feat：实现用户认证系统

- 添加用户登录、注册、密码重置功能 - 支持用户名/邮箱/手机号多种登录方式 - 集成GitHub OAuth第三方登录 - 实现bcrypt密码加密存储 - 添加基于角色的权限控制 - 包含完整的数据验证和错误处理
2025-12-17 14:39:45 +08:00
parent 8591f23505
commit e350d117d3
10 changed files with 1539 additions and 0 deletions
--- a/src/business/login/login.controller.ts
+++ b/src/business/login/login.controller.ts
@@ -0,0 +1,136 @@
+/**
+ * 登录控制器
+ * 
+ * 功能描述：
+ * - 处理登录相关的HTTP请求和响应
+ * - 提供RESTful API接口
+ * - 数据验证和格式化
+ * 
+ * API端点：
+ * - POST /auth/login - 用户登录
+ * - POST /auth/register - 用户注册
+ * - POST /auth/github - GitHub OAuth登录
+ * - POST /auth/forgot-password - 发送密码重置验证码
+ * - POST /auth/reset-password - 重置密码
+ * - PUT /auth/change-password - 修改密码
+ * 
+ * @author moyin
+ * @version 1.0.0
+ * @since 2025-12-17
+ */
+
+import { Controller, Post, Put, Body, HttpCode, HttpStatus, ValidationPipe, UsePipes, Logger } from '@nestjs/common';
+import { LoginService, ApiResponse, LoginResponse } from './login.service';
+import { LoginDto, RegisterDto, GitHubOAuthDto, ForgotPasswordDto, ResetPasswordDto, ChangePasswordDto } from './login.dto';
+
+@Controller('auth')
+export class LoginController {
+  private readonly logger = new Logger(LoginController.name);
+
+  constructor(private readonly loginService: LoginService) {}
+
+  /**
+   * 用户登录
+   * 
+   * @param loginDto 登录数据
+   * @returns 登录结果
+   */
+  @Post('login')
+  @HttpCode(HttpStatus.OK)
+  @UsePipes(new ValidationPipe({ transform: true }))
+  async login(@Body() loginDto: LoginDto): Promise<ApiResponse<LoginResponse>> {
+    return await this.loginService.login({
+      identifier: loginDto.identifier,
+      password: loginDto.password
+    });
+  }
+
+  /**
+   * 用户注册
+   * 
+   * @param registerDto 注册数据
+   * @returns 注册结果
+   */
+  @Post('register')
+  @HttpCode(HttpStatus.CREATED)
+  @UsePipes(new ValidationPipe({ transform: true }))
+  async register(@Body() registerDto: RegisterDto): Promise<ApiResponse<LoginResponse>> {
+    return await this.loginService.register({
+      username: registerDto.username,
+      password: registerDto.password,
+      nickname: registerDto.nickname,
+      email: registerDto.email,
+      phone: registerDto.phone
+    });
+  }
+
+  /**
+   * GitHub OAuth登录
+   * 
+   * @param githubDto GitHub OAuth数据
+   * @returns 登录结果
+   */
+  @Post('github')
+  @HttpCode(HttpStatus.OK)
+  @UsePipes(new ValidationPipe({ transform: true }))
+  async githubOAuth(@Body() githubDto: GitHubOAuthDto): Promise<ApiResponse<LoginResponse>> {
+    return await this.loginService.githubOAuth({
+      github_id: githubDto.github_id,
+      username: githubDto.username,
+      nickname: githubDto.nickname,
+      email: githubDto.email,
+      avatar_url: githubDto.avatar_url
+    });
+  }
+
+  /**
+   * 发送密码重置验证码
+   * 
+   * @param forgotPasswordDto 忘记密码数据
+   * @returns 发送结果
+   */
+  @Post('forgot-password')
+  @HttpCode(HttpStatus.OK)
+  @UsePipes(new ValidationPipe({ transform: true }))
+  async forgotPassword(@Body() forgotPasswordDto: ForgotPasswordDto): Promise<ApiResponse<{ verification_code?: string }>> {
+    return await this.loginService.sendPasswordResetCode(forgotPasswordDto.identifier);
+  }
+
+  /**
+   * 重置密码
+   * 
+   * @param resetPasswordDto 重置密码数据
+   * @returns 重置结果
+   */
+  @Post('reset-password')
+  @HttpCode(HttpStatus.OK)
+  @UsePipes(new ValidationPipe({ transform: true }))
+  async resetPassword(@Body() resetPasswordDto: ResetPasswordDto): Promise<ApiResponse> {
+    return await this.loginService.resetPassword({
+      identifier: resetPasswordDto.identifier,
+      verificationCode: resetPasswordDto.verification_code,
+      newPassword: resetPasswordDto.new_password
+    });
+  }
+
+  /**
+   * 修改密码
+   * 
+   * @param changePasswordDto 修改密码数据
+   * @returns 修改结果
+   */
+  @Put('change-password')
+  @HttpCode(HttpStatus.OK)
+  @UsePipes(new ValidationPipe({ transform: true }))
+  async changePassword(@Body() changePasswordDto: ChangePasswordDto): Promise<ApiResponse> {
+    // 实际应用中应从JWT令牌中获取用户ID
+    // 这里为了演示，使用请求体中的用户ID
+    const userId = BigInt(changePasswordDto.user_id);
+    
+    return await this.loginService.changePassword(
+      userId,
+      changePasswordDto.old_password,
+      changePasswordDto.new_password
+    );
+  }
+}
--- a/src/business/login/login.dto.ts
+++ b/src/business/login/login.dto.ts
@@ -0,0 +1,206 @@
+/**
+ * 登录业务数据传输对象
+ * 
+ * 功能描述：
+ * - 定义登录相关API的请求数据结构
+ * - 提供数据验证规则和错误提示
+ * - 确保API接口的数据格式一致性
+ * 
+ * @author moyin
+ * @version 1.0.0
+ * @since 2025-12-17
+ */
+
+import { 
+  IsString, 
+  IsEmail, 
+  IsPhoneNumber, 
+  IsNotEmpty, 
+  Length, 
+  IsOptional,
+  Matches,
+  IsNumberString
+} from 'class-validator';
+
+/**
+ * 登录请求DTO
+ */
+export class LoginDto {
+  /**
+   * 登录标识符
+   * 支持用户名、邮箱或手机号登录
+   */
+  @IsString({ message: '登录标识符必须是字符串' })
+  @IsNotEmpty({ message: '登录标识符不能为空' })
+  @Length(1, 100, { message: '登录标识符长度需在1-100字符之间' })
+  identifier: string;
+
+  /**
+   * 密码
+   */
+  @IsString({ message: '密码必须是字符串' })
+  @IsNotEmpty({ message: '密码不能为空' })
+  @Length(1, 128, { message: '密码长度需在1-128字符之间' })
+  password: string;
+}
+
+/**
+ * 注册请求DTO
+ */
+export class RegisterDto {
+  /**
+   * 用户名
+   */
+  @IsString({ message: '用户名必须是字符串' })
+  @IsNotEmpty({ message: '用户名不能为空' })
+  @Length(1, 50, { message: '用户名长度需在1-50字符之间' })
+  @Matches(/^[a-zA-Z0-9_]+$/, { message: '用户名只能包含字母、数字和下划线' })
+  username: string;
+
+  /**
+   * 密码
+   */
+  @IsString({ message: '密码必须是字符串' })
+  @IsNotEmpty({ message: '密码不能为空' })
+  @Length(8, 128, { message: '密码长度需在8-128字符之间' })
+  @Matches(/^(?=.*[a-zA-Z])(?=.*\d)/, { message: '密码必须包含字母和数字' })
+  password: string;
+
+  /**
+   * 昵称
+   */
+  @IsString({ message: '昵称必须是字符串' })
+  @IsNotEmpty({ message: '昵称不能为空' })
+  @Length(1, 50, { message: '昵称长度需在1-50字符之间' })
+  nickname: string;
+
+  /**
+   * 邮箱（可选）
+   */
+  @IsOptional()
+  @IsEmail({}, { message: '邮箱格式不正确' })
+  email?: string;
+
+  /**
+   * 手机号（可选）
+   */
+  @IsOptional()
+  @IsPhoneNumber(null, { message: '手机号格式不正确' })
+  phone?: string;
+}
+
+/**
+ * GitHub OAuth登录请求DTO
+ */
+export class GitHubOAuthDto {
+  /**
+   * GitHub用户ID
+   */
+  @IsString({ message: 'GitHub ID必须是字符串' })
+  @IsNotEmpty({ message: 'GitHub ID不能为空' })
+  @Length(1, 100, { message: 'GitHub ID长度需在1-100字符之间' })
+  github_id: string;
+
+  /**
+   * 用户名
+   */
+  @IsString({ message: '用户名必须是字符串' })
+  @IsNotEmpty({ message: '用户名不能为空' })
+  @Length(1, 50, { message: '用户名长度需在1-50字符之间' })
+  username: string;
+
+  /**
+   * 昵称
+   */
+  @IsString({ message: '昵称必须是字符串' })
+  @IsNotEmpty({ message: '昵称不能为空' })
+  @Length(1, 50, { message: '昵称长度需在1-50字符之间' })
+  nickname: string;
+
+  /**
+   * 邮箱（可选）
+   */
+  @IsOptional()
+  @IsEmail({}, { message: '邮箱格式不正确' })
+  email?: string;
+
+  /**
+   * 头像URL（可选）
+   */
+  @IsOptional()
+  @IsString({ message: '头像URL必须是字符串' })
+  avatar_url?: string;
+}
+
+/**
+ * 忘记密码请求DTO
+ */
+export class ForgotPasswordDto {
+  /**
+   * 邮箱或手机号
+   */
+  @IsString({ message: '标识符必须是字符串' })
+  @IsNotEmpty({ message: '邮箱或手机号不能为空' })
+  @Length(1, 100, { message: '标识符长度需在1-100字符之间' })
+  identifier: string;
+}
+
+/**
+ * 重置密码请求DTO
+ */
+export class ResetPasswordDto {
+  /**
+   * 邮箱或手机号
+   */
+  @IsString({ message: '标识符必须是字符串' })
+  @IsNotEmpty({ message: '邮箱或手机号不能为空' })
+  @Length(1, 100, { message: '标识符长度需在1-100字符之间' })
+  identifier: string;
+
+  /**
+   * 验证码
+   */
+  @IsString({ message: '验证码必须是字符串' })
+  @IsNotEmpty({ message: '验证码不能为空' })
+  @Matches(/^\d{6}$/, { message: '验证码必须是6位数字' })
+  verification_code: string;
+
+  /**
+   * 新密码
+   */
+  @IsString({ message: '新密码必须是字符串' })
+  @IsNotEmpty({ message: '新密码不能为空' })
+  @Length(8, 128, { message: '新密码长度需在8-128字符之间' })
+  @Matches(/^(?=.*[a-zA-Z])(?=.*\d)/, { message: '新密码必须包含字母和数字' })
+  new_password: string;
+}
+
+/**
+ * 修改密码请求DTO
+ */
+export class ChangePasswordDto {
+  /**
+   * 用户ID
+   * 实际应用中应从JWT令牌中获取，这里为了演示放在请求体中
+   */
+  @IsNumberString({}, { message: '用户ID必须是数字字符串' })
+  @IsNotEmpty({ message: '用户ID不能为空' })
+  user_id: string;
+
+  /**
+   * 旧密码
+   */
+  @IsString({ message: '旧密码必须是字符串' })
+  @IsNotEmpty({ message: '旧密码不能为空' })
+  @Length(1, 128, { message: '旧密码长度需在1-128字符之间' })
+  old_password: string;
+
+  /**
+   * 新密码
+   */
+  @IsString({ message: '新密码必须是字符串' })
+  @IsNotEmpty({ message: '新密码不能为空' })
+  @Length(8, 128, { message: '新密码长度需在8-128字符之间' })
+  @Matches(/^(?=.*[a-zA-Z])(?=.*\d)/, { message: '新密码必须包含字母和数字' })
+  new_password: string;
+}
--- a/src/business/login/login.module.ts
+++ b/src/business/login/login.module.ts
@@ -0,0 +1,25 @@
+/**
+ * 登录业务模块
+ * 
+ * 功能描述：
+ * - 整合登录相关的控制器、服务和依赖
+ * - 提供完整的登录业务功能模块
+ * - 可被其他模块导入使用
+ * 
+ * @author moyin
+ * @version 1.0.0
+ * @since 2025-12-17
+ */
+
+import { Module } from '@nestjs/common';
+import { LoginController } from './login.controller';
+import { LoginService } from './login.service';
+import { LoginCoreModule } from '../../core/login_core/login_core.module';
+
+@Module({
+  imports: [LoginCoreModule],
+  controllers: [LoginController],
+  providers: [LoginService],
+  exports: [LoginService],
+})
+export class LoginModule {}
--- a/src/business/login/login.service.spec.ts
+++ b/src/business/login/login.service.spec.ts
@@ -0,0 +1,174 @@
+/**
+ * 登录业务服务测试
+ */
+
+import { Test, TestingModule } from '@nestjs/testing';
+import { LoginService } from './login.service';
+import { LoginCoreService } from '../../core/login_core/login_core.service';
+
+describe('LoginService', () => {
+  let service: LoginService;
+  let loginCoreService: jest.Mocked<LoginCoreService>;
+
+  const mockUser = {
+    id: BigInt(1),
+    username: 'testuser',
+    email: 'test@example.com',
+    phone: '+8613800138000',
+    password_hash: '$2b$12$hashedpassword',
+    nickname: '测试用户',
+    github_id: null as string | null,
+    avatar_url: null as string | null,
+    role: 1,
+    created_at: new Date(),
+    updated_at: new Date()
+  };
+
+  beforeEach(async () => {
+    const mockLoginCoreService = {
+      login: jest.fn(),
+      register: jest.fn(),
+      githubOAuth: jest.fn(),
+      sendPasswordResetCode: jest.fn(),
+      resetPassword: jest.fn(),
+      changePassword: jest.fn(),
+    };
+
+    const module: TestingModule = await Test.createTestingModule({
+      providers: [
+        LoginService,
+        {
+          provide: LoginCoreService,
+          useValue: mockLoginCoreService,
+        },
+      ],
+    }).compile();
+
+    service = module.get<LoginService>(LoginService);
+    loginCoreService = module.get(LoginCoreService);
+  });
+
+  it('should be defined', () => {
+    expect(service).toBeDefined();
+  });
+
+  describe('login', () => {
+    it('should return success response for valid login', async () => {
+      loginCoreService.login.mockResolvedValue({
+        user: mockUser,
+        isNewUser: false
+      });
+
+      const result = await service.login({
+        identifier: 'testuser',
+        password: 'password123'
+      });
+
+      expect(result.success).toBe(true);
+      expect(result.data?.user.username).toBe('testuser');
+      expect(result.data?.access_token).toBeDefined();
+    });
+
+    it('should return error response for failed login', async () => {
+      loginCoreService.login.mockRejectedValue(new Error('登录失败'));
+
+      const result = await service.login({
+        identifier: 'testuser',
+        password: 'wrongpassword'
+      });
+
+      expect(result.success).toBe(false);
+      expect(result.message).toBe('登录失败');
+      expect(result.error_code).toBe('LOGIN_FAILED');
+    });
+  });
+
+  describe('register', () => {
+    it('should return success response for valid registration', async () => {
+      loginCoreService.register.mockResolvedValue({
+        user: mockUser,
+        isNewUser: true
+      });
+
+      const result = await service.register({
+        username: 'testuser',
+        password: 'password123',
+        nickname: '测试用户'
+      });
+
+      expect(result.success).toBe(true);
+      expect(result.data?.user.username).toBe('testuser');
+      expect(result.data?.is_new_user).toBe(true);
+    });
+
+    it('should return error response for failed registration', async () => {
+      loginCoreService.register.mockRejectedValue(new Error('用户名已存在'));
+
+      const result = await service.register({
+        username: 'existinguser',
+        password: 'password123',
+        nickname: '测试用户'
+      });
+
+      expect(result.success).toBe(false);
+      expect(result.message).toBe('用户名已存在');
+      expect(result.error_code).toBe('REGISTER_FAILED');
+    });
+  });
+
+  describe('githubOAuth', () => {
+    it('should return success response for GitHub OAuth', async () => {
+      loginCoreService.githubOAuth.mockResolvedValue({
+        user: mockUser,
+        isNewUser: true
+      });
+
+      const result = await service.githubOAuth({
+        github_id: 'github123',
+        username: 'githubuser',
+        nickname: 'GitHub用户'
+      });
+
+      expect(result.success).toBe(true);
+      expect(result.data?.user.username).toBe('testuser');
+      expect(result.data?.is_new_user).toBe(true);
+    });
+  });
+
+  describe('sendPasswordResetCode', () => {
+    it('should return success response with verification code', async () => {
+      loginCoreService.sendPasswordResetCode.mockResolvedValue('123456');
+
+      const result = await service.sendPasswordResetCode('test@example.com');
+
+      expect(result.success).toBe(true);
+      expect(result.data?.verification_code).toBe('123456');
+    });
+  });
+
+  describe('resetPassword', () => {
+    it('should return success response for password reset', async () => {
+      loginCoreService.resetPassword.mockResolvedValue(mockUser);
+
+      const result = await service.resetPassword({
+        identifier: 'test@example.com',
+        verificationCode: '123456',
+        newPassword: 'newpassword123'
+      });
+
+      expect(result.success).toBe(true);
+      expect(result.message).toBe('密码重置成功');
+    });
+  });
+
+  describe('changePassword', () => {
+    it('should return success response for password change', async () => {
+      loginCoreService.changePassword.mockResolvedValue(mockUser);
+
+      const result = await service.changePassword(BigInt(1), 'oldpassword', 'newpassword123');
+
+      expect(result.success).toBe(true);
+      expect(result.message).toBe('密码修改成功');
+    });
+  });
+});
--- a/src/business/login/login.service.ts
+++ b/src/business/login/login.service.ts
@@ -0,0 +1,328 @@
+/**
+ * 登录业务服务
+ * 
+ * 功能描述：
+ * - 处理登录相关的业务逻辑和流程控制
+ * - 整合核心服务，提供完整的业务功能
+ * - 处理业务规则、数据格式化和错误处理
+ * 
+ * 职责分离：
+ * - 专注于业务流程和规则实现
+ * - 调用核心服务完成具体功能
+ * - 为控制器层提供业务接口
+ * 
+ * @author moyin
+ * @version 1.0.0
+ * @since 2025-12-17
+ */
+
+import { Injectable, Logger } from '@nestjs/common';
+import { LoginCoreService, LoginRequest, RegisterRequest, GitHubOAuthRequest, PasswordResetRequest, AuthResult } from '../../core/login_core/login_core.service';
+import { Users } from '../../core/db/users/users.entity';
+
+/**
+ * 登录响应数据接口
+ */
+export interface LoginResponse {
+  /** 用户信息 */
+  user: {
+    id: string;
+    username: string;
+    nickname: string;
+    email?: string;
+    phone?: string;
+    avatar_url?: string;
+    role: number;
+    created_at: Date;
+  };
+  /** 访问令牌（实际应用中应生成JWT） */
+  access_token: string;
+  /** 刷新令牌 */
+  refresh_token?: string;
+  /** 是否为新用户 */
+  is_new_user?: boolean;
+  /** 消息 */
+  message: string;
+}
+
+/**
+ * 通用响应接口
+ */
+export interface ApiResponse<T = any> {
+  /** 是否成功 */
+  success: boolean;
+  /** 响应数据 */
+  data?: T;
+  /** 消息 */
+  message: string;
+  /** 错误代码 */
+  error_code?: string;
+}
+
+@Injectable()
+export class LoginService {
+  private readonly logger = new Logger(LoginService.name);
+
+  constructor(
+    private readonly loginCoreService: LoginCoreService,
+  ) {}
+
+  /**
+   * 用户登录
+   * 
+   * @param loginRequest 登录请求
+   * @returns 登录响应
+   */
+  async login(loginRequest: LoginRequest): Promise<ApiResponse<LoginResponse>> {
+    try {
+      this.logger.log(`用户登录尝试: ${loginRequest.identifier}`);
+
+      // 调用核心服务进行认证
+      const authResult = await this.loginCoreService.login(loginRequest);
+
+      // 生成访问令牌（实际应用中应使用JWT）
+      const accessToken = this.generateAccessToken(authResult.user);
+
+      // 格式化响应数据
+      const response: LoginResponse = {
+        user: this.formatUserInfo(authResult.user),
+        access_token: accessToken,
+        is_new_user: authResult.isNewUser,
+        message: '登录成功'
+      };
+
+      this.logger.log(`用户登录成功: ${authResult.user.username} (ID: ${authResult.user.id})`);
+
+      return {
+        success: true,
+        data: response,
+        message: '登录成功'
+      };
+    } catch (error) {
+      this.logger.error(`用户登录失败: ${loginRequest.identifier}`, error instanceof Error ? error.stack : String(error));
+      
+      return {
+        success: false,
+        message: error instanceof Error ? error.message : '登录失败',
+        error_code: 'LOGIN_FAILED'
+      };
+    }
+  }
+
+  /**
+   * 用户注册
+   * 
+   * @param registerRequest 注册请求
+   * @returns 注册响应
+   */
+  async register(registerRequest: RegisterRequest): Promise<ApiResponse<LoginResponse>> {
+    try {
+      this.logger.log(`用户注册尝试: ${registerRequest.username}`);
+
+      // 调用核心服务进行注册
+      const authResult = await this.loginCoreService.register(registerRequest);
+
+      // 生成访问令牌
+      const accessToken = this.generateAccessToken(authResult.user);
+
+      // 格式化响应数据
+      const response: LoginResponse = {
+        user: this.formatUserInfo(authResult.user),
+        access_token: accessToken,
+        is_new_user: true,
+        message: '注册成功'
+      };
+
+      this.logger.log(`用户注册成功: ${authResult.user.username} (ID: ${authResult.user.id})`);
+
+      return {
+        success: true,
+        data: response,
+        message: '注册成功'
+      };
+    } catch (error) {
+      this.logger.error(`用户注册失败: ${registerRequest.username}`, error instanceof Error ? error.stack : String(error));
+      
+      return {
+        success: false,
+        message: error instanceof Error ? error.message : '注册失败',
+        error_code: 'REGISTER_FAILED'
+      };
+    }
+  }
+
+  /**
+   * GitHub OAuth登录
+   * 
+   * @param oauthRequest OAuth请求
+   * @returns 登录响应
+   */
+  async githubOAuth(oauthRequest: GitHubOAuthRequest): Promise<ApiResponse<LoginResponse>> {
+    try {
+      this.logger.log(`GitHub OAuth登录尝试: ${oauthRequest.github_id}`);
+
+      // 调用核心服务进行OAuth认证
+      const authResult = await this.loginCoreService.githubOAuth(oauthRequest);
+
+      // 生成访问令牌
+      const accessToken = this.generateAccessToken(authResult.user);
+
+      // 格式化响应数据
+      const response: LoginResponse = {
+        user: this.formatUserInfo(authResult.user),
+        access_token: accessToken,
+        is_new_user: authResult.isNewUser,
+        message: authResult.isNewUser ? 'GitHub账户绑定成功' : 'GitHub登录成功'
+      };
+
+      this.logger.log(`GitHub OAuth成功: ${authResult.user.username} (ID: ${authResult.user.id})`);
+
+      return {
+        success: true,
+        data: response,
+        message: response.message
+      };
+    } catch (error) {
+      this.logger.error(`GitHub OAuth失败: ${oauthRequest.github_id}`, error instanceof Error ? error.stack : String(error));
+      
+      return {
+        success: false,
+        message: error instanceof Error ? error.message : 'GitHub登录失败',
+        error_code: 'GITHUB_OAUTH_FAILED'
+      };
+    }
+  }
+
+  /**
+   * 发送密码重置验证码
+   * 
+   * @param identifier 邮箱或手机号
+   * @returns 响应结果
+   */
+  async sendPasswordResetCode(identifier: string): Promise<ApiResponse<{ verification_code?: string }>> {
+    try {
+      this.logger.log(`发送密码重置验证码: ${identifier}`);
+
+      // 调用核心服务发送验证码
+      const verificationCode = await this.loginCoreService.sendPasswordResetCode(identifier);
+
+      this.logger.log(`密码重置验证码已发送: ${identifier}`);
+
+      // 实际应用中不应返回验证码，这里仅用于演示
+      return {
+        success: true,
+        data: { verification_code: verificationCode },
+        message: '验证码已发送，请查收'
+      };
+    } catch (error) {
+      this.logger.error(`发送密码重置验证码失败: ${identifier}`, error instanceof Error ? error.stack : String(error));
+      
+      return {
+        success: false,
+        message: error instanceof Error ? error.message : '发送验证码失败',
+        error_code: 'SEND_CODE_FAILED'
+      };
+    }
+  }
+
+  /**
+   * 重置密码
+   * 
+   * @param resetRequest 重置请求
+   * @returns 响应结果
+   */
+  async resetPassword(resetRequest: PasswordResetRequest): Promise<ApiResponse> {
+    try {
+      this.logger.log(`密码重置尝试: ${resetRequest.identifier}`);
+
+      // 调用核心服务重置密码
+      await this.loginCoreService.resetPassword(resetRequest);
+
+      this.logger.log(`密码重置成功: ${resetRequest.identifier}`);
+
+      return {
+        success: true,
+        message: '密码重置成功'
+      };
+    } catch (error) {
+      this.logger.error(`密码重置失败: ${resetRequest.identifier}`, error instanceof Error ? error.stack : String(error));
+      
+      return {
+        success: false,
+        message: error instanceof Error ? error.message : '密码重置失败',
+        error_code: 'RESET_PASSWORD_FAILED'
+      };
+    }
+  }
+
+  /**
+   * 修改密码
+   * 
+   * @param userId 用户ID
+   * @param oldPassword 旧密码
+   * @param newPassword 新密码
+   * @returns 响应结果
+   */
+  async changePassword(userId: bigint, oldPassword: string, newPassword: string): Promise<ApiResponse> {
+    try {
+      this.logger.log(`修改密码尝试: 用户ID ${userId}`);
+
+      // 调用核心服务修改密码
+      await this.loginCoreService.changePassword(userId, oldPassword, newPassword);
+
+      this.logger.log(`修改密码成功: 用户ID ${userId}`);
+
+      return {
+        success: true,
+        message: '密码修改成功'
+      };
+    } catch (error) {
+      this.logger.error(`修改密码失败: 用户ID ${userId}`, error instanceof Error ? error.stack : String(error));
+      
+      return {
+        success: false,
+        message: error instanceof Error ? error.message : '密码修改失败',
+        error_code: 'CHANGE_PASSWORD_FAILED'
+      };
+    }
+  }
+
+  /**
+   * 格式化用户信息
+   * 
+   * @param user 用户实体
+   * @returns 格式化的用户信息
+   */
+  private formatUserInfo(user: Users) {
+    return {
+      id: user.id.toString(), // 将bigint转换为字符串
+      username: user.username,
+      nickname: user.nickname,
+      email: user.email,
+      phone: user.phone,
+      avatar_url: user.avatar_url,
+      role: user.role,
+      created_at: user.created_at
+    };
+  }
+
+  /**
+   * 生成访问令牌
+   * 
+   * @param user 用户信息
+   * @returns 访问令牌
+   */
+  private generateAccessToken(user: Users): string {
+    // 实际应用中应使用JWT库生成真正的JWT令牌
+    // 这里仅用于演示，生成一个简单的令牌
+    const payload = {
+      userId: user.id.toString(),
+      username: user.username,
+      role: user.role,
+      timestamp: Date.now()
+    };
+
+    // 简单的Base64编码（实际应用中应使用JWT）
+    return Buffer.from(JSON.stringify(payload)).toString('base64');
+  }
+}