删除服务端材质渲染功能及system_config表，转为环境变量配置，初步配置管理员功能

2025-12-08 19:12:30 +08:00
parent 399e6f096f
commit 9b0a60033e
37 changed files with 1135 additions and 3913 deletions
--- a/pkg/auth/casbin.go
+++ b/pkg/auth/casbin.go
@@ -0,0 +1,124 @@
+package auth
+
+import (
+	"fmt"
+	"sync"
+
+	"github.com/casbin/casbin/v2"
+	gormadapter "github.com/casbin/gorm-adapter/v3"
+	"go.uber.org/zap"
+	"gorm.io/gorm"
+)
+
+// CasbinService Casbin权限服务
+type CasbinService struct {
+	enforcer *casbin.Enforcer
+	logger   *zap.Logger
+	mu       sync.RWMutex
+}
+
+// NewCasbinService 创建Casbin服务
+func NewCasbinService(db *gorm.DB, modelPath string, logger *zap.Logger) (*CasbinService, error) {
+	// 使用Gorm适配器，自动使用casbin_rule表
+	adapter, err := gormadapter.NewAdapterByDBUseTableName(db, "", "casbin_rule")
+	if err != nil {
+		return nil, fmt.Errorf("创建Casbin适配器失败: %w", err)
+	}
+
+	// 创建Enforcer
+	enforcer, err := casbin.NewEnforcer(modelPath, adapter)
+	if err != nil {
+		return nil, fmt.Errorf("创建Casbin执行器失败: %w", err)
+	}
+
+	// 加载策略
+	if err := enforcer.LoadPolicy(); err != nil {
+		return nil, fmt.Errorf("加载Casbin策略失败: %w", err)
+	}
+
+	logger.Info("Casbin权限服务初始化成功")
+
+	return &CasbinService{
+		enforcer: enforcer,
+		logger:   logger,
+	}, nil
+}
+
+// Enforce 检查权限
+// sub: 主体(用户角色), obj: 资源, act: 操作
+func (s *CasbinService) Enforce(sub, obj, act string) (bool, error) {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+
+	return s.enforcer.Enforce(sub, obj, act)
+}
+
+// CheckPermission 检查用户权限（便捷方法）
+func (s *CasbinService) CheckPermission(role, resource, action string) bool {
+	allowed, err := s.Enforce(role, resource, action)
+	if err != nil {
+		s.logger.Error("权限检查失败",
+			zap.String("role", role),
+			zap.String("resource", resource),
+			zap.String("action", action),
+			zap.Error(err),
+		)
+		return false
+	}
+	return allowed
+}
+
+// AddPolicy 添加策略
+func (s *CasbinService) AddPolicy(sub, obj, act string) (bool, error) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	return s.enforcer.AddPolicy(sub, obj, act)
+}
+
+// RemovePolicy 移除策略
+func (s *CasbinService) RemovePolicy(sub, obj, act string) (bool, error) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	return s.enforcer.RemovePolicy(sub, obj, act)
+}
+
+// AddRoleForUser 为用户添加角色
+func (s *CasbinService) AddRoleForUser(user, role string) (bool, error) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	return s.enforcer.AddRoleForUser(user, role)
+}
+
+// GetRolesForUser 获取用户的角色
+func (s *CasbinService) GetRolesForUser(user string) []string {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+
+	roles, _ := s.enforcer.GetRolesForUser(user)
+	return roles
+}
+
+// GetPermissionsForRole 获取角色的所有权限
+func (s *CasbinService) GetPermissionsForRole(role string) [][]string {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+
+	perms, _ := s.enforcer.GetPermissionsForUser(role)
+	return perms
+}
+
+// ReloadPolicy 重新加载策略
+func (s *CasbinService) ReloadPolicy() error {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	return s.enforcer.LoadPolicy()
+}
+
+// GetEnforcer 获取原始Enforcer（用于高级操作）
+func (s *CasbinService) GetEnforcer() *casbin.Enforcer {
+	return s.enforcer
+}
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -14,6 +14,7 @@ import (
 // Config 应用配置结构体
 type Config struct {
 	Environment string         `mapstructure:"environment"`
+	Site        SiteConfig     `mapstructure:"site"`
 	Server      ServerConfig   `mapstructure:"server"`
 	Database    DatabaseConfig `mapstructure:"database"`
 	Redis       RedisConfig    `mapstructure:"redis"`
@@ -25,6 +26,18 @@ type Config struct {
 	Security    SecurityConfig `mapstructure:"security"`
 }

+// SiteConfig 站点配置
+type SiteConfig struct {
+	Name                  string `mapstructure:"name"`
+	Description           string `mapstructure:"description"`
+	RegistrationEnabled   bool   `mapstructure:"registration_enabled"`
+	DefaultAvatar         string `mapstructure:"default_avatar"`
+	MaxTexturesPerUser    int    `mapstructure:"max_textures_per_user"`
+	MaxProfilesPerUser    int    `mapstructure:"max_profiles_per_user"`
+	CheckinReward         int    `mapstructure:"checkin_reward"`
+	TextureDownloadReward int    `mapstructure:"texture_download_reward"`
+}
+
 // ServerConfig 服务器配置
 type ServerConfig struct {
 	Port         string        `mapstructure:"port"`
@@ -201,6 +214,16 @@ func setDefaults() {
 	// 安全默认配置
 	viper.SetDefault("security.allowed_origins", []string{"*"})
 	viper.SetDefault("security.allowed_domains", []string{"localhost", "127.0.0.1"})
+
+	// 站点默认配置
+	viper.SetDefault("site.name", "CarrotSkin")
+	viper.SetDefault("site.description", "一个优秀的Minecraft皮肤站")
+	viper.SetDefault("site.registration_enabled", true)
+	viper.SetDefault("site.default_avatar", "")
+	viper.SetDefault("site.max_textures_per_user", 50)
+	viper.SetDefault("site.max_profiles_per_user", 5)
+	viper.SetDefault("site.checkin_reward", 10)
+	viper.SetDefault("site.texture_download_reward", 1)
 }

 // setupEnvMappings 设置环境变量映射
@@ -262,6 +285,16 @@ func setupEnvMappings() {
 	viper.BindEnv("email.username", "EMAIL_USERNAME")
 	viper.BindEnv("email.password", "EMAIL_PASSWORD")
 	viper.BindEnv("email.from_name", "EMAIL_FROM_NAME")
+
+	// 站点配置
+	viper.BindEnv("site.name", "SITE_NAME")
+	viper.BindEnv("site.description", "SITE_DESCRIPTION")
+	viper.BindEnv("site.registration_enabled", "REGISTRATION_ENABLED")
+	viper.BindEnv("site.default_avatar", "DEFAULT_AVATAR")
+	viper.BindEnv("site.max_textures_per_user", "MAX_TEXTURES_PER_USER")
+	viper.BindEnv("site.max_profiles_per_user", "MAX_PROFILES_PER_USER")
+	viper.BindEnv("site.checkin_reward", "CHECKIN_REWARD")
+	viper.BindEnv("site.texture_download_reward", "TEXTURE_DOWNLOAD_REWARD")
 }

 // overrideFromEnv 从环境变量中覆盖配置
--- a/pkg/database/cache.go
+++ b/pkg/database/cache.go
@@ -306,11 +306,6 @@ func (b *CacheKeyBuilder) TextureList(userID int64, page int) string {
 	return fmt.Sprintf("%stexture:user:%d:page:%d", b.prefix, userID, page)
 }

-// TextureRender 构建材质渲染缓存键
-func (b *CacheKeyBuilder) TextureRender(textureID int64, renderType string, size int) string {
-	return fmt.Sprintf("%stexture:render:%d:%s:%d", b.prefix, textureID, renderType, size)
-}
-
 // Token 构建令牌缓存键
 func (b *CacheKeyBuilder) Token(accessToken string) string {
 	return fmt.Sprintf("%stoken:%s", b.prefix, accessToken)
--- a/pkg/database/manager.go
+++ b/pkg/database/manager.go
@@ -81,9 +81,6 @@ func AutoMigrate(logger *zap.Logger) error {
 		// Yggdrasil相关表（在User之后创建，因为它引用User）
 		&model.Yggdrasil{},

-		// 系统配置表
-		&model.SystemConfig{},
-
 		// 审计日志表
 		&model.AuditLog{},

--- a/pkg/database/seed.go
+++ b/pkg/database/seed.go
@@ -12,36 +12,41 @@ import (
 const (
 	defaultAdminUsername = "admin"
 	defaultAdminEmail    = "admin@example.com"
-	defaultAdminPassword = "admin123456" // 首次登录后请立即修改
+	defaultAdminPassword = "admin123456" // 首次登录后请立即修改，部署到生产环境后删除
 )

-// defaultSystemConfigs 默认系统配置
-var defaultSystemConfigs = []model.SystemConfig{
-	{Key: "site_name", Value: "CarrotSkin", Description: "网站名称", Type: model.ConfigTypeString, IsPublic: true},
-	{Key: "site_description", Value: "一个优秀的Minecraft皮肤站", Description: "网站描述", Type: model.ConfigTypeString, IsPublic: true},
-	{Key: "registration_enabled", Value: "true", Description: "是否允许用户注册", Type: model.ConfigTypeBoolean, IsPublic: true},
-	{Key: "checkin_reward", Value: "10", Description: "签到奖励积分", Type: model.ConfigTypeInteger, IsPublic: true},
-	{Key: "texture_download_reward", Value: "1", Description: "材质被下载奖励积分", Type: model.ConfigTypeInteger, IsPublic: false},
-	{Key: "max_textures_per_user", Value: "50", Description: "每个用户最大材质数量", Type: model.ConfigTypeInteger, IsPublic: false},
-	{Key: "max_profiles_per_user", Value: "5", Description: "每个用户最大角色数量", Type: model.ConfigTypeInteger, IsPublic: false},
-	{Key: "default_avatar", Value: "", Description: "默认头像URL", Type: model.ConfigTypeString, IsPublic: true},
-}
-
 // defaultCasbinRules 默认Casbin权限规则
+// 规则格式: {PType: "p", V0: "角色", V1: "资源", V2: "操作"}
+// PType "p" 表示策略规则，"g" 表示角色继承
 var defaultCasbinRules = []model.CasbinRule{
-	// 管理员拥有所有权限
+	// ==================== 管理员权限 ====================
+	// 管理员拥有所有权限（通配符）
 	{PType: "p", V0: "admin", V1: "*", V2: "*"},
-	// 普通用户权限
-	{PType: "p", V0: "user", V1: "texture", V2: "create"},
-	{PType: "p", V0: "user", V1: "texture", V2: "read"},
-	{PType: "p", V0: "user", V1: "texture", V2: "update_own"},
-	{PType: "p", V0: "user", V1: "texture", V2: "delete_own"},
-	{PType: "p", V0: "user", V1: "profile", V2: "create"},
-	{PType: "p", V0: "user", V1: "profile", V2: "read"},
-	{PType: "p", V0: "user", V1: "profile", V2: "update_own"},
-	{PType: "p", V0: "user", V1: "profile", V2: "delete_own"},
-	{PType: "p", V0: "user", V1: "user", V2: "update_own"},
-	// 角色继承：admin 继承 user 的所有权限
+
+	// ==================== 普通用户权限 ====================
+	// --- 用户资源 (user) ---
+	{PType: "p", V0: "user", V1: "user", V2: "read_own"},   // 查看自己的信息
+	{PType: "p", V0: "user", V1: "user", V2: "update_own"}, // 更新自己的信息
+
+	// --- 材质资源 (texture) ---
+	{PType: "p", V0: "user", V1: "texture", V2: "read"},       // 查看材质（公开）
+	{PType: "p", V0: "user", V1: "texture", V2: "create"},     // 上传材质
+	{PType: "p", V0: "user", V1: "texture", V2: "update_own"}, // 更新自己的材质
+	{PType: "p", V0: "user", V1: "texture", V2: "delete_own"}, // 删除自己的材质
+	{PType: "p", V0: "user", V1: "texture", V2: "favorite"},   // 收藏材质
+
+	// --- 档案资源 (profile) ---
+	{PType: "p", V0: "user", V1: "profile", V2: "read"},       // 查看档案（公开）
+	{PType: "p", V0: "user", V1: "profile", V2: "create"},     // 创建档案
+	{PType: "p", V0: "user", V1: "profile", V2: "update_own"}, // 更新自己的档案
+	{PType: "p", V0: "user", V1: "profile", V2: "delete_own"}, // 删除自己的档案
+
+	// --- Yggdrasil资源 (yggdrasil) ---
+	{PType: "p", V0: "user", V1: "yggdrasil", V2: "auth"},           // Yggdrasil认证
+	{PType: "p", V0: "user", V1: "yggdrasil", V2: "reset_password"}, // 重置Yggdrasil密码
+
+	// ==================== 角色继承 ====================
+	// admin 继承 user 的所有权限
 	{PType: "g", V0: "admin", V1: "user"},
 }

@@ -59,11 +64,6 @@ func Seed(logger *zap.Logger) error {
 		return err
 	}

-	// 初始化系统配置
-	if err := seedSystemConfigs(db, logger); err != nil {
-		return err
-	}
-
 	// 初始化Casbin权限规则
 	if err := seedCasbinRules(db, logger); err != nil {
 		return err
@@ -119,23 +119,6 @@ func seedAdminUser(db *gorm.DB, logger *zap.Logger) error {
 	return nil
 }

-// seedSystemConfigs 初始化系统配置
-func seedSystemConfigs(db *gorm.DB, logger *zap.Logger) error {
-	for _, config := range defaultSystemConfigs {
-		// 使用 FirstOrCreate 避免重复插入
-		var existing model.SystemConfig
-		result := db.Where("key = ?", config.Key).First(&existing)
-		if result.Error == gorm.ErrRecordNotFound {
-			if err := db.Create(&config).Error; err != nil {
-				logger.Error("创建系统配置失败", zap.String("key", config.Key), zap.Error(err))
-				return err
-			}
-			logger.Info("创建系统配置", zap.String("key", config.Key))
-		}
-	}
-	return nil
-}
-
 // seedCasbinRules 初始化Casbin权限规则
 func seedCasbinRules(db *gorm.DB, logger *zap.Logger) error {
 	for _, rule := range defaultCasbinRules {
@@ -153,4 +136,3 @@ func seedCasbinRules(db *gorm.DB, logger *zap.Logger) error {
 	}
 	return nil
 }
-