feat: 添加权限控制，以及评论和点赞功能，支持评论的创建和删除，点赞的新增和取消

Author: RSS1102

handlers/blogs_handlers.go

@@ -1,3 +1,32 @@
+// GetBlogsByTagsHandler 分页获取包含所有指定标签的文章
+func (h *BlogHandler) GetBlogsByTagsHandler(w http.ResponseWriter, r *http.Request) {
+	tags := r.URL.Query()["tag"] // 支持多个 tag=xxx
+	pageStr := r.URL.Query().Get("page")
+	limitStr := r.URL.Query().Get("limit")
+	page := int64(1)
+	limit := int64(10)
+	if pageStr != "" {
+		if p, err := strconv.ParseInt(pageStr, 10, 64); err == nil && p > 0 {
+			page = p
+		}
+	}
+	if limitStr != "" {
+		if l, err := strconv.ParseInt(limitStr, 10, 64); err == nil && l > 0 && l <= 100 {
+			limit = l
+		}
+	}
+	blogs, total, err := h.blogService.GetBlogsByTagsWithPagination(tags, page, limit)
+	if err != nil {
+		http.Error(w, "获取文章失败", http.StatusInternalServerError)
+		return
+	}
+	resp := BlogListResponse{
+		Data:       blogs,
+		Pagination: Pagination{Page: page, Limit: limit, Total: total},
+	}
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(resp)
+}
 package handlers
 
 import (
@@ -11,11 +40,90 @@ import (
 	"github.com/gorilla/mux"
 )
 
+// 标签相关请求体
+type TagRequest struct {
+    Tag string `json:"tag"`
+}
+
 // BlogHandler 处理博客文章的HTTP请求
 type BlogHandler struct {
 	blogService *services.BlogService
 }
 
+// SearchBlogsHandler 支持模糊搜索和标签筛选
+func (h *BlogHandler) SearchBlogsHandler(w http.ResponseWriter, r *http.Request) {
+	keyword := r.URL.Query().Get("keyword")
+	tagsParam := r.URL.Query()["tag"] // 支持多个 tag=xxx
+	pageStr := r.URL.Query().Get("page")
+	limitStr := r.URL.Query().Get("limit")
+	page := int64(1)
+	limit := int64(10)
+	if pageStr != "" {
+		if p, err := strconv.ParseInt(pageStr, 10, 64); err == nil && p > 0 {
+			page = p
+		}
+	}
+	if limitStr != "" {
+		if l, err := strconv.ParseInt(limitStr, 10, 64); err == nil && l > 0 && l <= 100 {
+			limit = l
+		}
+	}
+	blogs, total, err := h.blogService.SearchBlogs(keyword, tagsParam, page, limit)
+	if err != nil {
+		http.Error(w, "搜索失败", http.StatusInternalServerError)
+		return
+	}
+	resp := BlogListResponse{
+		Data:       blogs,
+		Pagination: Pagination{Page: page, Limit: limit, Total: total},
+	}
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(resp)
+}
+
+// GetAllTagsHandler 获取所有标签
+func (h *BlogHandler) GetAllTagsHandler(w http.ResponseWriter, r *http.Request) {
+	tags, err := h.blogService.GetAllTags()
+	if err != nil {
+		http.Error(w, "获取标签失败", http.StatusInternalServerError)
+		return
+	}
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(struct {
+		Data []string `json:"data"`
+	}{Data: tags})
+}
+
+// AddTagHandler 新增标签（如有专门标签集合时用）
+func (h *BlogHandler) AddTagHandler(w http.ResponseWriter, r *http.Request) {
+	var req TagRequest
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil || req.Tag == "" {
+		http.Error(w, "无效的标签", http.StatusBadRequest)
+		return
+	}
+	err := h.blogService.AddTag(req.Tag)
+	if err != nil {
+		http.Error(w, "添加标签失败", http.StatusInternalServerError)
+		return
+	}
+	w.WriteHeader(http.StatusCreated)
+}
+
+// DeleteTagHandler 删除标签（会从所有博客中移除该标签）
+func (h *BlogHandler) DeleteTagHandler(w http.ResponseWriter, r *http.Request) {
+	var req TagRequest
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil || req.Tag == "" {
+		http.Error(w, "无效的标签", http.StatusBadRequest)
+		return
+	}
+	err := h.blogService.DeleteTag(req.Tag)
+	if err != nil {
+		http.Error(w, "删除标签失败", http.StatusInternalServerError)
+		return
+	}
+	w.WriteHeader(http.StatusNoContent)
+}
+
 // NewBlogHandler 创建新的BlogHandler实例
 func NewBlogHandler(blogService *services.BlogService) *BlogHandler {
 	return &BlogHandler{

handlers/comment_handlers.go

@@ -0,0 +1,79 @@
+package handlers
+
+import (
+	"blog/middleware"
+	"blog/services"
+	"encoding/json"
+	"net/http"
+
+	"go.mongodb.org/mongo-driver/bson/primitive"
+)
+
+type CommentHandler struct {
+	commentService *services.CommentService
+}
+
+func NewCommentHandler(commentService *services.CommentService) *CommentHandler {
+	return &CommentHandler{commentService: commentService}
+}
+
+// CreateCommentHandler 新增评论
+func (h *CommentHandler) CreateCommentHandler(w http.ResponseWriter, r *http.Request) {
+	var req struct {
+		BlogID  string `json:"blog_id"`
+		Content string `json:"content"`
+	}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		http.Error(w, "无效请求", http.StatusBadRequest)
+		return
+	}
+	blogID, err := primitive.ObjectIDFromHex(req.BlogID)
+	if err != nil {
+		http.Error(w, "无效博客ID", http.StatusBadRequest)
+		return
+	}
+	userIDHex := middleware.GetUserID(r)
+	userID, err := primitive.ObjectIDFromHex(userIDHex)
+	if err != nil {
+		http.Error(w, "无效用户ID", http.StatusUnauthorized)
+		return
+	}
+	username := middleware.GetUsername(r)
+	comment, err := h.commentService.CreateComment(blogID, userID, username, req.Content)
+	if err != nil {
+		http.Error(w, "评论失败", http.StatusInternalServerError)
+		return
+	}
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(comment)
+}
+
+// DeleteCommentHandler 删除评论（只能本人或管理员）
+func (h *CommentHandler) DeleteCommentHandler(w http.ResponseWriter, r *http.Request) {
+	commentIDHex := r.URL.Query().Get("id")
+	commentID, err := primitive.ObjectIDFromHex(commentIDHex)
+	if err != nil {
+		http.Error(w, "无效评论ID", http.StatusBadRequest)
+		return
+	}
+	err = h.commentService.DeleteComment(commentID)
+	if err != nil {
+		http.Error(w, "删除失败", http.StatusInternalServerError)
+		return
+	}
+	w.WriteHeader(http.StatusNoContent)
+}
+
+// GetCommentUserID 用于权限中间件，获取评论的 user_id
+func (h *CommentHandler) GetCommentUserID(r *http.Request) (primitive.ObjectID, error) {
+	commentIDHex := r.URL.Query().Get("id")
+	commentID, err := primitive.ObjectIDFromHex(commentIDHex)
+	if err != nil {
+		return primitive.NilObjectID, err
+	}
+	comment, err := h.commentService.GetCommentByID(commentID)
+	if err != nil {
+		return primitive.NilObjectID, err
+	}
+	return comment.UserID, nil
+}

handlers/like_handlers.go

@@ -0,0 +1,92 @@
+package handlers
+
+import (
+	"blog/middleware"
+	"blog/services"
+	"encoding/json"
+	"net/http"
+
+	"go.mongodb.org/mongo-driver/bson/primitive"
+)
+
+type LikeHandler struct {
+	likeService *services.LikeService
+}
+
+func NewLikeHandler(likeService *services.LikeService) *LikeHandler {
+	return &LikeHandler{likeService: likeService}
+}
+
+// AddLikeHandler 新增点赞
+func (h *LikeHandler) AddLikeHandler(w http.ResponseWriter, r *http.Request) {
+	var req struct {
+		BlogID string `json:"blog_id"`
+	}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		http.Error(w, "无效请求", http.StatusBadRequest)
+		return
+	}
+	blogID, err := primitive.ObjectIDFromHex(req.BlogID)
+	if err != nil {
+		http.Error(w, "无效博客ID", http.StatusBadRequest)
+		return
+	}
+	userIDHex := middleware.GetUserID(r)
+	userID, err := primitive.ObjectIDFromHex(userIDHex)
+	if err != nil {
+		http.Error(w, "无效用户ID", http.StatusUnauthorized)
+		return
+	}
+	if err := h.likeService.AddLike(blogID, userID); err != nil {
+		http.Error(w, "点赞失败", http.StatusInternalServerError)
+		return
+	}
+	w.WriteHeader(http.StatusCreated)
+}
+
+// RemoveLikeHandler 取消点赞（只能本人或管理员）
+func (h *LikeHandler) RemoveLikeHandler(w http.ResponseWriter, r *http.Request) {
+	var req struct {
+		BlogID string `json:"blog_id"`
+	}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		http.Error(w, "无效请求", http.StatusBadRequest)
+		return
+	}
+	blogID, err := primitive.ObjectIDFromHex(req.BlogID)
+	if err != nil {
+		http.Error(w, "无效博客ID", http.StatusBadRequest)
+		return
+	}
+	userIDHex := middleware.GetUserID(r)
+	userID, err := primitive.ObjectIDFromHex(userIDHex)
+	if err != nil {
+		http.Error(w, "无效用户ID", http.StatusUnauthorized)
+		return
+	}
+	if err := h.likeService.RemoveLike(blogID, userID); err != nil {
+		http.Error(w, "取消点赞失败", http.StatusInternalServerError)
+		return
+	}
+	w.WriteHeader(http.StatusNoContent)
+}
+
+// GetLikeUserID 用于权限中间件，获取点赞的 user_id
+func (h *LikeHandler) GetLikeUserID(r *http.Request) (primitive.ObjectID, error) {
+	var req struct {
+		BlogID string `json:"blog_id"`
+	}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		return primitive.NilObjectID, err
+	}
+	blogID, err := primitive.ObjectIDFromHex(req.BlogID)
+	if err != nil {
+		return primitive.NilObjectID, err
+	}
+	userIDHex := middleware.GetUserID(r)
+	userID, err := primitive.ObjectIDFromHex(userIDHex)
+	if err != nil {
+		return primitive.NilObjectID, err
+	}
+	return userID, nil
+}

main.go

@@ -34,6 +34,8 @@ func main() {
 
 	// 初始化服务
 	blogService := services.NewBlogService(mongoCfg.Client, mongoCfg.Database, getEnv("COLLECTION_NAME", "blogs-dev"))
+	commentService := services.NewCommentService(mongoCfg.Client, mongoCfg.Database, "comments")
+	likeService := services.NewLikeService(mongoCfg.Client, mongoCfg.Database, "likes")
 
 	// 初始化认证服务
 	jwtSecret := getEnv("JWT_SECRET", "default-jwt-secret") // 在生产环境中请通过环境变量注入
@@ -42,6 +44,8 @@ func main() {
 	// 初始化处理器
 	blogHandler := handlers.NewBlogHandler(blogService)
 	authHandler := handlers.NewAuthHandler(authService)
+	commentHandler := handlers.NewCommentHandler(commentService)
+	likeHandler := handlers.NewLikeHandler(likeService)
 
 	// 初始化中间件
 	jwtMiddleware := middleware.NewJWTMiddleware(authService)
@@ -50,7 +54,7 @@ func main() {
 	r := mux.NewRouter()
 
 	// 注册路由（集中管理）
-	routes.RegisterRoutes(r, blogHandler, authHandler, jwtMiddleware)
+	routes.RegisterRoutes(r, blogHandler, authHandler, jwtMiddleware, commentHandler, likeHandler)
 
 	// 健康检查端点
 	r.HandleFunc("/health", func(w http.ResponseWriter, r *http.Request) {

middleware/jwt_middleware.go

@@ -53,18 +53,25 @@ func (m *JWTMiddleware) Authenticate(next http.HandlerFunc) http.HandlerFunc {
 		}
 
 		// 从 token 中提取用户信息
-		if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
-			userID := claims["user_id"].(string)
-			username := claims["username"].(string)
-
-			// 将用户信息添加到请求上下文
-			ctx := context.WithValue(r.Context(), "user_id", userID)
-			ctx = context.WithValue(ctx, "username", username)
-			r = r.WithContext(ctx)
-		} else {
-			http.Error(w, "无效的认证令牌", http.StatusUnauthorized)
-			return
-		}
+		   if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
+			   userID := claims["user_id"].(string)
+			   username := claims["username"].(string)
+			   role, _ := claims["role"].(string)
+			   ctx := context.WithValue(r.Context(), "user_id", userID)
+			   ctx = context.WithValue(ctx, "username", username)
+			   ctx = context.WithValue(ctx, "role", role)
+			   r = r.WithContext(ctx)
+		   } else {
+			   http.Error(w, "无效的认证令牌", http.StatusUnauthorized)
+			   return
+		   }
+// GetUserRole 从请求上下文中获取用户角色
+func GetUserRole(r *http.Request) string {
+   if role, ok := r.Context().Value("role").(string); ok {
+	   return role
+   }
+   return ""
+}
 
 		next(w, r)
 	}

middleware/role_middleware.go

@@ -0,0 +1,17 @@
+package middleware
+
+import (
+	"net/http"
+)
+
+// RequireAdmin 只允许管理员访问的中间件
+func RequireAdmin(next http.HandlerFunc) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		role := GetUserRole(r)
+		if role != "admin" {
+			http.Error(w, "无权限，管理员专用接口", http.StatusForbidden)
+			return
+		}
+		next(w, r)
+	}
+}