feat(auth): 添加微信小程序登录支持

- 新增 wechat_users 表迁移和 SeaORM Entity - 实现微信登录 Service（code→openid→绑定状态查询） - 实现手机号绑定 Service（创建/关联 user + 签发 JWT） - 添加公开路由 POST /auth/wechat/login 和 /auth/wechat/bind-phone - 新增 WechatConfig 到 AppConfig（appid/secret 通过环境变量配置） - 添加 reqwest 依赖用于调用微信 jscode2session API
2026-04-24 00:05:43 +08:00
parent 2e9eb55f2c
commit ba132921cc
17 changed files with 515 additions and 2 deletions
--- a/crates/erp-server/config/default.toml
+++ b/crates/erp-server/config/default.toml
@@ -24,3 +24,7 @@ level = "info"
 [cors]
 # Comma-separated allowed origins. Use "*" for development only.
 allowed_origins = "http://localhost:5173,http://localhost:5174,http://localhost:5175,http://localhost:5176,http://localhost:3000"
+
+[wechat]
+appid = "__MUST_SET_VIA_ENV__"
+secret = "__MUST_SET_VIA_ENV__"
--- a/crates/erp-server/migration/src/lib.rs
+++ b/crates/erp-server/migration/src/lib.rs
@@ -42,6 +42,7 @@ mod m20260419_000039_entity_registry_columns;
 mod m20260419_000040_plugin_market;
 mod m20260419_000041_plugin_user_views;
 mod m20260423_000042_create_health_tables;
+mod m20260423_000043_create_wechat_users;

 pub struct Migrator;

@@ -91,6 +92,7 @@ impl MigratorTrait for Migrator {
            Box::new(m20260419_000040_plugin_market::Migration),
            Box::new(m20260419_000041_plugin_user_views::Migration),
            Box::new(m20260423_000042_create_health_tables::Migration),
+            Box::new(m20260423_000043_create_wechat_users::Migration),
        ]
    }
 }
--- a/crates/erp-server/migration/src/m20260423_000043_create_wechat_users.rs
+++ b/crates/erp-server/migration/src/m20260423_000043_create_wechat_users.rs
@@ -0,0 +1,75 @@
+use sea_orm_migration::prelude::*;
+
+#[derive(DeriveMigrationName)]
+pub struct Migration;
+
+#[async_trait::async_trait]
+impl MigrationTrait for Migration {
+    async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
+        manager
+            .create_table(
+                Table::create()
+                    .table(WechatUsers::Table)
+                    .if_not_exists()
+                    .col(ColumnDef::new(WechatUsers::Id).uuid().not_null().primary_key())
+                    .col(ColumnDef::new(WechatUsers::TenantId).uuid().not_null())
+                    .col(ColumnDef::new(WechatUsers::Openid).string().not_null())
+                    .col(ColumnDef::new(WechatUsers::UnionId).string())
+                    .col(ColumnDef::new(WechatUsers::UserId).uuid().not_null())
+                    .col(ColumnDef::new(WechatUsers::Phone).string())
+                    .col(
+                        ColumnDef::new(WechatUsers::CreatedAt)
+                            .timestamp_with_time_zone()
+                            .not_null()
+                            .default(Expr::current_timestamp()),
+                    )
+                    .col(
+                        ColumnDef::new(WechatUsers::UpdatedAt)
+                            .timestamp_with_time_zone()
+                            .not_null()
+                            .default(Expr::current_timestamp()),
+                    )
+                    .col(
+                        ColumnDef::new(WechatUsers::DeletedAt)
+                            .timestamp_with_time_zone(),
+                    )
+                    .to_owned(),
+            )
+            .await?;
+
+        manager
+            .create_index(
+                Index::create()
+                    .name("idx_wechat_users_openid")
+                    .table(WechatUsers::Table)
+                    .col(WechatUsers::Openid)
+                    .col(WechatUsers::TenantId)
+                    .unique()
+                    .to_owned(),
+            )
+            .await
+    }
+
+    async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
+        manager
+            .drop_index(Index::drop().name("idx_wechat_users_openid").to_owned())
+            .await?;
+        manager
+            .drop_table(Table::drop().table(WechatUsers::Table).to_owned())
+            .await
+    }
+}
+
+#[derive(DeriveIden)]
+enum WechatUsers {
+    Table,
+    Id,
+    TenantId,
+    Openid,
+    UnionId,
+    UserId,
+    Phone,
+    CreatedAt,
+    UpdatedAt,
+    DeletedAt,
+}
--- a/crates/erp-server/src/config.rs
+++ b/crates/erp-server/src/config.rs
@@ -9,6 +9,7 @@ pub struct AppConfig {
    pub auth: AuthConfig,
    pub log: LogConfig,
    pub cors: CorsConfig,
+    pub wechat: WechatConfig,
 }

 #[derive(Debug, Clone, Deserialize)]
@@ -53,6 +54,12 @@ pub struct CorsConfig {
    pub allowed_origins: String,
 }

+#[derive(Debug, Clone, Deserialize)]
+pub struct WechatConfig {
+    pub appid: String,
+    pub secret: String,
+}
+
 impl AppConfig {
    pub fn load() -> anyhow::Result<Self> {
        let config = config::Config::builder()
--- a/crates/erp-server/src/state.rs
+++ b/crates/erp-server/src/state.rs
@@ -51,6 +51,8 @@ impl FromRef<AppState> for erp_auth::AuthState {
            access_ttl_secs: parse_ttl(&state.config.jwt.access_token_ttl),
            refresh_ttl_secs: parse_ttl(&state.config.jwt.refresh_token_ttl),
            default_tenant_id: state.default_tenant_id,
+            wechat_appid: state.config.wechat.appid.clone(),
+            wechat_secret: state.config.wechat.secret.clone(),
        }
    }
 }