实现修改密码和注销功能

2025-11-30 11:52:41 +08:00
parent 72aa2846e5
commit dadfd4c78d
4 changed files with 304 additions and 44 deletions
--- a/http/server.go
+++ b/http/server.go
@@ -82,6 +82,10 @@ func (s *Server) Start() error {
 	if s.config.EnableAPI {
 		// 登录API端点，不需要认证
 		mux.HandleFunc("/api/login", s.handleLogin)
+		// 注销API端点，不需要认证
+		mux.HandleFunc("/api/logout", s.handleLogout)
+		// 修改密码API端点，需要认证
+		mux.HandleFunc("/api/change-password", s.loginRequired(s.handleChangePassword))

 		// 重定向/api到Swagger UI页面
 		mux.HandleFunc("/api", s.loginRequired(func(w http.ResponseWriter, r *http.Request) {
@@ -1468,3 +1472,82 @@ func (s *Server) handleLogin(w http.ResponseWriter, r *http.Request) {
 	json.NewEncoder(w).Encode(map[string]string{"status": "success", "message": "登录成功"})
 	logger.Info(fmt.Sprintf("用户 %s 登录成功", loginData.Username))
 }
+
+// handleLogout 处理注销请求
+func (s *Server) handleLogout(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodPost {
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+
+	// 从Cookie中获取会话ID
+	cookie, err := r.Cookie("session_id")
+	if err == nil {
+		// 删除会话
+		s.sessionsMutex.Lock()
+		delete(s.sessions, cookie.Value)
+		s.sessionsMutex.Unlock()
+	}
+
+	// 清除Cookie
+	clearCookie := &http.Cookie{
+		Name:     "session_id",
+		Value:    "",
+		Path:     "/",
+		Expires:  time.Unix(0, 0),
+		HttpOnly: true,
+		Secure:   false,
+	}
+	http.SetCookie(w, clearCookie)
+
+	// 返回成功响应
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(map[string]string{"status": "success", "message": "注销成功"})
+	logger.Info("用户注销成功")
+}
+
+// handleChangePassword 处理修改密码请求
+func (s *Server) handleChangePassword(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodPost {
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+
+	// 解析请求体
+	var changePasswordData struct {
+		CurrentPassword string `json:"currentPassword"`
+		NewPassword     string `json:"newPassword"`
+	}
+
+	if err := json.NewDecoder(r.Body).Decode(&changePasswordData); err != nil {
+		w.Header().Set("Content-Type", "application/json")
+		w.WriteHeader(http.StatusBadRequest)
+		json.NewEncoder(w).Encode(map[string]string{"error": "无效的请求体"})
+		return
+	}
+
+	// 验证当前密码
+	if changePasswordData.CurrentPassword != s.config.Password {
+		w.Header().Set("Content-Type", "application/json")
+		w.WriteHeader(http.StatusUnauthorized)
+		json.NewEncoder(w).Encode(map[string]string{"error": "当前密码错误"})
+		return
+	}
+
+	// 更新密码
+	s.config.Password = changePasswordData.NewPassword
+
+	// 保存配置到文件
+	if err := saveConfigToFile(s.globalConfig, "./config.json"); err != nil {
+		logger.Error("保存配置文件失败", "error", err)
+		w.Header().Set("Content-Type", "application/json")
+		w.WriteHeader(http.StatusInternalServerError)
+		json.NewEncoder(w).Encode(map[string]string{"error": "保存密码失败"})
+		return
+	}
+
+	// 返回成功响应
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(map[string]string{"status": "success", "message": "密码修改成功"})
+	logger.Info("密码修改成功")
+}