feat: 多班级版 v2.0 - Go后端重写 + 43轮代码审查

- 后端从 Python FastAPI 重写为 Go Gin（端口 56789） - 多班级完全隔离 - 超级管理员独立登录 - 课代表作业管理、排行榜分项排行 - 角色加减分上下限可配置 - 家长改密功能（可开关） - 周度/月度重置功能 - MySQL 5.7 兼容 - 43轮代码审查+全部修复 - Apache 2.0 许可证
2026-06-22 10:06:10 +08:00
parent 4084afc53c
commit d6dec878bd
214 changed files with 12622 additions and 9725 deletions
--- a/backend-go/internal/handler/auth_handler.go
+++ b/backend-go/internal/handler/auth_handler.go
@@ -0,0 +1,131 @@
+// ===========================================
+// 多班级版班级管理系统 - Go 后端
+//
+// 开发者: Canglan
+// 联系方式: admin@sea-studio.top
+// 版权归属: Sea Network Technology Studio
+// 许可证: Apache License 2.0
+//
+// 版权所有 © Sea Network Technology Studio
+// ===========================================
+
+package handler
+
+import (
+	"strconv"
+
+	"github.com/gin-gonic/gin"
+
+	"hz-gitea.sea-studio.top/canglan/SharedClassManager/internal/middleware"
+	"hz-gitea.sea-studio.top/canglan/SharedClassManager/internal/schema"
+	"hz-gitea.sea-studio.top/canglan/SharedClassManager/internal/service"
+	"hz-gitea.sea-studio.top/canglan/SharedClassManager/pkg/response"
+)
+
+// AuthHandler 认证处理器
+type AuthHandler struct {
+	authService       *service.AuthService
+	superAdminService *service.SuperAdminService
+}
+
+// NewAuthHandler 创建认证处理器
+func NewAuthHandler(authService *service.AuthService, superAdminService *service.SuperAdminService) *AuthHandler {
+	return &AuthHandler{authService: authService, superAdminService: superAdminService}
+}
+
+// Login 用户登录
+func (h *AuthHandler) Login(c *gin.Context) {
+	var req schema.LoginRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		response.BadRequest(c, "参数错误")
+		return
+	}
+
+	ip := c.ClientIP()
+	userAgent := c.GetHeader("User-Agent")
+
+	result := h.authService.Login(req.Username, req.Password, ip, userAgent)
+	if !result.Success {
+		response.Unauthorized(c, result.Message)
+		return
+	}
+
+	response.Success(c, result, "登录成功")
+}
+
+// Logout 用户登出
+func (h *AuthHandler) Logout(c *gin.Context) {
+	userID := middleware.GetUserID(c)
+	if err := h.authService.Logout(userID); err != nil {
+		response.InternalError(c, "登出失败")
+		return
+	}
+	response.SuccessWithMessage(c, "登出成功")
+}
+
+// ChangePassword 修改密码（超级管理员操作 super_admins 表，普通用户操作 users 表）
+func (h *AuthHandler) ChangePassword(c *gin.Context) {
+	var req schema.ChangePasswordRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		response.BadRequest(c, "参数错误")
+		return
+	}
+
+	userID := middleware.GetUserID(c)
+	userType := middleware.GetUserType(c)
+
+	// force 参数仅在用户确实需要强制改密时才允许使用
+	if req.Force {
+		if userType == "super_admin" {
+			// 超级管理员的 need_change_password 由 super_admin_service 处理
+			// force 改密时直接允许（登录时已验证 need_change_password 标记）
+		} else {
+			userInfo, err := h.authService.GetUserInfo(userID)
+			if err != nil {
+				response.InternalError(c, err.Error())
+				return
+			}
+			needChange, _ := userInfo["need_change_password"].(bool)
+			if !needChange {
+				response.BadRequest(c, "当前状态不允许强制修改密码")
+				return
+			}
+		}
+	}
+
+	if userType == "super_admin" {
+		if err := h.superAdminService.ChangePassword(userID, req.OldPassword, req.NewPassword, req.Force); err != nil {
+			response.BadRequest(c, err.Error())
+			return
+		}
+	} else {
+		if err := h.authService.ChangePassword(userID, req.OldPassword, req.NewPassword, req.Force); err != nil {
+			response.BadRequest(c, err.Error())
+			return
+		}
+	}
+
+	response.SuccessWithMessage(c, "密码修改成功，请重新登录")
+}
+
+// GetUserInfo 获取当前用户信息
+func (h *AuthHandler) GetUserInfo(c *gin.Context) {
+	userID := middleware.GetUserID(c)
+	userInfo, err := h.authService.GetUserInfo(userID)
+	if err != nil {
+		response.InternalError(c, err.Error())
+		return
+	}
+	response.Success(c, userInfo, "操作成功")
+}
+
+// parseID 解析路径参数中的 ID
+func parseID(c *gin.Context, key string) (int, bool) {
+	idStr := c.Param(key)
+	id, err := strconv.Atoi(idStr)
+	if err != nil {
+		response.BadRequest(c, "无效的ID参数")
+		return 0, false
+	}
+	return id, true
+}