feat: Implement public access for tenant content

- Add TenantOptionalAuth middleware to allow access to public content without requiring authentication. - Introduce ListPublicPublished and PublicDetail methods in the content service to retrieve publicly accessible content. - Create tenant_public HTTP routes for listing and showing public content, including preview and main asset retrieval. - Enhance content tests to cover scenarios for public content access and permissions. - Update specifications to reflect the new public content access features and rules.
2025-12-22 16:29:44 +08:00
parent 266de2f75e
commit 39454458f1
17 changed files with 1010 additions and 17 deletions
--- a/backend/app/services/content.go
+++ b/backend/app/services/content.go
@@ -5,6 +5,7 @@ import (
 	"errors"
 	"time"

+	"quyun/v2/app/errorx"
 	"quyun/v2/app/http/tenant/dto"
 	"quyun/v2/app/requests"
 	"quyun/v2/database"
@@ -257,6 +258,117 @@ func (s *content) ListPublished(ctx context.Context, tenantID, userID int64, fil
 	}, nil
 }

+// ListPublicPublished 返回“公开可见”的已发布内容列表（给游客/非成员使用）。
+// 规则：仅返回 published + visibility=public；tenant_only/private 永不通过公开接口暴露。
+func (s *content) ListPublicPublished(ctx context.Context, tenantID, viewerUserID int64, filter *dto.ContentListFilter) (*requests.Pager, error) {
+	if filter == nil {
+		filter = &dto.ContentListFilter{}
+	}
+
+	log.WithFields(log.Fields{
+		"tenant_id": tenantID,
+		"user_id":   viewerUserID,
+		"page":      filter.Page,
+		"limit":     filter.Limit,
+	}).Info("services.content.list_public_published")
+
+	tbl, query := models.ContentQuery.QueryContext(ctx)
+
+	conds := []gen.Condition{
+		tbl.TenantID.Eq(tenantID),
+		tbl.Status.Eq(consts.ContentStatusPublished),
+		tbl.Visibility.Eq(consts.ContentVisibilityPublic),
+		tbl.DeletedAt.IsNull(),
+	}
+	if filter.Keyword != nil && *filter.Keyword != "" {
+		conds = append(conds, tbl.Title.Like(database.WrapLike(*filter.Keyword)))
+	}
+
+	filter.Pagination.Format()
+	items, total, err := query.Where(conds...).Order(tbl.ID.Desc()).FindByPage(int(filter.Offset()), int(filter.Limit))
+	if err != nil {
+		return nil, err
+	}
+
+	contentIDs := lo.Map(items, func(item *models.Content, _ int) int64 { return item.ID })
+	priceByContent, err := s.contentPriceMapping(ctx, tenantID, contentIDs)
+	if err != nil {
+		return nil, err
+	}
+
+	accessSet := map[int64]bool{}
+	if viewerUserID > 0 {
+		m, err := s.accessSet(ctx, tenantID, viewerUserID, contentIDs)
+		if err != nil {
+			return nil, err
+		}
+		accessSet = m
+	}
+
+	respItems := lo.Map(items, func(model *models.Content, _ int) *dto.ContentItem {
+		price := priceByContent[model.ID]
+		free := price == nil || price.PriceAmount == 0
+		has := free || accessSet[model.ID] || model.UserID == viewerUserID
+		return &dto.ContentItem{
+			Content:   model,
+			Price:     price,
+			HasAccess: has,
+		}
+	})
+
+	return &requests.Pager{
+		Pagination: filter.Pagination,
+		Total:      total,
+		Items:      respItems,
+	}, nil
+}
+
+// PublicDetail 返回“公开可见”的内容详情（给游客/非成员使用）。
+// 规则：仅允许 published + visibility=public；否则统一返回 not found，避免信息泄露。
+func (s *content) PublicDetail(ctx context.Context, tenantID, viewerUserID, contentID int64) (*ContentDetailResult, error) {
+	log.WithFields(log.Fields{
+		"tenant_id":  tenantID,
+		"user_id":    viewerUserID,
+		"content_id": contentID,
+	}).Info("services.content.public_detail")
+
+	tbl, query := models.ContentQuery.QueryContext(ctx)
+	model, err := query.Where(
+		tbl.TenantID.Eq(tenantID),
+		tbl.ID.Eq(contentID),
+		tbl.DeletedAt.IsNull(),
+	).First()
+	if err != nil {
+		return nil, errorx.ErrRecordNotFound.WithMsg("content not found")
+	}
+
+	// Public endpoints only expose published + public contents.
+	if model.Status != consts.ContentStatusPublished || model.Visibility != consts.ContentVisibilityPublic {
+		return nil, errorx.ErrRecordNotFound.WithMsg("content not found")
+	}
+
+	price, err := s.contentPrice(ctx, tenantID, contentID)
+	if err != nil {
+		return nil, err
+	}
+	free := price == nil || price.PriceAmount == 0
+
+	hasAccess := model.UserID == viewerUserID || free
+	if !hasAccess && viewerUserID > 0 {
+		ok, err := s.HasAccess(ctx, tenantID, viewerUserID, contentID)
+		if err != nil {
+			return nil, err
+		}
+		hasAccess = ok
+	}
+
+	return &ContentDetailResult{
+		Content:   model,
+		Price:     price,
+		HasAccess: hasAccess,
+	}, nil
+}
+
 func (s *content) Detail(ctx context.Context, tenantID, userID, contentID int64) (*ContentDetailResult, error) {
 	log.WithFields(log.Fields{
 		"tenant_id":  tenantID,
--- a/backend/app/services/content_test.go
+++ b/backend/app/services/content_test.go
@@ -2,11 +2,14 @@ package services

 import (
 	"database/sql"
+	"errors"
 	"testing"
 	"time"

 	"quyun/v2/app/commands/testx"
+	"quyun/v2/app/errorx"
 	"quyun/v2/app/http/tenant/dto"
+	"quyun/v2/app/requests"
 	"quyun/v2/database"
 	"quyun/v2/database/models"
 	"quyun/v2/pkg/consts"
@@ -18,6 +21,7 @@ import (
 	"go.ipao.vip/atom/contracts"
 	"go.ipao.vip/gen/types"
 	"go.uber.org/dig"
+	"gorm.io/gorm"
 )

 type ContentTestSuiteInjectParams struct {
@@ -241,3 +245,247 @@ func (s *ContentTestSuite) Test_HasAccess() {
 		})
 	})
 }
+
+func (s *ContentTestSuite) Test_ListPublicPublished() {
+	Convey("Content.ListPublicPublished", s.T(), func() {
+		ctx := s.T().Context()
+		now := time.Now().UTC()
+		tenantID := int64(1)
+		ownerID := int64(2)
+
+		database.Truncate(ctx, s.DB,
+			models.TableNameContentAccess,
+			models.TableNameContentPrice,
+			models.TableNameContent,
+		)
+
+		publicPaid := &models.Content{
+			TenantID:            tenantID,
+			UserID:              ownerID,
+			Title:               "public_paid",
+			Description:         "d",
+			Status:              consts.ContentStatusPublished,
+			Visibility:          consts.ContentVisibilityPublic,
+			PreviewSeconds:      consts.DefaultContentPreviewSeconds,
+			PreviewDownloadable: false,
+			PublishedAt:         now,
+			CreatedAt:           now,
+			UpdatedAt:           now,
+		}
+		So(publicPaid.Create(ctx), ShouldBeNil)
+		So((&models.ContentPrice{
+			TenantID:    tenantID,
+			UserID:      ownerID,
+			ContentID:   publicPaid.ID,
+			Currency:    consts.CurrencyCNY,
+			PriceAmount: 100,
+			CreatedAt:   now,
+			UpdatedAt:   now,
+		}).Create(ctx), ShouldBeNil)
+
+		publicFree := &models.Content{
+			TenantID:            tenantID,
+			UserID:              ownerID,
+			Title:               "public_free",
+			Description:         "d",
+			Status:              consts.ContentStatusPublished,
+			Visibility:          consts.ContentVisibilityPublic,
+			PreviewSeconds:      consts.DefaultContentPreviewSeconds,
+			PreviewDownloadable: false,
+			PublishedAt:         now,
+			CreatedAt:           now,
+			UpdatedAt:           now,
+		}
+		So(publicFree.Create(ctx), ShouldBeNil)
+
+		tenantOnly := &models.Content{
+			TenantID:            tenantID,
+			UserID:              ownerID,
+			Title:               "tenant_only",
+			Description:         "d",
+			Status:              consts.ContentStatusPublished,
+			Visibility:          consts.ContentVisibilityTenantOnly,
+			PreviewSeconds:      consts.DefaultContentPreviewSeconds,
+			PreviewDownloadable: false,
+			PublishedAt:         now,
+			CreatedAt:           now,
+			UpdatedAt:           now,
+		}
+		So(tenantOnly.Create(ctx), ShouldBeNil)
+
+		privateContent := &models.Content{
+			TenantID:            tenantID,
+			UserID:              ownerID,
+			Title:               "private",
+			Description:         "d",
+			Status:              consts.ContentStatusPublished,
+			Visibility:          consts.ContentVisibilityPrivate,
+			PreviewSeconds:      consts.DefaultContentPreviewSeconds,
+			PreviewDownloadable: false,
+			PublishedAt:         now,
+			CreatedAt:           now,
+			UpdatedAt:           now,
+		}
+		So(privateContent.Create(ctx), ShouldBeNil)
+
+		draftPublic := &models.Content{
+			TenantID:            tenantID,
+			UserID:              ownerID,
+			Title:               "draft_public",
+			Description:         "d",
+			Status:              consts.ContentStatusDraft,
+			Visibility:          consts.ContentVisibilityPublic,
+			PreviewSeconds:      consts.DefaultContentPreviewSeconds,
+			PreviewDownloadable: false,
+			CreatedAt:           now,
+			UpdatedAt:           now,
+		}
+		So(draftPublic.Create(ctx), ShouldBeNil)
+
+		deletedPublic := &models.Content{
+			TenantID:            tenantID,
+			UserID:              ownerID,
+			Title:               "deleted_public",
+			Description:         "d",
+			Status:              consts.ContentStatusPublished,
+			Visibility:          consts.ContentVisibilityPublic,
+			PreviewSeconds:      consts.DefaultContentPreviewSeconds,
+			PreviewDownloadable: false,
+			PublishedAt:         now,
+			DeletedAt:           gorm.DeletedAt{Time: now, Valid: true},
+			CreatedAt:           now,
+			UpdatedAt:           now,
+		}
+		So(deletedPublic.Create(ctx), ShouldBeNil)
+
+		Convey("游客仅能看到 public+published，且免费内容 has_access=true", func() {
+			pager, err := Content.ListPublicPublished(ctx, tenantID, 0, &dto.ContentListFilter{Pagination: requests.Pagination{Page: 1, Limit: 20}})
+			So(err, ShouldBeNil)
+			So(pager.Total, ShouldEqual, 2)
+
+			items := pager.Items.([]*dto.ContentItem)
+			So(len(items), ShouldEqual, 2)
+
+			got := map[int64]*dto.ContentItem{}
+			for _, it := range items {
+				got[it.Content.ID] = it
+			}
+			So(got[publicPaid.ID], ShouldNotBeNil)
+			So(got[publicFree.ID], ShouldNotBeNil)
+			So(got[publicPaid.ID].HasAccess, ShouldBeFalse)
+			So(got[publicFree.ID].HasAccess, ShouldBeTrue)
+		})
+
+		Convey("已登录用户若有权益则 has_access=true", func() {
+			viewerID := int64(99)
+			access := &models.ContentAccess{
+				TenantID:  tenantID,
+				UserID:    viewerID,
+				ContentID: publicPaid.ID,
+				OrderID:   123,
+				Status:    consts.ContentAccessStatusActive,
+				CreatedAt: now,
+				UpdatedAt: now,
+			}
+			So(access.Create(ctx), ShouldBeNil)
+
+			pager, err := Content.ListPublicPublished(ctx, tenantID, viewerID, &dto.ContentListFilter{Pagination: requests.Pagination{Page: 1, Limit: 20}})
+			So(err, ShouldBeNil)
+			So(pager.Total, ShouldEqual, 2)
+
+			items := pager.Items.([]*dto.ContentItem)
+			got := map[int64]*dto.ContentItem{}
+			for _, it := range items {
+				got[it.Content.ID] = it
+			}
+			So(got[publicPaid.ID].HasAccess, ShouldBeTrue)
+		})
+	})
+}
+
+func (s *ContentTestSuite) Test_PublicDetail() {
+	Convey("Content.PublicDetail", s.T(), func() {
+		ctx := s.T().Context()
+		now := time.Now().UTC()
+		tenantID := int64(1)
+		ownerID := int64(2)
+
+		database.Truncate(ctx, s.DB,
+			models.TableNameContentAccess,
+			models.TableNameContentPrice,
+			models.TableNameContent,
+		)
+
+		publicPaid := &models.Content{
+			TenantID:            tenantID,
+			UserID:              ownerID,
+			Title:               "public_paid",
+			Description:         "d",
+			Status:              consts.ContentStatusPublished,
+			Visibility:          consts.ContentVisibilityPublic,
+			PreviewSeconds:      consts.DefaultContentPreviewSeconds,
+			PreviewDownloadable: false,
+			PublishedAt:         now,
+			CreatedAt:           now,
+			UpdatedAt:           now,
+		}
+		So(publicPaid.Create(ctx), ShouldBeNil)
+		So((&models.ContentPrice{
+			TenantID:    tenantID,
+			UserID:      ownerID,
+			ContentID:   publicPaid.ID,
+			Currency:    consts.CurrencyCNY,
+			PriceAmount: 100,
+			CreatedAt:   now,
+			UpdatedAt:   now,
+		}).Create(ctx), ShouldBeNil)
+
+		tenantOnly := &models.Content{
+			TenantID:            tenantID,
+			UserID:              ownerID,
+			Title:               "tenant_only",
+			Description:         "d",
+			Status:              consts.ContentStatusPublished,
+			Visibility:          consts.ContentVisibilityTenantOnly,
+			PreviewSeconds:      consts.DefaultContentPreviewSeconds,
+			PreviewDownloadable: false,
+			PublishedAt:         now,
+			CreatedAt:           now,
+			UpdatedAt:           now,
+		}
+		So(tenantOnly.Create(ctx), ShouldBeNil)
+
+		Convey("游客访问 public+paid：可见但无正片权限", func() {
+			out, err := Content.PublicDetail(ctx, tenantID, 0, publicPaid.ID)
+			So(err, ShouldBeNil)
+			So(out, ShouldNotBeNil)
+			So(out.HasAccess, ShouldBeFalse)
+		})
+
+		Convey("tenant_only 在 public detail 下应表现为 not found", func() {
+			_, err := Content.PublicDetail(ctx, tenantID, 0, tenantOnly.ID)
+			So(err, ShouldNotBeNil)
+			var appErr *errorx.AppError
+			So(errors.As(err, &appErr), ShouldBeTrue)
+			So(appErr.Code, ShouldEqual, errorx.ErrRecordNotFound.Code)
+		})
+
+		Convey("有权益的已登录用户访问 public+paid：has_access=true", func() {
+			viewerID := int64(99)
+			access := &models.ContentAccess{
+				TenantID:  tenantID,
+				UserID:    viewerID,
+				ContentID: publicPaid.ID,
+				OrderID:   123,
+				Status:    consts.ContentAccessStatusActive,
+				CreatedAt: now,
+				UpdatedAt: now,
+			}
+			So(access.Create(ctx), ShouldBeNil)
+
+			out, err := Content.PublicDetail(ctx, tenantID, viewerID, publicPaid.ID)
+			So(err, ShouldBeNil)
+			So(out.HasAccess, ShouldBeTrue)
+		})
+	})
+}
--- a/backend/app/services/tenant_join.go
+++ b/backend/app/services/tenant_join.go
@@ -9,7 +9,7 @@ import (

 	"quyun/v2/app/errorx"
 	"quyun/v2/app/http/tenant/dto"
-	tenantjoindto "quyun/v2/app/http/tenantjoin/dto"
+	tenant_join_dto "quyun/v2/app/http/tenant_join/dto"
 	"quyun/v2/app/requests"
 	"quyun/v2/database/models"
 	"quyun/v2/pkg/consts"
@@ -297,7 +297,7 @@ func (t *tenant) JoinByInvite(ctx context.Context, tenantID, userID int64, invit
 }

 // CreateJoinRequest 用户提交加入租户申请（无邀请码场景）。
-func (t *tenant) CreateJoinRequest(ctx context.Context, tenantID, userID int64, form *tenantjoindto.JoinRequestCreateForm) (*models.TenantJoinRequest, error) {
+func (t *tenant) CreateJoinRequest(ctx context.Context, tenantID, userID int64, form *tenant_join_dto.JoinRequestCreateForm) (*models.TenantJoinRequest, error) {
 	if tenantID <= 0 || userID <= 0 {
 		return nil, errorx.ErrInvalidParameter.WithMsg("invalid tenant_id/user_id")
 	}
--- a/backend/app/services/tenant_join_test.go
+++ b/backend/app/services/tenant_join_test.go
@@ -10,7 +10,7 @@ import (
 	"quyun/v2/app/commands/testx"
 	"quyun/v2/app/errorx"
 	tenantdto "quyun/v2/app/http/tenant/dto"
-	tenantjoindto "quyun/v2/app/http/tenantjoin/dto"
+	tenant_join_dto "quyun/v2/app/http/tenant_join/dto"
 	"quyun/v2/database"
 	"quyun/v2/database/models"
 	"quyun/v2/pkg/consts"
@@ -262,7 +262,7 @@ func (s *TenantJoinTestSuite) Test_CreateJoinRequest() {
 				Status:   consts.UserStatusVerified,
 			}).Error, ShouldBeNil)

-			_, err := Tenant.CreateJoinRequest(ctx, tenantID, userID, &tenantjoindto.JoinRequestCreateForm{Reason: "x"})
+			_, err := Tenant.CreateJoinRequest(ctx, tenantID, userID, &tenant_join_dto.JoinRequestCreateForm{Reason: "x"})
 			So(err, ShouldNotBeNil)

 			var appErr *errorx.AppError
@@ -273,11 +273,11 @@ func (s *TenantJoinTestSuite) Test_CreateJoinRequest() {
 		Convey("重复提交应返回同一个 pending 申请（幂等）", func() {
 			s.truncateAll(ctx)

-			out1, err := Tenant.CreateJoinRequest(ctx, tenantID, userID, &tenantjoindto.JoinRequestCreateForm{Reason: "a"})
+			out1, err := Tenant.CreateJoinRequest(ctx, tenantID, userID, &tenant_join_dto.JoinRequestCreateForm{Reason: "a"})
 			So(err, ShouldBeNil)
 			So(out1, ShouldNotBeNil)

-			out2, err := Tenant.CreateJoinRequest(ctx, tenantID, userID, &tenantjoindto.JoinRequestCreateForm{Reason: "b"})
+			out2, err := Tenant.CreateJoinRequest(ctx, tenantID, userID, &tenant_join_dto.JoinRequestCreateForm{Reason: "b"})
 			So(err, ShouldBeNil)
 			So(out2, ShouldNotBeNil)
 			So(out2.ID, ShouldEqual, out1.ID)