feat: 添加用户登录认证功能

- 新增登录页面（使用 shadcn-svelte 组件） - 后端添加 JWT 认证 API (/api/auth/login, /api/auth/validate) - 用户账号通过 server/config.yaml 配置 - 前端路由保护（未登录跳转登录页） - 侧边栏显示当前用户信息 - 支持退出登录功能
2026-01-11 18:50:01 +08:00
parent 4884993d27
commit 829b3445bc
11 changed files with 639 additions and 16 deletions
--- a/server/handler/auth.go
+++ b/server/handler/auth.go
@@ -0,0 +1,177 @@
+package handler
+
+import (
+	"crypto/sha256"
+	"encoding/hex"
+	"net/http"
+	"time"
+
+	"billai-server/config"
+
+	"github.com/gin-gonic/gin"
+	"github.com/golang-jwt/jwt/v5"
+)
+
+// LoginRequest 登录请求
+type LoginRequest struct {
+	Username string `json:"username" binding:"required"`
+	Password string `json:"password" binding:"required"`
+}
+
+// LoginResponse 登录响应
+type LoginResponse struct {
+	Token string          `json:"token"`
+	User  config.UserInfo `json:"user"`
+}
+
+// Claims JWT claims
+type Claims struct {
+	Username string `json:"username"`
+	Name     string `json:"name"`
+	Role     string `json:"role"`
+	jwt.RegisteredClaims
+}
+
+// hashPassword 对密码进行 SHA-256 哈希
+func hashPassword(password string) string {
+	hash := sha256.Sum256([]byte(password))
+	return hex.EncodeToString(hash[:])
+}
+
+// Login 用户登录
+func Login(c *gin.Context) {
+	var req LoginRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"success": false,
+			"error":   "请输入用户名和密码",
+		})
+		return
+	}
+
+	// 查找用户
+	var foundUser *config.UserInfo
+	for _, user := range config.Global.Users {
+		if user.Username == req.Username {
+			foundUser = &user
+			break
+		}
+	}
+
+	if foundUser == nil {
+		c.JSON(http.StatusUnauthorized, gin.H{
+			"success": false,
+			"error":   "用户名或密码错误",
+		})
+		return
+	}
+
+	// 验证密码（支持明文比较和哈希比较）
+	passwordMatch := foundUser.Password == req.Password ||
+		foundUser.Password == hashPassword(req.Password)
+
+	if !passwordMatch {
+		c.JSON(http.StatusUnauthorized, gin.H{
+			"success": false,
+			"error":   "用户名或密码错误",
+		})
+		return
+	}
+
+	// 生成 JWT Token
+	expiry := config.Global.TokenExpiry
+	if expiry <= 0 {
+		expiry = 168 // 默认 7 天
+	}
+
+	claims := &Claims{
+		Username: foundUser.Username,
+		Name:     foundUser.Name,
+		Role:     foundUser.Role,
+		RegisteredClaims: jwt.RegisteredClaims{
+			ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Duration(expiry) * time.Hour)),
+			IssuedAt:  jwt.NewNumericDate(time.Now()),
+			Subject:   foundUser.Username,
+		},
+	}
+
+	secret := config.Global.JWTSecret
+	if secret == "" {
+		secret = "billai-default-secret"
+	}
+
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+	tokenString, err := token.SignedString([]byte(secret))
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{
+			"success": false,
+			"error":   "生成 Token 失败",
+		})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"data": LoginResponse{
+			Token: tokenString,
+			User: config.UserInfo{
+				Username: foundUser.Username,
+				Name:     foundUser.Name,
+				Email:    foundUser.Email,
+				Role:     foundUser.Role,
+			},
+		},
+	})
+}
+
+// ValidateToken 验证 Token
+func ValidateToken(c *gin.Context) {
+	tokenString := c.GetHeader("Authorization")
+	if tokenString == "" {
+		c.JSON(http.StatusUnauthorized, gin.H{
+			"success": false,
+			"error":   "未提供 Token",
+		})
+		return
+	}
+
+	// 移除 "Bearer " 前缀
+	if len(tokenString) > 7 && tokenString[:7] == "Bearer " {
+		tokenString = tokenString[7:]
+	}
+
+	secret := config.Global.JWTSecret
+	if secret == "" {
+		secret = "billai-default-secret"
+	}
+
+	token, err := jwt.ParseWithClaims(tokenString, &Claims{}, func(token *jwt.Token) (interface{}, error) {
+		return []byte(secret), nil
+	})
+
+	if err != nil || !token.Valid {
+		c.JSON(http.StatusUnauthorized, gin.H{
+			"success": false,
+			"error":   "Token 无效或已过期",
+		})
+		return
+	}
+
+	claims, ok := token.Claims.(*Claims)
+	if !ok {
+		c.JSON(http.StatusUnauthorized, gin.H{
+			"success": false,
+			"error":   "Token 解析失败",
+		})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"data": config.UserInfo{
+			Username: claims.Username,
+			Name:     claims.Name,
+			Role:     claims.Role,
+		},
+	})
+}
--- a/server/handler/bills.go
+++ b/server/handler/bills.go
@@ -202,7 +202,7 @@ func MonthlyStats(c *gin.Context) {
 // ReviewStats 获取待复核数据统计
 func ReviewStats(c *gin.Context) {
 	repo := repository.GetRepository()
-	
+
 	// 从MongoDB查询所有需要复核的账单
 	bills, err := repo.GetBillsNeedReview()
 	if err != nil {
--- a/server/handler/manual_bills.go
+++ b/server/handler/manual_bills.go
@@ -30,9 +30,9 @@ type CreateManualBillsRequest struct {

 // CreateManualBillsResponse 批量创建手动账单响应
 type CreateManualBillsResponse struct {
-	Result     bool   `json:"result"`
-	Message    string `json:"message,omitempty"`
-	Data       *CreateManualBillsData `json:"data,omitempty"`
+	Result  bool                   `json:"result"`
+	Message string                 `json:"message,omitempty"`
+	Data    *CreateManualBillsData `json:"data,omitempty"`
 }

 // CreateManualBillsData 批量创建手动账单数据