liked,
+		LikeCount: likeCount,
+	})
+}
+
+// GetLikeStatus 获取点赞状态
+func (h *LikeHandler) GetLikeStatus(c *gin.Context) {
+	postID := c.Query("post_id")
+	if postID == "" {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "post_id is required"})
+		return
+	}
+
+	// 获取用户 ID（可选）
+	userID, isLoggedIn := middleware.GetUserID(c)
+
+	// 获取访客 IP Hash
+	ipHash := ""
+	if !isLoggedIn {
+		ip := c.ClientIP()
+		hash := sha256.Sum256([]byte(ip + "novablog-salt"))
+		ipHash = hex.EncodeToString(hash[:])[:64]
+	}
+
+	// 检查是否已点赞
+	var existingLike models.Like
+	var err error
+
+	if isLoggedIn {
+		err = database.DB.Where("post_id = ? AND user_id = ?", postID, userID).First(&existingLike).Error
+	} else {
+		err = database.DB.Where("post_id = ? AND ip_hash = ?", postID, ipHash).First(&existingLike).Error
+	}
+
+	liked := err == nil
+
+	// 获取点赞数
+	likeCount := h.getLikeCount(postID)
+
+	c.JSON(http.StatusOK, LikeResponse{
+		Liked:     liked,
+		LikeCount: likeCount,
+	})
+}
+
+// updateLikeCount 更新点赞计数
+func (h *LikeHandler) updateLikeCount(postID string, delta int) {
+	var likeCount models.LikeCount
+	result := database.DB.FirstOrCreate(&likeCount, models.LikeCount{PostID: postID})
+	if result.Error != nil {
+		return
+	}
+
+	likeCount.Count += delta
+	if likeCount.Count < 0 {
+		likeCount.Count = 0
+	}
+
+	database.DB.Save(&likeCount)
+}
+
+// getLikeCount 获取点赞数
+func (h *LikeHandler) getLikeCount(postID string) int {
+	var likeCount models.LikeCount
+	if err := database.DB.Where("post_id = ?", postID).First(&likeCount).Error; err != nil {
+		return 0
+	}
+	return likeCount.Count
+}
--- a/server/internal/middleware/auth.go
+++ b/server/internal/middleware/auth.go
@@ -0,0 +1,86 @@
+package middleware
+
+import (
+	"net/http"
+	"strings"
+
+	"github.com/gin-gonic/gin"
+	"github.com/novablog/server/internal/utils"
+)
+
+// AuthMiddleware JWT 认证中间件
+func AuthMiddleware(jwtManager *utils.JWTManager) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		// 从 Header 获取 Token
+		authHeader := c.GetHeader("Authorization")
+		if authHeader == "" {
+			c.JSON(http.StatusUnauthorized, gin.H{
+				"error": "authorization header is required",
+			})
+			c.Abort()
+			return
+		}
+
+		// 解析 Bearer Token
+		parts := strings.SplitN(authHeader, " ", 2)
+		if len(parts) != 2 || parts[0] != "Bearer" {
+			c.JSON(http.StatusUnauthorized, gin.H{
+				"error": "invalid authorization header format",
+			})
+			c.Abort()
+			return
+		}
+
+		tokenString := parts[1]
+
+		// 验证 Token
+		claims, err := jwtManager.ParseToken(tokenString)
+		if err != nil {
+			c.JSON(http.StatusUnauthorized, gin.H{
+				"error": err.Error(),
+			})
+			c.Abort()
+			return
+		}
+
+		// 将用户信息存入上下文
+		c.Set("userID", claims.UserID)
+		c.Set("username", claims.Username)
+		c.Set("role", claims.Role)
+
+		c.Next()
+	}
+}
+
+// AdminMiddleware 管理员权限中间件
+func AdminMiddleware() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		role, exists := c.Get("role")
+		if !exists || role != "admin" {
+			c.JSON(http.StatusForbidden, gin.H{
+				"error": "admin permission required",
+			})
+			c.Abort()
+			return
+		}
+		c.Next()
+	}
+}
+
+// GetUserID 从上下文获取用户 ID
+func GetUserID(c *gin.Context) (uint, bool) {
+	userID, exists := c.Get("userID")
+	if !exists {
+		return 0, false
+	}
+	return userID.(uint), true
+}
+
+// GetUsername 从上下文获取用户名
+func GetUsername(c *gin.Context) (string, bool) {
+	username, exists := c.Get("username")
+	if !exists {
+		return "", false
+	}
+	return username.(string), true
+}
--- a/server/internal/models/models.go
+++ b/server/internal/models/models.go
@@ -0,0 +1,64 @@
+package models
+
+import (
+	"time"
+
+	"gorm.io/gorm"
+)
+
+// User 用户模型
+type User struct {
+	ID        uint           `json:"id" gorm:"primaryKey"`
+	CreatedAt time.Time      `json:"created_at"`
+	UpdatedAt time.Time      `json:"updated_at"`
+	DeletedAt gorm.DeletedAt `json:"-" gorm:"index"`
+	Username  string         `json:"username" gorm:"uniqueIndex;size:50;not null"`
+	Email     string         `json:"email" gorm:"uniqueIndex;size:100;not null"`
+	Password  string         `json:"-" gorm:"size:255;not null"` // 不返回给前端
+	Nickname  string         `json:"nickname" gorm:"size:50"`
+	Avatar    string         `json:"avatar" gorm:"size:255"`
+	Role      string         `json:"role" gorm:"size:20;default:'user'"` // admin, user
+	Bio       string         `json:"bio" gorm:"size:500"`
+	Comments  []Comment      `json:"-" gorm:"foreignKey:UserID"`
+	Likes     []Like         `json:"-" gorm:"foreignKey:UserID"`
+}
+
+// Comment 评论模型
+type Comment struct {
+	ID        uint           `json:"id" gorm:"primaryKey"`
+	CreatedAt time.Time      `json:"created_at"`
+	UpdatedAt time.Time      `json:"updated_at"`
+	DeletedAt gorm.DeletedAt `json:"-" gorm:"index"`
+	PostID    string         `json:"post_id" gorm:"index;size:100;not null"` // 文章 ID（slug）
+	UserID    uint           `json:"user_id" gorm:"index;not null"`
+	ParentID  *uint          `json:"parent_id" gorm:"index"` // 父评论 ID（用于嵌套回复）
+	Content   string         `json:"content" gorm:"type:text;not null"`
+	Status    string         `json:"status" gorm:"size:20;default:'approved'"` // pending, approved, spam
+	User      User           `json:"user" gorm:"foreignKey:UserID"`
+	Replies   []Comment      `json:"replies,omitempty" gorm:"foreignKey:ParentID"`
+}
+
+// Like 点赞模型
+type Like struct {
+	ID        uint      `json:"id" gorm:"primaryKey"`
+	CreatedAt time.Time `json:"created_at"`
+	PostID    string    `json:"post_id" gorm:"uniqueIndex:idx_post_user;size:100;not null"` // 文章 ID
+	UserID    *uint     `json:"user_id" gorm:"uniqueIndex:idx_post_user;index"`             // 登录用户 ID
+	IPHash    string    `json:"-" gorm:"uniqueIndex:idx_post_ip;size:64"`                   // 访客 IP Hash
+}
+
+// LikeCount 文章点赞计数（缓存表）
+type LikeCount struct {
+	PostID string `json:"post_id" gorm:"primaryKey;size:100"`
+	Count  int    `json:"count" gorm:"default:0"`
+}
+
+// PostMeta 文章元数据（可选，用于存储文章额外信息）
+type PostMeta struct {
+	ID         uint      `json:"id" gorm:"primaryKey"`
+	PostID     string    `json:"post_id" gorm:"uniqueIndex;size:100;not null"`
+	ViewCount  int       `json:"view_count" gorm:"default:0"`
+	LikeCount  int       `json:"like_count" gorm:"default:0"`
+	CreatedAt  time.Time `json:"created_at"`
+	UpdatedAt  time.Time `json:"updated_at"`
+}
--- a/server/internal/utils/jwt.go
+++ b/server/internal/utils/jwt.go
@@ -0,0 +1,80 @@
+package utils
+
+import (
+	"errors"
+	"time"
+
+	"github.com/golang-jwt/jwt/v5"
+)
+
+var (
+	ErrInvalidToken = errors.New("invalid token")
+	ErrExpiredToken = errors.New("token has expired")
+)
+
+// Claims JWT 声明
+type Claims struct {
+	UserID   uint   `json:"user_id"`
+	Username string `json:"username"`
+	Role     string `json:"role"`
+	jwt.RegisteredClaims
+}
+
+// JWTConfig JWT 配置
+type JWTConfig struct {
+	Secret     string
+	ExpireTime int // 过期时间（小时）
+}
+
+// JWTManager JWT 管理器
+type JWTManager struct {
+	config JWTConfig
+}
+
+// NewJWTManager 创建 JWT 管理器
+func NewJWTManager(secret string, expireTime int) *JWTManager {
+	return &JWTManager{
+		config: JWTConfig{
+			Secret:     secret,
+			ExpireTime: expireTime,
+		},
+	}
+}
+
+// GenerateToken 生成 JWT Token
+func (m *JWTManager) GenerateToken(userID uint, username, role string) (string, error) {
+	claims := &Claims{
+		UserID:   userID,
+		Username: username,
+		Role:     role,
+		RegisteredClaims: jwt.RegisteredClaims{
+			ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Duration(m.config.ExpireTime) * time.Hour)),
+			IssuedAt:  jwt.NewNumericDate(time.Now()),
+			NotBefore: jwt.NewNumericDate(time.Now()),
+			Issuer:    "novablog",
+		},
+	}
+
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+	return token.SignedString([]byte(m.config.Secret))
+}
+
+// ParseToken 解析 JWT Token
+func (m *JWTManager) ParseToken(tokenString string) (*Claims, error) {
+	token, err := jwt.ParseWithClaims(tokenString, &Claims{}, func(token *jwt.Token) (interface{}, error) {
+		return []byte(m.config.Secret), nil
+	})
+
+	if err != nil {
+		if errors.Is(err, jwt.ErrTokenExpired) {
+			return nil, ErrExpiredToken
+		}
+		return nil, ErrInvalidToken
+	}
+
+	if claims, ok := token.Claims.(*Claims); ok && token.Valid {
+		return claims, nil
+	}
+
+	return nil, ErrInvalidToken
+}
--- a/server/internal/utils/password.go
+++ b/server/internal/utils/password.go
@@ -0,0 +1,20 @@
+package utils
+
+import (
+	"golang.org/x/crypto/bcrypt"
+)
+
+// HashPassword 对密码进行哈希
+func HashPassword(password string) (string, error) {
+	bytes, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
+	if err != nil {
+		return "", err
+	}
+	return string(bytes), nil
+}
+
+// CheckPassword 验证密码
+func CheckPassword(password, hash string) bool {
+	err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
+	return err == nil
+}