1245f07a2d
新增功能: - 支持 Google Authenticator 等应用进行 TOTP 二次验证 - 用户可在个人设置中启用/禁用 2FA - 登录时支持 TOTP 验证流程 - 管理后台可全局开关 TOTP 功能 安全增强: - TOTP 密钥使用 AES-256-GCM 加密存储 - 添加 TOTP_ENCRYPTION_KEY 配置项,必须手动配置才能启用功能 - 防止服务重启导致加密密钥变更使用户无法登录 - 验证失败次数限制,防止暴力破解 配置说明: - Docker 部署:在 .env 中设置 TOTP_ENCRYPTION_KEY - 非 Docker 部署:在 config.yaml 中设置 totp.encryption_key - 生成密钥命令:openssl rand -hex 32
99 lines
2.5 KiB
Go
99 lines
2.5 KiB
Go
package schema
|
||
|
||
import (
|
||
"github.com/Wei-Shaw/sub2api/ent/schema/mixins"
|
||
"github.com/Wei-Shaw/sub2api/internal/service"
|
||
|
||
"entgo.io/ent"
|
||
"entgo.io/ent/dialect"
|
||
"entgo.io/ent/dialect/entsql"
|
||
"entgo.io/ent/schema"
|
||
"entgo.io/ent/schema/edge"
|
||
"entgo.io/ent/schema/field"
|
||
"entgo.io/ent/schema/index"
|
||
)
|
||
|
||
// User holds the schema definition for the User entity.
|
||
type User struct {
|
||
ent.Schema
|
||
}
|
||
|
||
func (User) Annotations() []schema.Annotation {
|
||
return []schema.Annotation{
|
||
entsql.Annotation{Table: "users"},
|
||
}
|
||
}
|
||
|
||
func (User) Mixin() []ent.Mixin {
|
||
return []ent.Mixin{
|
||
mixins.TimeMixin{},
|
||
mixins.SoftDeleteMixin{},
|
||
}
|
||
}
|
||
|
||
func (User) Fields() []ent.Field {
|
||
return []ent.Field{
|
||
// 唯一约束通过部分索引实现(WHERE deleted_at IS NULL),支持软删除后重用
|
||
// 见迁移文件 016_soft_delete_partial_unique_indexes.sql
|
||
field.String("email").
|
||
MaxLen(255).
|
||
NotEmpty(),
|
||
field.String("password_hash").
|
||
MaxLen(255).
|
||
NotEmpty(),
|
||
field.String("role").
|
||
MaxLen(20).
|
||
Default(service.RoleUser),
|
||
field.Float("balance").
|
||
SchemaType(map[string]string{dialect.Postgres: "decimal(20,8)"}).
|
||
Default(0),
|
||
field.Int("concurrency").
|
||
Default(5),
|
||
field.String("status").
|
||
MaxLen(20).
|
||
Default(service.StatusActive),
|
||
|
||
// Optional profile fields (added later; default '' in DB migration)
|
||
field.String("username").
|
||
MaxLen(100).
|
||
Default(""),
|
||
// wechat field migrated to user_attribute_values (see migration 019)
|
||
field.String("notes").
|
||
SchemaType(map[string]string{dialect.Postgres: "text"}).
|
||
Default(""),
|
||
|
||
// TOTP 双因素认证字段
|
||
field.String("totp_secret_encrypted").
|
||
SchemaType(map[string]string{dialect.Postgres: "text"}).
|
||
Optional().
|
||
Nillable(),
|
||
field.Bool("totp_enabled").
|
||
Default(false),
|
||
field.Time("totp_enabled_at").
|
||
Optional().
|
||
Nillable(),
|
||
}
|
||
}
|
||
|
||
func (User) Edges() []ent.Edge {
|
||
return []ent.Edge{
|
||
edge.To("api_keys", APIKey.Type),
|
||
edge.To("redeem_codes", RedeemCode.Type),
|
||
edge.To("subscriptions", UserSubscription.Type),
|
||
edge.To("assigned_subscriptions", UserSubscription.Type),
|
||
edge.To("allowed_groups", Group.Type).
|
||
Through("user_allowed_groups", UserAllowedGroup.Type),
|
||
edge.To("usage_logs", UsageLog.Type),
|
||
edge.To("attribute_values", UserAttributeValue.Type),
|
||
edge.To("promo_code_usages", PromoCodeUsage.Type),
|
||
}
|
||
}
|
||
|
||
func (User) Indexes() []ent.Index {
|
||
return []ent.Index{
|
||
// email 字段已在 Fields() 中声明 Unique(),无需重复索引
|
||
index.Fields("status"),
|
||
index.Fields("deleted_at"),
|
||
}
|
||
}
|