0451meishi/backend/internal/handlers/admin_auth.go

package handlers

import (
	"net/http"
	"time"

	"0451meishiditu/backend/internal/auth"
	"0451meishiditu/backend/internal/models"
	"0451meishiditu/backend/internal/resp"

	"github.com/gin-gonic/gin"
	"golang.org/x/crypto/bcrypt"
)

type loginReq struct {
	Username    string `json:"username" binding:"required"`
	Password    string `json:"password" binding:"required"`
	CaptchaID   string `json:"captcha_id" binding:"required"`
	CaptchaCode string `json:"captcha_code" binding:"required"`
}

func (h *Handlers) AdminLogin(c *gin.Context) {
	var req loginReq
	if err := c.ShouldBindJSON(&req); err != nil {
		resp.Fail(c, http.StatusBadRequest, "invalid payload")
		return
	}
	if !h.verifyCaptcha(c, req.CaptchaID, req.CaptchaCode) {
		resp.Fail(c, http.StatusBadRequest, "invalid captcha")
		return
	}

	var admin models.AdminUser
	if err := h.db.Where("username = ?", req.Username).First(&admin).Error; err != nil {
		resp.Fail(c, http.StatusUnauthorized, "invalid username or password")
		return
	}
	if !admin.Enabled {
		resp.Fail(c, http.StatusUnauthorized, "account disabled")
		return
	}
	if err := bcrypt.CompareHashAndPassword([]byte(admin.PasswordHash), []byte(req.Password)); err != nil {
		resp.Fail(c, http.StatusUnauthorized, "invalid username or password")
		return
	}

	token, err := auth.NewAdminToken(h.cfg.JWTSecret, admin.ID, admin.Username, admin.Role, 24*time.Hour)
	if err != nil {
		resp.Fail(c, http.StatusInternalServerError, "token error")
		return
	}

	resp.OK(c, gin.H{
		"token": token,
		"admin": gin.H{
			"id":       admin.ID,
			"username": admin.Username,
			"role":     admin.Role,
		},
	})
}

func (h *Handlers) AdminMe(c *gin.Context) {
	resp.OK(c, gin.H{
		"id":       c.GetUint("admin_id"),
		"username": c.GetString("admin_username"),
		"role":     c.GetString("admin_role"),
	})
}