feat: 优化项目目录结构

apps/backend/src/auth/auth.controller.spec.ts

@@ -0,0 +1,18 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { AuthController } from './auth.controller';
+
+describe('AuthController', () => {
+  let controller: AuthController;
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      controllers: [AuthController],
+    }).compile();
+
+    controller = module.get<AuthController>(AuthController);
+  });
+
+  it('should be defined', () => {
+    expect(controller).toBeDefined();
+  });
+});

apps/backend/src/auth/auth.controller.ts

@@ -0,0 +1,46 @@
+import {
+  BadRequestException,
+  Body,
+  Controller,
+  Post,
+  Request,
+  UseGuards,
+} from '@nestjs/common';
+import { LoginDto } from './dto/login.dto';
+import { AuthService } from './auth.service';
+import { AuthGuard } from '@nestjs/passport';
+import { UserSessionService } from 'src/user/services/user-session.service';
+import { Throttle, ThrottlerGuard } from '@nestjs/throttler';
+
+@Controller('auth')
+export class AuthController {
+  constructor(
+    private readonly authService: AuthService,
+    private readonly userSessionService: UserSessionService,
+  ) {}
+
+  @Post('login')
+  @UseGuards(ThrottlerGuard)
+  @Throttle({ default: { limit: 20, ttl: 60000 } })
+  async login(@Body() loginDto: LoginDto) {
+    switch (loginDto.type) {
+      case 'password':
+        return this.authService.loginWithPassword(loginDto);
+      case 'phone':
+        return this.authService.loginWithPhone(loginDto);
+      case 'email':
+        return this.authService.loginWithEmail(loginDto);
+      default:
+        throw new BadRequestException('服务器错误');
+    }
+  }
+
+  @UseGuards(AuthGuard('jwt'))
+  @Post('logout')
+  async logout(@Request() req) {
+    const { userId, sessionId } = req.user;
+    await this.userSessionService.invalidateSession(userId, sessionId);
+
+    return true;
+  }
+}

apps/backend/src/auth/auth.module.ts

@@ -0,0 +1,36 @@
+import { forwardRef, Module } from '@nestjs/common';
+import { AuthController } from './auth.controller';
+import { AuthService } from './auth.service';
+import { UserModule } from 'src/user/user.module';
+import { JwtModule } from '@nestjs/jwt';
+import { TypeOrmModule } from '@nestjs/typeorm';
+import { UserSession } from 'src/user/entities/user-session.entity';
+import { PassportModule } from '@nestjs/passport';
+import { JwtStrategy } from './strategies/jwt.strategy';
+import { ConfigModule, ConfigService } from '@nestjs/config';
+import { VerificationModule } from 'src/verification/verification.module';
+import { OptionalAuthGuard } from './strategies/OptionalAuthGuard';
+
+@Module({
+  imports: [
+    ConfigModule,
+    forwardRef(() => UserModule),
+    TypeOrmModule.forFeature([UserSession]),
+    PassportModule.register({ defaultStrategy: 'jwt' }),
+    JwtModule.registerAsync({
+      imports: [ConfigModule],
+      inject: [ConfigService],
+      useFactory: (configService: ConfigService) => ({
+        secret: configService.get<string>('JWT_SECRET', 'tone-page'),
+        signOptions: {
+          expiresIn: configService.get<string>('JWT_EXPIRES_IN', '1d'),
+        },
+      }),
+    }),
+    VerificationModule,
+  ],
+  controllers: [AuthController],
+  providers: [AuthService, JwtStrategy, OptionalAuthGuard],
+  exports: [PassportModule, JwtStrategy, AuthService, OptionalAuthGuard],
+})
+export class AuthModule {}

apps/backend/src/auth/auth.service.spec.ts

@@ -0,0 +1,18 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { AuthService } from './auth.service';
+
+describe('AuthService', () => {
+  let service: AuthService;
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      providers: [AuthService],
+    }).compile();
+
+    service = module.get<AuthService>(AuthService);
+  });
+
+  it('should be defined', () => {
+    expect(service).toBeDefined();
+  });
+});

apps/backend/src/auth/auth.service.ts

@@ -0,0 +1,155 @@
+import { createHash } from 'crypto';
+import { BadRequestException, Injectable } from '@nestjs/common';
+import { LoginDto } from './dto/login.dto';
+import { UserService } from 'src/user/user.service';
+import { User } from 'src/user/entities/user.entity';
+import { JwtService } from '@nestjs/jwt';
+import { UserSessionService } from 'src/user/services/user-session.service';
+import { v4 as uuidv4 } from 'uuid';
+import { VerificationService } from 'src/verification/verification.service';
+
+@Injectable()
+export class AuthService {
+  constructor(
+    private readonly userService: UserService,
+    private readonly jwtService: JwtService,
+    private readonly userSessionService: UserSessionService,
+    private readonly verificationService: VerificationService,
+  ) {}
+
+  async loginWithPassword(loginDto: LoginDto) {
+    const { account, password } = loginDto;
+    // 依次使用邮箱登录、手机号、账号
+    const user = await this.userService.findOne(
+      [{ email: account }, { phone: account }, { username: account }],
+      {
+        withDeleted: true,
+      },
+    );
+
+    if (user && user.deletedAt !== null) {
+      throw new BadRequestException('该账号注销中');
+    }
+
+    if (user === null || !user.password_hash || !user.salt) {
+      throw new BadRequestException('账户或密码错误');
+    }
+
+    // 判断密码是否正确
+    const hashedPassword = this.hashPassword(password, user.salt);
+    if (hashedPassword !== user.password_hash) {
+      throw new BadRequestException('账户或密码错误');
+    }
+
+    // 登录成功，颁发token
+    return {
+      token: await this.generateToken(user),
+    };
+  }
+
+  async loginWithPhone(loginDto: LoginDto) {
+    const { phone, code } = loginDto;
+    // 先判断验证码是否正确
+    const isValid = this.verificationService.verifyPhoneCode(
+      phone,
+      code,
+      'login',
+    );
+    switch (isValid) {
+      case 0:
+        break;
+      case -1:
+        throw new BadRequestException('验证码已过期');
+      case -2:
+        throw new BadRequestException('验证码错误');
+      case -3:
+        throw new BadRequestException('验证码已失效');
+      default:
+        throw new BadRequestException('验证码错误');
+    }
+
+    // 判断用户是否存在，若不存在则进行注册
+    let user = await this.userService.findOne({ phone }, { withDeleted: true });
+    if (user && user.deletedAt !== null) {
+      throw new BadRequestException('该账号注销中，请使用其他手机号');
+    }
+
+    if (!user) {
+      // 执行注册操作
+      user = await this.userService.create({ phone: phone });
+    }
+
+    if (!user || !user.userId) {
+      // 注册失败或用户信息错误
+      throw new BadRequestException('请求失败，请稍后再试');
+    }
+
+    // 登录，颁发token
+    return {
+      token: await this.generateToken(user),
+    };
+  }
+
+  async loginWithEmail(loginDto: LoginDto) {
+    const { email, code } = loginDto;
+    // 先判断验证码是否正确
+    const isValid = this.verificationService.verifyEmailCode(
+      email,
+      code,
+      'login',
+    );
+    switch (isValid) {
+      case 0:
+        break;
+      case -1:
+        throw new BadRequestException('验证码已过期，请重新获取');
+      case -2:
+        throw new BadRequestException('验证码错误');
+      case -3:
+        throw new BadRequestException('验证码已失效，请重新获取');
+      default:
+        throw new BadRequestException('验证码错误，请稍后再试');
+    }
+
+    // 判断用户是否存在，若不存在则进行注册
+    let user = await this.userService.findOne({ email }, { withDeleted: true });
+    if (user && user.deletedAt !== null) {
+      throw new BadRequestException('该账号注销中，请使用其他邮箱');
+    }
+
+    if (!user) {
+      // 执行注册操作
+      user = await this.userService.create({ email: email });
+    }
+
+    if (!user || !user.userId) {
+      // 注册失败或用户信息错误
+      throw new BadRequestException('请求失败，请稍后再试');
+    }
+
+    // 登录，颁发token
+    return {
+      token: await this.generateToken(user),
+    };
+  }
+
+  private hashPassword(password: string, salt: string): string {
+    return createHash('sha256').update(`${password}${salt}`).digest('hex');
+  }
+
+  private async generateToken(user: User) {
+    const payload = {
+      userId: user.userId,
+      sessionId: uuidv4(),
+    };
+
+    // 存储
+    await this.userSessionService.createSession(
+      payload.userId,
+      payload.sessionId,
+    );
+
+    // 颁发token
+    return this.jwtService.sign(payload);
+  }
+}

apps/backend/src/auth/dto/login.dto.ts

@@ -0,0 +1,31 @@
+import { IsEnum, IsString, Length, ValidateIf } from 'class-validator';
+
+export class LoginDto {
+  @IsEnum(['password', 'phone', 'email'], { message: '请求类型错误' })
+  type: 'password' | 'phone' | 'email';
+
+  @ValidateIf((o) => o.type === 'password')
+  @IsString({ message: '账户必须输入' })
+  @Length(1, 254, { message: '账户异常' }) // 用户名、邮箱、手机号
+  account?: string;
+
+  @ValidateIf((o) => o.type === 'password')
+  @IsString({ message: '密码必须输入' })
+  @Length(6, 32, { message: '密码异常' }) // 6-32位
+  password?: string;
+
+  @ValidateIf((o) => o.type === 'phone')
+  @IsString({ message: '手机号必须输入' })
+  @Length(11, 11, { message: '手机号异常' }) // 中国大陆，11位数字
+  phone?: string;
+
+  @ValidateIf((o) => o.type === 'email')
+  @IsString({ message: '邮箱必须输入' })
+  @Length(6, 254, { message: '邮箱异常' }) // RFC 5321
+  email?: string;
+
+  @ValidateIf((o) => o.type === 'phone' || o.type === 'email')
+  @IsString({ message: '验证码必须输入' })
+  @Length(6, 6, { message: '验证码异常' }) // 6位数字
+  code?: string;
+}

apps/backend/src/auth/role.enum.ts

@@ -0,0 +1,3 @@
+export enum Role {
+  Admin = 'admin',
+}

apps/backend/src/auth/strategies/OptionalAuthGuard.ts

@@ -0,0 +1,28 @@
+import { CanActivate, ExecutionContext, Injectable } from '@nestjs/common';
+import { AuthGuard } from '@nestjs/passport';
+
+@Injectable()
+export class OptionalAuthGuard extends AuthGuard('jwt') implements CanActivate {
+  async canActivate(context: ExecutionContext): Promise<boolean> {
+    try {
+      await super.canActivate(context);
+      return true;
+    } catch (error) {
+      console.error('OptionalAuthGuard error:', error);
+      return true; // 如果验证失败，仍然允许访问
+    }
+  }
+
+  handleRequest<TUser = any>(
+    err: any,
+    user: any,
+    // info: any,
+    // context: ExecutionContext,
+    // status?: any,
+  ): TUser {
+    if (err || !user) {
+      return null; // 如果没有用户信息，返回null
+    }
+    return user; // 如果有用户信息，返回用户对象
+  }
+}

apps/backend/src/auth/strategies/jwt.strategy.ts

@@ -0,0 +1,47 @@
+import {
+  BadRequestException,
+  Injectable,
+  UnauthorizedException,
+} from '@nestjs/common';
+import { ConfigService } from '@nestjs/config';
+import { PassportStrategy } from '@nestjs/passport';
+import { ExtractJwt, Strategy } from 'passport-jwt';
+import { UserSessionService } from 'src/user/services/user-session.service';
+import { UserService } from 'src/user/user.service';
+
+@Injectable()
+export class JwtStrategy extends PassportStrategy(Strategy, 'jwt') {
+  constructor(
+    private readonly userService: UserService,
+    private readonly userSessionService: UserSessionService,
+    private readonly configService: ConfigService,
+  ) {
+    super({
+      jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
+      ignoreExpiration: false,
+      secretOrKey: configService.get<string>('JWT_SECRET', 'tone-page'),
+    });
+  }
+
+  async validate(payload: any) {
+    const { userId, sessionId } = payload ?? {};
+
+    const isValidSession = await this.userSessionService.isSessionValid(
+      userId,
+      sessionId,
+    );
+    if (!isValidSession) {
+      throw new UnauthorizedException('登录凭证已过期，请重新登录');
+    }
+
+    const user = await this.userService.findById(userId);
+    if (!user) {
+      throw new BadRequestException('用户不存在');
+    }
+
+    return {
+      ...user,
+      sessionId,
+    };
+  }
+}