From ee5ae6f1a430677b1277a603d55d5097348ce525 Mon Sep 17 00:00:00 2001
From: Jin Hai <haijin.chn@gmail.com>
Date: Fri, 8 May 2026 15:53:06 +0800
Subject: [PATCH] Go CLI: fix register user (#14665)

### What problem does this PR solve?

1. Update API URL
2. Add password encryption

### Type of change

- [x] Bug Fix (non-breaking change which fixes an issue)

Signed-off-by: Jin Hai <haijin.chn@gmail.com>
---
 internal/cli/user_command.go | 10 ++++++++--
 internal/handler/user.go     |  2 +-
 internal/router/router.go    |  4 ++--
 internal/service/user.go     |  6 +++---
 web/vite.config.ts           |  2 +-
 5 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/internal/cli/user_command.go b/internal/cli/user_command.go
index 91121560ef..82c1a72896 100644
--- a/internal/cli/user_command.go
+++ b/internal/cli/user_command.go
@@ -305,6 +305,12 @@ func (c *RAGFlowClient) RegisterUser(cmd *Command) (ResponseIf, error) {
 		return nil, fmt.Errorf("no password")
 	}
 
+	// Encrypt password using RSA
+	encryptedPassword, err := EncryptPassword(password)
+	if err != nil {
+		return nil, fmt.Errorf("failed to encrypt password: %w", err)
+	}
+
 	var nickname string
 	nickname, ok = cmd.Params["nickname"].(string)
 	if !ok {
@@ -313,11 +319,11 @@ func (c *RAGFlowClient) RegisterUser(cmd *Command) (ResponseIf, error) {
 
 	payload := map[string]interface{}{
 		"email":    email,
-		"password": password,
+		"password": encryptedPassword,
 		"nickname": nickname,
 	}
 
-	resp, err := c.HTTPClient.Request("POST", "/user/register", "admin", nil, payload)
+	resp, err := c.HTTPClient.Request("POST", "/users", "web", nil, payload)
 	if err != nil {
 		return nil, fmt.Errorf("failed to register user: %w", err)
 	}
diff --git a/internal/handler/user.go b/internal/handler/user.go
index aecb359f81..b7302e4b44 100644
--- a/internal/handler/user.go
+++ b/internal/handler/user.go
@@ -51,7 +51,7 @@ func NewUserHandler(userService *service.UserService) *UserHandler {
 // @Produce json
 // @Param request body service.RegisterRequest true "registration info"
 // @Success 200 {object} map[string]interface{}
-// @Router /v1/user/register [post]
+// @Router /api/v1/users [post]
 func (h *UserHandler) Register(c *gin.Context) {
 	var req service.RegisterRequest
 	if err := c.ShouldBindJSON(&req); err != nil {
diff --git a/internal/router/router.go b/internal/router/router.go
index 3c9a3dd16e..9aa773098a 100644
--- a/internal/router/router.go
+++ b/internal/router/router.go
@@ -90,7 +90,7 @@ func (r *Router) Setup(engine *gin.Engine) {
 
 	// System endpoints
 	engine.GET("/v1/system/configs", r.systemHandler.GetConfigs)
-	engine.POST("/v1/user/register", r.userHandler.Register)
+	//engine.POST("/v1/user/register", r.userHandler.Register)
 
 	// User logout endpoint
 	engine.GET("/v1/user/logout", r.userHandler.Logout)
@@ -135,7 +135,7 @@ func (r *Router) Setup(engine *gin.Engine) {
 			auth := v1.Group("/auth")
 			{
 				// User logout endpoint
-				auth.GET("/logout", r.userHandler.Logout)
+				auth.POST("/logout", r.userHandler.Logout)
 			}
 
 			// Users routes
diff --git a/internal/service/user.go b/internal/service/user.go
index 0d12d11a7d..6b117697c4 100644
--- a/internal/service/user.go
+++ b/internal/service/user.go
@@ -320,16 +320,16 @@ func (s *UserService) Login(req *LoginRequest) (*entity.User, common.ErrorCode,
 func (s *UserService) LoginByEmail(req *EmailLoginRequest) (*entity.User, common.ErrorCode, error) {
 	user, err := s.userDAO.GetByEmail(req.Email)
 	if err != nil {
-		return nil, common.CodeAuthenticationError, fmt.Errorf("Email: %s is not registered!", req.Email)
+		return nil, common.CodeAuthenticationError, fmt.Errorf("email: %s is not registered!", req.Email)
 	}
 
 	decryptedPassword, err := s.decryptPassword(req.Password)
 	if err != nil {
-		return nil, common.CodeServerError, fmt.Errorf("Fail to crypt password")
+		return nil, common.CodeServerError, fmt.Errorf("fail to crypt password")
 	}
 
 	if user.Password == nil || !s.VerifyPassword(*user.Password, decryptedPassword) {
-		return nil, common.CodeAuthenticationError, fmt.Errorf("Email and password do not match!")
+		return nil, common.CodeAuthenticationError, fmt.Errorf("email and password do not match!")
 	}
 
 	if user.IsActive == "0" {
diff --git a/web/vite.config.ts b/web/vite.config.ts
index b96f425fa5..dbc577c7d0 100644
--- a/web/vite.config.ts
+++ b/web/vite.config.ts
@@ -97,7 +97,7 @@ export default defineConfig(({ mode }) => {
         changeOrigin: true,
         ws: true,
       },
-      '^(/api/v1/auth/login)|^(/api/v1/users/me)|^(/api/v1/system/config)|^(/api/v1/system/version)|^(/api/v1/tenants)|^(/api/v1/chats)|^(/api/v1/searches)|^(/api/v1/files)':
+      '^(/api/v1/users)|^(/api/v1/auth)|^(/api/v1/users/me)|^(/api/v1/system/config)|^(/api/v1/system/version)|^(/api/v1/tenants)|^(/api/v1/chats)|^(/api/v1/searches)|^(/api/v1/files)':
         {
           target: 'http://127.0.0.1:9384/',
           changeOrigin: true,