feat(auth): add Casbin RBAC and user activity tracking
Integrate Casbin for role-based access control with admin routes for role management. Add user activity logging service to track login and refresh events. Refactor audit service to use AI-based content moderation.
This commit is contained in:
@@ -5,6 +5,7 @@ import (
|
||||
|
||||
"carrot_bbs/internal/handler"
|
||||
"carrot_bbs/internal/middleware"
|
||||
"carrot_bbs/internal/model"
|
||||
"carrot_bbs/internal/service"
|
||||
)
|
||||
|
||||
@@ -24,7 +25,9 @@ type Router struct {
|
||||
gorseHandler *handler.GorseHandler
|
||||
voteHandler *handler.VoteHandler
|
||||
scheduleHandler *handler.ScheduleHandler
|
||||
roleHandler *handler.RoleHandler
|
||||
jwtService *service.JWTService
|
||||
casbinService service.CasbinService
|
||||
}
|
||||
|
||||
// New 创建路由
|
||||
@@ -43,9 +46,14 @@ func New(
|
||||
gorseHandler *handler.GorseHandler,
|
||||
voteHandler *handler.VoteHandler,
|
||||
scheduleHandler *handler.ScheduleHandler,
|
||||
roleHandler *handler.RoleHandler,
|
||||
activityService service.UserActivityService,
|
||||
casbinService service.CasbinService,
|
||||
) *Router {
|
||||
// 设置JWT服务
|
||||
userHandler.SetJWTService(jwtService)
|
||||
// 设置活跃统计服务
|
||||
userHandler.SetActivityService(activityService)
|
||||
|
||||
r := &Router{
|
||||
engine: gin.Default(),
|
||||
@@ -62,7 +70,9 @@ func New(
|
||||
gorseHandler: gorseHandler,
|
||||
voteHandler: voteHandler,
|
||||
scheduleHandler: scheduleHandler,
|
||||
roleHandler: roleHandler,
|
||||
jwtService: jwtService,
|
||||
casbinService: casbinService,
|
||||
}
|
||||
|
||||
r.setupRoutes()
|
||||
@@ -95,6 +105,8 @@ func (r *Router) setupRoutes() {
|
||||
|
||||
// 需要认证的路由
|
||||
authMiddleware := middleware.Auth(r.jwtService)
|
||||
// Casbin 权限中间件(暂不全局启用,可根据需要在特定路由组上使用)
|
||||
// casbinMiddleware := middleware.CasbinAuth(r.casbinService)
|
||||
|
||||
// 用户路由
|
||||
users := v1.Group("/users")
|
||||
@@ -109,6 +121,11 @@ func (r *Router) setupRoutes() {
|
||||
users.POST("/change-password/send-code", authMiddleware, r.userHandler.SendChangePasswordCode)
|
||||
users.POST("/change-password", authMiddleware, r.userHandler.ChangePassword)
|
||||
|
||||
// 当前用户角色
|
||||
if r.roleHandler != nil {
|
||||
users.GET("/me/roles", authMiddleware, r.roleHandler.GetMyRoles)
|
||||
}
|
||||
|
||||
// 搜索用户
|
||||
users.GET("/search", middleware.OptionalAuth(r.jwtService), r.userHandler.Search)
|
||||
|
||||
@@ -339,6 +356,20 @@ func (r *Router) setupRoutes() {
|
||||
gorseGroup.POST("/import", r.gorseHandler.ImportData)
|
||||
}
|
||||
}
|
||||
|
||||
// 管理路由(需要管理员权限)
|
||||
if r.roleHandler != nil {
|
||||
admin := v1.Group("/admin")
|
||||
admin.Use(authMiddleware)
|
||||
admin.Use(middleware.RequireRole(r.casbinService, model.RoleAdmin, model.RoleSuperAdmin))
|
||||
{
|
||||
// 角色管理
|
||||
admin.GET("/roles", r.roleHandler.GetAllRoles)
|
||||
admin.GET("/users/:id/roles", r.roleHandler.GetUserRoles)
|
||||
admin.POST("/users/:id/roles", r.roleHandler.AssignRole)
|
||||
admin.DELETE("/users/:id/roles/:role", r.roleHandler.RemoveRole)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user