package services import ( "context" "crypto/rand" "encoding/base32" "strings" "time" "quyun/v2/app/errorx" "quyun/v2/app/http/tenant/dto" tenant_join_dto "quyun/v2/app/http/tenant_join/dto" "quyun/v2/app/requests" "quyun/v2/database/models" "quyun/v2/pkg/consts" "github.com/jackc/pgx/v5/pgconn" "github.com/pkg/errors" "github.com/sirupsen/logrus" "go.ipao.vip/gen" "go.ipao.vip/gen/types" "gorm.io/gorm" "gorm.io/gorm/clause" ) // tenantJoin 提供“加入租户”域相关能力(占位服务)。 // 当前 join 相关实现复用在 `tenant` service 上,以保持对外 API 不变;此处仅用于服务汇总/注入。 // // @provider type tenantJoin struct{} func isUniqueViolation(err error) bool { var pgErr *pgconn.PgError if errors.As(err, &pgErr) { return pgErr.Code == "23505" } return errors.Is(err, gorm.ErrDuplicatedKey) } func newInviteCode() (string, error) { // 邀请码为安全敏感值:使用强随机数,避免可预测性导致被撞库加入租户。 buf := make([]byte, 10) // 80-bit if _, err := rand.Read(buf); err != nil { return "", err } // base32(去掉 padding)便于输入,统一转小写存储与比较。 return strings.ToLower(base32.StdEncoding.WithPadding(base32.NoPadding).EncodeToString(buf)), nil } // AdminCreateInvite 租户管理员创建邀请(用于用户通过邀请码加入租户)。 func (t *tenant) AdminCreateInvite(ctx context.Context, tenantID, operatorUserID int64, form *dto.AdminTenantInviteCreateForm) (*models.TenantInvite, error) { if tenantID <= 0 { return nil, errorx.ErrInvalidParameter.WithMsg("tenant_id must be > 0") } if operatorUserID <= 0 { return nil, errorx.ErrInvalidParameter.WithMsg("operator_user_id must be > 0") } if form == nil { return nil, errorx.ErrInvalidParameter.WithMsg("form is nil") } now := time.Now().UTC() code := strings.ToLower(strings.TrimSpace(form.Code)) if code == "" { var err error code, err = newInviteCode() if err != nil { return nil, err } } if form.ExpiresAt != nil && !form.ExpiresAt.IsZero() && form.ExpiresAt.Before(now) { return nil, errorx.ErrInvalidParameter.WithMsg("expires_at must be in future") } if form.MaxUses != nil && *form.MaxUses < 0 { return nil, errorx.ErrInvalidParameter.WithMsg("max_uses must be >= 0") } logrus.WithFields(logrus.Fields{ "tenant_id": tenantID, "operator_user_id": operatorUserID, "code": code, "max_uses": form.MaxUses, "expires_at_present": form.ExpiresAt != nil, }).Info("services.tenant.admin.create_invite") invite := &models.TenantInvite{ TenantID: tenantID, UserID: operatorUserID, Code: code, Status: consts.TenantInviteStatusActive, MaxUses: 0, UsedCount: 0, Remark: strings.TrimSpace(form.Remark), CreatedAt: now, UpdatedAt: now, } if form.MaxUses != nil { invite.MaxUses = int32(*form.MaxUses) } if form.ExpiresAt != nil && !form.ExpiresAt.IsZero() { invite.ExpiresAt = form.ExpiresAt.UTC() } // 关键点:expires_at/disabled_at 允许为空,避免写入 0001-01-01 造成误判。 db := models.Q.TenantInvite.WithContext(ctx).UnderlyingDB().Omit("disabled_at", "disabled_operator_user_id") if invite.ExpiresAt.IsZero() { db = db.Omit("expires_at") } if err := db.Create(invite).Error; err != nil { if isUniqueViolation(err) { return nil, errorx.ErrRecordDuplicated.WithMsg("邀请码已存在,请重试") } return nil, err } return invite, nil } // AdminDisableInvite 租户管理员禁用邀请(幂等)。 func (t *tenant) AdminDisableInvite(ctx context.Context, tenantID, operatorUserID, inviteID int64, reason string) (*models.TenantInvite, error) { if tenantID <= 0 || operatorUserID <= 0 || inviteID <= 0 { return nil, errorx.ErrInvalidParameter.WithMsg("invalid tenant_id/operator_user_id/invite_id") } now := time.Now().UTC() reason = strings.TrimSpace(reason) logrus.WithFields(logrus.Fields{ "tenant_id": tenantID, "operator_user_id": operatorUserID, "invite_id": inviteID, }).Info("services.tenant.admin.disable_invite") var out models.TenantInvite err := _db.WithContext(ctx).Transaction(func(tx *gorm.DB) error { var inv models.TenantInvite if err := tx. Clauses(clause.Locking{Strength: "UPDATE"}). Where("id = ? AND tenant_id = ?", inviteID, tenantID). First(&inv).Error; err != nil { if errors.Is(err, gorm.ErrRecordNotFound) { return errorx.ErrRecordNotFound.WithMsg("邀请码不存在") } return err } // 幂等:重复禁用直接返回当前状态。 if inv.Status == consts.TenantInviteStatusDisabled || inv.Status == consts.TenantInviteStatusExpired { out = inv return nil } inv.Status = consts.TenantInviteStatusDisabled inv.DisabledOperatorUserID = operatorUserID inv.DisabledAt = now if reason != "" { inv.Remark = reason } inv.UpdatedAt = now // 关键点:disabled_at/disabled_operator_user_id 允许为空,但禁用时必须落审计信息。 if err := tx.Save(&inv).Error; err != nil { return err } out = inv return nil }) if err != nil { return nil, err } return &out, nil } // AdminInvitePage 租户管理员分页查询邀请列表。 func (t *tenant) AdminInvitePage(ctx context.Context, tenantID int64, filter *dto.AdminTenantInviteListFilter) (*requests.Pager, error) { if tenantID <= 0 { return nil, errorx.ErrInvalidParameter.WithMsg("tenant_id must be > 0") } if filter == nil { filter = &dto.AdminTenantInviteListFilter{} } filter.Pagination.Format() tbl, query := models.TenantInviteQuery.QueryContext(ctx) conds := []gen.Condition{tbl.TenantID.Eq(tenantID)} if filter.Status != nil && *filter.Status != "" { conds = append(conds, tbl.Status.Eq(*filter.Status)) } if code := filter.CodeTrimmed(); code != "" { conds = append(conds, tbl.Code.Like("%"+strings.ToLower(code)+"%")) } items, total, err := query.Where(conds...).Order(tbl.ID.Desc()).FindByPage(int(filter.Offset()), int(filter.Limit)) if err != nil { return nil, err } return &requests.Pager{ Pagination: filter.Pagination, Total: total, Items: items, }, nil } // JoinByInvite 用户通过邀请码加入租户(无须已是租户成员)。 func (t *tenant) JoinByInvite(ctx context.Context, tenantID, userID int64, inviteCode string) (*models.TenantUser, error) { if tenantID <= 0 || userID <= 0 { return nil, errorx.ErrInvalidParameter.WithMsg("invalid tenant_id/user_id") } inviteCode = strings.ToLower(strings.TrimSpace(inviteCode)) if inviteCode == "" { return nil, errorx.ErrInvalidParameter.WithMsg("invite_code is empty") } now := time.Now().UTC() logrus.WithFields(logrus.Fields{ "tenant_id": tenantID, "user_id": userID, "invite_code": inviteCode, "invite_token": "[masked]", }).Info("services.tenant.join_by_invite") var out models.TenantUser err := _db.WithContext(ctx).Transaction(func(tx *gorm.DB) error { // 关键前置条件:已经是成员时直接成功返回,不消耗邀请码使用次数。 var existingTU models.TenantUser if err := tx.Where("tenant_id = ? AND user_id = ?", tenantID, userID).First(&existingTU).Error; err == nil { out = existingTU return nil } else if err != nil && !errors.Is(err, gorm.ErrRecordNotFound) { return err } // 邀请校验必须加行锁,避免并发超发 used_count。 var inv models.TenantInvite if err := tx. Clauses(clause.Locking{Strength: "UPDATE"}). Where("tenant_id = ? AND code = ?", tenantID, inviteCode). First(&inv).Error; err != nil { if errors.Is(err, gorm.ErrRecordNotFound) { return errorx.ErrRecordNotFound.WithMsg("邀请码不存在") } return err } // 关键规则:禁用/过期的邀请码不可使用。 if inv.Status != consts.TenantInviteStatusActive { return errorx.ErrPreconditionFailed.WithMsg("邀请码不可用") } if !inv.ExpiresAt.IsZero() && inv.ExpiresAt.Before(now) { // 业务侧保持状态一致:过期时顺手标记 expired,避免后续误用。 _ = tx.Model(&inv).Updates(map[string]any{ "status": consts.TenantInviteStatusExpired, "updated_at": now, }).Error return errorx.ErrPreconditionFailed.WithMsg("邀请码已过期") } if inv.MaxUses > 0 && inv.UsedCount >= inv.MaxUses { _ = tx.Model(&inv).Updates(map[string]any{ "status": consts.TenantInviteStatusExpired, "updated_at": now, }).Error return errorx.ErrPreconditionFailed.WithMsg("邀请码已用尽") } // 加入租户:默认 member + verified;与 tenant.AddUser 保持一致。 tu := &models.TenantUser{ TenantID: tenantID, UserID: userID, Role: types.NewArray([]consts.TenantUserRole{consts.TenantUserRoleMember}), Status: consts.UserStatusVerified, CreatedAt: now, UpdatedAt: now, } if err := tx.Create(tu).Error; err != nil { if isUniqueViolation(err) { // 并发幂等:重复插入按已加入处理,不消耗邀请码次数。 if err := tx.Where("tenant_id = ? AND user_id = ?", tenantID, userID).First(&out).Error; err != nil { return err } return nil } return err } out = *tu // 只有在“新加入”成功时才消耗邀请码次数。 updates := map[string]any{ "used_count": inv.UsedCount + 1, "updated_at": now, } if inv.MaxUses > 0 && inv.UsedCount+1 >= inv.MaxUses { updates["status"] = consts.TenantInviteStatusExpired } return tx.Model(&inv).Updates(updates).Error }) if err != nil { return nil, err } return &out, nil } // CreateJoinRequest 用户提交加入租户申请(无邀请码场景)。 func (t *tenant) CreateJoinRequest(ctx context.Context, tenantID, userID int64, form *tenant_join_dto.JoinRequestCreateForm) (*models.TenantJoinRequest, error) { if tenantID <= 0 || userID <= 0 { return nil, errorx.ErrInvalidParameter.WithMsg("invalid tenant_id/user_id") } if form == nil { return nil, errorx.ErrInvalidParameter.WithMsg("form is nil") } now := time.Now().UTC() reason := strings.TrimSpace(form.Reason) logrus.WithFields(logrus.Fields{ "tenant_id": tenantID, "user_id": userID, }).Info("services.tenant.create_join_request") // 关键前置条件:已是成员则不允许重复申请。 var existingTU models.TenantUser if err := _db.WithContext(ctx).Where("tenant_id = ? AND user_id = ?", tenantID, userID).First(&existingTU).Error; err == nil { return nil, errorx.ErrPreconditionFailed.WithMsg("已是该租户成员") } else if err != nil && !errors.Is(err, gorm.ErrRecordNotFound) { return nil, err } req := &models.TenantJoinRequest{ TenantID: tenantID, UserID: userID, Status: consts.TenantJoinRequestStatusPending, Reason: reason, CreatedAt: now, UpdatedAt: now, DecidedAt: time.Time{}, DecidedReason: "", } // 关键点:decided_at/decided_operator_user_id 允许为空,避免写入 0001-01-01 造成误判。 db := models.Q.TenantJoinRequest.WithContext(ctx).UnderlyingDB().Omit("decided_at", "decided_operator_user_id") if err := db.Create(req).Error; err != nil { if isUniqueViolation(err) { // 幂等:重复提交时返回现有 pending 申请。 tbl, query := models.TenantJoinRequestQuery.QueryContext(ctx) existing, qErr := query.Where( tbl.TenantID.Eq(tenantID), tbl.UserID.Eq(userID), tbl.Status.Eq(consts.TenantJoinRequestStatusPending), ).First() if qErr == nil { return existing, nil } return nil, err } return nil, err } return req, nil } // AdminJoinRequestPage 租户管理员分页查询加入申请列表。 func (t *tenant) AdminJoinRequestPage(ctx context.Context, tenantID int64, filter *dto.AdminTenantJoinRequestListFilter) (*requests.Pager, error) { if tenantID <= 0 { return nil, errorx.ErrInvalidParameter.WithMsg("tenant_id must be > 0") } if filter == nil { filter = &dto.AdminTenantJoinRequestListFilter{} } filter.Pagination.Format() tbl, query := models.TenantJoinRequestQuery.QueryContext(ctx) conds := []gen.Condition{tbl.TenantID.Eq(tenantID)} if filter.UserID != nil && *filter.UserID > 0 { conds = append(conds, tbl.UserID.Eq(*filter.UserID)) } if filter.Status != nil && *filter.Status != "" { conds = append(conds, tbl.Status.Eq(*filter.Status)) } items, total, err := query.Where(conds...).Order(tbl.ID.Desc()).FindByPage(int(filter.Offset()), int(filter.Limit)) if err != nil { return nil, err } return &requests.Pager{ Pagination: filter.Pagination, Total: total, Items: items, }, nil } // AdminApproveJoinRequest 租户管理员通过加入申请(幂等)。 func (t *tenant) AdminApproveJoinRequest(ctx context.Context, tenantID, operatorUserID, requestID int64, reason string) (*models.TenantJoinRequest, error) { if tenantID <= 0 || operatorUserID <= 0 || requestID <= 0 { return nil, errorx.ErrInvalidParameter.WithMsg("invalid tenant_id/operator_user_id/request_id") } now := time.Now().UTC() reason = strings.TrimSpace(reason) logrus.WithFields(logrus.Fields{ "tenant_id": tenantID, "operator_user_id": operatorUserID, "request_id": requestID, }).Info("services.tenant.admin.approve_join_request") var out models.TenantJoinRequest err := _db.WithContext(ctx).Transaction(func(tx *gorm.DB) error { var req models.TenantJoinRequest if err := tx. Clauses(clause.Locking{Strength: "UPDATE"}). Where("id = ? AND tenant_id = ?", requestID, tenantID). First(&req).Error; err != nil { if errors.Is(err, gorm.ErrRecordNotFound) { return errorx.ErrRecordNotFound.WithMsg("申请不存在") } return err } // 幂等:已通过则直接返回。 if req.Status == consts.TenantJoinRequestStatusApproved { out = req return nil } if req.Status != consts.TenantJoinRequestStatusPending { return errorx.ErrPreconditionFailed.WithMsg("申请状态不可通过") } // 先落成员关系,再更新申请状态,保证“通过后一定能成为成员”(至少幂等)。 tu := &models.TenantUser{ TenantID: tenantID, UserID: req.UserID, Role: types.NewArray([]consts.TenantUserRole{consts.TenantUserRoleMember}), Status: consts.UserStatusVerified, CreatedAt: now, UpdatedAt: now, } if err := tx.Create(tu).Error; err != nil && !isUniqueViolation(err) { return err } req.Status = consts.TenantJoinRequestStatusApproved req.DecidedAt = now req.DecidedOperatorUserID = operatorUserID req.DecidedReason = reason req.UpdatedAt = now if err := tx.Save(&req).Error; err != nil { return err } out = req return nil }) if err != nil { return nil, err } return &out, nil } // AdminRejectJoinRequest 租户管理员拒绝加入申请(幂等)。 func (t *tenant) AdminRejectJoinRequest(ctx context.Context, tenantID, operatorUserID, requestID int64, reason string) (*models.TenantJoinRequest, error) { if tenantID <= 0 || operatorUserID <= 0 || requestID <= 0 { return nil, errorx.ErrInvalidParameter.WithMsg("invalid tenant_id/operator_user_id/request_id") } now := time.Now().UTC() reason = strings.TrimSpace(reason) logrus.WithFields(logrus.Fields{ "tenant_id": tenantID, "operator_user_id": operatorUserID, "request_id": requestID, }).Info("services.tenant.admin.reject_join_request") var out models.TenantJoinRequest err := _db.WithContext(ctx).Transaction(func(tx *gorm.DB) error { var req models.TenantJoinRequest if err := tx. Clauses(clause.Locking{Strength: "UPDATE"}). Where("id = ? AND tenant_id = ?", requestID, tenantID). First(&req).Error; err != nil { if errors.Is(err, gorm.ErrRecordNotFound) { return errorx.ErrRecordNotFound.WithMsg("申请不存在") } return err } // 幂等:已拒绝则直接返回。 if req.Status == consts.TenantJoinRequestStatusRejected { out = req return nil } if req.Status != consts.TenantJoinRequestStatusPending { return errorx.ErrPreconditionFailed.WithMsg("申请状态不可拒绝") } req.Status = consts.TenantJoinRequestStatusRejected req.DecidedAt = now req.DecidedOperatorUserID = operatorUserID req.DecidedReason = reason req.UpdatedAt = now if err := tx.Save(&req).Error; err != nil { return err } out = req return nil }) if err != nil { return nil, err } return &out, nil }