user-service 架构

v1.0 范围调整后图待重渲染。权威细节见 docs/ARCH/backend.md section 3.2。当前代码中的组件清单:

入站

• PUBLIC /auth/v1/*: POST /auth/v1/tg/login、/auth/v1/refresh、/auth/v1/logout
• AUTHENTICATED /api/v1/user/*: profile、messages、shipping-addr、tos、security/sessions
• INTERNAL FEIGN /internal/v1/user/*: 按 uid 查询 / 批量 / 状态 / 按 TG ID / 收货地址 / notify

Servlet filters

• ServiceTokenAuthFilter — 内部 Feign 鉴权
• UserHeaderVerifyFilter — 验证网关注入的 HMAC X-User-Id

Controllers

• AuthController、UserProfileController、UserMessageController、ShippingAddressController、TosController、SecurityController、UserInternalController

Services(业务逻辑)

• LoginOrchestrator — JWT + refresh + security 写入 + user.registered 发布
• TgLoginStrategy — initData HMAC 校验 + 自动注册
• RefreshTokenService — opaque token 轮换 + 重放检测
• UserProfileSvc、UserLookupSvc、UserMessageSvc、ShippingAddrSvc、TosService

出站 Feign

• INotifyService → message-service POST /notify(Inbox + TG push fan-out)

领域 helpers

• JwtIssuer(HS256 + jti)、JwtRevocationStore(Redis jti 黑名单)、UidGenerator(8 字 SecureRandom)、TgInitDataVerifier(HMAC + 过期检查)

事件发布

• KafkaUserRegisteredEventPublisher — @ConditionalOnProperty duobao.kafka.enabled=true
• LoggingUserRegisteredEventPublisher — Kafka 关闭时的兜底

MyBatis mappers + MySQL one_user

• UserInfoMapper → user_info(含 vip_level)
• UserSecurityMapper → user_security
• UserTosAgreementMapper → user_tos_agreement
• RefreshTokenMapper → refresh_token
• UserShippingAddrMapper → user_shipping_address
• flyway_schema_history — 已合并为单个 V1__init.sql

External

• MySQL 8 — schema one_user
• Redis 7 — jwt:revoked:{jti} 黑名单
• Kafka — user.registered 生产者(被 agent-service、wallet-service 消费)
• message-service — 出站 Feign 目标,负责通知分发
• gateway-service(同级)— JWT verify + header inject