tenant: add invites and join requests

2025-12-18 18:27:23 +08:00
parent 462bde351d
commit ec4506fd2d
28 changed files with 5206 additions and 201 deletions
--- a/backend/app/services/tenant_join.go
+++ b/backend/app/services/tenant_join.go
@@ -0,0 +1,511 @@
+package services
+
+import (
+	"context"
+	"crypto/rand"
+	"encoding/base32"
+	"strings"
+	"time"
+
+	"quyun/v2/app/errorx"
+	"quyun/v2/app/http/tenant/dto"
+	tenantjoindto "quyun/v2/app/http/tenantjoin/dto"
+	"quyun/v2/app/requests"
+	"quyun/v2/database/models"
+	"quyun/v2/pkg/consts"
+
+	"github.com/jackc/pgx/v5/pgconn"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"go.ipao.vip/gen"
+	"go.ipao.vip/gen/types"
+	"gorm.io/gorm"
+	"gorm.io/gorm/clause"
+)
+
+func isUniqueViolation(err error) bool {
+	var pgErr *pgconn.PgError
+	if errors.As(err, &pgErr) {
+		return pgErr.Code == "23505"
+	}
+	return errors.Is(err, gorm.ErrDuplicatedKey)
+}
+
+func newInviteCode() (string, error) {
+	// 邀请码为安全敏感值：使用强随机数，避免可预测性导致被撞库加入租户。
+	buf := make([]byte, 10) // 80-bit
+	if _, err := rand.Read(buf); err != nil {
+		return "", err
+	}
+	// base32（去掉 padding）便于输入，统一转小写存储与比较。
+	return strings.ToLower(base32.StdEncoding.WithPadding(base32.NoPadding).EncodeToString(buf)), nil
+}
+
+// AdminCreateInvite 租户管理员创建邀请（用于用户通过邀请码加入租户）。
+func (t *tenant) AdminCreateInvite(ctx context.Context, tenantID, operatorUserID int64, form *dto.AdminTenantInviteCreateForm) (*models.TenantInvite, error) {
+	if tenantID <= 0 {
+		return nil, errorx.ErrInvalidParameter.WithMsg("tenant_id must be > 0")
+	}
+	if operatorUserID <= 0 {
+		return nil, errorx.ErrInvalidParameter.WithMsg("operator_user_id must be > 0")
+	}
+	if form == nil {
+		return nil, errorx.ErrInvalidParameter.WithMsg("form is nil")
+	}
+
+	now := time.Now().UTC()
+	code := strings.ToLower(strings.TrimSpace(form.Code))
+	if code == "" {
+		var err error
+		code, err = newInviteCode()
+		if err != nil {
+			return nil, err
+		}
+	}
+	if form.ExpiresAt != nil && !form.ExpiresAt.IsZero() && form.ExpiresAt.Before(now) {
+		return nil, errorx.ErrInvalidParameter.WithMsg("expires_at must be in future")
+	}
+	if form.MaxUses != nil && *form.MaxUses < 0 {
+		return nil, errorx.ErrInvalidParameter.WithMsg("max_uses must be >= 0")
+	}
+
+	logrus.WithFields(logrus.Fields{
+		"tenant_id":          tenantID,
+		"operator_user_id":   operatorUserID,
+		"code":               code,
+		"max_uses":           form.MaxUses,
+		"expires_at_present": form.ExpiresAt != nil,
+	}).Info("services.tenant.admin.create_invite")
+
+	invite := &models.TenantInvite{
+		TenantID:  tenantID,
+		UserID:    operatorUserID,
+		Code:      code,
+		Status:    consts.TenantInviteStatusActive,
+		MaxUses:   0,
+		UsedCount: 0,
+		Remark:    strings.TrimSpace(form.Remark),
+		CreatedAt: now,
+		UpdatedAt: now,
+	}
+	if form.MaxUses != nil {
+		invite.MaxUses = int32(*form.MaxUses)
+	}
+	if form.ExpiresAt != nil && !form.ExpiresAt.IsZero() {
+		invite.ExpiresAt = form.ExpiresAt.UTC()
+	}
+
+	// 关键点：expires_at/disabled_at 允许为空，避免写入 0001-01-01 造成误判。
+	db := models.Q.TenantInvite.WithContext(ctx).UnderlyingDB().Omit("disabled_at", "disabled_operator_user_id")
+	if invite.ExpiresAt.IsZero() {
+		db = db.Omit("expires_at")
+	}
+	if err := db.Create(invite).Error; err != nil {
+		if isUniqueViolation(err) {
+			return nil, errorx.ErrRecordDuplicated.WithMsg("邀请码已存在，请重试")
+		}
+		return nil, err
+	}
+	return invite, nil
+}
+
+// AdminDisableInvite 租户管理员禁用邀请（幂等）。
+func (t *tenant) AdminDisableInvite(ctx context.Context, tenantID, operatorUserID, inviteID int64, reason string) (*models.TenantInvite, error) {
+	if tenantID <= 0 || operatorUserID <= 0 || inviteID <= 0 {
+		return nil, errorx.ErrInvalidParameter.WithMsg("invalid tenant_id/operator_user_id/invite_id")
+	}
+
+	now := time.Now().UTC()
+	reason = strings.TrimSpace(reason)
+
+	logrus.WithFields(logrus.Fields{
+		"tenant_id":        tenantID,
+		"operator_user_id": operatorUserID,
+		"invite_id":        inviteID,
+	}).Info("services.tenant.admin.disable_invite")
+
+	var out models.TenantInvite
+	err := _db.WithContext(ctx).Transaction(func(tx *gorm.DB) error {
+		var inv models.TenantInvite
+		if err := tx.
+			Clauses(clause.Locking{Strength: "UPDATE"}).
+			Where("id = ? AND tenant_id = ?", inviteID, tenantID).
+			First(&inv).Error; err != nil {
+			if errors.Is(err, gorm.ErrRecordNotFound) {
+				return errorx.ErrRecordNotFound.WithMsg("邀请码不存在")
+			}
+			return err
+		}
+
+		// 幂等：重复禁用直接返回当前状态。
+		if inv.Status == consts.TenantInviteStatusDisabled || inv.Status == consts.TenantInviteStatusExpired {
+			out = inv
+			return nil
+		}
+
+		inv.Status = consts.TenantInviteStatusDisabled
+		inv.DisabledOperatorUserID = operatorUserID
+		inv.DisabledAt = now
+		if reason != "" {
+			inv.Remark = reason
+		}
+		inv.UpdatedAt = now
+
+		// 关键点：disabled_at/disabled_operator_user_id 允许为空，但禁用时必须落审计信息。
+		if err := tx.Save(&inv).Error; err != nil {
+			return err
+		}
+
+		out = inv
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+	return &out, nil
+}
+
+// AdminInvitePage 租户管理员分页查询邀请列表。
+func (t *tenant) AdminInvitePage(ctx context.Context, tenantID int64, filter *dto.AdminTenantInviteListFilter) (*requests.Pager, error) {
+	if tenantID <= 0 {
+		return nil, errorx.ErrInvalidParameter.WithMsg("tenant_id must be > 0")
+	}
+	if filter == nil {
+		filter = &dto.AdminTenantInviteListFilter{}
+	}
+	filter.Pagination.Format()
+
+	tbl, query := models.TenantInviteQuery.QueryContext(ctx)
+	conds := []gen.Condition{tbl.TenantID.Eq(tenantID)}
+	if filter.Status != nil && *filter.Status != "" {
+		conds = append(conds, tbl.Status.Eq(*filter.Status))
+	}
+	if code := filter.CodeTrimmed(); code != "" {
+		conds = append(conds, tbl.Code.Like("%"+strings.ToLower(code)+"%"))
+	}
+
+	items, total, err := query.Where(conds...).Order(tbl.ID.Desc()).FindByPage(int(filter.Offset()), int(filter.Limit))
+	if err != nil {
+		return nil, err
+	}
+
+	return &requests.Pager{
+		Pagination: filter.Pagination,
+		Total:      total,
+		Items:      items,
+	}, nil
+}
+
+// JoinByInvite 用户通过邀请码加入租户（无须已是租户成员）。
+func (t *tenant) JoinByInvite(ctx context.Context, tenantID, userID int64, inviteCode string) (*models.TenantUser, error) {
+	if tenantID <= 0 || userID <= 0 {
+		return nil, errorx.ErrInvalidParameter.WithMsg("invalid tenant_id/user_id")
+	}
+	inviteCode = strings.ToLower(strings.TrimSpace(inviteCode))
+	if inviteCode == "" {
+		return nil, errorx.ErrInvalidParameter.WithMsg("invite_code is empty")
+	}
+
+	now := time.Now().UTC()
+	logrus.WithFields(logrus.Fields{
+		"tenant_id":    tenantID,
+		"user_id":      userID,
+		"invite_code":  inviteCode,
+		"invite_token": "[masked]",
+	}).Info("services.tenant.join_by_invite")
+
+	var out models.TenantUser
+	err := _db.WithContext(ctx).Transaction(func(tx *gorm.DB) error {
+		// 关键前置条件：已经是成员时直接成功返回，不消耗邀请码使用次数。
+		var existingTU models.TenantUser
+		if err := tx.Where("tenant_id = ? AND user_id = ?", tenantID, userID).First(&existingTU).Error; err == nil {
+			out = existingTU
+			return nil
+		} else if err != nil && !errors.Is(err, gorm.ErrRecordNotFound) {
+			return err
+		}
+
+		// 邀请校验必须加行锁，避免并发超发 used_count。
+		var inv models.TenantInvite
+		if err := tx.
+			Clauses(clause.Locking{Strength: "UPDATE"}).
+			Where("tenant_id = ? AND code = ?", tenantID, inviteCode).
+			First(&inv).Error; err != nil {
+			if errors.Is(err, gorm.ErrRecordNotFound) {
+				return errorx.ErrRecordNotFound.WithMsg("邀请码不存在")
+			}
+			return err
+		}
+
+		// 关键规则：禁用/过期的邀请码不可使用。
+		if inv.Status != consts.TenantInviteStatusActive {
+			return errorx.ErrPreconditionFailed.WithMsg("邀请码不可用")
+		}
+		if !inv.ExpiresAt.IsZero() && inv.ExpiresAt.Before(now) {
+			// 业务侧保持状态一致：过期时顺手标记 expired，避免后续误用。
+			_ = tx.Model(&inv).Updates(map[string]any{
+				"status":     consts.TenantInviteStatusExpired,
+				"updated_at": now,
+			}).Error
+			return errorx.ErrPreconditionFailed.WithMsg("邀请码已过期")
+		}
+		if inv.MaxUses > 0 && inv.UsedCount >= inv.MaxUses {
+			_ = tx.Model(&inv).Updates(map[string]any{
+				"status":     consts.TenantInviteStatusExpired,
+				"updated_at": now,
+			}).Error
+			return errorx.ErrPreconditionFailed.WithMsg("邀请码已用尽")
+		}
+
+		// 加入租户：默认 member + verified；与 tenant.AddUser 保持一致。
+		tu := &models.TenantUser{
+			TenantID:      tenantID,
+			UserID:        userID,
+			Role:          types.NewArray([]consts.TenantUserRole{consts.TenantUserRoleMember}),
+			Status:        consts.UserStatusVerified,
+			Balance:       0,
+			BalanceFrozen: 0,
+			CreatedAt:     now,
+			UpdatedAt:     now,
+		}
+		if err := tx.Create(tu).Error; err != nil {
+			if isUniqueViolation(err) {
+				// 并发幂等：重复插入按已加入处理，不消耗邀请码次数。
+				if err := tx.Where("tenant_id = ? AND user_id = ?", tenantID, userID).First(&out).Error; err != nil {
+					return err
+				}
+				return nil
+			}
+			return err
+		}
+		out = *tu
+
+		// 只有在“新加入”成功时才消耗邀请码次数。
+		updates := map[string]any{
+			"used_count": inv.UsedCount + 1,
+			"updated_at": now,
+		}
+		if inv.MaxUses > 0 && inv.UsedCount+1 >= inv.MaxUses {
+			updates["status"] = consts.TenantInviteStatusExpired
+		}
+		return tx.Model(&inv).Updates(updates).Error
+	})
+	if err != nil {
+		return nil, err
+	}
+	return &out, nil
+}
+
+// CreateJoinRequest 用户提交加入租户申请（无邀请码场景）。
+func (t *tenant) CreateJoinRequest(ctx context.Context, tenantID, userID int64, form *tenantjoindto.JoinRequestCreateForm) (*models.TenantJoinRequest, error) {
+	if tenantID <= 0 || userID <= 0 {
+		return nil, errorx.ErrInvalidParameter.WithMsg("invalid tenant_id/user_id")
+	}
+	if form == nil {
+		return nil, errorx.ErrInvalidParameter.WithMsg("form is nil")
+	}
+
+	now := time.Now().UTC()
+	reason := strings.TrimSpace(form.Reason)
+
+	logrus.WithFields(logrus.Fields{
+		"tenant_id": tenantID,
+		"user_id":   userID,
+	}).Info("services.tenant.create_join_request")
+
+	// 关键前置条件：已是成员则不允许重复申请。
+	var existingTU models.TenantUser
+	if err := _db.WithContext(ctx).Where("tenant_id = ? AND user_id = ?", tenantID, userID).First(&existingTU).Error; err == nil {
+		return nil, errorx.ErrPreconditionFailed.WithMsg("已是该租户成员")
+	} else if err != nil && !errors.Is(err, gorm.ErrRecordNotFound) {
+		return nil, err
+	}
+
+	req := &models.TenantJoinRequest{
+		TenantID:      tenantID,
+		UserID:        userID,
+		Status:        consts.TenantJoinRequestStatusPending,
+		Reason:        reason,
+		CreatedAt:     now,
+		UpdatedAt:     now,
+		DecidedAt:     time.Time{},
+		DecidedReason: "",
+	}
+
+	// 关键点：decided_at/decided_operator_user_id 允许为空，避免写入 0001-01-01 造成误判。
+	db := models.Q.TenantJoinRequest.WithContext(ctx).UnderlyingDB().Omit("decided_at", "decided_operator_user_id")
+	if err := db.Create(req).Error; err != nil {
+		if isUniqueViolation(err) {
+			// 幂等：重复提交时返回现有 pending 申请。
+			tbl, query := models.TenantJoinRequestQuery.QueryContext(ctx)
+			existing, qErr := query.Where(
+				tbl.TenantID.Eq(tenantID),
+				tbl.UserID.Eq(userID),
+				tbl.Status.Eq(consts.TenantJoinRequestStatusPending),
+			).First()
+			if qErr == nil {
+				return existing, nil
+			}
+			return nil, err
+		}
+		return nil, err
+	}
+
+	return req, nil
+}
+
+// AdminJoinRequestPage 租户管理员分页查询加入申请列表。
+func (t *tenant) AdminJoinRequestPage(ctx context.Context, tenantID int64, filter *dto.AdminTenantJoinRequestListFilter) (*requests.Pager, error) {
+	if tenantID <= 0 {
+		return nil, errorx.ErrInvalidParameter.WithMsg("tenant_id must be > 0")
+	}
+	if filter == nil {
+		filter = &dto.AdminTenantJoinRequestListFilter{}
+	}
+	filter.Pagination.Format()
+
+	tbl, query := models.TenantJoinRequestQuery.QueryContext(ctx)
+	conds := []gen.Condition{tbl.TenantID.Eq(tenantID)}
+	if filter.UserID != nil && *filter.UserID > 0 {
+		conds = append(conds, tbl.UserID.Eq(*filter.UserID))
+	}
+	if filter.Status != nil && *filter.Status != "" {
+		conds = append(conds, tbl.Status.Eq(*filter.Status))
+	}
+
+	items, total, err := query.Where(conds...).Order(tbl.ID.Desc()).FindByPage(int(filter.Offset()), int(filter.Limit))
+	if err != nil {
+		return nil, err
+	}
+
+	return &requests.Pager{
+		Pagination: filter.Pagination,
+		Total:      total,
+		Items:      items,
+	}, nil
+}
+
+// AdminApproveJoinRequest 租户管理员通过加入申请（幂等）。
+func (t *tenant) AdminApproveJoinRequest(ctx context.Context, tenantID, operatorUserID, requestID int64, reason string) (*models.TenantJoinRequest, error) {
+	if tenantID <= 0 || operatorUserID <= 0 || requestID <= 0 {
+		return nil, errorx.ErrInvalidParameter.WithMsg("invalid tenant_id/operator_user_id/request_id")
+	}
+
+	now := time.Now().UTC()
+	reason = strings.TrimSpace(reason)
+
+	logrus.WithFields(logrus.Fields{
+		"tenant_id":        tenantID,
+		"operator_user_id": operatorUserID,
+		"request_id":       requestID,
+	}).Info("services.tenant.admin.approve_join_request")
+
+	var out models.TenantJoinRequest
+	err := _db.WithContext(ctx).Transaction(func(tx *gorm.DB) error {
+		var req models.TenantJoinRequest
+		if err := tx.
+			Clauses(clause.Locking{Strength: "UPDATE"}).
+			Where("id = ? AND tenant_id = ?", requestID, tenantID).
+			First(&req).Error; err != nil {
+			if errors.Is(err, gorm.ErrRecordNotFound) {
+				return errorx.ErrRecordNotFound.WithMsg("申请不存在")
+			}
+			return err
+		}
+
+		// 幂等：已通过则直接返回。
+		if req.Status == consts.TenantJoinRequestStatusApproved {
+			out = req
+			return nil
+		}
+		if req.Status != consts.TenantJoinRequestStatusPending {
+			return errorx.ErrPreconditionFailed.WithMsg("申请状态不可通过")
+		}
+
+		// 先落成员关系，再更新申请状态，保证“通过后一定能成为成员”（至少幂等）。
+		tu := &models.TenantUser{
+			TenantID:      tenantID,
+			UserID:        req.UserID,
+			Role:          types.NewArray([]consts.TenantUserRole{consts.TenantUserRoleMember}),
+			Status:        consts.UserStatusVerified,
+			Balance:       0,
+			BalanceFrozen: 0,
+			CreatedAt:     now,
+			UpdatedAt:     now,
+		}
+		if err := tx.Create(tu).Error; err != nil && !isUniqueViolation(err) {
+			return err
+		}
+
+		req.Status = consts.TenantJoinRequestStatusApproved
+		req.DecidedAt = now
+		req.DecidedOperatorUserID = operatorUserID
+		req.DecidedReason = reason
+		req.UpdatedAt = now
+		if err := tx.Save(&req).Error; err != nil {
+			return err
+		}
+
+		out = req
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+	return &out, nil
+}
+
+// AdminRejectJoinRequest 租户管理员拒绝加入申请（幂等）。
+func (t *tenant) AdminRejectJoinRequest(ctx context.Context, tenantID, operatorUserID, requestID int64, reason string) (*models.TenantJoinRequest, error) {
+	if tenantID <= 0 || operatorUserID <= 0 || requestID <= 0 {
+		return nil, errorx.ErrInvalidParameter.WithMsg("invalid tenant_id/operator_user_id/request_id")
+	}
+
+	now := time.Now().UTC()
+	reason = strings.TrimSpace(reason)
+
+	logrus.WithFields(logrus.Fields{
+		"tenant_id":        tenantID,
+		"operator_user_id": operatorUserID,
+		"request_id":       requestID,
+	}).Info("services.tenant.admin.reject_join_request")
+
+	var out models.TenantJoinRequest
+	err := _db.WithContext(ctx).Transaction(func(tx *gorm.DB) error {
+		var req models.TenantJoinRequest
+		if err := tx.
+			Clauses(clause.Locking{Strength: "UPDATE"}).
+			Where("id = ? AND tenant_id = ?", requestID, tenantID).
+			First(&req).Error; err != nil {
+			if errors.Is(err, gorm.ErrRecordNotFound) {
+				return errorx.ErrRecordNotFound.WithMsg("申请不存在")
+			}
+			return err
+		}
+
+		// 幂等：已拒绝则直接返回。
+		if req.Status == consts.TenantJoinRequestStatusRejected {
+			out = req
+			return nil
+		}
+		if req.Status != consts.TenantJoinRequestStatusPending {
+			return errorx.ErrPreconditionFailed.WithMsg("申请状态不可拒绝")
+		}
+
+		req.Status = consts.TenantJoinRequestStatusRejected
+		req.DecidedAt = now
+		req.DecidedOperatorUserID = operatorUserID
+		req.DecidedReason = reason
+		req.UpdatedAt = now
+		if err := tx.Save(&req).Error; err != nil {
+			return err
+		}
+
+		out = req
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+	return &out, nil
+}