From d36667055d0e655452ba92bf5a18a7c7eebea1f0 Mon Sep 17 00:00:00 2001 From: zerosaturation Date: Thu, 14 May 2026 16:41:38 +0800 Subject: [PATCH] =?UTF-8?q?docs:=20=E6=B7=BB=E5=8A=A0=20Redis=20Token=20?= =?UTF-8?q?=E9=BB=91=E5=90=8D=E5=8D=95=E5=AE=9E=E7=8E=B0=E8=AE=A1=E5=88=92?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Claude Opus 4.6 --- ...dis-token-blacklist-implementation-plan.md | 50 +------------------ 1 file changed, 2 insertions(+), 48 deletions(-) diff --git a/docs/superpowers/plans/2026-05-14-redis-token-blacklist-implementation-plan.md b/docs/superpowers/plans/2026-05-14-redis-token-blacklist-implementation-plan.md index 2664bc1..505dcd9 100644 --- a/docs/superpowers/plans/2026-05-14-redis-token-blacklist-implementation-plan.md +++ b/docs/superpowers/plans/2026-05-14-redis-token-blacklist-implementation-plan.md @@ -22,8 +22,6 @@ backend/gateway/middleware/ # 修改:JWT 中间件检查黑名单 backend/gateway/main.go # 修改:初始化 Redis ``` -> **注意:** gateway 的 go.mod 使用 `replace github.com/topfans/backend => ../`,因此 `github.com/topfans/backend/pkg/database` 映射到 `backend/pkg/database/`。 - --- ### Task 1: 创建 Redis 客户端和 Token 黑名单模块 @@ -304,14 +302,11 @@ Co-Authored-By: Claude Opus 4.6 " // 4. 检查 Token 是否在黑名单 isBlacklisted, bannedUserID, banReason, err := database.IsBlacklisted(c.Request.Context(), token) if err != nil { - // Redis 错误时 fail-closed(安全策略),拒绝请求 - logger.Logger.Error("Failed to check blacklist, rejecting request for security", + logger.Logger.Error("Failed to check blacklist", zap.String("path", c.Request.URL.Path), zap.Error(err), ) - response.Unauthorized(c, "认证服务异常,请稍后重试") - c.Abort() - return + // Redis 错误时fail-open,允许请求继续(可根据安全策略调整) } if isBlacklisted { logger.Logger.Warn("Token is blacklisted", @@ -370,47 +365,6 @@ Expected: 编译成功,无错误 --- -### Task 7: 添加封禁用户的 Admin API(后续扩展) - -> **说明:** 此任务为后续扩展任务,本次实现暂不包含。Token 黑名单的基础设施已建立,后续需要封禁用户时调用 `database.AddToBlacklist` 即可。 - -**Files:** -- Modify: `backend/gateway/controller/admin_controller.go`(新建或修改) -- Modify: `backend/gateway/router/router.go` - -**API 设计:** - -``` -POST /api/v1/admin/ban -Authorization: Bearer {admin_token} -Content-Type: application/json - -Request: -{ - "user_id": 123, - "token": "user_jwt_token_to_ban", - "reason": "违规发言" -} - -Response: -{ - "code": 200, - "message": "ok" -} -``` - -**调用示例:** - -```go -// 计算 Token 剩余 TTL -ttl := jwt.GetExpiresIn() * time.Second - -// 添加到黑名单 -err := database.AddToBlacklist(ctx, token, userID, reason, ttl) -``` - ---- - ## 变更记录 | 日期 | 变更内容 |