feat: 支持租户伪装登录与管理员重置链接

src/Application/TakeoutSaaS.Application/App/Tenants/Commands/CreateTenantAdminResetLinkTokenCommand.cs

@@ -0,0 +1,15 @@
+using MediatR;
+
+namespace TakeoutSaaS.Application.App.Tenants.Commands;
+
+/// <summary>
+/// 生成租户主管理员重置链接令牌命令（平台超级管理员使用）。
+/// </summary>
+public sealed record CreateTenantAdminResetLinkTokenCommand : IRequest<string>
+{
+    /// <summary>
+    /// 目标租户 ID。
+    /// </summary>
+    public required long TenantId { get; init; }
+}
+

src/Application/TakeoutSaaS.Application/App/Tenants/Commands/ImpersonateTenantCommand.cs

@@ -0,0 +1,16 @@
+using MediatR;
+using TakeoutSaaS.Application.Identity.Contracts;
+
+namespace TakeoutSaaS.Application.App.Tenants.Commands;
+
+/// <summary>
+/// 伪装登录租户命令（平台超级管理员使用）。
+/// </summary>
+public sealed record ImpersonateTenantCommand : IRequest<TokenResponse>
+{
+    /// <summary>
+    /// 目标租户 ID。
+    /// </summary>
+    public required long TenantId { get; init; }
+}
+

src/Application/TakeoutSaaS.Application/App/Tenants/Handlers/CreateTenantAdminResetLinkTokenCommandHandler.cs

@@ -0,0 +1,73 @@
+using MediatR;
+using TakeoutSaaS.Application.App.Tenants.Commands;
+using TakeoutSaaS.Application.Identity.Abstractions;
+using TakeoutSaaS.Domain.Tenants.Entities;
+using TakeoutSaaS.Domain.Tenants.Enums;
+using TakeoutSaaS.Domain.Tenants.Repositories;
+using TakeoutSaaS.Shared.Abstractions.Constants;
+using TakeoutSaaS.Shared.Abstractions.Exceptions;
+using TakeoutSaaS.Shared.Abstractions.Security;
+using TakeoutSaaS.Shared.Abstractions.Tenancy;
+
+namespace TakeoutSaaS.Application.App.Tenants.Handlers;
+
+/// <summary>
+/// 生成租户主管理员重置链接令牌处理器（平台超级管理员使用）。
+/// </summary>
+public sealed class CreateTenantAdminResetLinkTokenCommandHandler(
+    ITenantRepository tenantRepository,
+    ITenantProvider tenantProvider,
+    ICurrentUserAccessor currentUserAccessor,
+    IAdminAuthService adminAuthService,
+    IAdminPasswordResetTokenStore tokenStore)
+    : IRequestHandler<CreateTenantAdminResetLinkTokenCommand, string>
+{
+    private const long PlatformRootTenantId = 1000000000001;
+
+    /// <inheritdoc />
+    public async Task<string> Handle(CreateTenantAdminResetLinkTokenCommand request, CancellationToken cancellationToken)
+    {
+        // 1. 校验仅允许平台超级管理员执行
+        var currentTenantId = tenantProvider.GetCurrentTenantId();
+        if (currentTenantId != PlatformRootTenantId)
+        {
+            throw new BusinessException(ErrorCodes.Forbidden, "仅平台超级管理员可生成重置链接");
+        }
+
+        // 2. (空行后) 校验租户存在且存在主管理员
+        var tenant = await tenantRepository.FindByIdAsync(request.TenantId, cancellationToken)
+            ?? throw new BusinessException(ErrorCodes.NotFound, "租户不存在");
+
+        if (!tenant.PrimaryOwnerUserId.HasValue || tenant.PrimaryOwnerUserId.Value == 0)
+        {
+            throw new BusinessException(ErrorCodes.BadRequest, "该租户未配置主管理员账号，无法生成重置链接");
+        }
+
+        // 3. (空行后) 签发一次性重置令牌（默认 24 小时有效）
+        var token = await tokenStore.IssueAsync(tenant.PrimaryOwnerUserId.Value, DateTime.UtcNow.AddHours(24), cancellationToken);
+
+        // 4. (空行后) 写入审计日志
+        var operatorProfile = await adminAuthService.GetProfileAsync(currentUserAccessor.UserId, cancellationToken);
+        var operatorName = string.IsNullOrWhiteSpace(operatorProfile.DisplayName)
+            ? $"user:{currentUserAccessor.UserId}"
+            : operatorProfile.DisplayName;
+
+        var auditLog = new TenantAuditLog
+        {
+            TenantId = tenant.Id,
+            Action = TenantAuditAction.AdminResetLinkIssued,
+            Title = "生成重置链接",
+            Description = $"操作者：{operatorName}，目标用户ID：{tenant.PrimaryOwnerUserId.Value}",
+            OperatorId = currentUserAccessor.UserId,
+            OperatorName = operatorName,
+            PreviousStatus = tenant.Status,
+            CurrentStatus = tenant.Status
+        };
+        await tenantRepository.AddAuditLogAsync(auditLog, cancellationToken);
+        await tenantRepository.SaveChangesAsync(cancellationToken);
+
+        // 5. (空行后) 返回令牌
+        return token;
+    }
+}
+

src/Application/TakeoutSaaS.Application/App/Tenants/Handlers/ImpersonateTenantCommandHandler.cs

@@ -0,0 +1,75 @@
+using MediatR;
+using TakeoutSaaS.Application.App.Tenants.Commands;
+using TakeoutSaaS.Application.Identity.Abstractions;
+using TakeoutSaaS.Application.Identity.Contracts;
+using TakeoutSaaS.Domain.Tenants.Entities;
+using TakeoutSaaS.Domain.Tenants.Enums;
+using TakeoutSaaS.Domain.Tenants.Repositories;
+using TakeoutSaaS.Shared.Abstractions.Constants;
+using TakeoutSaaS.Shared.Abstractions.Exceptions;
+using TakeoutSaaS.Shared.Abstractions.Security;
+using TakeoutSaaS.Shared.Abstractions.Tenancy;
+
+namespace TakeoutSaaS.Application.App.Tenants.Handlers;
+
+/// <summary>
+/// 伪装登录租户处理器（平台超级管理员使用）。
+/// </summary>
+public sealed class ImpersonateTenantCommandHandler(
+    ITenantRepository tenantRepository,
+    ITenantProvider tenantProvider,
+    ICurrentUserAccessor currentUserAccessor,
+    IAdminAuthService adminAuthService,
+    IJwtTokenService jwtTokenService)
+    : IRequestHandler<ImpersonateTenantCommand, TokenResponse>
+{
+    private const long PlatformRootTenantId = 1000000000001;
+
+    /// <inheritdoc />
+    public async Task<TokenResponse> Handle(ImpersonateTenantCommand request, CancellationToken cancellationToken)
+    {
+        // 1. 校验仅允许平台超级管理员执行
+        var currentTenantId = tenantProvider.GetCurrentTenantId();
+        if (currentTenantId != PlatformRootTenantId)
+        {
+            throw new BusinessException(ErrorCodes.Forbidden, "仅平台超级管理员可执行伪装登录");
+        }
+
+        // 2. (空行后) 校验租户存在且存在主管理员
+        var tenant = await tenantRepository.FindByIdAsync(request.TenantId, cancellationToken)
+            ?? throw new BusinessException(ErrorCodes.NotFound, "租户不存在");
+
+        if (!tenant.PrimaryOwnerUserId.HasValue || tenant.PrimaryOwnerUserId.Value == 0)
+        {
+            throw new BusinessException(ErrorCodes.BadRequest, "该租户未配置主管理员账号，无法伪装登录");
+        }
+
+        // 3. (空行后) 为租户主管理员签发令牌
+        var targetProfile = await adminAuthService.GetProfileAsync(tenant.PrimaryOwnerUserId.Value, cancellationToken);
+        var token = await jwtTokenService.CreateTokensAsync(targetProfile, false, cancellationToken);
+
+        // 4. (空行后) 写入审计日志
+        var operatorProfile = await adminAuthService.GetProfileAsync(currentUserAccessor.UserId, cancellationToken);
+        var operatorName = string.IsNullOrWhiteSpace(operatorProfile.DisplayName)
+            ? $"user:{currentUserAccessor.UserId}"
+            : operatorProfile.DisplayName;
+
+        var auditLog = new TenantAuditLog
+        {
+            TenantId = tenant.Id,
+            Action = TenantAuditAction.ImpersonatedLogin,
+            Title = "伪装登录",
+            Description = $"操作者：{operatorName}，目标账号：{targetProfile.Account}",
+            OperatorId = currentUserAccessor.UserId,
+            OperatorName = operatorName,
+            PreviousStatus = tenant.Status,
+            CurrentStatus = tenant.Status
+        };
+        await tenantRepository.AddAuditLogAsync(auditLog, cancellationToken);
+        await tenantRepository.SaveChangesAsync(cancellationToken);
+
+        // 5. (空行后) 返回令牌
+        return token;
+    }
+}
+

src/Application/TakeoutSaaS.Application/Identity/Abstractions/IAdminPasswordResetTokenStore.cs

@@ -0,0 +1,25 @@
+namespace TakeoutSaaS.Application.Identity.Abstractions;
+
+/// <summary>
+/// 管理后台“重置密码链接”令牌存储。
+/// </summary>
+public interface IAdminPasswordResetTokenStore
+{
+    /// <summary>
+    /// 签发一次性重置令牌。
+    /// </summary>
+    /// <param name="userId">目标用户 ID。</param>
+    /// <param name="expiresAt">过期时间（UTC）。</param>
+    /// <param name="cancellationToken">取消标记。</param>
+    /// <returns>令牌值。</returns>
+    Task<string> IssueAsync(long userId, DateTime expiresAt, CancellationToken cancellationToken = default);
+
+    /// <summary>
+    /// 消费一次性重置令牌（成功后即删除）。
+    /// </summary>
+    /// <param name="token">令牌值。</param>
+    /// <param name="cancellationToken">取消标记。</param>
+    /// <returns>令牌绑定的用户 ID；不存在/过期返回 null。</returns>
+    Task<long?> ConsumeAsync(string token, CancellationToken cancellationToken = default);
+}
+

src/Application/TakeoutSaaS.Application/Identity/Commands/ResetAdminPasswordByTokenCommand.cs

@@ -0,0 +1,20 @@
+using MediatR;
+
+namespace TakeoutSaaS.Application.Identity.Commands;
+
+/// <summary>
+/// 通过重置链接令牌重置管理员密码命令。
+/// </summary>
+public sealed record ResetAdminPasswordByTokenCommand : IRequest
+{
+    /// <summary>
+    /// 一次性重置令牌。
+    /// </summary>
+    public required string Token { get; init; }
+
+    /// <summary>
+    /// 新密码（明文，仅用于服务端哈希）。
+    /// </summary>
+    public required string NewPassword { get; init; }
+}
+

src/Application/TakeoutSaaS.Application/Identity/Contracts/ResetAdminPasswordRequest.cs

@@ -0,0 +1,18 @@
+namespace TakeoutSaaS.Application.Identity.Contracts;
+
+/// <summary>
+/// 通过重置链接令牌重置管理员密码请求。
+/// </summary>
+public sealed class ResetAdminPasswordRequest
+{
+    /// <summary>
+    /// 一次性重置令牌。
+    /// </summary>
+    public string Token { get; init; } = string.Empty;
+
+    /// <summary>
+    /// 新密码。
+    /// </summary>
+    public string NewPassword { get; init; } = string.Empty;
+}
+

src/Application/TakeoutSaaS.Application/Identity/Handlers/ResetAdminPasswordByTokenCommandHandler.cs

@@ -0,0 +1,57 @@
+using MediatR;
+using Microsoft.AspNetCore.Identity;
+using TakeoutSaaS.Application.Identity.Abstractions;
+using TakeoutSaaS.Application.Identity.Commands;
+using TakeoutSaaS.Domain.Identity.Entities;
+using TakeoutSaaS.Domain.Identity.Repositories;
+using TakeoutSaaS.Shared.Abstractions.Constants;
+using TakeoutSaaS.Shared.Abstractions.Exceptions;
+
+namespace TakeoutSaaS.Application.Identity.Handlers;
+
+/// <summary>
+/// 通过重置链接令牌重置管理员密码处理器。
+/// </summary>
+public sealed class ResetAdminPasswordByTokenCommandHandler(
+    IAdminPasswordResetTokenStore tokenStore,
+    IIdentityUserRepository userRepository,
+    IPasswordHasher<IdentityUser> passwordHasher)
+    : IRequestHandler<ResetAdminPasswordByTokenCommand>
+{
+    /// <inheritdoc />
+    public async Task Handle(ResetAdminPasswordByTokenCommand request, CancellationToken cancellationToken)
+    {
+        // 1. 参数校验
+        var token = request.Token?.Trim() ?? string.Empty;
+        if (string.IsNullOrWhiteSpace(token))
+        {
+            throw new BusinessException(ErrorCodes.BadRequest, "重置令牌不能为空");
+        }
+
+        var password = request.NewPassword?.Trim() ?? string.Empty;
+        if (string.IsNullOrWhiteSpace(password))
+        {
+            throw new BusinessException(ErrorCodes.BadRequest, "新密码不能为空");
+        }
+
+        if (password.Length is < 6 or > 32)
+        {
+            throw new BusinessException(ErrorCodes.BadRequest, "新密码长度需为 6~32 位");
+        }
+
+        // 2. (空行后) 校验并消费令牌
+        var userId = await tokenStore.ConsumeAsync(token, cancellationToken);
+        if (!userId.HasValue || userId.Value == 0)
+        {
+            throw new BusinessException(ErrorCodes.BadRequest, "重置链接无效或已过期");
+        }
+
+        // 3. (空行后) 获取用户（可更新）并写入新密码哈希
+        var user = await userRepository.GetForUpdateAsync(userId.Value, cancellationToken)
+            ?? throw new BusinessException(ErrorCodes.NotFound, "用户不存在");
+
+        user.PasswordHash = passwordHasher.HashPassword(user, password);
+        await userRepository.SaveChangesAsync(cancellationToken);
+    }
+}
+