2026-05-02 13:02:38 +08:00

28 lines
1014 B
Go

package auth
import (
"context"
"hyapp/pkg/appcode"
authdomain "hyapp/services/user-service/internal/domain/auth"
"hyapp/services/user-service/internal/storage/mysql/shared"
)
func (r *Repository) RecordLoginAudit(ctx context.Context, audit authdomain.LoginAudit) error {
// 审计表不能包含密码、三方 credential 或 refresh token 原文。
_, err := r.db.ExecContext(ctx, `
INSERT INTO login_audit (app_code, request_id, user_id, login_type, provider, result, failure_code, client_ip, user_agent, created_at_ms)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
`, appcode.Normalize(audit.AppCode), audit.RequestID, nullableUserID(audit.UserID), audit.LoginType, shared.NullableString(audit.Provider), audit.Result, shared.NullableString(audit.FailureCode), shared.NullableString(audit.ClientIP), shared.NullableString(audit.UserAgent), audit.CreatedAtMs)
return err
}
func nullableUserID(userID int64) any {
if userID <= 0 {
// 审计中未知用户写 NULL。
return nil
}
return userID
}