OptimusX
/
OneAuth
mirror of https://github.com/veypi/OneAuth.git
3
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
v3
v2
v1.0.0
v0.1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ced7cc6a07'
${ noResults }
OneAuth/doc/integration.md

158 lines
3.6 KiB
Markdown
Raw Normal View History Unescape Escape

update perm
1 week ago
# VBase 集成指南
## 1. 引入路由
```go
import "github.com/veypi/vbase/api"
func main() {
// 挂载 vbase 路由到 /api/v1/vb
rootRouter.Extend("/api/v1/vb", api.Router)
}
```
## 2. 集成配置
配置自动从 vigo 的 config.toml 读取:
```toml
[vbase]
jwt_secret = "your-secret-key"
jwt_expire = 7200 # token 过期时间(秒)
refresh_expire = 604800 # refresh token 过期时间(秒)
bcrypt_cost = 10 # 密码加密强度
[vbase.redis]
addr = "localhost:6379" # 留空或填 memory 使用内存缓存
password = ""
db = 0
```
或在代码中自定义:
```go
import "github.com/veypi/vbase/cfg"
cfg.Config.JWTSecret = "your-secret"
cfg.Config.JWTExpire = 7200
```
## 3. 配置策略
创建组织时自动初始化默认策略:
```go
import "github.com/veypi/vbase/api/middleware"
// 创建组织后调用
middleware.InitOrgPolicies(orgID)
```
默认创建的策略:
| 策略 | 资源 | 操作 | 条件 | 说明 |
|------|------|------|------|------|
| policy:manage | policy | * | admin | 管理策略 |
| role:manage | role | * | admin | 管理角色 |
| user:update | user | update | owner | 只能改自己 |
自定义策略:
```go
import "github.com/veypi/vbase/models"
policy := &models.Policy{
Code: "project:delete",
Name: "删除项目",
Resource: "project",
Action: "delete",
Effect: models.PolicyEffectAllow,
Condition: "owner", // 只有所有者能删
Scope: models.PolicyScopeOrg,
}
cfg.DB().Create(policy)
```
## 4. 使用鉴权
### 4.1 全局中间件(已内置)
```go
// api/init.go 已自动配置:
Router.Use(middleware.AuthRequired()) // JWT 认证
Router.Use(middleware.OrgContext()) // 组织上下文
```
### 4.2 公开接口(跳过认证)
```go
Router.Get("/public", vigo.SkipBefore, "公开接口", handler)
```
### 4.3 接口级权限控制
```go
import "github.com/veypi/vbase/api/middleware"
// 需要管理员权限
Router.Post("/users", middleware.RequireAdmin(), "创建用户", createUser)
// 基于 Policy 的细粒度控制
Router.Post("/projects", middleware.Permission("project", "create"), "创建项目", createProject)
// 带所有者检查(用户只能改自己的数据)
Router.Patch("/users/{id}", middleware.PermissionWithOwner("user", "update", "owner_id"), "更新用户", updateUser)
// 管理员或所有者
Router.Delete("/projects/{id}", middleware.AdminOrOwner("owner_id"), "删除项目", deleteProject)
```
### 4.4 代码中手动检查
```go
func myHandler(x *vigo.X, req *Req) error {
checker := middleware.NewChecker(x)
// 检查是否为管理员
if !checker.IsOrgAdmin() {
return vigo.ErrForbidden
}
// 检查具体权限
if err := checker.RequirePermission("resource", "write"); err != nil {
return err
}
return nil
}
```
## 5. 完整示例
```go
package main
import (
"github.com/veypi/vbase/api"
"github.com/veypi/vbase/api/middleware"
"github.com/veypi/vigo"
)
func main() {
r := vigo.NewRouter()
// 1. 挂载 vbase
r.Extend("/api/vb", api.Router)
// 2. 业务路由加权限
project := r.SubRouter("/projects")
project.Use(middleware.AuthRequired())
project.Get("/", middleware.Permission("project", "list"), "项目列表", listProjects)
project.Post("/", middleware.Permission("project", "create"), "创建项目", createProject)
project.Patch("/{id}", middleware.PermissionWithOwner("project", "update", "owner_id"), "更新项目", updateProject)
project.Delete("/{id}", middleware.AdminOrOwner("owner_id"), "删除项目", deleteProject)
vigo.Run(r)
}
```