projectx/internal/erpserver/handler/system/user.go

package system

import (
	"encoding/json"
	"net/http"

	"management/internal/db/model/dto"
	db "management/internal/db/sqlc"
	"management/internal/erpserver/biz"
	"management/internal/erpserver/model/form"
	"management/internal/pkg/binding"
	"management/internal/pkg/convertor"
	"management/internal/pkg/know"
	"management/internal/pkg/middleware"
	"management/internal/pkg/session"
	"management/internal/pkg/tpl"
	"management/internal/pkg/tpl/html"

	"github.com/zhang2092/browser"
)

type UserHandler interface {
	Add(w http.ResponseWriter, r *http.Request)
	Edit(w http.ResponseWriter, r *http.Request)
	Save(w http.ResponseWriter, r *http.Request)
	List(w http.ResponseWriter, r *http.Request)
	Profile(w http.ResponseWriter, r *http.Request)
	Data(w http.ResponseWriter, r *http.Request)

	UserExpansion
}

type UserExpansion interface {
	Login(w http.ResponseWriter, r *http.Request)
	Logout(w http.ResponseWriter, r *http.Request)
}

// userHandler 是 UserHandler 接口的实现.
type userHandler struct {
	render  tpl.Renderer
	session session.ISession
	biz     biz.IBiz
	mi      middleware.IMiddleware
}

// 确保 userHandler 实现了 UserHandler 接口.
var _ UserHandler = (*userHandler)(nil)

func NewUserHandler(render tpl.Renderer, session session.ISession, biz biz.IBiz, mi middleware.IMiddleware) *userHandler {
	return &userHandler{
		render:  render,
		session: session,
		biz:     biz,
		mi:      mi,
	}
}

func (h *userHandler) Add(w http.ResponseWriter, r *http.Request) {
	h.render.HTML(w, r, "user/edit.tmpl", map[string]any{
		"Item": &db.SysUser{
			HashedPassword: nil,
		},
	})
}

func (h *userHandler) Edit(w http.ResponseWriter, r *http.Request) {
	vars := r.URL.Query()
	id := convertor.QueryInt[int32](vars, "id", 0)
	sysUser := &db.SysUser{}
	if id > 0 {
		ctx := r.Context()
		if user, err := h.biz.SystemV1().UserBiz().Get(ctx, id); err == nil {
			user.HashedPassword = []byte("********")
			sysUser = user
		}
	}
	h.render.HTML(w, r, "user/edit.tmpl", map[string]any{
		"Item": sysUser,
	})
}

func (h *userHandler) Save(w http.ResponseWriter, r *http.Request) {
	var req form.User
	if err := binding.Form.Bind(r, &req); err != nil {
		h.render.JSONERR(w, binding.ValidatorErrors(err))
		return
	}

	ctx := r.Context()
	if req.DepartmentID > 0 {
		if _, err := h.biz.SystemV1().DepartmentBiz().Get(ctx, req.DepartmentID); err != nil {
			h.render.JSONERR(w, "部门数据错误")
			return
		}
	}
	if req.RoleID > 0 {
		if _, err := h.biz.SystemV1().RoleBiz().Get(ctx, req.RoleID); err != nil {
			h.render.JSONERR(w, "角色数据错误")
			return
		}
	}

	if *req.ID == 0 {
		err := h.biz.SystemV1().UserBiz().Create(ctx, &req)
		if err != nil {
			h.render.JSONERR(w, err.Error())
			return
		}

		h.render.JSONOK(w, "添加成功")
	} else {
		err := h.biz.SystemV1().UserBiz().Update(ctx, &req)
		if err != nil {
			h.render.JSONERR(w, err.Error())
			return
		}

		h.render.JSONOK(w, "更新成功")
	}
}

func (h *userHandler) List(w http.ResponseWriter, r *http.Request) {
	switch r.Method {
	case http.MethodGet:
		h.render.HTML(w, r, "user/list.tmpl", map[string]any{
			"Statuses": html.NewSelectControls(html.SearchStatuses, "0"),
		})
	case http.MethodPost:
		var q dto.SearchDto
		q.SearchStatus = convertor.ConvertInt(r.PostFormValue("status"), 9999)
		q.SearchName = r.PostFormValue("name")
		q.SearchEmail = r.PostFormValue("email")
		q.SearchID = convertor.ConvertInt[int64](r.PostFormValue("id"), 0)
		q.Page = convertor.ConvertInt(r.PostFormValue("page"), 1)
		q.Rows = convertor.ConvertInt(r.PostFormValue("rows"), 10)
		res, count, err := h.biz.SystemV1().UserBiz().List(r.Context(), q)
		if err != nil {
			h.render.JSONERR(w, err.Error())
			return
		}

		data := tpl.ResponseList{
			Code:    0,
			Message: "ok",
			Count:   count,
			Data:    res,
		}
		h.render.JSON(w, data)
	default:
		http.Error(w, "Method Not Allowed", http.StatusMethodNotAllowed)
	}
}

func (h *userHandler) Profile(w http.ResponseWriter, r *http.Request) {
	ctx := r.Context()
	user := h.mi.AuthUser(ctx)
	vm, _ := h.biz.SystemV1().UserBiz().Get(ctx, user.ID)
	h.render.HTML(w, r, "user/profile.tmpl", map[string]any{
		"Item": vm,
	})
}

func (h *userHandler) Data(w http.ResponseWriter, r *http.Request) {
	vars := r.URL.Query()
	t := vars.Get("type")
	if t == "xmselect" {
		res, err := h.biz.SystemV1().UserBiz().XmSelect(r.Context())
		if err != nil {
			h.render.JSONERR(w, err.Error())
			return
		}

		h.render.JSON(w, res)
		return
	}

	h.render.JSON(w, nil)
}

func (h *userHandler) Login(w http.ResponseWriter, r *http.Request) {
	ctx := r.Context()
	switch r.Method {
	case http.MethodGet:
		var user dto.AuthorizeUser
		u := h.session.GetBytes(ctx, know.StoreName)
		if err := json.Unmarshal(u, &user); err == nil {
			// 判断用户是否登陆, 已经登陆则刷新令牌，跳转到首页
			if err := h.session.RenewToken(ctx); err == nil {
				h.session.Put(ctx, know.StoreName, u)
				http.Redirect(w, r, "/home.html", http.StatusFound)
				return
			}
		}
		h.session.Destroy(ctx)
		h.render.HTML(w, r, "oauth/login.tmpl", nil)
	case http.MethodPost:
		defer r.Body.Close()
		var req form.Login
		if err := binding.Form.Bind(r, &req); err != nil {
			e := binding.ValidatorErrors(err)
			h.render.JSONERR(w, e)
			return
		}

		if !h.biz.CommonV1().CaptchaBiz().Verify(req.CaptchaID, req.Captcha, true) {
			h.render.JSONERR(w, "验证码错误")
			return
		}

		br, err := browser.NewBrowser(r.Header.Get("User-Agent"))
		if err != nil {
			h.render.JSONERR(w, "平台信息获取错误")
			return
		}

		req.Ip = r.RemoteAddr
		req.Referrer = r.Header.Get("Referer")
		req.Url = r.URL.RequestURI()
		req.Os = br.Platform().Name()
		req.Browser = br.Name()
		err = h.biz.SystemV1().UserBiz().Login(ctx, &req)
		if err != nil {
			h.render.JSONERR(w, err.Error())
			return
		}

		h.render.JSONOK(w, "login successful")
	default:
		http.Error(w, "Method Not Allowed", http.StatusMethodNotAllowed)
	}
}

func (h *userHandler) Logout(w http.ResponseWriter, r *http.Request) {
	h.session.Destroy(r.Context())
	http.Redirect(w, r, "/", http.StatusFound)
}