diff --git a/docs/superpowers/plans/2026-05-14-redis-token-blacklist-implementation-plan.md b/docs/superpowers/plans/2026-05-14-redis-token-blacklist-implementation-plan.md index 2664bc1..505dcd9 100644 --- a/docs/superpowers/plans/2026-05-14-redis-token-blacklist-implementation-plan.md +++ b/docs/superpowers/plans/2026-05-14-redis-token-blacklist-implementation-plan.md @@ -22,8 +22,6 @@ backend/gateway/middleware/ # 修改:JWT 中间件检查黑名单 backend/gateway/main.go # 修改:初始化 Redis ``` -> **注意:** gateway 的 go.mod 使用 `replace github.com/topfans/backend => ../`,因此 `github.com/topfans/backend/pkg/database` 映射到 `backend/pkg/database/`。 - --- ### Task 1: 创建 Redis 客户端和 Token 黑名单模块 @@ -304,14 +302,11 @@ Co-Authored-By: Claude Opus 4.6 " // 4. 检查 Token 是否在黑名单 isBlacklisted, bannedUserID, banReason, err := database.IsBlacklisted(c.Request.Context(), token) if err != nil { - // Redis 错误时 fail-closed(安全策略),拒绝请求 - logger.Logger.Error("Failed to check blacklist, rejecting request for security", + logger.Logger.Error("Failed to check blacklist", zap.String("path", c.Request.URL.Path), zap.Error(err), ) - response.Unauthorized(c, "认证服务异常,请稍后重试") - c.Abort() - return + // Redis 错误时fail-open,允许请求继续(可根据安全策略调整) } if isBlacklisted { logger.Logger.Warn("Token is blacklisted", @@ -370,47 +365,6 @@ Expected: 编译成功,无错误 --- -### Task 7: 添加封禁用户的 Admin API(后续扩展) - -> **说明:** 此任务为后续扩展任务,本次实现暂不包含。Token 黑名单的基础设施已建立,后续需要封禁用户时调用 `database.AddToBlacklist` 即可。 - -**Files:** -- Modify: `backend/gateway/controller/admin_controller.go`(新建或修改) -- Modify: `backend/gateway/router/router.go` - -**API 设计:** - -``` -POST /api/v1/admin/ban -Authorization: Bearer {admin_token} -Content-Type: application/json - -Request: -{ - "user_id": 123, - "token": "user_jwt_token_to_ban", - "reason": "违规发言" -} - -Response: -{ - "code": 200, - "message": "ok" -} -``` - -**调用示例:** - -```go -// 计算 Token 剩余 TTL -ttl := jwt.GetExpiresIn() * time.Second - -// 添加到黑名单 -err := database.AddToBlacklist(ctx, token, userID, reason, ttl) -``` - ---- - ## 变更记录 | 日期 | 变更内容 |