diff --git a/api/oauth/init.go b/api/oauth/init.go index 3985119..8108716 100644 --- a/api/oauth/init.go +++ b/api/oauth/init.go @@ -22,11 +22,11 @@ func init() { // === OAuth 客户端管理(需要认证)=== clientRouter := Router.SubRouter("/clients") - clientRouter.Get("/", "OAuth客户端列表", auth.VBaseAuth.PermRead("oauth-client"), listClients) + clientRouter.Get("/", "OAuth客户端列表", auth.VBaseAuth.PermRead("oauth-client:*"), listClients) clientRouter.Post("/", "创建OAuth客户端", auth.VBaseAuth.PermCreate("oauth-client"), createClient) - clientRouter.Get("/{client_id}", "获取客户端详情", auth.VBaseAuth.PermRead("oauth-client"), getClient) - clientRouter.Patch("/{client_id}", "更新OAuth客户端", auth.VBaseAuth.PermWrite("oauth-client"), updateClient) - clientRouter.Delete("/{client_id}", "删除OAuth客户端", auth.VBaseAuth.PermWrite("oauth-client"), deleteClient) + clientRouter.Get("/{client_id}", "获取客户端详情", auth.VBaseAuth.PermRead("oauth-client:*"), getClient) + clientRouter.Patch("/{client_id}", "更新OAuth客户端", auth.VBaseAuth.PermWrite("oauth-client:*"), updateClient) + clientRouter.Delete("/{client_id}", "删除OAuth客户端", auth.VBaseAuth.PermWrite("oauth-client:*"), deleteClient) // === OAuth 提供商管理 === Router.Extend("/providers", providers.Router) diff --git a/api/oauth/providers/init.go b/api/oauth/providers/init.go index 1baa045..828ea81 100644 --- a/api/oauth/providers/init.go +++ b/api/oauth/providers/init.go @@ -7,6 +7,7 @@ package providers import ( + "github.com/veypi/vbase/auth" "github.com/veypi/vigo" ) @@ -14,15 +15,15 @@ var Router = vigo.NewRouter() func init() { // 获取所有提供商(包括禁用的,管理员用) - Router.Get("/", "获取 OAuth 提供商列表", list) + Router.Get("/", "获取 OAuth 提供商列表", auth.VBaseAuth.PermRead("oauth-provider:*"), list) // 获取单个提供商详情 - Router.Get("/{code}", "获取 OAuth 提供商详情", get) + Router.Get("/{code}", "获取 OAuth 提供商详情", auth.VBaseAuth.PermRead("oauth-provider:*"), get) // 创建新提供商 - Router.Post("/", "创建 OAuth 提供商", create) + Router.Post("/", "创建 OAuth 提供商", auth.VBaseAuth.PermCreate("oauth-provider"), create) // 更新提供商 - Router.Patch("/{code}", "更新 OAuth 提供商", update) + Router.Patch("/{code}", "更新 OAuth 提供商", auth.VBaseAuth.PermWrite("oauth-provider:*"), update) // 删除提供商(仅非内置) - Router.Delete("/{code}", "删除 OAuth 提供商", del) + Router.Delete("/{code}", "删除 OAuth 提供商", auth.VBaseAuth.PermWrite("oauth-provider:*"), del) // 获取内置模板 - Router.Get("/templates", "获取内置 OAuth 模板", templates) + Router.Get("/templates", "获取内置 OAuth 模板", auth.VBaseAuth.PermRead("oauth-provider:*"), templates) } diff --git a/api/role/init.go b/api/role/init.go index 12c39a3..71eba71 100644 --- a/api/role/init.go +++ b/api/role/init.go @@ -8,11 +8,11 @@ import ( var Router = vigo.NewRouter() func init() { - Router.Get("/", "List Roles", auth.VBaseAuth.PermRead("role"), list) - Router.Get("/{id}", "Get Role Detail", auth.VBaseAuth.PermRead("role"), get) + Router.Get("/", "List Roles", auth.VBaseAuth.PermRead("role:*"), list) + Router.Get("/{id}", "Get Role Detail", auth.VBaseAuth.PermRead("role:*"), get) Router.Post("/", "Create Role", auth.VBaseAuth.PermCreate("role"), create) - Router.Patch("/{id}", "Update Role", auth.VBaseAuth.PermWrite("role"), patch) - Router.Delete("/{id}", "Delete Role", auth.VBaseAuth.PermWrite("role"), del) - Router.Get("/{id}/permissions", "Get Role Permissions", auth.VBaseAuth.PermRead("role"), getPermissions) - Router.Put("/{id}/permissions", "Update Role Permissions", auth.VBaseAuth.PermWrite("role"), updatePermissions) + Router.Patch("/{id}", "Update Role", auth.VBaseAuth.PermWrite("role:*"), patch) + Router.Delete("/{id}", "Delete Role", auth.VBaseAuth.PermWrite("role:*"), del) + Router.Get("/{id}/permissions", "Get Role Permissions", auth.VBaseAuth.PermRead("role:*"), getPermissions) + Router.Put("/{id}/permissions", "Update Role Permissions", auth.VBaseAuth.PermWrite("role:*"), updatePermissions) } diff --git a/api/role/list.go b/api/role/list.go index 4d8733c..bd8cfe7 100644 --- a/api/role/list.go +++ b/api/role/list.go @@ -9,7 +9,7 @@ import ( type ListReq struct { Page int `json:"page" src:"query" default:"1"` PageSize int `json:"page_size" src:"query" default:"20"` - Scope string `json:"scope" src:"query" desc:"Scope"` + Scope *string `json:"scope" src:"query" desc:"Scope"` Keyword *string `json:"keyword" src:"query" desc:"Search Keyword"` } @@ -24,8 +24,8 @@ type ListResp struct { func list(x *vigo.X, req *ListReq) (*ListResp, error) { db := cfg.DB().Model(&models.Role{}) - if req.Scope != "" { - db = db.Where("scope = ?", req.Scope) + if req.Scope != nil && *req.Scope != "" { + db = db.Where("scope = ?", *req.Scope) } if req.Keyword != nil && *req.Keyword != "" { diff --git a/api/settings/init.go b/api/settings/init.go index 507eee4..e0071bf 100644 --- a/api/settings/init.go +++ b/api/settings/init.go @@ -16,7 +16,7 @@ var Router = vigo.NewRouter() func init() { // 获取设置列表(支持按分类过滤) // 只有拥有所有权限的可以修改配置表 - Router.Get("/", "获取设置列表", auth.VBaseAuth.PermRead("setting"), list) + Router.Get("/", "获取设置列表", auth.VBaseAuth.PermRead("setting:*"), list) // 批量更新设置 - Router.Put("/", "批量更新设置", auth.VBaseAuth.PermWrite("setting"), update) + Router.Put("/", "批量更新设置", auth.VBaseAuth.PermWrite("setting:*"), update) } diff --git a/api/user/init.go b/api/user/init.go index 2915c06..5637ed0 100644 --- a/api/user/init.go +++ b/api/user/init.go @@ -15,15 +15,15 @@ var Router = vigo.NewRouter() func init() { // 管理员 管理用户权限 (所有接口需要 user:admin 权限) - Router.Get("/", "用户列表", auth.VBaseAuth.PermRead("user"), list) + Router.Get("/", "用户列表", auth.VBaseAuth.PermRead("user:*"), list) Router.Post("/", "创建用户", auth.VBaseAuth.PermCreate("user"), create) - Router.Get("/{user_id}", "获取用户详情", auth.VBaseAuth.PermRead("user"), get) - Router.Patch("/{user_id}", "更新用户", auth.VBaseAuth.PermWrite("user"), patch) - Router.Delete("/{user_id}", "删除用户", auth.VBaseAuth.PermWrite("user"), del) - Router.Patch("/{user_id}/status", "更新用户状态", auth.VBaseAuth.PermWrite("user"), updateStatus) + Router.Get("/{user_id}", "获取用户详情", auth.VBaseAuth.PermRead("user:*"), get) + Router.Patch("/{user_id}", "更新用户", auth.VBaseAuth.PermWrite("user:*"), patch) + Router.Delete("/{user_id}", "删除用户", auth.VBaseAuth.PermWrite("user:*"), del) + Router.Patch("/{user_id}/status", "更新用户状态", auth.VBaseAuth.PermWrite("user:*"), updateStatus) - Router.Get("/{user_id}/roles", "Get User Roles", auth.VBaseAuth.PermRead("user"), getRoles) - Router.Put("/{user_id}/roles", "Update User Roles", auth.VBaseAuth.PermWrite("user"), updateRoles) - Router.Get("/{user_id}/permissions", "Get User Permissions", auth.VBaseAuth.PermRead("user"), getPermissions) - Router.Put("/{user_id}/permissions", "Update User Permissions", auth.VBaseAuth.PermWrite("user"), updatePermissions) + Router.Get("/{user_id}/roles", "Get User Roles", auth.VBaseAuth.PermRead("user:*"), getRoles) + Router.Put("/{user_id}/roles", "Update User Roles", auth.VBaseAuth.PermWrite("user:*"), updateRoles) + Router.Get("/{user_id}/permissions", "Get User Permissions", auth.VBaseAuth.PermRead("user:*"), getPermissions) + Router.Put("/{user_id}/permissions", "Update User Permissions", auth.VBaseAuth.PermWrite("user:*"), updatePermissions) } diff --git a/init.go b/init.go index 4c8ee98..6aae945 100644 --- a/init.go +++ b/init.go @@ -24,6 +24,8 @@ var ( Config = cfg.Global ) +type Options = cfg.Options + func Init() error { return models.Migrate() } diff --git a/libs/cache/cache.go b/libs/cache/cache.go index 5fc9387..93d1551 100644 --- a/libs/cache/cache.go +++ b/libs/cache/cache.go @@ -181,102 +181,13 @@ func SetNX(key string, value interface{}, expiration time.Duration) (bool, error return Client.SetNX(Ctx, key, value, expiration).Result() } -// ==================== 权限缓存相关 ==================== - -// PermKey 生成权限缓存key -func PermKey(userID, orgID, resource, action string) string { - if orgID == "" { - return fmt.Sprintf("perm:%s:%s:%s", userID, resource, action) - } - return fmt.Sprintf("perm:%s:%s:%s:%s", userID, orgID, resource, action) -} - -// SetPermission 缓存权限结果 -func SetPermission(userID, orgID, resource, action string, allowed bool, expiration time.Duration) error { - key := PermKey(userID, orgID, resource, action) - value := "deny" - if allowed { - value = "allow" - } - return Set(key, value, expiration) -} - -// GetPermission 获取缓存的权限结果 -func GetPermission(userID, orgID, resource, action string) (allowed bool, cached bool, err error) { - key := PermKey(userID, orgID, resource, action) - value, err := Get(key) - if err != nil { - if err == redis.Nil { - return false, false, nil - } - return false, false, err - } - return value == "allow", true, nil -} - -// DeletePermission 删除权限缓存 -func DeletePermission(userID, orgID, resource, action string) error { - key := PermKey(userID, orgID, resource, action) - return Delete(key) -} - -// DeleteUserPermissions 删除用户的所有权限缓存 -func DeleteUserPermissions(userID string) error { - if !IsEnabled() { - return nil - } - pattern := fmt.Sprintf("perm:%s:*", userID) - return deleteByPattern(pattern) -} - -// DeleteOrgPermissions 删除组织的所有权限缓存 -func DeleteOrgPermissions(orgID string) error { - if !IsEnabled() { - return nil - } - pattern := fmt.Sprintf("perm:*:%s:*", orgID) - return deleteByPattern(pattern) -} - -// deleteByPattern 根据pattern删除key -func deleteByPattern(pattern string) error { - iter := Client.Scan(Ctx, 0, pattern, 0).Iterator() - var keys []string - for iter.Next(Ctx) { - keys = append(keys, iter.Val()) - if len(keys) >= 100 { - if err := Delete(keys...); err != nil { - return err - } - keys = keys[:0] - } - } - if err := iter.Err(); err != nil { - return err - } - if len(keys) > 0 { - return Delete(keys...) - } - return nil -} - -// ==================== 用户/组织缓存 ==================== +// ==================== 用户缓存 ==================== // UserKey 用户缓存key func UserKey(userID string) string { return fmt.Sprintf("user:%s", userID) } -// OrgKey 组织缓存key -func OrgKey(orgID string) string { - return fmt.Sprintf("org:%s", orgID) -} - -// OrgMemberKey 组织成员缓存key -func OrgMemberKey(orgID, userID string) string { - return fmt.Sprintf("org:%s:member:%s", orgID, userID) -} - // ==================== Token黑名单 ==================== // TokenBlacklistKey Token黑名单key