95 lines
4.2 KiB
C#
95 lines
4.2 KiB
C#
using MediatR;
|
||
using TakeoutSaaS.Application.App.Tenants.Commands;
|
||
using TakeoutSaaS.Application.Identity.Abstractions;
|
||
using TakeoutSaaS.Domain.Identity.Repositories;
|
||
using TakeoutSaaS.Domain.Tenants.Entities;
|
||
using TakeoutSaaS.Domain.Tenants.Enums;
|
||
using TakeoutSaaS.Domain.Tenants.Repositories;
|
||
using TakeoutSaaS.Shared.Abstractions.Constants;
|
||
using TakeoutSaaS.Shared.Abstractions.Exceptions;
|
||
using TakeoutSaaS.Shared.Abstractions.Security;
|
||
using TakeoutSaaS.Shared.Abstractions.Tenancy;
|
||
|
||
namespace TakeoutSaaS.Application.App.Tenants.Handlers;
|
||
|
||
/// <summary>
|
||
/// 生成租户主管理员重置链接令牌处理器(平台超级管理员使用)。
|
||
/// </summary>
|
||
public sealed class CreateTenantAdminResetLinkTokenCommandHandler(
|
||
ITenantRepository tenantRepository,
|
||
ITenantProvider tenantProvider,
|
||
ITenantContextAccessor tenantContextAccessor,
|
||
IIdentityUserRepository identityUserRepository,
|
||
ICurrentUserAccessor currentUserAccessor,
|
||
IAdminAuthService adminAuthService,
|
||
IAdminPasswordResetTokenStore tokenStore)
|
||
: IRequestHandler<CreateTenantAdminResetLinkTokenCommand, string>
|
||
{
|
||
private const long PlatformRootTenantId = 1000000000001;
|
||
|
||
/// <inheritdoc />
|
||
public async Task<string> Handle(CreateTenantAdminResetLinkTokenCommand request, CancellationToken cancellationToken)
|
||
{
|
||
// 1. 校验仅允许平台超级管理员执行
|
||
var currentTenantId = tenantProvider.GetCurrentTenantId();
|
||
if (currentTenantId != PlatformRootTenantId)
|
||
{
|
||
throw new BusinessException(ErrorCodes.Forbidden, "仅平台超级管理员可生成重置链接");
|
||
}
|
||
|
||
// 2. 校验租户存在且存在主管理员
|
||
var tenant = await tenantRepository.FindByIdAsync(request.TenantId, cancellationToken)
|
||
?? throw new BusinessException(ErrorCodes.NotFound, "租户不存在");
|
||
|
||
// 2.1 若缺少主管理员则自动回填(兼容历史数据)
|
||
if (!tenant.PrimaryOwnerUserId.HasValue || tenant.PrimaryOwnerUserId.Value == 0)
|
||
{
|
||
var originalContextForFix = tenantContextAccessor.Current;
|
||
tenantContextAccessor.Current = new TenantContext(tenant.Id, tenant.Code, "admin:reset-link:fix-owner");
|
||
try
|
||
{
|
||
var users = await identityUserRepository.SearchAsync(tenant.Id, keyword: null, cancellationToken);
|
||
var ownerCandidate = users.OrderBy(x => x.CreatedAt).FirstOrDefault();
|
||
if (ownerCandidate == null)
|
||
{
|
||
throw new BusinessException(ErrorCodes.BadRequest, "该租户未配置主管理员账号,且未找到可用管理员账号");
|
||
}
|
||
|
||
tenant.PrimaryOwnerUserId = ownerCandidate.Id;
|
||
await tenantRepository.UpdateTenantAsync(tenant, cancellationToken);
|
||
await tenantRepository.SaveChangesAsync(cancellationToken);
|
||
}
|
||
finally
|
||
{
|
||
tenantContextAccessor.Current = originalContextForFix;
|
||
}
|
||
}
|
||
|
||
// 3. 签发一次性重置令牌(默认 24 小时有效)
|
||
var token = await tokenStore.IssueAsync(tenant.PrimaryOwnerUserId.Value, DateTime.UtcNow.AddHours(24), cancellationToken);
|
||
|
||
// 4. 写入审计日志
|
||
var operatorProfile = await adminAuthService.GetProfileAsync(currentUserAccessor.UserId, cancellationToken);
|
||
var operatorName = string.IsNullOrWhiteSpace(operatorProfile.DisplayName)
|
||
? $"user:{currentUserAccessor.UserId}"
|
||
: operatorProfile.DisplayName;
|
||
|
||
var auditLog = new TenantAuditLog
|
||
{
|
||
TenantId = tenant.Id,
|
||
Action = TenantAuditAction.AdminResetLinkIssued,
|
||
Title = "生成重置链接",
|
||
Description = $"操作者:{operatorName},目标用户ID:{tenant.PrimaryOwnerUserId.Value}",
|
||
OperatorId = currentUserAccessor.UserId,
|
||
OperatorName = operatorName,
|
||
PreviousStatus = tenant.Status,
|
||
CurrentStatus = tenant.Status
|
||
};
|
||
await tenantRepository.AddAuditLogAsync(auditLog, cancellationToken);
|
||
await tenantRepository.SaveChangesAsync(cancellationToken);
|
||
|
||
// 5. 返回令牌
|
||
return token;
|
||
}
|
||
}
|