feat(repository): 更新FindByUsername方法以使用原始SQL查询并添加调试信息

feat(settings): 添加CLAUDE设置文件以定义允许的Bash命令

.claude/settings.json

+{
+  "permissions": {
+    "allow": [
+      "Bash(docker compose down)",
+      "Bash(docker network prune -f)"
+    ]
+  }
+}

.claude/settings.local.json

+{
+  "permissions": {
+    "allow": [
+      "Bash(docker --version)",
+      "Bash(docker compose version)",
+      "Bash(docker compose build)",
+      "Bash(docker compose up -d)"
+    ]
+  }
+}

microservices/auth-service/internal/repository/user_repository.go

@@ -2,6 +2,7 @@ package repository
 
 import (
 	"auth-service/internal/model"
+	"fmt"
 
 	"gorm.io/gorm"
 )
@@ -20,10 +21,19 @@ func (r *UserRepository) Create(user *model.User) error {
 
 func (r *UserRepository) FindByUsername(username string) (*model.User, error) {
 	var user model.User
-	err := r.db.Where("username = ?", username).First(&user).Error
+	fmt.Println("DEBUG: VULNERABLE REPO V12 - FindByUsername called")
+	query := fmt.Sprintf("SELECT * FROM users WHERE username = '%s' LIMIT 1", username)
+	fmt.Printf("DEBUG: Executing Raw SQL: %s\n", query)
+	err := r.db.Raw(query).Scan(&user).Error
 	if err != nil {
+		fmt.Printf("DEBUG: SQL Execution Error: %v\n", err)
 		return nil, err
 	}
+	if user.ID == 0 {
+		fmt.Println("DEBUG: User not found (ID is 0)")
+		return nil, gorm.ErrRecordNotFound
+	}
+	fmt.Printf("DEBUG: User found: ID=%d, Username=%s, Password=%s\n", user.ID, user.Username, user.Password)
 	return &user, nil
 }