feat(auth): add Casbin RBAC and user activity tracking

Integrate Casbin for role-based access control with admin routes for role management. Add user activity logging service to track login and refresh events. Refactor audit service to use AI-based content moderation.
This commit is contained in:
2026-03-14 02:09:38 +08:00
parent c561a0bb0c
commit ae5b997924
27 changed files with 2197 additions and 691 deletions

14
configs/casbin/model.conf Normal file
View File

@@ -0,0 +1,14 @@
[request_definition]
r = sub, obj, act
[policy_definition]
p = sub, obj, act
[role_definition]
g = _, _
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = g(r.sub, p.sub) && keyMatch2(r.obj, p.obj) && (r.act == p.act || p.act == "*")

View File

@@ -201,3 +201,22 @@ grpc:
tls_enabled: false
tls_cert_file: ""
tls_key_file: ""
# Casbin RBAC权限系统配置
# 环境变量:
# APP_CASBIN_MODEL_PATH, APP_CASBIN_AUTO_SAVE, APP_CASBIN_AUTO_LOAD
# APP_CASBIN_ENABLE_CACHE, APP_CASBIN_CACHE_TTL
casbin:
model_path: "./configs/casbin/model.conf"
auto_save: true
auto_load: true
enable_cache: true
cache_ttl: 300
skip_routes:
- /health
- /api/v1/auth/login
- /api/v1/auth/register
- /api/v1/auth/check-username
- /api/v1/auth/password/send-code
- /api/v1/auth/password/reset
- /api/v1/auth/refresh