From 134ece2bcc98d8b462263c80f9726df09ca0aeeb Mon Sep 17 00:00:00 2001
From: vipg <vipg@vipg.com>
Date: Mon, 9 Feb 2026 16:24:50 +0800
Subject: [PATCH] add

---
 .../services/user/db/schema.sql               |  77 +++++++++
 trading_assistant_api/services/user/go.mod    |   1 +
 trading_assistant_api/services/user/main.go   | 155 ++++++++++++++++++
 3 files changed, 233 insertions(+)
 create mode 100644 trading_assistant_api/services/user/db/schema.sql

diff --git a/trading_assistant_api/services/user/db/schema.sql b/trading_assistant_api/services/user/db/schema.sql
new file mode 100644
index 0000000..839640f
--- /dev/null
+++ b/trading_assistant_api/services/user/db/schema.sql
@@ -0,0 +1,77 @@
+-- 1. 创建用户基础信息表
+CREATE TABLE IF NOT EXISTS users (
+    user_id UUID PRIMARY KEY DEFAULT uuidv7(),
+    deleted BOOLEAN NOT NULL DEFAULT false,
+    create_time TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    update_time TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+
+COMMENT ON TABLE users IS '用户基础信息表';
+COMMENT ON COLUMN users.user_id IS '用户唯一标识，主键，自动生成UUIDv7';
+COMMENT ON COLUMN users.deleted IS '逻辑删除标识：false-未删除，true-已删除';
+COMMENT ON COLUMN users.create_time IS '记录创建时间（带时区）';
+COMMENT ON COLUMN users.update_time IS '记录更新时间（带时区）';
+
+-- 2. 创建用户登录账户表
+CREATE TABLE IF NOT EXISTS user_login_accounts (
+    follow_id UUID PRIMARY KEY DEFAULT uuidv7(),
+    user_id UUID NOT NULL,
+    value VARCHAR(100) NOT NULL,
+    deleted BOOLEAN NOT NULL DEFAULT false,
+    create_time TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    update_time TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    CONSTRAINT fk_user_login_accounts_user_id FOREIGN KEY (user_id) REFERENCES users(user_id),
+    CONSTRAINT uk_user_login_accounts_value UNIQUE (value, deleted)
+);
+
+COMMENT ON TABLE user_login_accounts IS '用户登录账户表（手机号/邮箱/用户名等）';
+COMMENT ON COLUMN user_login_accounts.follow_id IS '记录唯一标识，主键，自动生成UUIDv7';
+COMMENT ON COLUMN user_login_accounts.user_id IS '关联用户ID，外键关联users表';
+COMMENT ON COLUMN user_login_accounts.value IS '登录账户值（手机号/邮箱/用户名）';
+COMMENT ON COLUMN user_login_accounts.deleted IS '逻辑删除标识：false-未删除，true-已删除';
+COMMENT ON COLUMN user_login_accounts.create_time IS '记录创建时间（带时区）';
+COMMENT ON COLUMN user_login_accounts.update_time IS '记录更新时间（带时区）';
+
+-- 3. 创建用户登录密码表
+CREATE TABLE IF NOT EXISTS user_login_passwords (
+    follow_id UUID PRIMARY KEY DEFAULT uuidv7(),
+    user_id UUID NOT NULL,
+    value VARCHAR(255) NOT NULL,
+    deleted BOOLEAN NOT NULL DEFAULT false,
+    create_time TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    update_time TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    CONSTRAINT fk_user_login_passwords_user_id FOREIGN KEY (user_id) REFERENCES users(user_id),
+    CONSTRAINT uk_user_login_passwords_user_id UNIQUE (user_id, deleted)
+);
+
+COMMENT ON TABLE user_login_passwords IS '用户登录密码表（存储加密后的密码）';
+COMMENT ON COLUMN user_login_passwords.follow_id IS '记录唯一标识，主键，自动生成UUIDv7';
+COMMENT ON COLUMN user_login_passwords.user_id IS '关联用户ID，外键关联users表';
+COMMENT ON COLUMN user_login_passwords.value IS '加密后的登录密码（建议使用bcrypt/argon2等算法）';
+COMMENT ON COLUMN user_login_passwords.deleted IS '逻辑删除标识：false-未删除，true-已删除';
+COMMENT ON COLUMN user_login_passwords.create_time IS '记录创建时间（带时区）';
+COMMENT ON COLUMN user_login_passwords.update_time IS '记录更新时间（带时区）';
+
+-- 4. 创建update_time自动更新触发器
+CREATE OR REPLACE FUNCTION update_timestamp()
+RETURNS TRIGGER AS $$
+BEGIN
+    NEW.update_time = CURRENT_TIMESTAMP;
+    RETURN NEW;
+END;
+$$ LANGUAGE plpgsql;
+
+CREATE TRIGGER trigger_users_update_time
+BEFORE UPDATE ON users
+FOR EACH ROW
+EXECUTE FUNCTION update_timestamp();
+
+CREATE TRIGGER trigger_user_login_accounts_update_time
+BEFORE UPDATE ON user_login_accounts
+FOR EACH ROW
+EXECUTE FUNCTION update_timestamp();
+
+CREATE TRIGGER trigger_user_login_passwords_update_time
+BEFORE UPDATE ON user_login_passwords
+FOR EACH ROW
+EXECUTE FUNCTION update_timestamp();
diff --git a/trading_assistant_api/services/user/go.mod b/trading_assistant_api/services/user/go.mod
index 99030ed..21eebcd 100644
--- a/trading_assistant_api/services/user/go.mod
+++ b/trading_assistant_api/services/user/go.mod
@@ -3,5 +3,6 @@ module user
 go 1.25.7
 
 require common v0.0.0
+require golang.org/x/crypto v0.31.0
 
 replace common => ../../common
diff --git a/trading_assistant_api/services/user/main.go b/trading_assistant_api/services/user/main.go
index 64a13f1..968eaab 100644
--- a/trading_assistant_api/services/user/main.go
+++ b/trading_assistant_api/services/user/main.go
@@ -3,16 +3,26 @@ package main
 import (
 	"context"
 	"fmt"
+	"io"
+	"encoding/json"
+	"errors"
+	"strings"
 	"net/http"
 	"os"
 	"os/signal"
 	"syscall"
 	"time"
 
+	"database/sql"
+	"common/db"
 	"common/logger"
 	"common/utils"
+	"golang.org/x/crypto/bcrypt"
+	"github.com/jackc/pgconn"
 )
 
+var pg *sql.DB
+
 func main() {
 	port := utils.GetEnv("PORT", "8080")
 	srv := &http.Server{
@@ -20,6 +30,17 @@ func main() {
 		Handler: routes(),
 	}
 
+	var err error
+	pg, err = db.InitPostgres()
+	if err != nil {
+		logger.L().Fatalf("postgres init: %v", err)
+	}
+	if utils.GetEnv("MIGRATE_ON_START", "0") == "1" {
+		if err := applySchema("db/schema.sql"); err != nil {
+			logger.L().Fatalf("apply schema: %v", err)
+		}
+	}
+
 	logger.L().Printf("user service starting on :%s", port)
 
 	go func() {
@@ -38,6 +59,7 @@ func main() {
 	if err := srv.Shutdown(ctx); err != nil {
 		logger.L().Printf("server shutdown: %v", err)
 	}
+	_ = db.ClosePostgres()
 	logger.L().Printf("user service exited")
 }
 
@@ -54,5 +76,138 @@ func routes() http.Handler {
 	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
 		fmt.Fprintf(w, "hello from user-service")
 	})
+	mux.HandleFunc("/register", registerHandler)
+	mux.HandleFunc("/login", loginHandler)
 	return mux
 }
+
+type registerReq struct {
+	Account  string `json:"account"`
+	Password string `json:"password"`
+}
+type loginReq struct {
+	Account  string `json:"account"`
+	Password string `json:"password"`
+}
+type loginResp struct {
+	UserID string `json:"user_id"`
+}
+
+func registerHandler(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodPost {
+		w.WriteHeader(http.StatusMethodNotAllowed)
+		return
+	}
+	var req registerReq
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		w.WriteHeader(http.StatusBadRequest)
+		w.Write([]byte("invalid json"))
+		return
+	}
+	if !validAccount(req.Account) || !validPassword(req.Password) {
+		w.WriteHeader(http.StatusBadRequest)
+		w.Write([]byte("invalid account or password"))
+		return
+	}
+	hashed, err := bcrypt.GenerateFromPassword([]byte(req.Password), 12)
+	if err != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+	tx, err := pg.Begin()
+	if err != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+	defer func() {
+		_ = tx.Rollback()
+	}()
+	var userID string
+	if err := tx.QueryRow(`INSERT INTO users DEFAULT VALUES RETURNING user_id`).Scan(&userID); err != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+	if _, err := tx.Exec(`INSERT INTO user_login_accounts (user_id, value, deleted) VALUES ($1, $2, false)`, userID, req.Account); err != nil {
+		if isUniqueViolation(err) {
+			w.WriteHeader(http.StatusConflict)
+			w.Write([]byte("account exists"))
+			return
+		}
+		w.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+	if _, err := tx.Exec(`INSERT INTO user_login_passwords (user_id, value, deleted) VALUES ($1, $2, false)`, userID, string(hashed)); err != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+	if err := tx.Commit(); err != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+	w.WriteHeader(http.StatusCreated)
+	io.WriteString(w, userID)
+}
+
+func loginHandler(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodPost {
+		w.WriteHeader(http.StatusMethodNotAllowed)
+		return
+	}
+	var req loginReq
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		w.WriteHeader(http.StatusBadRequest)
+		w.Write([]byte("invalid json"))
+		return
+	}
+	if !validAccount(req.Account) || !validPassword(req.Password) {
+		w.WriteHeader(http.StatusBadRequest)
+		w.Write([]byte("invalid account or password"))
+		return
+	}
+	var userID string
+	if err := pg.QueryRow(`SELECT user_id FROM user_login_accounts WHERE value = $1 AND deleted = false`, req.Account).Scan(&userID); err != nil {
+		w.WriteHeader(http.StatusUnauthorized)
+		return
+	}
+	var hashed string
+	if err := pg.QueryRow(`SELECT value FROM user_login_passwords WHERE user_id = $1 AND deleted = false`, userID).Scan(&hashed); err != nil {
+		w.WriteHeader(http.StatusUnauthorized)
+		return
+	}
+	if bcrypt.CompareHashAndPassword([]byte(hashed), []byte(req.Password)) != nil {
+		w.WriteHeader(http.StatusUnauthorized)
+		return
+	}
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(http.StatusOK)
+	json.NewEncoder(w).Encode(loginResp{UserID: userID})
+}
+
+func validAccount(a string) bool {
+	n := len(a)
+	return n >= 3 && n <= 100
+}
+func validPassword(p string) bool {
+	n := len(p)
+	return n >= 8 && n <= 128
+}
+
+func isUniqueViolation(err error) bool {
+	var pe *pgconn.PgError
+	if errors.As(err, &pe) {
+		return pe.Code == "23505"
+	}
+	if err != nil && (strings.Contains(err.Error(), "duplicate key") || strings.Contains(err.Error(), "unique constraint")) {
+		return true
+	}
+	return false
+}
+
+func applySchema(path string) error {
+	b, err := os.ReadFile(path)
+	if err != nil {
+		return err
+	}
+	_, err = pg.Exec(string(b))
+	return err
+}