Integrate Qiniu upload service and update configuration

- Added Qiniu configuration options to .env.example and config.go for file uploads. - Refactored main.go to include new Qiniu service and upload handler. - Updated route registration to accommodate the new upload handler. - Enhanced documentation to include references for Qiniu upload functionality. - Removed legacy authentication handler and services to streamline the codebase.
2025-12-31 03:18:03 +00:00
parent 2884f54666
commit cd7ae5ac56
14 changed files with 320 additions and 9 deletions
@@ -16,3 +16,16 @@ JWT_SECRET=your-secret-key-change-in-production
 SHORT_VIDEO_API_KEY=replace-with-real-key
 SHORT_VIDEO_FREE_QUOTA=20
 SHORT_VIDEO_TIMEOUT_SECONDS=5
 # 七牛直传配置（Kodo）
 QINIU_ACCESS_KEY=replace-with-access-key
 QINIU_SECRET_KEY=replace-with-secret-key
 QINIU_BUCKET=replace-with-bucket
 # 上传地址：可保持默认（自动调度），也可以配置具体 Region 的 up 域名
 QINIU_UPLOAD_URL=https://upload.qiniup.com
 # CDN 域名（可选）：用于拼接最终访问地址，例如 https://cdn.example.com
 QINIU_CDN_DOMAIN=
 # 上传 key 前缀（可选）
 QINIU_KEY_PREFIX=uploads/
 # token 有效期（秒）
 QINIU_TOKEN_EXPIRE_SECONDS=300
@@ -6,14 +6,16 @@ import (
 	"github.com/gin-gonic/gin"
 	"wx_service/config"
 	authhandler "wx_service/internal/common/auth/handler"
 	authservice "wx_service/internal/common/auth/service"
 	commonhandler "wx_service/internal/common/handler"
 	commonservice "wx_service/internal/common/service"
 	"wx_service/internal/database"
 	"wx_service/internal/handler"
 	"wx_service/internal/model"
 	rmhandler "wx_service/internal/remove_watermark/handler"
 	rmmodel "wx_service/internal/remove_watermark/model"
 	rmservice "wx_service/internal/remove_watermark/service"
 	"wx_service/internal/routes"
 	"wx_service/internal/service"
 	smokehandler "wx_service/internal/smoke/handler"
 	smokemodel "wx_service/internal/smoke/model"
 	smokeservice "wx_service/internal/smoke/service"
@@ -43,9 +45,9 @@ func main() {
 	router := gin.Default()
 	// 5) 依赖注入：先创建 service，再创建 handler（handler 只关心 HTTP 输入/输出）
-	miniProgramService := service.NewMiniProgramService(database.DB)
+	miniProgramService := authservice.NewMiniProgramService(database.DB)
-	authService := service.NewAuthService(database.DB, miniProgramService)
+	authService := authservice.NewAuthService(database.DB, miniProgramService)
-	authHandler := handler.NewAuthHandler(authService)
+	authHandler := authhandler.NewAuthHandler(authService)
 	videoService, err := rmservice.NewVideoService(database.DB, config.AppConfig.ShortVideo)
 	if err != nil {
 		log.Fatalf("init video service failed: %v", err)
@@ -55,8 +57,11 @@ func main() {
 	smokeLogService := smokeservice.NewSmokeLogService(database.DB)
 	smokeHandler := smokehandler.NewSmokeHandler(smokeLogService)
 	qiniuService := commonservice.NewQiniuService(config.AppConfig.Qiniu)
 	uploadHandler := commonhandler.NewUploadHandler(qiniuService)
 	// 6) 注册路由：把 URL 映射到 handler
-	routes.Register(router, database.DB, authHandler, videoHandler, smokeHandler)
+	routes.Register(router, database.DB, authHandler, videoHandler, smokeHandler, uploadHandler)
 	// 7) 启动监听端口
 	addr := ":" + config.AppConfig.Server.Port
@@ -14,6 +14,7 @@ type Config struct {
 	Database   DatabaseConfig
 	JWT        JWTConfig
 	ShortVideo ShortVideoConfig
 	Qiniu      QiniuConfig
 }
 type ServerConfig struct {
@@ -40,6 +41,18 @@ type ShortVideoConfig struct {
 	RequestTimeout time.Duration
 }
 // QiniuConfig 用于七牛云（Kodo）直传相关配置。
 // 前端通常会向后端请求 upload token，然后直传文件到七牛。
 type QiniuConfig struct {
 	AccessKey          string
 	SecretKey          string
 	Bucket             string
 	UploadURL          string
 	CDNDomain          string
 	KeyPrefix          string
 	TokenExpireSeconds int
 }
 var AppConfig *Config
 func LoadConfig() {
@@ -69,6 +82,15 @@ func LoadConfig() {
 			FreeDailyQuota: getEnvAsInt("SHORT_VIDEO_FREE_QUOTA", 20),
 			RequestTimeout: time.Duration(getEnvAsInt("SHORT_VIDEO_TIMEOUT_SECONDS", 5)) * time.Second,
 		},
 		Qiniu: QiniuConfig{
 			AccessKey:          getEnv("QINIU_ACCESS_KEY", ""),
 			SecretKey:          getEnv("QINIU_SECRET_KEY", ""),
 			Bucket:             getEnv("QINIU_BUCKET", ""),
 			UploadURL:          getEnv("QINIU_UPLOAD_URL", "https://upload.qiniup.com"),
 			CDNDomain:          getEnv("QINIU_CDN_DOMAIN", ""),
 			KeyPrefix:          getEnv("QINIU_KEY_PREFIX", "uploads/"),
 			TokenExpireSeconds: getEnvAsInt("QINIU_TOKEN_EXPIRE_SECONDS", 300),
 		},
 	}
 }
@@ -7,6 +7,7 @@
 - `docs/common/README.md`
 - `docs/common/auth.md`
 - `docs/common/response.md`
 - `docs/common/upload_qiniu.md`
 ## 去水印小程序
@@ -23,3 +23,6 @@
 除登录接口外，其他接口都需要携带登录后返回的 `session_key`（见：`docs/common/auth.md`）。
 ## 上传（七牛直传）
 - `docs/common/upload_qiniu.md`
@@ -0,0 +1,76 @@
 # 七牛（Kodo）直传：获取上传凭证
 用途：小程序/前端把文件直接上传到七牛（CDN 源站），后端只负责签发上传 token，减少带宽与压力。
 ## 前置条件
 - 已完成登录并拿到 `session_key`（见：`docs/common/auth.md`）
 - 已配置 `.env` 中的七牛参数（见：`.env.example`）
 ## 接口
 `POST /api/v1/common/upload/qiniu/token`
 Header：
 ```
 Authorization: Bearer <session_key>
 Content-Type: application/json
 ```
 请求体（可选）：
 ```json
 {
  "filename": "avatar.png"
 }
 ```
 说明：
 - `filename` 仅用于提取文件后缀（例如 `.png`），以便后端生成带后缀的 `key`；不传也可以。
 成功响应示例：
 ```json
 {
  "code": 200,
  "message": "success",
  "data": {
    "token": "xxx",
    "key": "uploads/mp_1/user_123/20251231/ab12cd34ef....png",
    "upload_url": "https://upload.qiniup.com",
    "expire": 1767150000,
    "cdn_domain": "https://cdn.example.com"
  }
 }
 ```
 字段说明：
 - `token`：七牛上传凭证（uptoken）
 - `key`：后端生成的对象 key，上传时必须使用该 key
 - `upload_url`：上传入口（表单上传 URL）
 - `expire`：token 过期时间（Unix 秒）
 - `cdn_domain`：可选；如果配置了，可用 `cdn_domain + "/" + key` 拼出访问 URL
 ## 使用示例（curl 直传）
 1) 先请求 token：
 ```bash
 curl -X POST 'http://127.0.0.1:8080/api/v1/common/upload/qiniu/token' \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer wx-session-key' \
  -d '{"filename":"avatar.png"}'
 ```
 2) 再把文件直传七牛（multipart/form-data）：
 ```bash
 curl -X POST 'https://upload.qiniup.com' \
  -F "token=上一步返回的 token" \
  -F "key=上一步返回的 key" \
  -F "file=@./avatar.png"
 ```
 七牛成功时会返回 JSON（字段可能因配置不同略有差异），其中一般会包含 `key/hash`。
@@ -6,8 +6,8 @@ import (
 	"github.com/gin-gonic/gin"
 	"wx_service/internal/common/auth/service"
 	"wx_service/internal/model"
 	"wx_service/internal/service"
 )
 type AuthHandler struct {
@@ -0,0 +1,50 @@
 package handler
 import (
 	"errors"
 	"net/http"
 	"github.com/gin-gonic/gin"
 	"wx_service/internal/common/service"
 	"wx_service/internal/middleware"
 	"wx_service/internal/model"
 )
 type UploadHandler struct {
 	qiniuService *service.QiniuService
 }
 func NewUploadHandler(qiniuService *service.QiniuService) *UploadHandler {
 	return &UploadHandler{qiniuService: qiniuService}
 }
 type qiniuTokenRequest struct {
 	// filename 用于保留文件后缀（可选），例如："a.png"、"video.mp4"
 	Filename string `json:"filename"`
 }
 // QiniuToken 返回七牛直传所需的 token/key/upload_url 等信息。
 // 建议放在鉴权后：用当前登录用户生成 key，避免前端写入任意路径。
 func (h *UploadHandler) QiniuToken(c *gin.Context) {
 	user, ok := middleware.CurrentUser(c)
 	if !ok {
 		c.JSON(http.StatusUnauthorized, model.Error(http.StatusUnauthorized, "未登录或登录已过期"))
 		return
 	}
 	var req qiniuTokenRequest
 	_ = c.ShouldBindJSON(&req) // filename 可选，解析失败也不影响生成 token
 	token, err := h.qiniuService.CreateUploadToken(user.MiniProgramID, user.ID, req.Filename)
 	if err != nil {
 		if errors.Is(err, service.ErrQiniuNotConfigured) {
 			c.JSON(http.StatusServiceUnavailable, model.Error(http.StatusServiceUnavailable, "未配置七牛上传服务，请联系管理员"))
 			return
 		}
 		c.JSON(http.StatusInternalServerError, model.Error(http.StatusInternalServerError, "获取上传凭证失败，请稍后重试"))
 		return
 	}
 	c.JSON(http.StatusOK, model.Success(token))
 }
@@ -0,0 +1,122 @@
 package service
 import (
 	"crypto/hmac"
 	"crypto/rand"
 	"crypto/sha1"
 	"encoding/base64"
 	"encoding/hex"
 	"encoding/json"
 	"errors"
 	"fmt"
 	"path"
 	"regexp"
 	"strings"
 	"time"
 	"wx_service/config"
 )
 var (
 	ErrQiniuNotConfigured = errors.New("qiniu is not configured")
 )
 type QiniuService struct {
 	cfg config.QiniuConfig
 }
 func NewQiniuService(cfg config.QiniuConfig) *QiniuService {
 	return &QiniuService{cfg: cfg}
 }
 type QiniuUploadToken struct {
 	Token     string `json:"token"`
 	Key       string `json:"key"`
 	UploadURL string `json:"upload_url"`
 	ExpireAt  int64  `json:"expire"`
 	CDNDomain string `json:"cdn_domain"`
 }
 var extPattern = regexp.MustCompile(`^\.[a-z0-9]{1,10}$`)
 func (s *QiniuService) CreateUploadToken(miniProgramID uint, userID uint, filename string) (QiniuUploadToken, error) {
 	if s.cfg.AccessKey == "" || s.cfg.SecretKey == "" || s.cfg.Bucket == "" {
 		return QiniuUploadToken{}, ErrQiniuNotConfigured
 	}
 	expireSeconds := s.cfg.TokenExpireSeconds
 	if expireSeconds <= 0 {
 		expireSeconds = 300
 	}
 	expireAt := time.Now().Add(time.Duration(expireSeconds) * time.Second).Unix()
 	ext := strings.ToLower(path.Ext(filename))
 	if !extPattern.MatchString(ext) {
 		ext = ""
 	}
 	randomHex, err := randomHex(16)
 	if err != nil {
 		return QiniuUploadToken{}, fmt.Errorf("generate random key: %w", err)
 	}
 	// 统一由后端生成 key，避免前端随意写入任意路径。
 	// 这里按“业务前缀/小程序/用户/日期/随机名”组织，便于后期排查与管理。
 	keyPrefix := strings.Trim(s.cfg.KeyPrefix, "/")
 	key := fmt.Sprintf("%s/mp_%d/user_%d/%s/%s%s",
 		keyPrefix,
 		miniProgramID,
 		userID,
 		time.Now().Format("20060102"),
 		randomHex,
 		ext,
 	)
 	putPolicy := map[string]interface{}{
 		// scope = "<bucket>:<key>" 表示只允许写入指定 key（更安全）
 		"scope":    fmt.Sprintf("%s:%s", s.cfg.Bucket, key),
 		"deadline": expireAt,
 		// 上传完成后返回给前端的 JSON（七牛会做变量替换）
 		"returnBody": `{"key":"$(key)","hash":"$(etag)","fsize":$(fsize),"mimeType":"$(mimeType)"}`,
 	}
 	policyJSON, err := json.Marshal(putPolicy)
 	if err != nil {
 		return QiniuUploadToken{}, fmt.Errorf("marshal put policy: %w", err)
 	}
 	encodedPolicy := urlSafeBase64NoPad(policyJSON)
 	sign := hmacSHA1([]byte(s.cfg.SecretKey), []byte(encodedPolicy))
 	encodedSign := urlSafeBase64NoPad(sign)
 	token := fmt.Sprintf("%s:%s:%s", s.cfg.AccessKey, encodedSign, encodedPolicy)
 	return QiniuUploadToken{
 		Token:     token,
 		Key:       key,
 		UploadURL: s.cfg.UploadURL,
 		ExpireAt:  expireAt,
 		CDNDomain: s.cfg.CDNDomain,
 	}, nil
 }
 func hmacSHA1(secret []byte, data []byte) []byte {
 	mac := hmac.New(sha1.New, secret)
 	mac.Write(data)
 	return mac.Sum(nil)
 }
 func urlSafeBase64NoPad(data []byte) string {
 	return base64.URLEncoding.WithPadding(base64.NoPadding).EncodeToString(data)
 }
 func randomHex(nBytes int) (string, error) {
 	if nBytes <= 0 {
 		return "", fmt.Errorf("invalid random bytes length")
 	}
 	buf := make([]byte, nBytes)
 	if _, err := rand.Read(buf); err != nil {
 		return "", err
 	}
 	return hex.EncodeToString(buf), nil
 }
@@ -0,0 +1,16 @@
 package routes
 import (
 	"github.com/gin-gonic/gin"
 	commonhandler "wx_service/internal/common/handler"
 )
 func registerCommonRoutes(protected *gin.RouterGroup, uploadHandler *commonhandler.UploadHandler) {
 	// 公共接口（所有小程序共用）
 	common := protected.Group("/common")
 	{
 		// 七牛直传凭证：前端先拿 token，再直传文件到七牛 upload_url
 		common.POST("/upload/qiniu/token", uploadHandler.QiniuToken)
 	}
 }
@@ -6,7 +6,8 @@ import (
 	"github.com/gin-gonic/gin"
 	"gorm.io/gorm"
-	"wx_service/internal/handler"
+	authhandler "wx_service/internal/common/auth/handler"
 	commonhandler "wx_service/internal/common/handler"
 	"wx_service/internal/middleware"
 	rmhandler "wx_service/internal/remove_watermark/handler"
 	smokehandler "wx_service/internal/smoke/handler"
@@ -15,9 +16,10 @@ import (
 func Register(
 	router *gin.Engine,
 	db *gorm.DB,
-	authHandler *handler.AuthHandler,
+	authHandler *authhandler.AuthHandler,
 	videoHandler *rmhandler.VideoHandler,
 	smokeHandler *smokehandler.SmokeHandler,
 	uploadHandler *commonhandler.UploadHandler,
 ) {
 	// Register 用来集中注册所有 HTTP 路由，便于工程结构更清晰：
 	// - main 只负责初始化（配置/DB/依赖注入）
@@ -31,6 +33,7 @@ func Register(
 		protected := api.Group("")
 		protected.Use(middleware.AuthMiddleware(db))
 		{
 			registerCommonRoutes(protected, uploadHandler)
 			registerRemoveWatermarkRoutes(protected, videoHandler)
 			registerSmokeRoutes(protected, smokeHandler)
 		}