From a201651785a4ba3bd64048d051858be5ff0fe67f Mon Sep 17 00:00:00 2001 From: wanglei <34475144@qqcom> Date: Mon, 10 Nov 2025 19:34:43 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E7=B3=BB=E7=BB=9F=E6=8E=A5?= =?UTF-8?q?=E5=8F=A3=E7=9B=B8=E5=85=B3=E7=99=BB=E5=BD=95=E5=92=8C=E8=AE=A4?= =?UTF-8?q?=E8=AF=81=E4=BB=A3=E7=A0=81=E7=9A=84=E4=B8=9A=E5=8A=A1=E9=80=BB?= =?UTF-8?q?=E8=BE=91=EF=BC=8C=E5=B9=B6=E7=BC=96=E5=86=99oauth2.0=E7=9B=B8?= =?UTF-8?q?=E5=85=B3=E6=8E=A5=E5=8F=A3=E5=87=BD=E6=95=B0=E7=9A=84=E5=AE=9A?= =?UTF-8?q?=E4=B9=89?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/api/oauth/oauth.lua | 73 +++++++++++++++++ src/api/system/login.lua | 12 +-- src/api/system/user.lua | 1 - src/auth/jwt-auth.lua | 4 +- src/config.lua | 38 ++++----- src/dao/oauth/oauth.lua | 70 +++++++++++++++++ src/dao/{ => system}/account.lua | 0 src/dao/{ => system}/application.lua | 0 src/dao/{ => system}/department.lua | 0 src/dao/{ => system}/login.lua | 2 +- src/dao/{ => system}/permission.lua | 0 src/dao/{ => system}/position.lua | 0 src/dao/{ => system}/role.lua | 0 src/dao/{ => system}/user.lua | 2 +- src/init.lua | 14 ++-- src/service/oauth/oauth.lua | 110 ++++++++++++++++++++++++++ src/service/system/account.lua | 2 +- src/service/system/application.lua | 2 +- src/service/system/department.lua | 2 +- src/service/system/login.lua | 10 +-- src/service/system/permission.lua | 2 +- src/service/system/position.lua | 2 +- src/service/system/role.lua | 2 +- src/service/system/user.lua | 2 +- src/share/helpers.lua | 4 +- src/share/model.lua | 38 ++++----- src/share/redis.lua | 4 +- src/test/test.lua | 40 ++++++---- src/util/token.lua | 8 +- src/util/uuid.lua | 29 +++++++ src/validator/oauth/oauth.lua | 113 +++++++++++++++++++++++++++ 31 files changed, 496 insertions(+), 90 deletions(-) create mode 100644 src/api/oauth/oauth.lua create mode 100644 src/dao/oauth/oauth.lua rename src/dao/{ => system}/account.lua (100%) rename src/dao/{ => system}/application.lua (100%) rename src/dao/{ => system}/department.lua (100%) rename src/dao/{ => system}/login.lua (97%) rename src/dao/{ => system}/permission.lua (100%) rename src/dao/{ => system}/position.lua (100%) rename src/dao/{ => system}/role.lua (100%) rename src/dao/{ => system}/user.lua (98%) create mode 100644 src/service/oauth/oauth.lua create mode 100644 src/util/uuid.lua create mode 100644 src/validator/oauth/oauth.lua diff --git a/src/api/oauth/oauth.lua b/src/api/oauth/oauth.lua new file mode 100644 index 0000000..2f33ce4 --- /dev/null +++ b/src/api/oauth/oauth.lua @@ -0,0 +1,73 @@ +--- +--- Generated by EmmyLua(https://github.com/EmmyLua) +--- Created by admin. +--- DateTime: 2025/10/28 11:09 +--- +--解析url路由过滤库 +local radix = require("resty.radixtree") +--数据表业务处理 +local oauthService = require("service.oauth.oauth") + +--定义相关路由,前端接口url地址 +local routes = { + -------------------------------------------- + -------------OAuth2.0认证相关路由配置-------------- + -------------------------------------------- + --获取授权码 + { + paths = { "/api/oauth/v2/authorize" }, + methods = { "POST" }, + handler = oauthService.authorize, + }, + --根据授权码获取Access-Token + { + paths = { "/api/oauth/v2/token" }, + methods = { "POST" }, + handler = oauthService.token, + }, + --根据Access-Token获取相应用户的账户信息 + { + paths = { "/api/oauth/v2/userinfo" }, + methods = { "POST" }, + handler = oauthService.userinfo, + }, + --回收Access-Token + { + paths = { "/api/oauth/v2/logout" }, + methods = { "POST" }, + handler = oauthService.logout, + }, + --根据Refresh-Token刷新Access-Token + { + paths = { "/api/oauth/v2/refresh" }, + methods = { "POST" }, + handler = oauthService.refresh, + }, + --验证token是否有效 + { + paths = { "/api/oauth/v2/checklogin" }, + methods = { "POST" }, + handler = oauthService.checklogin, + }, +} + +-- 初始化路由 +local rx, err = radix.new(routes) +if not rx then + ngx.say("Not Found") + ngx.exit(ngx.HTTP_NOT_FOUND) +end + +--获取访问的uri地址 +local uri = ngx.var.uri +local opts = { + method = ngx.var.request_method, + matched = {} +} + +-- 进行路由匹配和相关函数调用 +local ok = rx:dispatch(uri, opts, opts.matched) +if not ok then + ngx.say("Not Found") + ngx.exit(ngx.HTTP_NOT_FOUND) +end diff --git a/src/api/system/login.lua b/src/api/system/login.lua index c41de4f..2103381 100644 --- a/src/api/system/login.lua +++ b/src/api/system/login.lua @@ -6,7 +6,7 @@ --解析url路由过滤库 local radix = require("resty.radixtree") --数据表业务处理 -local authService = require("service.system.login") +local loginService = require("service.system.login") --定义相关路由,前端接口url地址 local routes = { @@ -17,31 +17,31 @@ local routes = { { paths = { "/api/user/login" }, methods = { "POST" }, - handler = authService.login, + handler = loginService.login, }, --用户注册路由接口 { paths = { "/api/user/signup" }, methods = { "POST" }, - handler = authService.signup, + handler = loginService.signup, }, --用户退出路由接口 { paths = { "/api/user/logout" }, methods = { "POST" }, - handler = authService.logout, + handler = loginService.logout, }, --根据token信息获取用户信息数据 { paths = { "/api/user/user" }, methods = { "GET" }, - handler = authService.user, + handler = loginService.user, }, --根据token信息获取用户权限数据 { paths = { "/api/user/permission" }, methods = { "GET" }, - handler = authService.permission, + handler = loginService.permission, }, } diff --git a/src/api/system/user.lua b/src/api/system/user.lua index bd54ed4..0737465 100644 --- a/src/api/system/user.lua +++ b/src/api/system/user.lua @@ -71,7 +71,6 @@ if not rx then end --获取访问的uri地址 ---local uri = ngx.var.request_uri local uri = ngx.var.uri local opts = { host = ngx.var.host, diff --git a/src/auth/jwt-auth.lua b/src/auth/jwt-auth.lua index 1f9acf9..6f72901 100644 --- a/src/auth/jwt-auth.lua +++ b/src/auth/jwt-auth.lua @@ -1,7 +1,7 @@ local jwt = require "resty.jwt" local cjson = require("cjson.safe") local jsonschema = require("jsonschema") -require("config") +local conf = require("config") -- 定义一个JSON Schema local schema = { @@ -34,7 +34,7 @@ end --获取token的数据值 local token = string.sub(auth_header,8) --校验令牌 -local jwt_obj = jwt:verify(SYSTEM_CONFIG.secret_key, token) +local jwt_obj = jwt:verify(conf.secret_key, token) --如果校验结果中的verified==false,则表示令牌无效 if jwt_obj.verified == false then ngx.log(ngx.WARN, "Invalid token: ".. jwt_obj.reason) diff --git a/src/config.lua b/src/config.lua index 4075d2d..aed3a0d 100644 --- a/src/config.lua +++ b/src/config.lua @@ -4,38 +4,38 @@ --- DateTime: 2025/9/24 16:31 --- 配置文件配置信息 -SYSTEM_CONFIG = { - APP_ENV = "dev", -- dev/prod - +local _M = { + APP_ENV = "dev", -- dev/prod locale = 'zh', + time_zone = "+8:00", -- UTC + 8 - time_zone = "+8:00", -- UTC + 8 - - secret_key = "!@#$5412$#@!", -- 确保这个密钥足够安全并保密 + secret_key = "!@#$5412$#@!", -- 确保这个密钥足够安全并保密 REDIS_PREFIX = 'Auth:', -- 配置redis数据库连接 REDIS = { - HOST = "127.0.0.1", -- redis host - PORT = 6379, -- redis port - PASSWORD = nil, -- redis password + HOST = "127.0.0.1", -- redis host + PORT = 6379, -- redis port + PASSWORD = nil, -- redis password POOL_MAX_IDLE_TIME = 10000, - POOL_TIMEOUT = 1000, -- pool timeout - POOL_SIZE = 20, -- pool size - TIMEOUT = 1000, -- timeout + POOL_TIMEOUT = 1000, -- pool timeout + POOL_SIZE = 20, -- pool size + TIMEOUT = 1000, -- timeout }, -- 配置PostgresSQL数据库连接 POSTGRES = { - HOST = "127.0.0.1", -- postgres host - PORT = 5432, -- postgres port - USERNAME = "postgres", + HOST = "127.0.0.1", -- postgres host + PORT = 5432, -- postgres port + USERNAME = "postgres", -- postgres user name PASSWORD = "1qaz2wsx", -- postgres password - DATABASE = "postgres", + DATABASE = "postgres", -- postgres database name CHARSET = 'utf8', - POOL_TIMEOUT = 1000, -- postgresql pool timeout - POOL_SIZE = 100, -- postgresql pool size - TIMEOUT = 1000, -- postgresql timeout + POOL_TIMEOUT = 1000, -- postgresql pool timeout + POOL_SIZE = 100, -- postgresql pool size + TIMEOUT = 1000, -- postgresql timeout } } + +return _M \ No newline at end of file diff --git a/src/dao/oauth/oauth.lua b/src/dao/oauth/oauth.lua new file mode 100644 index 0000000..6c63b13 --- /dev/null +++ b/src/dao/oauth/oauth.lua @@ -0,0 +1,70 @@ +--- +--- Generated by EmmyLua(https://github.com/EmmyLua) +--- Created by frankly. +--- DateTime: 2025/10/29 23:36 +--- +local userDao = require("dao.system.user") + +local _M = {} + +--认证用户返回用户数据信息 +local function authenticate(name, passwd) + --验证用户名是否为空 + if name == "" then + return 0x010003, nil + end + --验证密码是否为空 + if passwd == "" then + return 0x010002, nil + end + return userDao:adjustUser(name, passwd) +end + +--用户登录业务逻辑处理 +function _M.login(jsonData) + --解析json中的键和数据值 + local name = jsonData["username"] + local passwd = jsonData["password"] + local captcha = jsonData["captcha"] + local checkKey = jsonData["checkKey"] + --验证用户名是否为空 + local code, res = authenticate(name, passwd) + if code ~= 0 then + return 0x000001,res + end + local num = 0 + if res ~= nil then + num = table.getn(res) + end + --用户存在时返回用户已经存在 + if num <= 0 then + return 0x01000C,nil + end + local userid = res[1].id + --获取用户id查询角色信息 + local err, rest = userDao:userRole(userid) + if rest == nil then + return 0x01000C,nil + end + res[1].role_id = rest[1].role_id + res[1].role_name = rest[1].role_name + return 0, res +end + +--用户登出业务逻辑处理 +function _M.logout(jsonData) + local code = 0 + local ret = "{}" + return code, ret +end + +--用户注册业务逻辑处理 +function _M.signup(jsonData) + return userDao:addSystemUser(jsonData) +end + +function _M.getUser(userid) + return userDao:getSystemUser(userid) +end + +return _M \ No newline at end of file diff --git a/src/dao/account.lua b/src/dao/system/account.lua similarity index 100% rename from src/dao/account.lua rename to src/dao/system/account.lua diff --git a/src/dao/application.lua b/src/dao/system/application.lua similarity index 100% rename from src/dao/application.lua rename to src/dao/system/application.lua diff --git a/src/dao/department.lua b/src/dao/system/department.lua similarity index 100% rename from src/dao/department.lua rename to src/dao/system/department.lua diff --git a/src/dao/login.lua b/src/dao/system/login.lua similarity index 97% rename from src/dao/login.lua rename to src/dao/system/login.lua index 1ad1a08..6c63b13 100644 --- a/src/dao/login.lua +++ b/src/dao/system/login.lua @@ -3,7 +3,7 @@ --- Created by frankly. --- DateTime: 2025/10/29 23:36 --- -local userDao = require("dao.user") +local userDao = require("dao.system.user") local _M = {} diff --git a/src/dao/permission.lua b/src/dao/system/permission.lua similarity index 100% rename from src/dao/permission.lua rename to src/dao/system/permission.lua diff --git a/src/dao/position.lua b/src/dao/system/position.lua similarity index 100% rename from src/dao/position.lua rename to src/dao/system/position.lua diff --git a/src/dao/role.lua b/src/dao/system/role.lua similarity index 100% rename from src/dao/role.lua rename to src/dao/system/role.lua diff --git a/src/dao/user.lua b/src/dao/system/user.lua similarity index 98% rename from src/dao/user.lua rename to src/dao/system/user.lua index f1ea6b8..6b6f578 100644 --- a/src/dao/user.lua +++ b/src/dao/system/user.lua @@ -10,7 +10,7 @@ local model = require("share.model") --创建一个数据表相关的模型 local userModel = model:new('sys_user') -local roles = require("dao.role") +local roles = require("dao.system.role") local _M = {} diff --git a/src/init.lua b/src/init.lua index 1e7d5b3..4eaf521 100644 --- a/src/init.lua +++ b/src/init.lua @@ -19,7 +19,7 @@ end -- return --end -require("config") +local conf = require("config") print("init application woker id:", ngx.worker.id()) --初始化,获取系统默认的用户权限,为实现RBAC框架做权限数据准备 @@ -28,17 +28,17 @@ local function handler() local redis = require("resty.redis") local red = redis:new() -- 设置超时时间 - red:set_timeout(SYSTEM_CONFIG.REDIS.TIMEOUT) -- 1秒 + red:set_timeout(conf.REDIS.TIMEOUT) -- 1秒 -- 连接到 Redis - local ok, err = red:connect(SYSTEM_CONFIG.REDIS.HOST, SYSTEM_CONFIG.REDIS.PORT) + local ok, err = red:connect(conf.REDIS.HOST, conf.REDIS.PORT) if not ok then ngx.log(ngx.ERR, "redis failed to connect: "..err) return end --需要密码时对密码进行处理 - if SYSTEM_CONFIG.REDIS.PASSWORD ~= nil then - local res, err = red:auth(SYSTEM_CONFIG.REDIS.PASSWORD) + if conf.REDIS.PASSWORD ~= nil then + local res, err = red:auth(conf.REDIS.PASSWORD) if not res then ngx.log(ngx.ERR, "redis failed to connect, password error: "..err) return @@ -46,10 +46,10 @@ local function handler() end -- 从连接池中获取连接 - --red:set_keepalive(SYSTEM_CONFIG.REDIS.POOL_MAX_IDLE_TIME, SYSTEM_CONFIG.REDIS.POOL_SIZE) + --red:set_keepalive(conf.REDIS.POOL_MAX_IDLE_TIME, conf.REDIS.POOL_SIZE) --读取用户表、角色表和权限表中配置的权限数据 - local roleDao = require("dao.role") + local roleDao = require("dao.system.role") --获取数据表中的记录数 local code, res = roleDao:getAllSystemRoles() if res == nil then return end diff --git a/src/service/oauth/oauth.lua b/src/service/oauth/oauth.lua new file mode 100644 index 0000000..8f6fb92 --- /dev/null +++ b/src/service/oauth/oauth.lua @@ -0,0 +1,110 @@ +--- +--- Generated by EmmyLua(https://github.com/EmmyLua) +--- Created by admin. +--- DateTime: 2025/10/28 11:09 +--- 用于 +local resp = require("util.response") +local authDao = require("dao.oauth.oauth") +local validator = require("validator.oauth.oauth") +local cjson = require("cjson.safe") +local token = require("util.uuid") + +local _M = {} + +--获取授权码 +function _M:authorize() + --读取请求体的数据 + ngx.req.read_body() + --获取请求数据 + local body_data = ngx.req.get_body_data() + -- 验证数据是否符合json + local ok = validatorJson.validatorAuthorize(body_data) + --验证失败则返回 + if not ok then + local result = resp:json(0x000001) + resp:send(result) + return + end +end + +--根据授权码获取Access-Token +function _M:token() + --读取请求体的数据 + ngx.req.read_body() + --获取请求数据 + local body_data = ngx.req.get_body_data() + -- 验证数据是否符合json + local ok = validatorJson.validatorToken(body_data) + --验证失败则返回 + if not ok then + local result = resp:json(0x000001) + resp:send(result) + return + end +end + +--根据Access-Token获取相应用户的账户信息 +function _M:userinfo() + --读取请求体的数据 + ngx.req.read_body() + --获取请求数据 + local body_data = ngx.req.get_body_data() + -- 验证数据是否符合json + local ok = validatorJson.validatorJson(body_data) + --验证失败则返回 + if not ok then + local result = resp:json(0x000001) + resp:send(result) + return + end +end + +--回收Access-Token +function _M:logout() + --读取请求体的数据 + ngx.req.read_body() + --获取请求数据 + local body_data = ngx.req.get_body_data() + -- 验证数据是否符合json + local ok = validatorJson.validatorJson(body_data) + --验证失败则返回 + if not ok then + local result = resp:json(0x000001) + resp:send(result) + return + end +end + +--根据Refresh-Token刷新Access-Token +function _M:refresh() + --读取请求体的数据 + ngx.req.read_body() + --获取请求数据 + local body_data = ngx.req.get_body_data() + -- 验证数据是否符合json + local ok = validatorJson.validatorJson(body_data) + --验证失败则返回 + if not ok then + local result = resp:json(0x000001) + resp:send(result) + return + end +end + +--验证token是否有效 +function _M:checklogin() + --读取请求体的数据 + ngx.req.read_body() + --获取请求数据 + local body_data = ngx.req.get_body_data() + -- 验证数据是否符合json + local ok = validatorJson.validatorJson(body_data) + --验证失败则返回 + if not ok then + local result = resp:json(0x000001) + resp:send(result) + return + end +end + +return _M \ No newline at end of file diff --git a/src/service/system/account.lua b/src/service/system/account.lua index 341e94e..cfc7e7b 100644 --- a/src/service/system/account.lua +++ b/src/service/system/account.lua @@ -4,7 +4,7 @@ --- DateTime: 2025/9/25 08:25 --- 业务逻辑 对账户数据表进行数据表业务处理 local resp = require("util.response") -local accountDao = require("dao.account") +local accountDao = require("dao.system.account") local validatorJson = require("validator.system.account") local cjson = require("cjson.safe") local perm = require("util.permissionfilter") diff --git a/src/service/system/application.lua b/src/service/system/application.lua index 2e8658e..309f956 100644 --- a/src/service/system/application.lua +++ b/src/service/system/application.lua @@ -4,7 +4,7 @@ --- DateTime: 2025/9/27 16:02 --- 业务逻辑 对应用数据表进行数据表业务处理 local resp = require("util.response") -local applicationDao = require("dao.application") +local applicationDao = require("dao.system.application") local validatorJson = require("validator.system.application") local cjson = require("cjson.safe") local perm = require("util.permissionfilter") diff --git a/src/service/system/department.lua b/src/service/system/department.lua index 0dd0274..e854185 100644 --- a/src/service/system/department.lua +++ b/src/service/system/department.lua @@ -4,7 +4,7 @@ --- DateTime: 2025/9/28 10:22 --- 业务逻辑 对组织架构数据表进行数据表业务处理 local resp = require("util.response") -local departmentDao = require("dao.department") +local departmentDao = require("dao.system.department") local validatorJson = require("validator.system.department") local cjson = require("cjson.safe") local perm = require("util.permissionfilter") diff --git a/src/service/system/login.lua b/src/service/system/login.lua index 419f35a..c8a7450 100644 --- a/src/service/system/login.lua +++ b/src/service/system/login.lua @@ -4,7 +4,7 @@ --- DateTime: 2025/10/28 11:09 --- 用于 local resp = require("util.response") -local authDao = require("dao.login") +local loginDao = require("dao.system.login") local validator = require("validator.system.login") local cjson = require("cjson.safe") local token = require("util.token") @@ -29,7 +29,7 @@ function _M.login() return end --ngx.say(body_data) - local code, ret = authDao.login(cjson.decode(body_data)) + local code, ret = loginDao.login(cjson.decode(body_data)) --读取数据错误 if code ~= 0 or table.getn(ret) < 0 then local result = resp:json(0x000001) @@ -64,7 +64,7 @@ function _M.signup() return end --ngx.say(body_data) - local code, ret = authDao.signup(cjson.decode(body_data)) + local code, ret = loginDao.signup(cjson.decode(body_data)) --读取数据错误 if code ~= 0 or table.getn(ret) < 0 then local result = resp:json(0x000001) @@ -114,7 +114,7 @@ function _M.user() end --验证成功获取用户id信息 local userid = retToken["body"]["payload"]["userid"] - local code, ret = authDao.getUser(userid) + local code, ret = loginDao.getUser(userid) --读取数据错误 if code ~= 0 or table.getn(ret) < 0 then local result = resp:json(0x000001) @@ -145,7 +145,7 @@ function _M.permission() local role_id = retToken["body"]["payload"]["role_id"] local role_name = retToken["body"]["payload"]["role_name"] --通过用户id查询到用户的权限信息 - local code, ret = authDao.getUser(userid) + local code, ret = loginDao.getUser(userid) --读取数据错误 if code ~= 0 or table.getn(ret) < 0 then local result = resp:json(0x000001) diff --git a/src/service/system/permission.lua b/src/service/system/permission.lua index 87b4238..6ef04ac 100644 --- a/src/service/system/permission.lua +++ b/src/service/system/permission.lua @@ -4,7 +4,7 @@ --- DateTime: 2025/9/27 17:06 --- 业务逻辑 对权限数据表进行数据表业务处理 local resp = require("util.response") -local permissionDao = require("dao.permission") +local permissionDao = require("dao.system.permission") local validatorJson = require("validator.system.permission") local cjson = require("cjson.safe") local perm = require("util.permissionfilter") diff --git a/src/service/system/position.lua b/src/service/system/position.lua index 420e2f0..6e724c8 100644 --- a/src/service/system/position.lua +++ b/src/service/system/position.lua @@ -4,7 +4,7 @@ --- DateTime: 2025/11/04 15:01 --- 业务逻辑 对岗位数据表进行数据表业务处理 local resp = require("util.response") -local positionDao = require("dao.position") +local positionDao = require("dao.system.position") local validatorJson = require("validator.system.position") local cjson = require("cjson.safe") local perm = require("util.permissionfilter") diff --git a/src/service/system/role.lua b/src/service/system/role.lua index 391d4d9..e910c28 100644 --- a/src/service/system/role.lua +++ b/src/service/system/role.lua @@ -4,7 +4,7 @@ --- DateTime: 2025/9/27 15:19 --- 业务逻辑 对用户角色数据表进行数据表业务处理 local resp = require("util.response") -local roleDao = require("dao.role") +local roleDao = require("dao.system.role") local validatorJson = require("validator.system.role") local cjson = require("cjson.safe") local perm = require("util.permissionfilter") diff --git a/src/service/system/user.lua b/src/service/system/user.lua index 7620505..cc909c3 100644 --- a/src/service/system/user.lua +++ b/src/service/system/user.lua @@ -4,7 +4,7 @@ --- DateTime: 2025/9/25 08:19 --- 业务逻辑 对用户数据表进行数据表业务处理 local resp = require("util.response") -local userDao = require("dao.user") +local userDao = require("dao.system.user") local validatorJson = require("validator.system.user") local cjson = require("cjson.safe") local token = require("util.token") diff --git a/src/share/helpers.lua b/src/share/helpers.lua index a347a24..d7e7bb5 100644 --- a/src/share/helpers.lua +++ b/src/share/helpers.lua @@ -5,7 +5,7 @@ --- local snowflake = require("share.snowflake") local cjson = require("cjson.safe") -require("config") +local conf = require("config") local _M = {} @@ -128,7 +128,7 @@ local function get_cookie(key) end local function get_local_time() - local time_zone = ngx.re.match(SYSTEM_CONFIG.time_zone, "[0-9]+") + local time_zone = ngx.re.match(conf.time_zone, "[0-9]+") if time_zone == nil then local err = "not set time zone or format error, time zone should look like `+8:00` current is: " .. config.time_zone ngx.log(ngx.ERR, err) diff --git a/src/share/model.lua b/src/share/model.lua index 0e7324d..9df895f 100644 --- a/src/share/model.lua +++ b/src/share/model.lua @@ -1,4 +1,4 @@ -require("config") +local conf = require("config") local Database = require('share.database') local helpers = require('share.helpers') local implode = helpers.implode @@ -11,28 +11,28 @@ local WRITE = 'WRITE' local READ = 'READ' local database_write = Database:new({ - host = SYSTEM_CONFIG.POSTGRES.HOST, - port = SYSTEM_CONFIG.POSTGRES.PORT, - user = SYSTEM_CONFIG.POSTGRES.USERNAME, - password = SYSTEM_CONFIG.POSTGRES.PASSWORD, - database = SYSTEM_CONFIG.POSTGRES.DATABASE, - charset = SYSTEM_CONFIG.POSTGRES.CHARSET, - timeout = SYSTEM_CONFIG.POSTGRES.TIMEOUT, - db_pool_timeout = SYSTEM_CONFIG.POSTGRES.POOL_TIMEOUT, - db_pool_size = SYSTEM_CONFIG.POSTGRES.POOL_SIZE, + host = conf.POSTGRES.HOST, + port = conf.POSTGRES.PORT, + user = conf.POSTGRES.USERNAME, + password = conf.POSTGRES.PASSWORD, + database = conf.POSTGRES.DATABASE, + charset = conf.POSTGRES.CHARSET, + timeout = conf.POSTGRES.TIMEOUT, + db_pool_timeout = conf.POSTGRES.POOL_TIMEOUT, + db_pool_size = conf.POSTGRES.POOL_SIZE, db_type = WRITE }) local database_read = Database:new({ - host = SYSTEM_CONFIG.POSTGRES.HOST, - port = SYSTEM_CONFIG.POSTGRES.PORT, - user = SYSTEM_CONFIG.POSTGRES.USERNAME, - password = SYSTEM_CONFIG.POSTGRES.PASSWORD, - database = SYSTEM_CONFIG.POSTGRES.DATABASE, - charset = SYSTEM_CONFIG.POSTGRES.CHARSET, - timeout = SYSTEM_CONFIG.POSTGRES.TIMEOUT, - db_pool_timeout = SYSTEM_CONFIG.POSTGRES.POOL_TIMEOUT, - db_pool_size = SYSTEM_CONFIG.POSTGRES.POOL_SIZE, + host = conf.POSTGRES.HOST, + port = conf.POSTGRES.PORT, + user = conf.POSTGRES.USERNAME, + password = conf.POSTGRES.PASSWORD, + database = conf.POSTGRES.DATABASE, + charset = conf.POSTGRES.CHARSET, + timeout = conf.POSTGRES.TIMEOUT, + db_pool_timeout = conf.POSTGRES.POOL_TIMEOUT, + db_pool_size = conf.POSTGRES.POOL_SIZE, db_type = READ }) diff --git a/src/share/redis.lua b/src/share/redis.lua index dbdb8e1..796f3eb 100644 --- a/src/share/redis.lua +++ b/src/share/redis.lua @@ -1,9 +1,9 @@ local redis = require("resty.redis") -require("config") +local conf = require("config") local _M = setmetatable({}, {__index = function(self, key) local red = redis:new() - local ok, err = red:connect(SYSTEM_CONFIG.REDIS.HOST, SYSTEM_CONFIG.REDIS.PORT) + local ok, err = red:connect(conf.REDIS.HOST, conf.REDIS.PORT) if not ok then ngx.log(ngx.ERR, err) end diff --git a/src/test/test.lua b/src/test/test.lua index 1e425a8..794b6c3 100644 --- a/src/test/test.lua +++ b/src/test/test.lua @@ -9,11 +9,13 @@ local jsonschema = require("jsonschema") local cjson = require("cjson.safe") local redis = require("share.redis") ---local workerId = 0 -- 假设当前机器的ID是1,范围在[0, 31]之间 ---local datacenterId = 0 -- 数据中心ID,范围在[0, 31]之间 ---local snow = snowflake.new(workerId, datacenterId) ---local id = snow:generateUniqueId()-- 生成ID +--[[ +local workerId = 0 -- 假设当前机器的ID是1,范围在[0, 31]之间 +local datacenterId = 0 -- 数据中心ID,范围在[0, 31]之间 +local snow = snowflake.new(workerId, datacenterId) +local id = snow:generateUniqueId()-- 生成ID --ngx.say("Generated ID:"..snow.int64_to_string(id)) +--]] --max =a and b or c--a?b:c @@ -123,17 +125,22 @@ if val6 ~= nil then end --]] +local uuid = require("util.uuid") +--app_id 应用程序id +local uid = uuid.generateUuid() +ngx.say("uuid:"..uid) +--app_secret 应用程序密钥 +math.randomseed(os.time() + (os.clock() * 1000000)) -- 增强随机性 +local charset = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ" +local result = {} +for i = 1, #uid do + local rand = math.random(1, #charset) + table.insert(result, string.sub(charset, rand, rand)) +end + +print(generate_12char_uuid()) -- 示例输出:aB3eF7hJ9kL2 + --[[ -local uuid = require("resty.jit-uuid") -uuid.seed() -local val = uuid() -local uid = uuid.generate_v4() ---> v4 UUID -local uid1 = uuid.generate_v3() ---> v3 UUID (name-based with MD5) -local uid2 = uuid.generate_v5() ---> v5 UUID (name-based with SHA-1) -uuid.is_valid() ---> true/false (automatic JIT PCRE or Lua patterns) ---ngx.say(val.." "..uid) - - local args = ngx.req.get_uri_args() local pageNum = args["pagenum"] or 1 local pageSize = args["pagesize"] or 10 @@ -333,6 +340,7 @@ else end --]] +--[[ local perm = require("util.permissionfilter") local perms = {} --获取角色的所所有全新信息 @@ -352,8 +360,9 @@ end --清除角色的权限数据 --perm:clearRolePermissions("admin") +--]] - +--[[ local generateCert = require("util.generatorssl") -- 使用示例 local success, files = generateCert:generate_self_signed_cert( @@ -370,6 +379,7 @@ if success then else print("证书生成失败") end +--]] --[[ --读取用户表、角色表和权限表中配置的权限数据 diff --git a/src/util/token.lua b/src/util/token.lua index 4a3b439..a983d73 100644 --- a/src/util/token.lua +++ b/src/util/token.lua @@ -6,7 +6,7 @@ local jwt = require("resty.jwt") local jsonschema = require("jsonschema") -require("config") +local conf = require("config") local _M = {} @@ -32,6 +32,7 @@ local obj = { } } +--通过参数生存jwt相关的token值 function _M.generateToken(userid, username, role_id, role_name) if userid == nil or username == nil or role_id == nil or role_name == nil then return "" @@ -42,7 +43,7 @@ function _M.generateToken(userid, username, role_id, role_name) obj.payload.role_id = role_id obj.payload.role_name = role_name --获取的登陆的用户信息,返回tocken - local jwt_token = jwt:sign(SYSTEM_CONFIG.secret_key, obj) + local jwt_token = jwt:sign(conf.secret_key, obj) return "Bearer "..jwt_token end @@ -57,6 +58,7 @@ function _M.authorizationToken(auth_header) return response end + --验证令牌是否符合要求 local validator = jsonschema.generate_validator(schema) local data = {} data.Authorization = auth_header @@ -71,7 +73,7 @@ function _M.authorizationToken(auth_header) --查找令牌中的Bearer前缀字符,并进行截取 local token = string.sub(auth_header,8) --校验令牌 - local jwt_obj = jwt:verify(SYSTEM_CONFIG.secret_key, token) + local jwt_obj = jwt:verify(conf.secret_key, token) --如果校验结果中的verified==false,则表示令牌无效 if jwt_obj.verified == false then response["code"] = 401 diff --git a/src/util/uuid.lua b/src/util/uuid.lua new file mode 100644 index 0000000..a6c9cd6 --- /dev/null +++ b/src/util/uuid.lua @@ -0,0 +1,29 @@ +--- +--- Generated by EmmyLua(https://github.com/EmmyLua) +--- Created by frankly. +--- DateTime: 2025/11/10 15:25 +--- + +local jitUuid = require("resty.jit-uuid") + +--uuid.seed() +--local val = uuid() +--local uuid1 = string.gsub(val,"-", "") +--local uid = uuid.generate_v4() ---> v4 UUID +--local uuid2 = string.gsub(uid, "-", "") +--local uid1 = uuid.generate_v3() ---> v3 UUID (name-based with MD5) --nil +--local uid2 = uuid.generate_v5() ---> v5 UUID (name-based with SHA-1) --nil +----uuid.is_valid() ---> true/false (automatic JIT PCRE or Lua patterns) +--ngx.say("val:"..uuid1.." uid:"..uuid2)--.." uid1:"..uid1--.." uid2:"..uid2) + +local _M = {} + +--使用库生存uuid +function _M.generateUuid() + jitUuid.seed() + local Guid = jitUuid.generate_v4() ---> v4 UUID + local uuid = string.gsub(Guid, "-", "") + return uuid +end + +return _M \ No newline at end of file diff --git a/src/validator/oauth/oauth.lua b/src/validator/oauth/oauth.lua new file mode 100644 index 0000000..eaa084c --- /dev/null +++ b/src/validator/oauth/oauth.lua @@ -0,0 +1,113 @@ +--- +--- Generated by EmmyLua(https://github.com/EmmyLua) +--- Created by admin. +--- DateTime: 2025/10/30 08:09 +---业务逻辑 对账户登录的参数进行数据的验证 +local jsonschema = require("jsonschema") + +local _M = {} + +-- 定义一个JSON Schema +local schemaAuth = { + {type = "object", properties = { + {name = "username", type = "string"}, + {name = "password", type = "string"}, + {name = "captcha", type = "string"}, + {name = "checkKey", type = "string"}, + }, required = {"username", "password"}} +} + +--获取授权码 +function _M:validatorAuthorize(jsonData) + -- 验证数据是否符合schema + local validator = jsonschema.generate_validator(schemaAuth) + local result = validator(jsonData) + return result +end + +local schemaToken = { + {type = "object", properties = { + {name = "username", type = "string"}, + {name = "password", type = "string"}, + {name = "captcha", type = "string"}, + {name = "checkKey", type = "string"}, + }, required = {"username", "password"}} +} + +--根据授权码获取Access-Token +function _M:validatorToken(jsonData) + -- 验证数据是否符合schema + local validator = jsonschema.generate_validator(schemaToken) + local result = validator(jsonData) + return result +end + +local schemaUserInfo = { + {type = "object", properties = { + {name = "username", type = "string"}, + {name = "password", type = "string"}, + {name = "captcha", type = "string"}, + {name = "checkKey", type = "string"}, + }, required = {"username", "password"}} +} + +--根据Access-Token获取相应用户的账户信息 +function _M:validatorUserinfo(jsonData) + -- 验证数据是否符合schema + local validator = jsonschema.generate_validator(schemaUserInfo) + local result = validator(jsonData) + return result +end + +local schemaLogout = { + {type = "object", properties = { + {name = "username", type = "string"}, + {name = "password", type = "string"}, + {name = "captcha", type = "string"}, + {name = "checkKey", type = "string"}, + }, required = {"username", "password"}} +} + +--回收Access-Token +function _M:validatorLogout(jsonData) + -- 验证数据是否符合schema + local validator = jsonschema.generate_validator(schemaLogout) + local result = validator(jsonData) + return result +end + +local schemaRefresh = { + {type = "object", properties = { + {name = "username", type = "string"}, + {name = "password", type = "string"}, + {name = "captcha", type = "string"}, + {name = "checkKey", type = "string"}, + }, required = {"username", "password"}} +} + +--根据Refresh-Token刷新Access-Token +function _M:validatorRefresh(jsonData) + -- 验证数据是否符合schema + local validator = jsonschema.generate_validator(schemaRefresh) + local result = validator(jsonData) + return result +end + +local schemaChecklogin = { + {type = "object", properties = { + {name = "username", type = "string"}, + {name = "password", type = "string"}, + {name = "captcha", type = "string"}, + {name = "checkKey", type = "string"}, + }, required = {"username", "password"}} +} + +--验证token是否有效 +function _M:validatorChecklogin(jsonData) + -- 验证数据是否符合schema + local validator = jsonschema.generate_validator(schemaChecklogin) + local result = validator(jsonData) + return result +end + +return _M \ No newline at end of file