feat(auth): add Casbin RBAC and user activity tracking
Integrate Casbin for role-based access control with admin routes for role management. Add user activity logging service to track login and refresh events. Refactor audit service to use AI-based content moderation.
This commit is contained in:
14
configs/casbin/model.conf
Normal file
14
configs/casbin/model.conf
Normal file
@@ -0,0 +1,14 @@
|
||||
[request_definition]
|
||||
r = sub, obj, act
|
||||
|
||||
[policy_definition]
|
||||
p = sub, obj, act
|
||||
|
||||
[role_definition]
|
||||
g = _, _
|
||||
|
||||
[policy_effect]
|
||||
e = some(where (p.eft == allow))
|
||||
|
||||
[matchers]
|
||||
m = g(r.sub, p.sub) && keyMatch2(r.obj, p.obj) && (r.act == p.act || p.act == "*")
|
||||
@@ -201,3 +201,22 @@ grpc:
|
||||
tls_enabled: false
|
||||
tls_cert_file: ""
|
||||
tls_key_file: ""
|
||||
|
||||
# Casbin RBAC权限系统配置
|
||||
# 环境变量:
|
||||
# APP_CASBIN_MODEL_PATH, APP_CASBIN_AUTO_SAVE, APP_CASBIN_AUTO_LOAD
|
||||
# APP_CASBIN_ENABLE_CACHE, APP_CASBIN_CACHE_TTL
|
||||
casbin:
|
||||
model_path: "./configs/casbin/model.conf"
|
||||
auto_save: true
|
||||
auto_load: true
|
||||
enable_cache: true
|
||||
cache_ttl: 300
|
||||
skip_routes:
|
||||
- /health
|
||||
- /api/v1/auth/login
|
||||
- /api/v1/auth/register
|
||||
- /api/v1/auth/check-username
|
||||
- /api/v1/auth/password/send-code
|
||||
- /api/v1/auth/password/reset
|
||||
- /api/v1/auth/refresh
|
||||
|
||||
Reference in New Issue
Block a user