long-agent/user-system
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7b047e2f119c7f4ff1270a8d4d122c301bb3cf9b
user-system/internal/database/db.go
long-agent 7b047e2f11 perf: Sprint 19 P0/P1 性能优化落地 
P0(高优先级):
- P0-1: 确认数据库复合索引已存在(GORM tag),composite_index_test 验证通过
- P0-2: 连接池调优 MaxIdleConns 5→10, ConnMaxLifetime 30min→5min
- P0-3: Redis 智能探测(ProbeRedis),无 Redis 自动降级到纯内存模式

P1(中优先级):
- P1-1: GZIP 压缩中间件(compress/gzip 标准库,零新依赖)
- P1-2: 权限缓存 TTL 30min→5min
- P1-3: Argon2id 启动自适应校准(CalibrateArgon2id)

历史优化(含本次提交):
- L1Cache O(n)→O(1) LRU 重构
- Auth 中间件 DB 查询合并 + 5s L1 缓存
- Logger 异步化(4096 缓冲通道)

验证: go build/vet/test 41/41 PASS, govulncheck 无漏洞
2026-04-18 22:57:44 +08:00

286 lines
8.8 KiB
Go
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
package database
import (
"errors"
"fmt"
"log"
"time"
"github.com/glebarez/sqlite"
"gorm.io/gorm"
"github.com/user-management-system/internal/auth"
"github.com/user-management-system/internal/config"
"github.com/user-management-system/internal/domain"
)
type DB struct {
*gorm.DB
}
func NewDB(cfg *config.Config) (*DB, error) {
// 当前仅支持 SQLite
// 如果配置中指定了数据库路径则使用它,否则使用默认路径
dbPath := "./data/user_management.db"
if cfg != nil && cfg.Database.DBName != "" {
dbPath = cfg.Database.DBName
}
dialector := sqlite.Open(dbPath)
db, err := gorm.Open(dialector, &gorm.Config{})
if err != nil {
return nil, fmt.Errorf("connect database failed: %w", err)
}
// WARN-02 修复:开启 WAL 模式提升并发读写性能
// WALWrite-Ahead Logging允许读写并发显著减少写操作对读操作的阻塞
sqlDB, err := db.DB()
if err != nil {
return nil, fmt.Errorf("get underlying sql.DB failed: %w", err)
}
// 开启 WAL 模式
if _, err := sqlDB.Exec("PRAGMA journal_mode=WAL"); err != nil {
log.Printf("warn: enable WAL mode failed: %v", err)
}
// 开启同步模式 NORMALWAL 下 NORMAL 已足够安全,比 FULL 快很多)
if _, err := sqlDB.Exec("PRAGMA synchronous=NORMAL"); err != nil {
log.Printf("warn: set synchronous=NORMAL failed: %v", err)
}
// 缓存大小8MB单位负数表示 KB
if _, err := sqlDB.Exec("PRAGMA cache_size=-8192"); err != nil {
log.Printf("warn: set cache_size failed: %v", err)
}
// 开启外键约束SQLite 默认关闭)
if _, err := sqlDB.Exec("PRAGMA foreign_keys=ON"); err != nil {
log.Printf("warn: enable foreign_keys failed: %v", err)
}
// Busy Timeout5 秒(减少写冲突时的 SQLITE_BUSY 错误)
if _, err := sqlDB.Exec("PRAGMA busy_timeout=5000"); err != nil {
log.Printf("warn: set busy_timeout failed: %v", err)
}
// 连接池配置:使用配置文件中的参数
// 默认值针对 SQLite 单文件场景优化:
// MaxOpenConns=10 — SQLite WAL 模式下并发写有限,超出会排队
// MaxIdleConns=10 — 与 MaxOpenConns 相等,保持所有连接热备,减少建连开销
// ConnMaxLifetime=5min — 短生命周期防止长连接泄漏资源;生产 PostgreSQL 可调至 30min
// ConnMaxIdleTime=5min — 空闲超过此时间关闭,释放不活跃连接
maxOpenConns := 10
maxIdleConns := 10 // 优化:等于 maxOpenConns保持全部连接热备
connMaxLifetime := 5 * time.Minute
connMaxIdleTime := 5 * time.Minute
if cfg != nil {
if cfg.Database.MaxOpenConns > 0 {
maxOpenConns = cfg.Database.MaxOpenConns
}
if cfg.Database.MaxIdleConns > 0 {
maxIdleConns = cfg.Database.MaxIdleConns
}
if cfg.Database.ConnMaxLifetimeMinutes > 0 {
connMaxLifetime = time.Duration(cfg.Database.ConnMaxLifetimeMinutes) * time.Minute
}
if cfg.Database.ConnMaxIdleTimeMinutes > 0 {
connMaxIdleTime = time.Duration(cfg.Database.ConnMaxIdleTimeMinutes) * time.Minute
}
}
sqlDB.SetMaxOpenConns(maxOpenConns)
sqlDB.SetMaxIdleConns(maxIdleConns)
sqlDB.SetConnMaxLifetime(connMaxLifetime)
sqlDB.SetConnMaxIdleTime(connMaxIdleTime)
log.Println("database: SQLite WAL mode enabled, connection pool configured")
return &DB{DB: db}, nil
}
func (db *DB) AutoMigrate(cfg *config.Config) error {
log.Println("starting database migration")
if err := db.DB.AutoMigrate(
&domain.User{},
&domain.Role{},
&domain.Permission{},
&domain.UserRole{},
&domain.RolePermission{},
&domain.Device{},
&domain.LoginLog{},
&domain.OperationLog{},
&domain.SocialAccount{},
&domain.Webhook{},
&domain.WebhookDelivery{},
&domain.PasswordHistory{},
); err != nil {
return fmt.Errorf("database migration failed: %w", err)
}
if err := db.initDefaultData(cfg); err != nil {
return fmt.Errorf("initialize default data failed: %w", err)
}
return nil
}
func (db *DB) initDefaultData(cfg *config.Config) error {
var count int64
if err := db.DB.Model(&domain.Role{}).Count(&count).Error; err != nil {
return err
}
if count > 0 {
// 角色已存在,仍需补充权限数据(升级场景)
if err := db.ensurePermissions(); err != nil {
log.Printf("warn: ensure permissions failed: %v", err)
}
log.Println("default data already exists, skipping bootstrap")
return nil
}
log.Println("bootstrapping default roles and permissions")
// 1. 创建角色
var adminRoleID int64
var userRoleID int64
for _, predefined := range domain.PredefinedRoles {
role := predefined
if err := db.DB.Create(&role).Error; err != nil {
return fmt.Errorf("create role failed: %w", err)
}
if role.Code == "admin" {
adminRoleID = role.ID
}
if role.Code == "user" {
userRoleID = role.ID
}
}
// 2. 创建权限
permIDs, err := db.createDefaultPermissions()
if err != nil {
return fmt.Errorf("create permissions failed: %w", err)
}
// 3. 给 admin 角色绑定所有权限
if adminRoleID > 0 {
for _, permID := range permIDs {
if err := db.DB.Create(&domain.RolePermission{RoleID: adminRoleID, PermissionID: permID}).Error; err != nil {
return fmt.Errorf("assign permission %d to admin role failed: %w", permID, err)
}
}
log.Printf("assigned %d permissions to admin role", len(permIDs))
}
// 4. 给普通用户角色绑定基础权限
if userRoleID > 0 {
userPermCodes := []string{"profile:view", "profile:edit", "log:view_own"}
for _, code := range userPermCodes {
var perm domain.Permission
if err := db.DB.Where("code = ?", code).First(&perm).Error; err == nil {
if err := db.DB.Create(&domain.RolePermission{RoleID: userRoleID, PermissionID: perm.ID}).Error; err != nil {
return fmt.Errorf("assign permission %s to user role failed: %w", code, err)
}
}
}
}
// 5. 创建 admin 用户
adminUsername := cfg.Default.AdminEmail
adminPassword := cfg.Default.AdminPassword
if adminUsername == "" || adminPassword == "" {
log.Println("admin bootstrap skipped: default.admin_email/admin_password not configured")
return nil
}
passwordHash, err := auth.HashPassword(adminPassword)
if err != nil {
return fmt.Errorf("hash admin password failed: %w", err)
}
adminUser := &domain.User{
Username: adminUsername,
Email: domain.StrPtr(adminUsername),
Password: passwordHash,
Nickname: "系统管理员",
Status: domain.UserStatusActive,
}
if err := db.DB.Create(adminUser).Error; err != nil {
return fmt.Errorf("create admin user failed: %w", err)
}
if adminRoleID == 0 {
return fmt.Errorf("admin role missing during bootstrap")
}
if err := db.DB.Create(&domain.UserRole{
UserID: adminUser.ID,
RoleID: adminRoleID,
}).Error; err != nil {
return fmt.Errorf("assign admin role failed: %w", err)
}
log.Printf("bootstrap completed: admin user=%s, roles=%d, permissions=%d",
adminUser.Username, 2, len(permIDs))
return nil
}
// ensurePermissions 在升级场景中补充缺失的权限数据
func (db *DB) ensurePermissions() error {
var permCount int64
db.DB.Model(&domain.Permission{}).Count(&permCount)
if permCount > 0 {
return nil // 已有权限数据
}
log.Println("permissions table is empty, seeding default permissions")
permIDs, err := db.createDefaultPermissions()
if err != nil {
return err
}
// 找到 admin 角色并绑定所有权限
var adminRole domain.Role
if err := db.DB.Where("code = ?", "admin").First(&adminRole).Error; err == nil {
for _, permID := range permIDs {
if err := db.DB.Create(&domain.RolePermission{RoleID: adminRole.ID, PermissionID: permID}).Error; err != nil {
return fmt.Errorf("assign permission %d to admin role failed: %w", permID, err)
}
}
log.Printf("assigned %d permissions to admin role (upgrade)", len(permIDs))
}
// 找到普通用户角色并绑定基础权限
var userRole domain.Role
if err := db.DB.Where("code = ?", "user").First(&userRole).Error; err == nil {
userPermCodes := []string{"profile:view", "profile:edit", "log:view_own"}
for _, code := range userPermCodes {
var perm domain.Permission
if err := db.DB.Where("code = ?", code).First(&perm).Error; err == nil {
if err := db.DB.Create(&domain.RolePermission{RoleID: userRole.ID, PermissionID: perm.ID}).Error; err != nil {
return fmt.Errorf("assign permission %s to user role failed: %w", code, err)
}
}
}
}
return nil
}
// createDefaultPermissions 创建默认权限列表,返回所有权限 ID
func (db *DB) createDefaultPermissions() ([]int64, error) {
permissions := domain.DefaultPermissions()
var ids []int64
var errs []error
for i := range permissions {
p := permissions[i]
// 使用 FirstOrCreate 防止重复插入(幂等)
result := db.DB.Where("code = ?", p.Code).FirstOrCreate(&p)
if result.Error != nil {
errs = append(errs, fmt.Errorf("create permission %s failed: %w", p.Code, result.Error))
continue
}
ids = append(ids, p.ID)
}
if len(errs) > 0 {
return ids, errors.Join(errs...)
}
return ids, nil
}
Reference in New Issue View Git Blame Copy Permalink