feat(auth): add Casbin RBAC and user activity tracking
Integrate Casbin for role-based access control with admin routes for role management. Add user activity logging service to track login and refresh events. Refactor audit service to use AI-based content moderation.
This commit is contained in:
22
internal/config/casbin.go
Normal file
22
internal/config/casbin.go
Normal file
@@ -0,0 +1,22 @@
|
||||
package config
|
||||
|
||||
// CasbinConfig Casbin 配置
|
||||
type CasbinConfig struct {
|
||||
// ModelPath Casbin 模型文件路径
|
||||
ModelPath string `mapstructure:"model_path"`
|
||||
|
||||
// AutoSave 是否自动保存策略到数据库
|
||||
AutoSave bool `mapstructure:"auto_save"`
|
||||
|
||||
// AutoLoad 是否自动从数据库加载策略
|
||||
AutoLoad bool `mapstructure:"auto_load"`
|
||||
|
||||
// EnableCache 是否启用 Redis 缓存
|
||||
EnableCache bool `mapstructure:"enable_cache"`
|
||||
|
||||
// CacheTTL 缓存过期时间 (秒)
|
||||
CacheTTL int `mapstructure:"cache_ttl"`
|
||||
|
||||
// SkipRoutes 跳过权限检查的路由
|
||||
SkipRoutes []string `mapstructure:"skip_routes"`
|
||||
}
|
||||
@@ -26,6 +26,7 @@ type Config struct {
|
||||
Email EmailConfig `mapstructure:"email"`
|
||||
ConversationCache ConversationCacheConfig `mapstructure:"conversation_cache"`
|
||||
GRPC GRPCConfig `mapstructure:"grpc"`
|
||||
Casbin CasbinConfig `mapstructure:"casbin"`
|
||||
}
|
||||
|
||||
// Load 加载配置文件
|
||||
@@ -134,6 +135,13 @@ func Load(configPath string) (*Config, error) {
|
||||
viper.SetDefault("grpc.tls_enabled", false)
|
||||
viper.SetDefault("grpc.tls_cert_file", "")
|
||||
viper.SetDefault("grpc.tls_key_file", "")
|
||||
// Casbin 默认值
|
||||
viper.SetDefault("casbin.model_path", "./configs/casbin/model.conf")
|
||||
viper.SetDefault("casbin.auto_save", true)
|
||||
viper.SetDefault("casbin.auto_load", true)
|
||||
viper.SetDefault("casbin.enable_cache", true)
|
||||
viper.SetDefault("casbin.cache_ttl", 300)
|
||||
viper.SetDefault("casbin.skip_routes", []string{"/health", "/api/v1/auth/login", "/api/v1/auth/register"})
|
||||
|
||||
if err := viper.ReadInConfig(); err != nil {
|
||||
return nil, fmt.Errorf("failed to read config: %w", err)
|
||||
@@ -215,6 +223,12 @@ func Load(configPath string) (*Config, error) {
|
||||
cfg.GRPC.TLSEnabled, _ = strconv.ParseBool(getEnvOrDefault("APP_GRPC_TLS_ENABLED", fmt.Sprintf("%t", cfg.GRPC.TLSEnabled)))
|
||||
cfg.GRPC.TLSCertFile = getEnvOrDefault("APP_GRPC_TLS_CERT_FILE", cfg.GRPC.TLSCertFile)
|
||||
cfg.GRPC.TLSKeyFile = getEnvOrDefault("APP_GRPC_TLS_KEY_FILE", cfg.GRPC.TLSKeyFile)
|
||||
// Casbin 环境变量覆盖
|
||||
cfg.Casbin.ModelPath = getEnvOrDefault("APP_CASBIN_MODEL_PATH", cfg.Casbin.ModelPath)
|
||||
cfg.Casbin.AutoSave, _ = strconv.ParseBool(getEnvOrDefault("APP_CASBIN_AUTO_SAVE", fmt.Sprintf("%t", cfg.Casbin.AutoSave)))
|
||||
cfg.Casbin.AutoLoad, _ = strconv.ParseBool(getEnvOrDefault("APP_CASBIN_AUTO_LOAD", fmt.Sprintf("%t", cfg.Casbin.AutoLoad)))
|
||||
cfg.Casbin.EnableCache, _ = strconv.ParseBool(getEnvOrDefault("APP_CASBIN_ENABLE_CACHE", fmt.Sprintf("%t", cfg.Casbin.EnableCache)))
|
||||
cfg.Casbin.CacheTTL, _ = strconv.Atoi(getEnvOrDefault("APP_CASBIN_CACHE_TTL", fmt.Sprintf("%d", cfg.Casbin.CacheTTL)))
|
||||
|
||||
return &cfg, nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user