新增 Web 浏览端(Go+Vue 报表系统)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-03 14:34:50 +08:00
parent bf8f578761
commit 750584e619
47 changed files with 2557 additions and 18 deletions
--- a/web/backend/internal/auth/bcrypt.go
+++ b/web/backend/internal/auth/bcrypt.go
@@ -0,0 +1,17 @@
+package auth
+
+import "golang.org/x/crypto/bcrypt"
+
+const bcryptCost = 12
+
+func HashPassword(plain string) (string, error) {
+	b, err := bcrypt.GenerateFromPassword([]byte(plain), bcryptCost)
+	if err != nil {
+		return "", err
+	}
+	return string(b), nil
+}
+
+func CheckPassword(hash, plain string) bool {
+	return bcrypt.CompareHashAndPassword([]byte(hash), []byte(plain)) == nil
+}
--- a/web/backend/internal/auth/bootstrap.go
+++ b/web/backend/internal/auth/bootstrap.go
@@ -0,0 +1,32 @@
+package auth
+
+import (
+	"log"
+
+	"trade/web/internal/store"
+)
+
+// Bootstrap 在 auth.db 没有任何 admin 时,从 ADMIN_USER/ADMIN_PASS 写入一条管理员;
+// 已存在 admin 时静默跳过,避免轮换 env 时静默改密。
+func Bootstrap(s *store.AuthStore, adminUser, adminPass string) error {
+	n, err := s.CountAdmins()
+	if err != nil {
+		return err
+	}
+	if n > 0 {
+		return nil
+	}
+	if adminUser == "" || adminPass == "" {
+		log.Printf("[bootstrap] auth.db 无 admin,但 ADMIN_USER/ADMIN_PASS 未设置,跳过引导")
+		return nil
+	}
+	hash, err := HashPassword(adminPass)
+	if err != nil {
+		return err
+	}
+	if _, err := s.CreateUser(adminUser, hash, store.RoleAdmin); err != nil {
+		return err
+	}
+	log.Printf("[bootstrap] admin %q created", adminUser)
+	return nil
+}
--- a/web/backend/internal/auth/jwt.go
+++ b/web/backend/internal/auth/jwt.go
@@ -0,0 +1,55 @@
+package auth
+
+import (
+	"errors"
+	"fmt"
+	"time"
+
+	"github.com/golang-jwt/jwt/v5"
+)
+
+const tokenTTL = 12 * time.Hour
+
+type Claims struct {
+	UserID   int64  `json:"uid"`
+	Username string `json:"usr"`
+	Role     string `json:"role"`
+	jwt.RegisteredClaims
+}
+
+type Manager struct{ secret []byte }
+
+func NewManager(secret []byte) *Manager { return &Manager{secret: secret} }
+
+func (m *Manager) Issue(userID int64, username, role string) (string, time.Time, error) {
+	exp := time.Now().Add(tokenTTL)
+	claims := Claims{
+		UserID:   userID,
+		Username: username,
+		Role:     role,
+		RegisteredClaims: jwt.RegisteredClaims{
+			ExpiresAt: jwt.NewNumericDate(exp),
+			IssuedAt:  jwt.NewNumericDate(time.Now()),
+		},
+	}
+	tok := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+	s, err := tok.SignedString(m.secret)
+	return s, exp, err
+}
+
+func (m *Manager) Parse(tokenStr string) (*Claims, error) {
+	tok, err := jwt.ParseWithClaims(tokenStr, &Claims{}, func(t *jwt.Token) (any, error) {
+		if t.Method.Alg() != jwt.SigningMethodHS256.Alg() {
+			return nil, fmt.Errorf("unexpected signing method: %v", t.Header["alg"])
+		}
+		return m.secret, nil
+	})
+	if err != nil {
+		return nil, err
+	}
+	claims, ok := tok.Claims.(*Claims)
+	if !ok || !tok.Valid {
+		return nil, errors.New("invalid token")
+	}
+	return claims, nil
+}