添加 backend 微服务架构：Nginx 网关 + user-service 登录注册

backend/services/user-service/Dockerfile

@@ -0,0 +1,49 @@
+# 构建阶段
+FROM rust:1.94.1-alpine3.23 AS builder
+
+# 安装构建依赖
+RUN apk add --no-cache musl-dev openssl-dev openssl-libs-static
+
+# 创建工作目录
+WORKDIR /app
+
+# 先复制共享代码和 Cargo 文件以利用缓存
+COPY shared /app/shared
+COPY services/user-service/Cargo.toml services/user-service/Cargo.lock* ./
+
+# 创建虚拟 main.rs 来缓存依赖
+RUN mkdir -p src && echo 'fn main() {}' > src/main.rs
+RUN cargo build --release && rm -rf src
+
+# 复制真实源代码
+COPY services/user-service/src ./src
+
+# 构建（使用 touch 确保重新编译）
+RUN touch src/main.rs && cargo build --release
+
+# 运行阶段
+FROM alpine:3.23 AS runtime
+
+# 安装运行依赖
+RUN apk add --no-cache ca-certificates tzdata
+
+# 创建非 root 用户
+RUN addgroup -g 1000 appuser && adduser -D -u 1000 -G appuser appuser
+
+WORKDIR /app
+
+# 从构建阶段复制二进制文件
+COPY --from=builder /app/target/release/user-service /app/user-service
+
+# 设置权限
+RUN chown -R appuser:appuser /app
+
+USER appuser
+
+# 健康检查
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
+    CMD wget --no-verbose --tries=1 --spider http://localhost:8080/health || exit 1
+
+EXPOSE 8080
+
+CMD ["./user-service"]

backend/services/user-service/docker-compose.yml

@@ -0,0 +1,102 @@
+version: "3.8"
+
+services:
+  user-login:
+    build:
+      context: ../..
+      dockerfile: services/user-service/user-login/Dockerfile
+    container_name: user-login
+    environment:
+      - RUST_LOG=info
+      - DATABASE_URL=postgres://postgres:postgres@user-db:5432/user_db
+      - REDIS_URL=redis://user-redis:6379/0
+      - SERVICE_NAME=user-login
+      - SERVICE_PORT=8080
+      - JWT_SECRET=${JWT_SECRET:-dev-secret-key}
+    ports:
+      - "8001:8080"
+    depends_on:
+      user-db:
+        condition: service_healthy
+      user-redis:
+        condition: service_healthy
+    networks:
+      - user-network
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:8080/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+
+  user-register:
+    build:
+      context: ../..
+      dockerfile: services/user-service/user-register/Dockerfile
+    container_name: user-register
+    environment:
+      - RUST_LOG=info
+      - DATABASE_URL=postgres://postgres:postgres@user-db:5432/user_db
+      - REDIS_URL=redis://user-redis:6379/0
+      - SERVICE_NAME=user-register
+      - SERVICE_PORT=8080
+    ports:
+      - "8002:8080"
+    depends_on:
+      user-db:
+        condition: service_healthy
+      user-redis:
+        condition: service_healthy
+    networks:
+      - user-network
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:8080/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+
+  user-db:
+    image: postgres:18.3-alpine3.23
+    container_name: user-db
+    environment:
+      - POSTGRES_USER=postgres
+      - POSTGRES_PASSWORD=postgres
+      - POSTGRES_DB=user_db
+    volumes:
+      - user_postgres_data:/var/lib/postgresql/data
+      - ./migrations:/docker-entrypoint-initdb.d:ro
+    ports:
+      - "5432:5432"
+    networks:
+      - user-network
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U postgres -d user_db"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+  user-redis:
+    image: redis:8.6.2-alpine
+    container_name: user-redis
+    volumes:
+      - user_redis_data:/data
+    ports:
+      - "6379:6379"
+    networks:
+      - user-network
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+networks:
+  user-network:
+    driver: bridge
+
+volumes:
+  user_postgres_data:
+  user_redis_data:

backend/services/user-service/migrations/001_init.sql

@@ -0,0 +1,15 @@
+-- 用户表初始化
+CREATE TABLE IF NOT EXISTS users (
+    id SERIAL PRIMARY KEY,
+    username VARCHAR(50) UNIQUE NOT NULL,
+    password_hash VARCHAR(255) NOT NULL,
+    email VARCHAR(100) UNIQUE,
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
+    updated_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP
+);
+
+-- 插入测试用户（密码: 123456）
+-- bcrypt hash: $2b$12$REwMlLDCbzR4UpL6MWnzE.AacihwpFvQhGs7vDKTwwyNMb1qBWOTm
+INSERT INTO users (username, password_hash, email) 
+VALUES ('admin', '$2b$12$REwMlLDCbzR4UpL6MWnzE.AacihwpFvQhGs7vDKTwwyNMb1qBWOTm', 'admin@example.com')
+ON CONFLICT (username) DO NOTHING;

backend/services/user-service/user-login/Cargo.toml

@@ -0,0 +1,42 @@
+[package]
+name = "user-login"
+version = "0.1.0"
+edition = "2024"
+
+[dependencies]
+# Web 框架
+axum = "0.8"
+tokio = { version = "1", features = ["full"] }
+tower = "0.5"
+
+# 序列化
+serde = { version = "1.0", features = ["derive"] }
+serde_json = "1.0"
+
+# 数据库
+sqlx = { version = "0.8", features = ["runtime-tokio", "tls-rustls", "postgres", "chrono"] }
+
+# Redis
+redis = { version = "0.29", features = ["tokio-comp"] }
+
+# 密码哈希（bcrypt）
+bcrypt = "0.17"
+
+# JWT
+jsonwebtoken = "9.3"
+
+# 时间和日志
+chrono = { version = "0.4", features = ["serde"] }
+tracing = "0.1"
+tracing-subscriber = { version = "0.3", features = ["env-filter"] }
+
+# 环境变量
+dotenvy = "0.15"
+
+# 错误处理
+thiserror = "2.0"
+
+[profile.release]
+opt-level = 3
+lto = true
+strip = true

backend/services/user-service/user-login/Dockerfile

@@ -0,0 +1,39 @@
+# 构建阶段
+FROM rust:1.94.1-alpine3.23 AS builder
+
+RUN apk add --no-cache musl-dev openssl-dev openssl-libs-static pkgconfig
+
+WORKDIR /app
+
+# 复制 user-login 代码
+COPY services/user-service/user-login/Cargo.toml services/user-service/user-login/Cargo.lock* ./
+
+# 缓存依赖
+RUN mkdir -p src && echo 'fn main() {}' > src/main.rs
+RUN cargo build --release 2>/dev/null || true
+RUN rm -rf src
+
+# 复制真实源码
+COPY services/user-service/user-login/src ./src
+
+# 重新构建
+RUN touch src/main.rs && cargo build --release
+
+# 运行阶段
+FROM alpine:3.23 AS runtime
+
+RUN apk add --no-cache ca-certificates
+
+RUN addgroup -g 1000 appuser && adduser -D -u 1000 -G appuser appuser
+
+WORKDIR /app
+
+COPY --from=builder /app/target/release/user-login /app/user-login
+
+RUN chown -R appuser:appuser /app
+
+USER appuser
+
+EXPOSE 8080
+
+CMD ["./user-login"]

backend/services/user-service/user-login/src/main.rs

@@ -0,0 +1,182 @@
+use axum::{
+    extract::State,
+    http::StatusCode,
+    response::Json,
+    routing::post,
+    Router,
+};
+use bcrypt::verify;
+use chrono::{Duration, Utc};
+use jsonwebtoken::{encode, EncodingKey, Header};
+use serde::{Deserialize, Serialize};
+use sqlx::{Pool, Postgres};
+use std::env;
+use std::sync::Arc;
+use tracing::{info, warn};
+
+// 应用状态
+#[derive(Clone)]
+struct AppState {
+    db: Pool<Postgres>,
+    jwt_secret: String,
+}
+
+// 登录请求
+#[derive(Deserialize)]
+struct LoginRequest {
+    username: String,
+    password: String,
+}
+
+// 登录响应
+#[derive(Serialize)]
+struct LoginResponse {
+    success: bool,
+    token: Option<String>,
+    message: String,
+}
+
+// JWT Claims
+#[derive(Serialize, Deserialize)]
+struct Claims {
+    sub: String,
+    exp: usize,
+    iat: usize,
+}
+
+#[tokio::main]
+async fn main() {
+    // 初始化日志
+    tracing_subscriber::fmt::init();
+    
+    info!("Starting user-login service...");
+    
+    // 数据库连接
+    let database_url = env::var("DATABASE_URL").expect("DATABASE_URL must be set");
+    let pool = sqlx::postgres::PgPool::connect(&database_url)
+        .await
+        .expect("Failed to connect to database");
+    
+    info!("Database connected");
+    
+    // JWT 密钥
+    let jwt_secret = env::var("JWT_SECRET").unwrap_or_else(|_| "dev-secret".to_string());
+    
+    let state = Arc::new(AppState {
+        db: pool,
+        jwt_secret,
+    });
+    
+    // 路由
+    let app = Router::new()
+        .route("/login", post(login_handler))
+        .route("/health", axum::routing::get(health_handler))
+        .with_state(state);
+    
+    let port = env::var("SERVICE_PORT").unwrap_or_else(|_| "8080".to_string());
+    let listener = tokio::net::TcpListener::bind(format!("0.0.0.0:{}", port))
+        .await
+        .unwrap();
+    
+    info!("User-login service listening on port {}", port);
+    
+    axum::serve(listener, app).await.unwrap();
+}
+
+// 登录处理
+async fn login_handler(
+    State(state): State<Arc<AppState>>,
+    Json(payload): Json<LoginRequest>,
+) -> (StatusCode, Json<LoginResponse>) {
+    info!("Login attempt for user: {}", payload.username);
+    
+    // 查询用户
+    let user: Option<(String,)> = sqlx::query_as(
+        "SELECT password_hash FROM users WHERE username = $1"
+    )
+    .bind(&payload.username)
+    .fetch_optional(&state.db)
+    .await
+    .unwrap_or(None);
+    
+    match user {
+        Some((password_hash,)) => {
+            // 验证密码
+            tracing::debug!("Verifying password: input_len={}, hash_len={}", payload.password.len(), password_hash.len());
+            match verify(&payload.password, &password_hash) {
+                Ok(true) => {
+                    info!("User {} logged in successfully", payload.username);
+                    
+                    // 生成 JWT
+                    let token = generate_token(&payload.username, &state.jwt_secret);
+                    
+                    (
+                        StatusCode::OK,
+                        Json(LoginResponse {
+                            success: true,
+                            token: Some(token),
+                            message: "Login successful".to_string(),
+                        }),
+                    )
+                }
+                Ok(false) => {
+                    warn!("Invalid password for user {}", payload.username);
+                    (
+                        StatusCode::UNAUTHORIZED,
+                        Json(LoginResponse {
+                            success: false,
+                            token: None,
+                            message: "Invalid credentials".to_string(),
+                        }),
+                    )
+                }
+                Err(e) => {
+                    warn!("Password verification error: {:?}", e);
+                    (
+                        StatusCode::INTERNAL_SERVER_ERROR,
+                        Json(LoginResponse {
+                            success: false,
+                            token: None,
+                            message: "Internal error".to_string(),
+                        }),
+                    )
+                }
+            }
+        }
+        None => {
+            warn!("User not found: {}", payload.username);
+            (
+                StatusCode::UNAUTHORIZED,
+                Json(LoginResponse {
+                    success: false,
+                    token: None,
+                    message: "Invalid credentials".to_string(),
+                }),
+            )
+        }
+    }
+}
+
+// 健康检查
+async fn health_handler() -> &'static str {
+    "OK"
+}
+
+// 生成 JWT Token
+fn generate_token(username: &str, secret: &str) -> String {
+    let now = Utc::now();
+    let exp = now + Duration::hours(24);
+    
+    let claims = Claims {
+        sub: username.to_string(),
+        iat: now.timestamp() as usize,
+        exp: exp.timestamp() as usize,
+    };
+    
+    encode(
+        &Header::default(),
+        &claims,
+        &EncodingKey::from_secret(secret.as_bytes()),
+    )
+    .unwrap()
+}

backend/services/user-service/user-register/Cargo.toml

@@ -0,0 +1,30 @@
+[package]
+name = "user-register"
+version = "0.1.0"
+edition = "2024"
+
+[dependencies]
+axum = "0.8"
+tokio = { version = "1", features = ["full"] }
+tower = "0.5"
+
+serde = { version = "1.0", features = ["derive"] }
+serde_json = "1.0"
+
+sqlx = { version = "0.8", features = ["runtime-tokio", "tls-rustls", "postgres", "chrono"] }
+redis = { version = "0.29", features = ["tokio-comp"] }
+
+bcrypt = "0.17"
+
+chrono = { version = "0.4", features = ["serde"] }
+tracing = "0.1"
+tracing-subscriber = { version = "0.3", features = ["env-filter"] }
+
+dotenvy = "0.15"
+thiserror = "2.0"
+validator = { version = "0.20", features = ["derive"] }
+
+[profile.release]
+opt-level = 3
+lto = true
+strip = true

backend/services/user-service/user-register/Dockerfile

@@ -0,0 +1,33 @@
+FROM rust:1.94.1-alpine3.23 AS builder
+
+RUN apk add --no-cache musl-dev openssl-dev openssl-libs-static pkgconfig
+
+WORKDIR /app
+
+COPY services/user-service/user-register/Cargo.toml services/user-service/user-register/Cargo.lock* ./
+
+RUN mkdir -p src && echo 'fn main() {}' > src/main.rs
+RUN cargo build --release 2>/dev/null || true
+RUN rm -rf src
+
+COPY services/user-service/user-register/src ./src
+
+RUN touch src/main.rs && cargo build --release
+
+FROM alpine:3.23 AS runtime
+
+RUN apk add --no-cache ca-certificates
+
+RUN addgroup -g 1000 appuser && adduser -D -u 1000 -G appuser appuser
+
+WORKDIR /app
+
+COPY --from=builder /app/target/release/user-register /app/user-register
+
+RUN chown -R appuser:appuser /app
+
+USER appuser
+
+EXPOSE 8080
+
+CMD ["./user-register"]

backend/services/user-service/user-register/src/main.rs

@@ -0,0 +1,185 @@
+use axum::{
+    extract::State,
+    http::StatusCode,
+    response::Json,
+    routing::post,
+    Router,
+};
+use bcrypt::hash;
+use chrono::Utc;
+use serde::{Deserialize, Serialize};
+use sqlx::PgPool;
+use std::env;
+use std::sync::Arc;
+use tracing::{info, warn};
+use validator::Validate;
+
+#[derive(Clone)]
+struct AppState {
+    db: PgPool,
+}
+
+#[derive(Deserialize, Validate)]
+struct RegisterRequest {
+    #[validate(length(min = 3, max = 50))]
+    username: String,
+    #[validate(length(min = 6))]
+    password: String,
+    #[validate(email)]
+    email: String,
+}
+
+#[derive(Serialize)]
+struct RegisterResponse {
+    success: bool,
+    user_id: Option<i32>,
+    message: String,
+}
+
+#[derive(Serialize)]
+struct ErrorResponse {
+    error: String,
+}
+
+#[tokio::main]
+async fn main() {
+    tracing_subscriber::fmt::init();
+    
+    info!("Starting user-register service...");
+    
+    let database_url = env::var("DATABASE_URL").expect("DATABASE_URL must be set");
+    let pool = sqlx::postgres::PgPool::connect(&database_url)
+        .await
+        .expect("Failed to connect to database");
+    
+    info!("Database connected");
+    
+    let state = Arc::new(AppState { db: pool });
+    
+    let app = Router::new()
+        .route("/register", post(register_handler))
+        .route("/health", axum::routing::get(health_handler))
+        .with_state(state);
+    
+    let port = env::var("SERVICE_PORT").unwrap_or_else(|_| "8080".to_string());
+    let listener = tokio::net::TcpListener::bind(format!("0.0.0.0:{}", port))
+        .await
+        .unwrap();
+    
+    info!("User-register service listening on port {}", port);
+    
+    axum::serve(listener, app).await.unwrap();
+}
+
+async fn register_handler(
+    State(state): State<Arc<AppState>>,
+    Json(payload): Json<RegisterRequest>,
+) -> (StatusCode, Json<RegisterResponse>) {
+    info!("Registration attempt for user: {}", payload.username);
+    
+    // 参数校验
+    if let Err(e) = payload.validate() {
+        return (
+            StatusCode::BAD_REQUEST,
+            Json(RegisterResponse {
+                success: false,
+                user_id: None,
+                message: format!("Validation error: {}", e),
+            }),
+        );
+    }
+    
+    // 检查用户名是否存在
+    let existing: Option<(i32,)> = sqlx::query_as("SELECT id FROM users WHERE username = $1")
+        .bind(&payload.username)
+        .fetch_optional(&state.db)
+        .await
+        .unwrap_or(None);
+    
+    if existing.is_some() {
+        return (
+            StatusCode::CONFLICT,
+            Json(RegisterResponse {
+                success: false,
+                user_id: None,
+                message: "Username already exists".to_string(),
+            }),
+        );
+    }
+    
+    // 检查邮箱是否存在
+    let existing_email: Option<(i32,)> = sqlx::query_as("SELECT id FROM users WHERE email = $1")
+        .bind(&payload.email)
+        .fetch_optional(&state.db)
+        .await
+        .unwrap_or(None);
+    
+    if existing_email.is_some() {
+        return (
+            StatusCode::CONFLICT,
+            Json(RegisterResponse {
+                success: false,
+                user_id: None,
+                message: "Email already exists".to_string(),
+            }),
+        );
+    }
+    
+    // 密码哈希
+    let password_hash = match hash(&payload.password, bcrypt::DEFAULT_COST) {
+        Ok(h) => h,
+        Err(e) => {
+            warn!("Password hashing failed: {}", e);
+            return (
+                StatusCode::INTERNAL_SERVER_ERROR,
+                Json(RegisterResponse {
+                    success: false,
+                    user_id: None,
+                    message: "Internal error".to_string(),
+                }),
+            );
+        }
+    };
+    
+    // 插入用户
+    let result = sqlx::query_as::<_, (i32,)>(
+        "INSERT INTO users (username, password_hash, email, created_at, updated_at) 
+         VALUES ($1, $2, $3, $4, $4) 
+         RETURNING id"
+    )
+    .bind(&payload.username)
+    .bind(&password_hash)
+    .bind(&payload.email)
+    .bind(Utc::now())
+    .fetch_one(&state.db)
+    .await;
+    
+    match result {
+        Ok((user_id,)) => {
+            info!("User {} registered with id {}", payload.username, user_id);
+            (
+                StatusCode::CREATED,
+                Json(RegisterResponse {
+                    success: true,
+                    user_id: Some(user_id),
+                    message: "User registered successfully".to_string(),
+                }),
+            )
+        }
+        Err(e) => {
+            warn!("Registration failed: {}", e);
+            (
+                StatusCode::INTERNAL_SERVER_ERROR,
+                Json(RegisterResponse {
+                    success: false,
+                    user_id: None,
+                    message: "Registration failed".to_string(),
+                }),
+            )
+        }
+    }
+}
+
+async fn health_handler() -> &'static str {
+    "OK"
+}