add check perm cache

auth/auth.go

@@ -14,6 +14,7 @@ import (
 	"time"
 
 	"github.com/veypi/vbase/cfg"
+	"github.com/veypi/vbase/libs/cache"
 	"github.com/veypi/vbase/models"
 	"github.com/veypi/vigo"
 )
@@ -459,7 +460,11 @@ func (a *appAuth) GrantRole(ctx context.Context, userID, orgID, roleCode string)
 		ExpireAt: nil, // 默认不过期
 	}
 
-	return cfg.DB().Create(&userRole).Error
+	if err := cfg.DB().Create(&userRole).Error; err != nil {
+		return err
+	}
+	incUserPermVersion(userID)
+	return nil
 }
 
 func (a *appAuth) RevokeRole(ctx context.Context, userID, orgID, roleCode string) error {
@@ -483,8 +488,12 @@ func (a *appAuth) RevokeRole(ctx context.Context, userID, orgID, roleCode string
 		}
 	}
 
-	return cfg.DB().Where("user_id = ? AND org_id = ? AND role_id = ?", userID, orgID, role.ID).
-		Delete(&models.UserRole{}).Error
+	if err := cfg.DB().Where("user_id = ? AND org_id = ? AND role_id = ?", userID, orgID, role.ID).
+		Delete(&models.UserRole{}).Error; err != nil {
+		return err
+	}
+	incUserPermVersion(userID)
+	return nil
 }
 
 func (a *appAuth) GrantResourcePerm(ctx context.Context, userID, orgID, permissionID, resourceID string) error {
@@ -517,16 +526,24 @@ func (a *appAuth) GrantResourcePerm(ctx context.Context, userID, orgID, permissi
 		GrantedBy:    "",  // 默认空
 	}
 
-	return cfg.DB().Create(&userPerm).Error
+	if err := cfg.DB().Create(&userPerm).Error; err != nil {
+		return err
+	}
+	incUserPermVersion(userID)
+	return nil
 }
 
 func (a *appAuth) RevokeResourcePerm(ctx context.Context, userID, orgID, permissionID, resourceID string) error {
 	if strings.Count(permissionID, ":") == 1 {
 		permissionID = fmt.Sprintf("%s:%s", a.appKey, permissionID)
 	}
-	return cfg.DB().Where("user_id = ? AND org_id = ? AND permission_id = ? AND resource_id = ?",
+	if err := cfg.DB().Where("user_id = ? AND org_id = ? AND permission_id = ? AND resource_id = ?",
 		userID, orgID, permissionID, resourceID).
-		Delete(&models.UserPermission{}).Error
+		Delete(&models.UserPermission{}).Error; err != nil {
+		return err
+	}
+	incUserPermVersion(userID)
+	return nil
 }
 
 func (a *appAuth) RevokeAll(ctx context.Context, userID, orgID string) error {
@@ -542,6 +559,7 @@ func (a *appAuth) RevokeAll(ctx context.Context, userID, orgID string) error {
 		return err
 	}
 
+	incUserPermVersion(userID)
 	return nil
 }
 
@@ -552,6 +570,34 @@ func (a *appAuth) CheckPermission(ctx context.Context, userID, orgID, permission
 		permissionID = fmt.Sprintf("%s:%s", a.appKey, permissionID)
 	}
 
+	// Check cache
+	var cacheKey string
+	if cache.IsEnabled() {
+		ver := getUserPermVersion(userID)
+		cacheKey = fmt.Sprintf("auth:check:%s:%s:%s:%s:%s", userID, ver, orgID, permissionID, resourceID)
+		if val, err := cache.Get(cacheKey); err == nil {
+			return val == "1", nil
+		}
+	}
+
+	result, err := a.checkPermissionDB(ctx, userID, orgID, permissionID, resourceID)
+	if err != nil {
+		return false, err
+	}
+
+	// Cache result
+	if cache.IsEnabled() {
+		val := "0"
+		if result {
+			val = "1"
+		}
+		cache.Set(cacheKey, val, 5*time.Minute)
+	}
+
+	return result, nil
+}
+
+func (a *appAuth) checkPermissionDB(ctx context.Context, userID, orgID, permissionID, resourceID string) (bool, error) {
 	fmt.Printf("[DEBUG] CheckPermission: userID=%s, orgID=%s, permID=%s, resID=%s\n", userID, orgID, permissionID, resourceID)
 
 	// 1. 检查用户是否有该权限的角色（包括当前组织角色和系统全局角色）
@@ -737,3 +783,25 @@ func getOrgID(x *vigo.X) string {
 	}
 	return ""
 }
+
+// ========== Cache Helpers ==========
+
+func getUserPermVersion(userID string) string {
+	if !cache.IsEnabled() {
+		return "0"
+	}
+	key := fmt.Sprintf("auth:user_ver:%s", userID)
+	ver, err := cache.Client.Get(cache.Ctx, key).Result()
+	if err != nil {
+		return "0"
+	}
+	return ver
+}
+
+func incUserPermVersion(userID string) {
+	if !cache.IsEnabled() {
+		return
+	}
+	key := fmt.Sprintf("auth:user_ver:%s", userID)
+	cache.Client.Incr(cache.Ctx, key)
+}