package auth import ( "context" "fmt" "log" "time" "a301_server/pkg/config" "github.com/golang-jwt/jwt/v5" "github.com/redis/go-redis/v9" "golang.org/x/crypto/bcrypt" ) type Claims struct { UserID uint `json:"user_id"` Username string `json:"username"` Role string `json:"role"` jwt.RegisteredClaims } type Service struct { repo *Repository rdb *redis.Client walletCreator func(userID uint) error } func NewService(repo *Repository, rdb *redis.Client) *Service { return &Service{repo: repo, rdb: rdb} } // SetWalletCreator sets the callback invoked after user registration // to create a blockchain wallet. func (s *Service) SetWalletCreator(fn func(userID uint) error) { s.walletCreator = fn } func (s *Service) Login(username, password string) (string, *User, error) { user, err := s.repo.FindByUsername(username) if err != nil { return "", nil, fmt.Errorf("아이디 또는 비밀번호가 올바르지 않습니다") } if err := bcrypt.CompareHashAndPassword([]byte(user.PasswordHash), []byte(password)); err != nil { return "", nil, fmt.Errorf("아이디 또는 비밀번호가 올바르지 않습니다") } expiry := time.Duration(config.C.JWTExpiryHours) * time.Hour claims := &Claims{ UserID: user.ID, Username: user.Username, Role: string(user.Role), RegisteredClaims: jwt.RegisteredClaims{ ExpiresAt: jwt.NewNumericDate(time.Now().Add(expiry)), IssuedAt: jwt.NewNumericDate(time.Now()), }, } token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) tokenStr, err := token.SignedString([]byte(config.C.JWTSecret)) if err != nil { return "", nil, fmt.Errorf("토큰 생성에 실패했습니다") } // Redis에 세션 저장 (1계정 1세션) key := fmt.Sprintf("session:%d", user.ID) s.rdb.Set(context.Background(), key, tokenStr, expiry) return tokenStr, user, nil } func (s *Service) Logout(userID uint) { key := fmt.Sprintf("session:%d", userID) s.rdb.Del(context.Background(), key) } func (s *Service) GetAllUsers() ([]User, error) { return s.repo.FindAll() } func (s *Service) UpdateRole(id string, role Role) error { return s.repo.UpdateRole(id, role) } func (s *Service) DeleteUser(id string) error { return s.repo.Delete(id) } func (s *Service) Register(username, password string) error { if _, err := s.repo.FindByUsername(username); err == nil { return fmt.Errorf("이미 사용 중인 아이디입니다") } hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost) if err != nil { return fmt.Errorf("비밀번호 처리에 실패했습니다") } user := &User{ Username: username, PasswordHash: string(hash), Role: RoleUser, } if err := s.repo.Create(user); err != nil { return err } if s.walletCreator != nil { if err := s.walletCreator(user.ID); err != nil { log.Printf("WARNING: wallet creation failed for user %d: %v", user.ID, err) } } return nil } // VerifyToken validates a JWT and its Redis session, returning (username, error). func (s *Service) VerifyToken(tokenStr string) (string, error) { token, err := jwt.ParseWithClaims(tokenStr, &Claims{}, func(t *jwt.Token) (any, error) { if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok { return nil, fmt.Errorf("unexpected signing method") } return []byte(config.C.JWTSecret), nil }) if err != nil || !token.Valid { return "", fmt.Errorf("유효하지 않은 토큰입니다") } claims, ok := token.Claims.(*Claims) if !ok { return "", fmt.Errorf("토큰 파싱 실패") } key := fmt.Sprintf("session:%d", claims.UserID) stored, err := s.rdb.Get(context.Background(), key).Result() if err != nil || stored != tokenStr { return "", fmt.Errorf("만료되었거나 로그아웃된 세션입니다") } return claims.Username, nil } func (s *Service) EnsureAdmin(username, password string) error { if _, err := s.repo.FindByUsername(username); err == nil { return nil // 이미 존재하면 스킵 } hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost) if err != nil { return err } return s.repo.Create(&User{ Username: username, PasswordHash: string(hash), Role: RoleAdmin, }) }