v3_1

2025-04-01 17:57:35 +08:00
parent 7857015405
commit a5caa734c3
36 changed files with 1503 additions and 318 deletions
--- a/internal/erpserver/biz/v1/system/department.go
+++ b/internal/erpserver/biz/v1/system/department.go
@@ -3,19 +3,23 @@ package system
 import (
 	"context"
 	"encoding/json"
+	"errors"
+	"fmt"
 	"strconv"
 	"time"

 	"management/internal/db/model/dto"
 	db "management/internal/db/sqlc"
+	"management/internal/erpserver/model/form"
 	"management/internal/erpserver/model/view"
+	"management/internal/pkg/convertor"
 	"management/internal/pkg/know"
 	"management/internal/pkg/redis"
 )

 type DepartmentBiz interface {
-	Create(ctx context.Context, arg *db.CreateSysDepartmentParams) (*db.SysDepartment, error)
-	Update(ctx context.Context, arg *db.UpdateSysDepartmentParams) (*db.SysDepartment, error)
+	Create(ctx context.Context, req *form.Department) error
+	Update(ctx context.Context, req *form.Department) error
 	All(ctx context.Context) ([]*db.SysDepartment, error)
 	List(ctx context.Context, q dto.SearchDto) ([]*db.SysDepartment, int64, error)
 	Get(ctx context.Context, id int32) (*db.SysDepartment, error)
@@ -96,12 +100,79 @@ func (b *departmentBiz) Get(ctx context.Context, id int32) (*db.SysDepartment, e
 	return b.store.GetSysDepartment(ctx, id)
 }

-func (b *departmentBiz) Create(ctx context.Context, arg *db.CreateSysDepartmentParams) (*db.SysDepartment, error) {
-	return b.store.CreateSysDepartment(ctx, arg)
+func (b *departmentBiz) Create(ctx context.Context, req *form.Department) error {
+	parent := &db.SysDepartment{
+		ID:         0,
+		ParentID:   0,
+		ParentPath: ",0,",
+	}
+	if *req.ParentID > 0 {
+		var err error
+		parent, err = b.store.GetSysDepartment(ctx, *req.ParentID)
+		if err != nil {
+			return errors.New("父级节点错误")
+		}
+	}
+
+	var order int32 = 6666
+	if *req.Sort > 0 {
+		order = *req.Sort
+	}
+
+	arg := &db.CreateSysDepartmentParams{
+		Name:       req.Name,
+		ParentID:   parent.ID,
+		ParentPath: convertor.HandleParentPath(fmt.Sprintf("%s,%d,", parent.ParentPath, parent.ID)),
+		Status:     *req.Status,
+		Sort:       order,
+		CreatedAt:  time.Now(),
+		UpdatedAt:  time.Now(),
+	}
+	_, err := b.store.CreateSysDepartment(ctx, arg)
+	if err != nil {
+		if db.IsUniqueViolation(err) {
+			return errors.New("部门已存在")
+		}
+		return err
+	}
+	return nil
 }

-func (b *departmentBiz) Update(ctx context.Context, arg *db.UpdateSysDepartmentParams) (*db.SysDepartment, error) {
-	return b.store.UpdateSysDepartment(ctx, arg)
+func (b *departmentBiz) Update(ctx context.Context, req *form.Department) error {
+	parent := &db.SysDepartment{
+		ID:         0,
+		ParentID:   0,
+		ParentPath: ",0,",
+	}
+	if *req.ParentID > 0 {
+		var err error
+		parent, err = b.store.GetSysDepartment(ctx, *req.ParentID)
+		if err != nil {
+			return errors.New("父级节点错误")
+		}
+	}
+
+	depart, err := b.store.GetSysDepartment(ctx, *req.ID)
+	if err != nil {
+		return err
+	}
+
+	var order int32 = 6666
+	if *req.Sort > 0 {
+		order = *req.Sort
+	}
+
+	arg := &db.UpdateSysDepartmentParams{
+		ID:         depart.ID,
+		Name:       req.Name,
+		ParentID:   parent.ID,
+		ParentPath: convertor.HandleParentPath(fmt.Sprintf("%s,%d,", parent.ParentPath, parent.ID)),
+		Status:     *req.Status,
+		Sort:       order,
+		UpdatedAt:  time.Now(),
+	}
+	_, err = b.store.UpdateSysDepartment(ctx, arg)
+	return err
 }

 func (b *departmentBiz) Refresh(ctx context.Context) ([]*db.SysDepartment, error) {
--- a/internal/erpserver/biz/v1/system/role.go
+++ b/internal/erpserver/biz/v1/system/role.go
@@ -3,19 +3,24 @@ package system
 import (
 	"context"
 	"encoding/json"
+	"errors"
+	"fmt"
 	"strconv"
 	"time"

 	"management/internal/db/model/dto"
 	db "management/internal/db/sqlc"
+	"management/internal/erpserver/model/form"
 	"management/internal/erpserver/model/view"
+	"management/internal/pkg/convertor"
 	"management/internal/pkg/know"
 	"management/internal/pkg/redis"
 )

 type RoleBiz interface {
-	Create(ctx context.Context, arg *db.CreateSysRoleParams) (*db.SysRole, error)
-	Update(ctx context.Context, arg *db.UpdateSysRoleParams) (*db.SysRole, error)
+	Create(ctx context.Context, req *form.Role) error
+	Update(ctx context.Context, req *form.Role) error
+	CreateOrUpdate(ctx context.Context, req *form.Role) error
 	All(ctx context.Context) ([]*db.SysRole, error)
 	List(ctx context.Context, q dto.SearchDto) ([]*db.SysRole, int64, error)
 	Get(ctx context.Context, id int32) (*db.SysRole, error)
@@ -44,12 +49,140 @@ func NewRole(store db.Store, redis redis.IRedis) *roleBiz {
 	}
 }

-func (b *roleBiz) Create(ctx context.Context, arg *db.CreateSysRoleParams) (*db.SysRole, error) {
-	return b.store.CreateSysRole(ctx, arg)
+func (b *roleBiz) Create(ctx context.Context, req *form.Role) error {
+	parent := &db.SysRole{
+		ID:         0,
+		ParentID:   0,
+		ParentPath: ",0,",
+	}
+	if *req.ParentID > 0 {
+		var err error
+		parent, err = b.store.GetSysRole(ctx, *req.ParentID)
+		if err != nil {
+			return errors.New("父级节点错误")
+		}
+	}
+
+	var order int32 = 6666
+	if *req.Sort > 0 {
+		order = *req.Sort
+	}
+
+	arg := &db.CreateSysRoleParams{
+		Name:        req.Name,
+		DisplayName: req.DisplayName,
+		Vip:         false,
+		ParentID:    parent.ID,
+		ParentPath:  convertor.HandleParentPath(fmt.Sprintf("%s,%d,", parent.ParentPath, parent.ID)),
+		Status:      *req.Status,
+		Sort:        order,
+		CreatedAt:   time.Now(),
+		UpdatedAt:   time.Now(),
+	}
+	_, err := b.store.CreateSysRole(ctx, arg)
+	if err != nil {
+		if db.IsUniqueViolation(err) {
+			return errors.New("角色名称已存在")
+		}
+		return err
+	}
+	return nil
 }

-func (b *roleBiz) Update(ctx context.Context, arg *db.UpdateSysRoleParams) (*db.SysRole, error) {
-	return b.store.UpdateSysRole(ctx, arg)
+func (b *roleBiz) Update(ctx context.Context, req *form.Role) error {
+	parent := &db.SysRole{
+		ID:         0,
+		ParentID:   0,
+		ParentPath: ",0,",
+	}
+	if *req.ParentID > 0 {
+		var err error
+		parent, err = b.store.GetSysRole(ctx, *req.ParentID)
+		if err != nil {
+			return errors.New("父级节点错误")
+		}
+	}
+
+	role, err := b.store.GetSysRole(ctx, *req.ID)
+	if err != nil {
+		return err
+	}
+
+	var order int32 = 6666
+	if *req.Sort > 0 {
+		order = *req.Sort
+	}
+
+	arg := &db.UpdateSysRoleParams{
+		ID:          role.ID,
+		DisplayName: req.DisplayName,
+		Status:      *req.Status,
+		ParentID:    parent.ID,
+		ParentPath:  convertor.HandleParentPath(fmt.Sprintf("%s,%d,", parent.ParentPath, parent.ID)),
+		Sort:        order,
+		UpdatedAt:   time.Now(),
+	}
+	_, err = b.store.UpdateSysRole(ctx, arg)
+	return err
+}
+
+func (b *roleBiz) CreateOrUpdate(ctx context.Context, req *form.Role) error {
+	parent := &db.SysRole{
+		ID:         0,
+		ParentID:   0,
+		ParentPath: ",0,",
+	}
+	if *req.ParentID > 0 {
+		var err error
+		parent, err = b.store.GetSysRole(ctx, *req.ParentID)
+		if err != nil {
+			return errors.New("父级节点错误")
+		}
+	}
+
+	var order int32 = 6666
+	if *req.Sort > 0 {
+		order = *req.Sort
+	}
+
+	if *req.ID > 0 {
+		role, err := b.store.GetSysRole(ctx, *req.ID)
+		if err != nil {
+			return err
+		}
+
+		arg := &db.UpdateSysRoleParams{
+			ID:          role.ID,
+			DisplayName: req.DisplayName,
+			Status:      *req.Status,
+			ParentID:    parent.ID,
+			ParentPath:  convertor.HandleParentPath(fmt.Sprintf("%s,%d,", parent.ParentPath, parent.ID)),
+			Sort:        order,
+			UpdatedAt:   time.Now(),
+		}
+		_, err = b.store.UpdateSysRole(ctx, arg)
+		return err
+	} else {
+		arg := &db.CreateSysRoleParams{
+			Name:        req.Name,
+			DisplayName: req.DisplayName,
+			Vip:         false,
+			ParentID:    parent.ID,
+			ParentPath:  convertor.HandleParentPath(fmt.Sprintf("%s,%d,", parent.ParentPath, parent.ID)),
+			Status:      *req.Status,
+			Sort:        order,
+			CreatedAt:   time.Now(),
+			UpdatedAt:   time.Now(),
+		}
+		_, err := b.store.CreateSysRole(ctx, arg)
+		if err != nil {
+			if db.IsUniqueViolation(err) {
+				return errors.New("角色名称已存在")
+			}
+			return err
+		}
+		return nil
+	}
 }

 func (b *roleBiz) All(ctx context.Context) ([]*db.SysRole, error) {
--- a/internal/erpserver/biz/v1/system/user.go
+++ b/internal/erpserver/biz/v1/system/user.go
@@ -9,17 +9,20 @@ import (

 	"management/internal/db/model/dto"
 	db "management/internal/db/sqlc"
-	"management/internal/erpserver/model/req"
+	"management/internal/erpserver/model/form"
 	"management/internal/erpserver/model/view"
 	"management/internal/pkg/crypto"
 	"management/internal/pkg/know"
+	"management/internal/pkg/rand"
 	"management/internal/pkg/session"
+
+	"github.com/google/uuid"
 )

 // UserBiz 定义处理用户请求所需的方法.
 type UserBiz interface {
-	Create(ctx context.Context, req *db.CreateSysUserParams) (*db.SysUser, error)
-	Update(ctx context.Context, req *db.UpdateSysUserParams) (*db.SysUser, error)
+	Create(ctx context.Context, req *form.User) error
+	Update(ctx context.Context, req *form.User) error
 	All(ctx context.Context) ([]*db.SysUser, error)
 	List(ctx context.Context, q dto.SearchDto) ([]*db.ListSysUserConditionRow, int64, error)
 	Get(ctx context.Context, id int32) (*db.SysUser, error)
@@ -31,7 +34,7 @@ type UserBiz interface {

 // UserExpansion 定义用户操作的扩展方法.
 type UserExpansion interface {
-	Login(ctx context.Context, req *req.Login) error
+	Login(ctx context.Context, req *form.Login) error
 }

 // userBiz 是 UserBiz 接口的实现.
@@ -50,12 +53,75 @@ func NewUser(store db.Store, session session.ISession) *userBiz {
 	}
 }

-func (b *userBiz) Create(ctx context.Context, req *db.CreateSysUserParams) (*db.SysUser, error) {
-	return b.store.CreateSysUser(ctx, req)
+func (b *userBiz) Create(ctx context.Context, req *form.User) error {
+	salt, err := rand.String(10)
+	if err != nil {
+		return err
+	}
+
+	hashedPassword, err := crypto.BcryptHashPassword(req.Password + salt)
+	if err != nil {
+		return err
+	}
+
+	initTime, err := time.ParseInLocation(time.DateTime, "0001-01-01 00:00:00", time.Local)
+	if err != nil {
+		return err
+	}
+
+	arg := &db.CreateSysUserParams{
+		Uuid:             uuid.Must(uuid.NewV7()),
+		Email:            req.Email,
+		Username:         req.Username,
+		HashedPassword:   hashedPassword,
+		Salt:             salt,
+		Avatar:           req.Avatar,
+		Gender:           req.Gender,
+		DepartmentID:     req.DepartmentID,
+		RoleID:           req.RoleID,
+		Status:           *req.Status,
+		ChangePasswordAt: initTime,
+		CreatedAt:        time.Now(),
+		UpdatedAt:        time.Now(),
+	}
+	_, err = b.store.CreateSysUser(ctx, arg)
+	if err != nil {
+		if db.IsUniqueViolation(err) {
+			return errors.New("用户已经存在")
+		}
+		return err
+	}
+	return nil
 }

-func (b *userBiz) Update(ctx context.Context, req *db.UpdateSysUserParams) (*db.SysUser, error) {
-	return b.store.UpdateSysUser(ctx, req)
+func (b *userBiz) Update(ctx context.Context, req *form.User) error {
+	user, err := b.store.GetSysUser(ctx, *req.ID)
+	if err != nil {
+		return err
+	}
+
+	arg := &db.UpdateSysUserParams{
+		ID:               user.ID,
+		Username:         req.Username,
+		HashedPassword:   user.HashedPassword,
+		Avatar:           req.Avatar,
+		Gender:           req.Gender,
+		DepartmentID:     req.DepartmentID,
+		RoleID:           req.RoleID,
+		Status:           *req.Status,
+		ChangePasswordAt: user.ChangePasswordAt,
+		UpdatedAt:        time.Now(),
+	}
+	if req.ChangePassword == "on" {
+		hashedPassword, err := crypto.BcryptHashPassword(req.Password + user.Salt)
+		if err != nil {
+			return err
+		}
+		arg.HashedPassword = hashedPassword
+		arg.ChangePasswordAt = time.Now()
+	}
+	_, err = b.store.UpdateSysUser(ctx, arg)
+	return err
 }

 func (b *userBiz) All(ctx context.Context) ([]*db.SysUser, error) {
@@ -112,7 +178,7 @@ func (b *userBiz) XmSelect(ctx context.Context) ([]*view.XmSelect, error) {
 	return res, nil
 }

-func (b *userBiz) Login(ctx context.Context, req *req.Login) error {
+func (b *userBiz) Login(ctx context.Context, req *form.Login) error {
 	log := &db.CreateSysUserLoginLogParams{
 		CreatedAt:  time.Now(),
 		Email:      req.Email,
--- a/internal/erpserver/handler/system/department.go
+++ b/internal/erpserver/handler/system/department.go
@@ -1,13 +1,13 @@
 package system

 import (
-	"fmt"
 	"net/http"
-	"time"

 	"management/internal/db/model/dto"
 	db "management/internal/db/sqlc"
 	"management/internal/erpserver/biz"
+	"management/internal/erpserver/model/form"
+	"management/internal/pkg/binding"
 	"management/internal/pkg/convertor"
 	"management/internal/pkg/tpl"
 )
@@ -95,61 +95,22 @@ func (h *departmentHandler) Edit(w http.ResponseWriter, r *http.Request) {
 }

 func (h *departmentHandler) Save(w http.ResponseWriter, r *http.Request) {
-	id := convertor.ConvertInt[int32](r.PostFormValue("ID"), 0)
-	ParentID := convertor.ConvertInt[int32](r.PostFormValue("ParentID"), 0)
-	name := r.PostFormValue("Name")
-	sort := convertor.ConvertInt[int32](r.PostFormValue("Sort"), 6666)
-	status := convertor.ConvertInt[int32](r.PostFormValue("Status"), 9999)
-
-	ctx := r.Context()
-	var parent *db.SysDepartment
-	if ParentID > 0 {
-		var err error
-		parent, err = h.biz.SystemV1().DepartmentBiz().Get(ctx, ParentID)
-		if err != nil {
-			h.render.JSONERR(w, "父级节点错误")
-			return
-		}
+	var req form.Department
+	if err := binding.Form.Bind(r, &req); err != nil {
+		h.render.JSONERR(w, binding.ValidatorErrors(err))
+		return
 	}

-	if id == 0 {
-		arg := db.CreateSysDepartmentParams{
-			Name:       name,
-			ParentID:   ParentID,
-			ParentPath: fmt.Sprintf("%s,%d,", parent.ParentPath, parent.ID),
-			Status:     status,
-			Sort:       sort,
-			CreatedAt:  time.Now(),
-			UpdatedAt:  time.Now(),
-		}
-		_, err := h.biz.SystemV1().DepartmentBiz().Create(ctx, &arg)
+	ctx := r.Context()
+	if *req.ID == 0 {
+		err := h.biz.SystemV1().DepartmentBiz().Create(ctx, &req)
 		if err != nil {
-			if db.IsUniqueViolation(err) {
-				h.render.JSONERR(w, "部门名称已存在")
-				return
-			}
 			h.render.JSONERR(w, err.Error())
 			return
 		}
-
 		h.render.JSONOK(w, "添加成功")
 	} else {
-		res, err := h.biz.SystemV1().DepartmentBiz().Get(ctx, id)
-		if err != nil {
-			h.render.JSONERR(w, err.Error())
-			return
-		}
-
-		arg := &db.UpdateSysDepartmentParams{
-			ID:         res.ID,
-			Name:       name,
-			ParentID:   ParentID,
-			ParentPath: fmt.Sprintf("%s,%d,", parent.ParentPath, parent.ID),
-			Status:     status,
-			Sort:       sort,
-			UpdatedAt:  time.Now(),
-		}
-		_, err = h.biz.SystemV1().DepartmentBiz().Update(ctx, arg)
+		err := h.biz.SystemV1().DepartmentBiz().Update(ctx, &req)
 		if err != nil {
 			h.render.JSONERR(w, err.Error())
 			return
--- a/internal/erpserver/handler/system/home.go
+++ b/internal/erpserver/handler/system/home.go
@@ -0,0 +1,11 @@
+package system
+
+import "net/http"
+
+func (h *systemHandler) Home(w http.ResponseWriter, r *http.Request) {
+	h.render.HTML(w, r, "home/home.tmpl", nil)
+}
+
+func (h *systemHandler) Dashboard(w http.ResponseWriter, r *http.Request) {
+	h.render.HTML(w, r, "home/dashboard.tmpl", nil)
+}
--- a/internal/erpserver/handler/system/role.go
+++ b/internal/erpserver/handler/system/role.go
@@ -1,14 +1,14 @@
 package system

 import (
-	"fmt"
 	"net/http"
 	"strings"
-	"time"

 	"management/internal/db/model/dto"
 	db "management/internal/db/sqlc"
 	"management/internal/erpserver/biz"
+	"management/internal/erpserver/model/form"
+	"management/internal/pkg/binding"
 	"management/internal/pkg/convertor"
 	"management/internal/pkg/tpl"
 )
@@ -98,69 +98,22 @@ func (h *roleHandler) Edit(w http.ResponseWriter, r *http.Request) {
 }

 func (h *roleHandler) Save(w http.ResponseWriter, r *http.Request) {
-	id := convertor.ConvertInt[int32](r.PostFormValue("ID"), 0)
-	name := r.PostFormValue("Name")
-	parentID := convertor.ConvertInt[int32](r.PostFormValue("ParentID"), 0)
-	displayName := r.PostFormValue("DisplayName")
-	sort := convertor.ConvertInt[int32](r.PostFormValue("Sort"), 6666)
-	status := convertor.ConvertInt[int32](r.PostFormValue("Status"), 0)
-
-	ctx := r.Context()
-	var parent *db.SysRole
-	if parentID > 0 {
-		var err error
-		parent, err = h.biz.SystemV1().RoleBiz().Get(ctx, parentID)
-		if err != nil {
-			h.render.JSONERR(w, "父级节点错误")
-			return
-		}
-	} else {
-		parent = &db.SysRole{
-			ID:         0,
-			ParentID:   0,
-			ParentPath: ",0,",
-		}
+	var req form.Role
+	if err := binding.Form.Bind(r, &req); err != nil {
+		h.render.JSONERR(w, binding.ValidatorErrors(err))
+		return
 	}

-	if id == 0 {
-		arg := &db.CreateSysRoleParams{
-			Name:        name,
-			DisplayName: displayName,
-			Vip:         false,
-			ParentID:    parent.ID,
-			ParentPath:  fmt.Sprintf("%s,%d,", parent.ParentPath, parent.ID),
-			Status:      status,
-			Sort:        sort,
-			CreatedAt:   time.Now(),
-			UpdatedAt:   time.Now(),
-		}
-		_, err := h.biz.SystemV1().RoleBiz().Create(ctx, arg)
+	ctx := r.Context()
+	if *req.ID == 0 {
+		err := h.biz.SystemV1().RoleBiz().Create(ctx, &req)
 		if err != nil {
-			if db.IsUniqueViolation(err) {
-				h.render.JSONERR(w, "角色名称已存在")
-				return
-			}
 			h.render.JSONERR(w, err.Error())
 			return
 		}
-
 		h.render.JSONOK(w, "添加成功")
 	} else {
-		res, err := h.biz.SystemV1().RoleBiz().Get(ctx, id)
-		if err != nil {
-			h.render.JSONERR(w, err.Error())
-			return
-		}
-		arg := &db.UpdateSysRoleParams{
-			ID:          res.ID,
-			DisplayName: displayName,
-			Status:      status,
-			ParentID:    parent.ID,
-			ParentPath:  fmt.Sprintf("%s,%d,", parent.ParentPath, parent.ID),
-			Sort:        sort,
-			UpdatedAt:   time.Now(),
-		}
-		_, err = h.biz.SystemV1().RoleBiz().Update(ctx, arg)
+		err := h.biz.SystemV1().RoleBiz().Update(ctx, &req)
 		if err != nil {
 			h.render.JSONERR(w, err.Error())
 			return
--- a/internal/erpserver/handler/system/system.go
+++ b/internal/erpserver/handler/system/system.go
@@ -12,6 +12,7 @@ import (

 type SystemHandler interface {
 	Home(w http.ResponseWriter, req *http.Request)
+	Dashboard(w http.ResponseWriter, req *http.Request)
 	UserHandler() UserHandler
 	MenuHandler() MenuHandler
 	RoleHandler() RoleHandler
@@ -42,10 +43,6 @@ func NewSystemHandler(render tpl.Renderer, redis redis.IRedis, session session.I
 	}
 }

-func (h *systemHandler) Home(w http.ResponseWriter, r *http.Request) {
-	h.render.HTML(w, r, "home/home.tmpl", nil)
-}
-
 func (h *systemHandler) UserHandler() UserHandler {
 	return NewUserHandler(h.render, h.session, h.biz, h.mi)
 }
--- a/internal/erpserver/handler/system/user.go
+++ b/internal/erpserver/handler/system/user.go
@@ -3,23 +3,19 @@ package system
 import (
 	"encoding/json"
 	"net/http"
-	"strings"
-	"time"

 	"management/internal/db/model/dto"
 	db "management/internal/db/sqlc"
 	"management/internal/erpserver/biz"
-	"management/internal/erpserver/model/req"
+	"management/internal/erpserver/model/form"
+	"management/internal/pkg/binding"
 	"management/internal/pkg/convertor"
-	"management/internal/pkg/crypto"
 	"management/internal/pkg/know"
 	"management/internal/pkg/middleware"
-	"management/internal/pkg/rand"
 	"management/internal/pkg/session"
 	"management/internal/pkg/tpl"
 	"management/internal/pkg/tpl/html"

-	"github.com/google/uuid"
 	"github.com/zhang2092/browser"
 )

@@ -74,7 +70,7 @@ func (h *userHandler) Edit(w http.ResponseWriter, r *http.Request) {
 	if id > 0 {
 		ctx := r.Context()
 		if user, err := h.biz.SystemV1().UserBiz().Get(ctx, id); err == nil {
-			user.HashedPassword = nil
+			user.HashedPassword = []byte("********")
 			sysUser = user
 		}
 	}
@@ -84,109 +80,36 @@ func (h *userHandler) Edit(w http.ResponseWriter, r *http.Request) {
 }

 func (h *userHandler) Save(w http.ResponseWriter, r *http.Request) {
-	id := convertor.ConvertInt[int32](r.PostFormValue("ID"), 0)
-	email := r.PostFormValue("Email")
-	username := r.PostFormValue("Username")
-	password := r.PostFormValue("Password")
-	changePassword := r.PostFormValue("ChangePassword")
-	gender := convertor.ConvertInt[int32](r.PostFormValue("Gender"), 0)
-	avatar := r.PostFormValue("File")
-	status := convertor.ConvertInt[int32](r.PostFormValue("Status"), 0)
+	var req form.User
+	if err := binding.Form.Bind(r, &req); err != nil {
+		h.render.JSONERR(w, binding.ValidatorErrors(err))
+		return
+	}

 	ctx := r.Context()
-	departmentID := convertor.ConvertInt[int32](r.PostFormValue("DepartmentID"), 0)
-	var department *db.SysDepartment
-	var err error
-	if departmentID > 0 {
-		department, err = h.biz.SystemV1().DepartmentBiz().Get(ctx, departmentID)
-		if err != nil {
+	if req.DepartmentID > 0 {
+		if _, err := h.biz.SystemV1().DepartmentBiz().Get(ctx, req.DepartmentID); err != nil {
 			h.render.JSONERR(w, "部门数据错误")
 			return
 		}
 	}
-	var role *db.SysRole
-	roleID := convertor.ConvertInt[int32](r.PostFormValue("RoleID"), 0)
-	if roleID > 0 {
-		role, err = h.biz.SystemV1().RoleBiz().Get(ctx, roleID)
-		if err != nil {
+	if req.RoleID > 0 {
+		if _, err := h.biz.SystemV1().RoleBiz().Get(ctx, req.RoleID); err != nil {
 			h.render.JSONERR(w, "角色数据错误")
 			return
 		}
 	}

-	if id == 0 {
-		salt, err := rand.String(10)
+	if *req.ID == 0 {
+		err := h.biz.SystemV1().UserBiz().Create(ctx, &req)
 		if err != nil {
 			h.render.JSONERR(w, err.Error())
 			return
 		}

-		hashedPassword, err := crypto.BcryptHashPassword(password + salt)
-		if err != nil {
-			h.render.JSONERR(w, err.Error())
-			return
-		}
-
-		initTime, err := time.ParseInLocation(time.DateTime, "0001-01-01 00:00:00", time.Local)
-		if err != nil {
-			h.render.JSONERR(w, err.Error())
-			return
-		}
-		arg := &db.CreateSysUserParams{
-			Uuid:             uuid.Must(uuid.NewV7()),
-			Email:            email,
-			Username:         username,
-			HashedPassword:   hashedPassword,
-			Salt:             salt,
-			Avatar:           avatar,
-			Gender:           gender,
-			DepartmentID:     department.ID,
-			RoleID:           role.ID,
-			Status:           status,
-			ChangePasswordAt: initTime,
-			CreatedAt:        time.Now(),
-			UpdatedAt:        time.Now(),
-		}
-		_, err = h.biz.SystemV1().UserBiz().Create(ctx, arg)
-		if err != nil {
-			if db.IsUniqueViolation(err) {
-				h.render.JSONERR(w, "数据已存在")
-				return
-			}
-			h.render.JSONERR(w, err.Error())
-			return
-		}
-
 		h.render.JSONOK(w, "添加成功")
 	} else {
-		res, err := h.biz.SystemV1().UserBiz().Get(ctx, id)
-		if err != nil {
-			h.render.JSONERR(w, err.Error())
-			return
-		}
-
-		arg := &db.UpdateSysUserParams{
-			ID:               res.ID,
-			Username:         username,
-			HashedPassword:   res.HashedPassword,
-			Avatar:           avatar,
-			Gender:           int32(gender),
-			DepartmentID:     department.ID,
-			RoleID:           role.ID,
-			Status:           int32(status),
-			ChangePasswordAt: res.ChangePasswordAt,
-			UpdatedAt:        time.Now(),
-		}
-		if changePassword == "on" {
-			hashedPassword, err := crypto.BcryptHashPassword(password + res.Salt)
-			if err != nil {
-				h.render.JSONERR(w, err.Error())
-				return
-			}
-			arg.HashedPassword = hashedPassword
-			arg.ChangePasswordAt = time.Now()
-		}
-		_, err = h.biz.SystemV1().UserBiz().Update(ctx, arg)
+		err := h.biz.SystemV1().UserBiz().Update(ctx, &req)
 		if err != nil {
 			h.render.JSONERR(w, err.Error())
 			return
@@ -261,7 +184,7 @@ func (h *userHandler) Login(w http.ResponseWriter, r *http.Request) {
 		var user dto.AuthorizeUser
 		u := h.session.GetBytes(ctx, know.StoreName)
 		if err := json.Unmarshal(u, &user); err == nil {
-			// 判断租户是否一致, 一致则刷新令牌，跳转到首页
+			// 判断用户是否登陆, 已经登陆则刷新令牌，跳转到首页
 			if err := h.session.RenewToken(ctx); err == nil {
 				h.session.Put(ctx, know.StoreName, u)
 				http.Redirect(w, r, "/home.html", http.StatusFound)
@@ -271,30 +194,16 @@ func (h *userHandler) Login(w http.ResponseWriter, r *http.Request) {
 		h.session.Destroy(ctx)
 		h.render.HTML(w, r, "oauth/login.tmpl", nil)
 	case http.MethodPost:
-		req := &req.Login{
-			Email:     strings.TrimSpace(r.PostFormValue("email")),
-			Password:  strings.TrimSpace(r.PostFormValue("password")),
-			CaptchaID: strings.TrimSpace(r.PostFormValue("captcha_id")),
-			Captcha:   strings.TrimSpace(r.PostFormValue("captcha")),
-			Ip:        r.RemoteAddr,
-			Referrer:  r.Header.Get("Referer"),
-			Url:       r.URL.RequestURI(),
+		defer r.Body.Close()
+		var req form.Login
+		if err := binding.Form.Bind(r, &req); err != nil {
+			e := binding.ValidatorErrors(err)
+			h.render.JSONERR(w, e)
+			return
 		}

-		if len(req.Email) == 0 {
-			h.render.JSON(w, tpl.Response{Success: false, Message: "请填写邮箱"})
-			return
-		}
-		if len(req.Password) == 0 {
-			h.render.JSON(w, tpl.Response{Success: false, Message: "请填写密码"})
-			return
-		}
-		if len(req.Captcha) == 0 {
-			h.render.JSON(w, tpl.Response{Success: false, Message: "请填写验证码"})
-			return
-		}
 		if !h.biz.CommonV1().CaptchaBiz().Verify(req.CaptchaID, req.Captcha, true) {
-			h.render.JSON(w, tpl.Response{Success: false, Message: "验证码错误"})
+			h.render.JSONERR(w, "验证码错误")
 			return
 		}

@@ -304,9 +213,12 @@ func (h *userHandler) Login(w http.ResponseWriter, r *http.Request) {
 			return
 		}

+		req.Ip = r.RemoteAddr
+		req.Referrer = r.Header.Get("Referer")
+		req.Url = r.URL.RequestURI()
 		req.Os = br.Platform().Name()
 		req.Browser = br.Name()
-		err = h.biz.SystemV1().UserBiz().Login(ctx, req)
+		err = h.biz.SystemV1().UserBiz().Login(ctx, &req)
 		if err != nil {
 			h.render.JSONERR(w, err.Error())
 			return
--- a/internal/erpserver/http.go
+++ b/internal/erpserver/http.go
@@ -38,7 +38,8 @@ func NewRouter(handler handler.IHandler, mw mw.IMiddleware) *chi.Mux {
 		r.With(mw.Authorize, mw.Audit).Post("/upload/file", handler.CommonHandler().UploadHandler().File)
 		r.With(mw.Authorize, mw.Audit).Post("/upload/mutilfile", handler.CommonHandler().UploadHandler().MutilFiles)

-		r.With(mw.Authorize, mw.Audit).Get("/home.html", handler.SystemHandler().Home)
+		r.With(mw.Authorize).Get("/home.html", handler.SystemHandler().Home)
+		r.With(mw.Authorize).Get("/dashboard", handler.SystemHandler().Dashboard)
 		r.With(mw.Authorize).Get("/pear.json", handler.SystemHandler().ConfigHandler().Pear)

 		r.Route("/system", func(r chi.Router) {
--- a/internal/erpserver/model/form/department.go
+++ b/internal/erpserver/model/form/department.go
@@ -0,0 +1,9 @@
+package form
+
+type Department struct {
+	ID       *int32 `form:"id" binding:"required"`
+	Name     string `form:"name" binding:"required"`
+	ParentID *int32 `form:"parent_id" binding:"required"`
+	Sort     *int32 `form:"sort"`
+	Status   *int32 `form:"status" binding:"required"`
+}
--- a/internal/erpserver/model/form/role.go
+++ b/internal/erpserver/model/form/role.go
@@ -0,0 +1,10 @@
+package form
+
+type Role struct {
+	ID          *int32 `form:"id" binding:"required"`
+	Name        string `form:"name" binding:"required"`
+	ParentID    *int32 `form:"parent_id" binding:"required"`
+	DisplayName string `form:"display_name" binding:"required"`
+	Sort        *int32 `form:"sort"`
+	Status      *int32 `form:"status" binding:"required"`
+}
--- a/internal/erpserver/model/form/user.go
+++ b/internal/erpserver/model/form/user.go
@@ -0,0 +1,28 @@
+package form
+
+type Login struct {
+	Email     string `form:"email" binding:"required,email"`
+	Password  string `form:"password" binding:"required,min=6"`
+	Captcha   string `form:"captcha" binding:"required"`
+	CaptchaID string `form:"captcha_id" binding:"required"`
+
+	// 平台信息
+	Os       string
+	Ip       string
+	Browser  string
+	Referrer string
+	Url      string
+}
+
+type User struct {
+	ID             *int32 `form:"id" binding:"required"`
+	Email          string `form:"email" binding:"required,email"`
+	Username       string `form:"username" binding:"required"`
+	Password       string `form:"password" binding:"required,min=6"`
+	ChangePassword string `form:"change_password"`
+	Avatar         string `form:"File"`
+	Gender         int32  `form:"gender"`
+	DepartmentID   int32  `form:"department_id"`
+	RoleID         int32  `form:"role_id"`
+	Status         *int32 `form:"status" binding:"required"`
+}
--- a/internal/erpserver/model/req/user.go
+++ b/internal/erpserver/model/req/user.go
@@ -1,15 +0,0 @@
-package req
-
-type Login struct {
-	Email     string `json:"email"`
-	Password  string `json:"password"`
-	Captcha   string `json:"captcha"`
-	CaptchaID string `json:"captcha_id"`
-
-	// 平台信息
-	Os       string `json:"os"`
-	Ip       string `json:"ip"`
-	Browser  string `json:"browser"`
-	Referrer string `json:"referrer"`
-	Url      string `json:"url"`
-}