From c41075f2b52cbe579a04f93064297cc1245427d8 Mon Sep 17 00:00:00 2001 From: wanglei <34475144@qqcom> Date: Wed, 12 Nov 2025 09:36:00 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E6=8E=A5=E5=8F=A3=E7=9A=84ur?= =?UTF-8?q?l=E8=B7=AF=E7=94=B1=EF=BC=8C=E5=B9=B6=E4=BF=AE=E6=94=B9?= =?UTF-8?q?=E6=96=87=E4=BB=B6=E4=B8=AD=E6=8A=A5=E9=94=99=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- conf/system/system.conf | 18 +++++++++--------- src/api/oauth/oauth.lua | 14 +++++++------- src/api/system/account.lua | 10 +++++----- src/api/system/application.lua | 10 +++++----- src/api/system/department.lua | 10 +++++----- src/api/system/login.lua | 10 +++++----- src/api/system/permission.lua | 10 +++++----- src/api/system/postion.lua | 10 +++++----- src/api/system/role.lua | 10 +++++----- src/api/system/user.lua | 10 +++++----- src/auth/jwt-auth.lua | 2 +- src/dao/system/user.lua | 2 +- src/service/system/user.lua | 6 ++---- src/util/permissionfilter.lua | 1 + src/validator/oauth/oauth.lua | 10 ++++++---- src/validator/system/user.lua | 21 +++++++++++---------- 16 files changed, 78 insertions(+), 76 deletions(-) diff --git a/conf/system/system.conf b/conf/system/system.conf index 3e37172..70b8994 100644 --- a/conf/system/system.conf +++ b/conf/system/system.conf @@ -2,48 +2,48 @@ ### 接口相关控制,接口文件需要使用jwt进行token验证 ### ###################################################### #用户认证登陆相关 -location /api/user { +location /yum/v1/system/user { content_by_lua_file '${APP_PATH}/src/api/system/login.lua'; } #账号信息数据接口 -location /api/system/accounts { +location /yum/v1/system/accounts { access_by_lua_file '${APP_PATH}/src/auth/jwt-auth.lua'; content_by_lua_file '${APP_PATH}/src/api/system/account.lua'; } #应用程序信息数据接口 -location /api/system/applications { +location /yum/v1/system/applications { access_by_lua_file '${APP_PATH}/src/auth/jwt-auth.lua'; content_by_lua_file '${APP_PATH}/src/api/system/application.lua'; } #组织(岗位)信息数据接口 -location /api/system/departments { +location /yum/v1/system/departments { access_by_lua_file '${APP_PATH}/src/auth/jwt-auth.lua'; content_by_lua_file '${APP_PATH}/src/api/system/department.lua'; } #权限信息数据接口 -location /api/system/permissions { +location /yum/v1/system/permissions { access_by_lua_file '${APP_PATH}/src/auth/jwt-auth.lua'; content_by_lua_file '${APP_PATH}/src/api/system/permission.lua'; } #岗位信息数据接口 -location /api/system/positions { +location /yum/v1/system/positions { access_by_lua_file '${APP_PATH}/src/auth/jwt-auth.lua'; content_by_lua_file '${APP_PATH}/src/api/system/position.lua'; } #账号信息数据接口 -location /api/system/roles { +location /yum/v1/system/roles { access_by_lua_file '${APP_PATH}/src/auth/jwt-auth.lua'; content_by_lua_file '${APP_PATH}/src/api/system/role.lua'; } #用户信息数据接口 -location /api/system/users { +location /yum/v1/system/users { access_by_lua_file '${APP_PATH}/src/auth/jwt-auth.lua'; content_by_lua_file '${APP_PATH}/src/api/system/user.lua'; } @@ -52,6 +52,6 @@ location /api/system/users { ### oauth2.0 + openIDC 接口文件处理 ### ###################################################### #用户认证登陆相关 -location /api/oauth/v2 { +location /yum/v1/oauth/v2 { content_by_lua_file '${APP_PATH}/src/api/oauth/oauth.lua'; } \ No newline at end of file diff --git a/src/api/oauth/oauth.lua b/src/api/oauth/oauth.lua index 9b8f45e..ce7d76b 100644 --- a/src/api/oauth/oauth.lua +++ b/src/api/oauth/oauth.lua @@ -15,43 +15,43 @@ local routes = { -------------------------------------------- --获取授权码 { - paths = { "/api/oauth/v2/authorize" }, + paths = { "/yum/v1/oauth/v2/authorize" }, methods = { "POST" }, handler = oauthService.authorize, }, --根据授权码获取Access-Token { - paths = { "/api/oauth/v2/token" }, + paths = { "/yum/v1/oauth/v2/token" }, methods = { "POST" }, handler = oauthService.token, }, --通过用户名和密码进行验证 { - paths = { "/api/oauth/v2/login" }, + paths = { "/yum/v1/oauth/v2/login" }, methods = { "POST" }, handler = oauthService.login, }, --根据Access-Token获取相应用户的账户信息 { - paths = { "/api/oauth/v2/userinfo" }, + paths = { "/yum/v1/oauth/v2/userinfo" }, methods = { "POST" }, handler = oauthService.userinfo, }, --回收Access-Token { - paths = { "/api/oauth/v2/logout" }, + paths = { "/yum/v1/oauth/v2/logout" }, methods = { "POST" }, handler = oauthService.logout, }, --根据Refresh-Token刷新Access-Token { - paths = { "/api/oauth/v2/refresh" }, + paths = { "/yum/v1/oauth/v2/refresh" }, methods = { "POST" }, handler = oauthService.refresh, }, --验证token是否有效 { - paths = { "/api/oauth/v2/checklogin" }, + paths = { "/yum/v1/oauth/v2/checklogin" }, methods = { "POST" }, handler = oauthService.checklogin, }, diff --git a/src/api/system/account.lua b/src/api/system/account.lua index cb1e1ae..e37c4f4 100644 --- a/src/api/system/account.lua +++ b/src/api/system/account.lua @@ -13,7 +13,7 @@ local systemAccount = require("service.system.account") local routes = { --账户相关路由接口 { - paths = { "/api/system/accounts" }, + paths = { "/yum/v1/system/accounts" }, methods = { "GET" }, filter_fun = function(vars) ngx.ctx.perms = "system::accounts::list" @@ -22,7 +22,7 @@ local routes = { handler = systemAccount.getSystemAccounts, }, { - paths = { "/api/system/accounts/:id" }, + paths = { "/yum/v1/system/accounts/:id" }, methods = { "GET" }, filter_fun = function(vars) ngx.ctx.perms = "system::accounts::view" @@ -31,7 +31,7 @@ local routes = { handler = systemAccount.getSystemAccount, }, { - paths = { "/api/system/accounts" }, + paths = { "/yum/v1/system/accounts" }, methods = { "POST" }, filter_fun = function(vars) ngx.ctx.perms = "system::accounts::add" @@ -40,7 +40,7 @@ local routes = { handler = systemAccount.addSystemAccount, }, { - paths = { "/api/system/accounts/:id" }, + paths = { "/yum/v1/system/accounts/:id" }, methods = { "DELETE" }, filter_fun = function(vars) ngx.ctx.perms = "system::accounts::delete" @@ -49,7 +49,7 @@ local routes = { handler = systemAccount.deleteSystemAccount, }, { - paths = { "/api/system/accounts/:id" }, + paths = { "/yum/v1/system/accounts/:id" }, methods = { "PUT" }, filter_fun = function(vars) ngx.ctx.perms = "system::accounts::edit" diff --git a/src/api/system/application.lua b/src/api/system/application.lua index 6b0b598..5bb6228 100644 --- a/src/api/system/application.lua +++ b/src/api/system/application.lua @@ -13,7 +13,7 @@ local systemApplication = require("service.system.application") local routes = { --应用相关路由接口 { - paths = { "/api/system/applications" }, + paths = { "/yum/v1/system/applications" }, methods = { "GET" }, filter_fun = function(vars) ngx.ctx.perms = "system::applications::list" @@ -22,7 +22,7 @@ local routes = { handler = systemApplication.getSystemApplications, }, { - paths = { "/api/system/applications/:id" }, + paths = { "/yum/v1/system/applications/:id" }, methods = { "GET" }, filter_fun = function(vars) ngx.ctx.perms = "system::applications::view" @@ -31,7 +31,7 @@ local routes = { handler = systemApplication.getSystemApplication, }, { - paths = { "/api/system/applications" }, + paths = { "/yum/v1/system/applications" }, methods = { "POST" }, filter_fun = function(vars) ngx.ctx.perms = "system::applications::add" @@ -40,7 +40,7 @@ local routes = { handler = systemApplication.addSystemApplication, }, { - paths = { "/api/system/applications/:id" }, + paths = { "/yum/v1/system/applications/:id" }, methods = { "DELETE" }, filter_fun = function(vars) ngx.ctx.perms = "system::applications::delete" @@ -49,7 +49,7 @@ local routes = { handler = systemApplication.deleteSystemApplication, }, { - paths = { "/api/system/applications/:id" }, + paths = { "/yum/v1/system/applications/:id" }, methods = { "PUT" }, filter_fun = function(vars) ngx.ctx.perms = "system::applications::edit" diff --git a/src/api/system/department.lua b/src/api/system/department.lua index 81a38fc..5c944d3 100644 --- a/src/api/system/department.lua +++ b/src/api/system/department.lua @@ -13,7 +13,7 @@ local systemDepartment = require("service.system.department") local routes = { --组织(部门)相关路由接口 { - paths = { "/api/system/departments" }, + paths = { "/yum/v1/system/departments" }, methods = { "GET" }, filter_fun = function(vars) ngx.ctx.perms = "system::departments::list" @@ -22,7 +22,7 @@ local routes = { handler = systemDepartment.getSystemDepartments, }, { - paths = { "/api/system/departments/:id" }, + paths = { "/yum/v1/system/departments/:id" }, methods = { "GET" }, filter_fun = function(vars) ngx.ctx.perms = "system::departments::view" @@ -31,7 +31,7 @@ local routes = { handler = systemDepartment.getSystemDepartment, }, { - paths = { "/api/system/departments" }, + paths = { "/yum/v1/system/departments" }, methods = { "POST" }, filter_fun = function(vars) ngx.ctx.perms = "system::departments::add" @@ -40,7 +40,7 @@ local routes = { handler = systemDepartment.addSystemDepartment, }, { - paths = { "/api/system/departments/:id" }, + paths = { "/yum/v1/system/departments/:id" }, methods = { "DELETE" }, filter_fun = function(vars) ngx.ctx.perms = "system::departments::delete" @@ -49,7 +49,7 @@ local routes = { handler = systemDepartment.deleteSystemDepartment, }, { - paths = { "/api/system/departments/:id" }, + paths = { "/yum/v1/system/departments/:id" }, methods = { "PUT" }, filter_fun = function(vars) ngx.ctx.perms = "system::departments::edit" diff --git a/src/api/system/login.lua b/src/api/system/login.lua index 2103381..6b6e6dd 100644 --- a/src/api/system/login.lua +++ b/src/api/system/login.lua @@ -15,31 +15,31 @@ local routes = { -------------------------------------------- --用户登录路由接口 { - paths = { "/api/user/login" }, + paths = { "/yum/v1/system/user/login" }, methods = { "POST" }, handler = loginService.login, }, --用户注册路由接口 { - paths = { "/api/user/signup" }, + paths = { "/yum/v1/system/user/signup" }, methods = { "POST" }, handler = loginService.signup, }, --用户退出路由接口 { - paths = { "/api/user/logout" }, + paths = { "/yum/v1/system/user/logout" }, methods = { "POST" }, handler = loginService.logout, }, --根据token信息获取用户信息数据 { - paths = { "/api/user/user" }, + paths = { "/yum/v1/system/user/user" }, methods = { "GET" }, handler = loginService.user, }, --根据token信息获取用户权限数据 { - paths = { "/api/user/permission" }, + paths = { "/yum/v1/system/user/permission" }, methods = { "GET" }, handler = loginService.permission, }, diff --git a/src/api/system/permission.lua b/src/api/system/permission.lua index d66784c..152f345 100644 --- a/src/api/system/permission.lua +++ b/src/api/system/permission.lua @@ -13,7 +13,7 @@ local systemPermission = require("service.system.permission") local routes = { --权限相关路由接口 { - paths = { "/api/system/permissions" }, + paths = { "/yum/v1/system/permissions" }, methods = { "GET" }, filter_fun = function(vars) ngx.ctx.perms = "system::permissions::list" @@ -22,7 +22,7 @@ local routes = { handler = systemPermission.getSystemPermissions, }, { - paths = { "/api/system/permissions/:id" }, + paths = { "/yum/v1/system/permissions/:id" }, methods = { "GET" }, filter_fun = function(vars) ngx.ctx.perms = "system::permissions::view" @@ -31,7 +31,7 @@ local routes = { handler = systemPermission.getSystemPermission, }, { - paths = { "/api/system/permissions" }, + paths = { "/yum/v1/system/permissions" }, methods = { "POST" }, filter_fun = function(vars) ngx.ctx.perms = "system::permissions::add" @@ -40,7 +40,7 @@ local routes = { handler = systemPermission.addSystemPermission, }, { - paths = { "/api/system/permissions/:id" }, + paths = { "/yum/v1/system/permissions/:id" }, methods = { "DELETE" }, filter_fun = function(vars) ngx.ctx.perms = "system::permissions::delete" @@ -49,7 +49,7 @@ local routes = { handler = systemPermission.deleteSystemPermission, }, { - paths = { "/api/system/permissions/:id" }, + paths = { "/yum/v1/system/permissions/:id" }, methods = { "PUT" }, filter_fun = function(vars) ngx.ctx.perms = "system::permissions::edit" diff --git a/src/api/system/postion.lua b/src/api/system/postion.lua index 672075d..1abf824 100644 --- a/src/api/system/postion.lua +++ b/src/api/system/postion.lua @@ -13,7 +13,7 @@ local systemPosition = require("service.system.position") local routes = { --岗位相关路由接口 { - paths = { "/api/system/positions" }, + paths = { "/yum/v1/system/positions" }, methods = { "GET" }, filter_fun = function(vars) ngx.ctx.perms = "system::positions::list" @@ -22,7 +22,7 @@ local routes = { handler = systemPosition.getSystemPositions, }, { - paths = { "/api/system/positions/:id" }, + paths = { "/yum/v1/system/positions/:id" }, methods = { "GET" }, filter_fun = function(vars) ngx.ctx.perms = "system::positions::view" @@ -31,7 +31,7 @@ local routes = { handler = systemPosition.getSystemPosition, }, { - paths = { "/api/system/positions" }, + paths = { "/yum/v1/system/positions" }, methods = { "POST" }, filter_fun = function(vars) ngx.ctx.perms = "system::positions::add" @@ -40,7 +40,7 @@ local routes = { handler = systemPosition.addSystemPosition, }, { - paths = { "/api/system/positions/:id" }, + paths = { "/yum/v1/system/positions/:id" }, methods = { "DELETE" }, filter_fun = function(vars) ngx.ctx.perms = "system::positions::delete" @@ -49,7 +49,7 @@ local routes = { handler = systemPosition.deleteSystemPosition, }, { - paths = { "/api/system/positions/:id" }, + paths = { "/yum/v1/system/positions/:id" }, methods = { "PUT" }, filter_fun = function(vars) ngx.ctx.perms = "system::positions::edit" diff --git a/src/api/system/role.lua b/src/api/system/role.lua index a7a478d..7afff8e 100644 --- a/src/api/system/role.lua +++ b/src/api/system/role.lua @@ -13,7 +13,7 @@ local systemRole = require("service.system.role") local routes = { --角色相关路由接口 { - paths = { "/api/system/roles" }, + paths = { "/yum/v1/system/roles" }, methods = { "GET" }, filter_fun = function(vars) ngx.ctx.perms = "system::roles::list" @@ -22,7 +22,7 @@ local routes = { handler = systemRole.getSystemRoles, }, { - paths = { "/api/system/roles/:id" }, + paths = { "/yum/v1/system/roles/:id" }, methods = { "GET" }, filter_fun = function(vars) ngx.ctx.perms = "system::roles::view" @@ -31,7 +31,7 @@ local routes = { handler = systemRole.getSystemRole, }, { - paths = { "/api/system/roles" }, + paths = { "/yum/v1/system/roles" }, methods = { "POST" }, filter_fun = function(vars) ngx.ctx.perms = "system::roles::add" @@ -40,7 +40,7 @@ local routes = { handler = systemRole.addSystemRole, }, { - paths = { "/api/system/roles/:id" }, + paths = { "/yum/v1/system/roles/:id" }, methods = { "DELETE" }, filter_fun = function(vars) ngx.ctx.perms = "system::roles::delete" @@ -49,7 +49,7 @@ local routes = { handler = systemRole.deleteSystemRole, }, { - paths = { "/api/system/roles/:id" }, + paths = { "/yum/v1/system/roles/:id" }, methods = { "PUT" }, filter_fun = function(vars) ngx.ctx.perms = "system::roles::edit" diff --git a/src/api/system/user.lua b/src/api/system/user.lua index 0737465..effbaff 100644 --- a/src/api/system/user.lua +++ b/src/api/system/user.lua @@ -13,7 +13,7 @@ local routes = { --用户相关路由接口 --获取所有用户信息数据 { - paths = { "/api/system/users" }, + paths = { "/yum/v1/system/users" }, methods = { "GET" }, filter_fun = function(vars) ngx.ctx.perms = "system::users::list" @@ -23,7 +23,7 @@ local routes = { }, --根据用户id获取用户详情信息 { - paths = { "/api/system/users/:id" }, + paths = { "/yum/v1/system/users/:id" }, methods = { "GET" }, filter_fun = function(vars) ngx.ctx.perms = "system::users::view" @@ -33,7 +33,7 @@ local routes = { }, --根据增加新的用户信息 { - paths = { "/api/system/users" }, + paths = { "/yum/v1/system/users" }, methods = { "POST" }, filter_fun = function(vars) ngx.ctx.perms = "system::users::add" @@ -43,7 +43,7 @@ local routes = { }, --根据用户id删除用户信息 { - paths = { "/api/system/users/:id" }, + paths = { "/yum/v1/system/users/:id" }, methods = { "DELETE" }, filter_fun = function(vars) ngx.ctx.perms = "system::users::delete" @@ -53,7 +53,7 @@ local routes = { }, --根据用户id编辑用户信息 { - paths = { "/api/system/users/:id" }, + paths = { "/yum/v1/system/users/:id" }, methods = { "PUT" }, filter_fun = function(vars) ngx.ctx.perms = "system::users::edit" diff --git a/src/auth/jwt-auth.lua b/src/auth/jwt-auth.lua index 6f72901..5fccf62 100644 --- a/src/auth/jwt-auth.lua +++ b/src/auth/jwt-auth.lua @@ -53,7 +53,7 @@ end -- write the uid variable ngx.ctx.userid = jwt_obj.payload.userid ngx.ctx.username = jwt_obj.payload.username -ngx.ctx.role = jwt_obj.payload.role +ngx.ctx.role = jwt_obj.payload.role_name ngx.log(ngx.WARN, "claims: ".. cjson.encode(jwt_obj.payload)) --全部校验完成后,说明令牌有效,返回令牌数据 diff --git a/src/dao/system/user.lua b/src/dao/system/user.lua index 6b6f578..7977ec6 100644 --- a/src/dao/system/user.lua +++ b/src/dao/system/user.lua @@ -108,7 +108,7 @@ function _M:adjustUser(name, passwd) if name == nil or passwd == nil then return 0x010003, nil end - local pwdMd5 = ngx.md5(passwd) + local pwdMd5 = passwd--ngx.md5(passwd) --根据用户进行验证用户是否存在 local code, res = userModel:where("username", "=", name):where("password", "=", pwdMd5):get() if code == 0 and res ~= nil then diff --git a/src/service/system/user.lua b/src/service/system/user.lua index cc909c3..31eb819 100644 --- a/src/service/system/user.lua +++ b/src/service/system/user.lua @@ -54,18 +54,16 @@ function _M.getSystemUser(m) local role = ngx.ctx.role --权限数据 local perms = ngx.ctx.perms + print("get getSystemUser:", role, perms) --判断当前接口用户和角色是否有权限 if perm:hasPermission(role, perms) == false then ngx.exit(ngx.HTTP_FORBIDDEN) end --获取登录的用户信息 local payload = ngx.var.uid - local metadata = m.metadata - ngx.log(ngx.INFO, "metadata value:"..metadata) - local userid = getUserId() if userid ~= m.id then - ngx.log(ngx.WARN, "用户与使用token中的用户id不一致") + ngx.log(ngx.WARN, "用户与使用token中的用户id不一致", userid, m.id) ngx.status = ngx.HTTP_NOT_ALLOWED ngx.exit(ngx.HTTP_NOT_ALLOWED) end diff --git a/src/util/permissionfilter.lua b/src/util/permissionfilter.lua index c3e5e8f..823420f 100644 --- a/src/util/permissionfilter.lua +++ b/src/util/permissionfilter.lua @@ -24,6 +24,7 @@ function _M:hasPermission(role_name, permission) -- 检查直接权限 local key = role_name.."-"..permission + print("get permission key:", key) local res, err = red:get(key) if res ~= nil then return true diff --git a/src/validator/oauth/oauth.lua b/src/validator/oauth/oauth.lua index 58b4b03..64095b6 100644 --- a/src/validator/oauth/oauth.lua +++ b/src/validator/oauth/oauth.lua @@ -44,10 +44,12 @@ function _M:validatorToken(jsonData) end local schemaLogin = { - {type = "object", properties = { - {name = "username", type = "string"}, - {name = "password", type = "string"}, - }, required = {"username", "password"}} + type = "object", + properties = { + username = { type = "string" }, + password = { type = "string" }, + }, + required = {"username", "password"} } --回收Access-Token diff --git a/src/validator/system/user.lua b/src/validator/system/user.lua index ed70fec..4c049dd 100644 --- a/src/validator/system/user.lua +++ b/src/validator/system/user.lua @@ -9,16 +9,17 @@ local _M = {} -- 定义一个JSON Schema local schema = { - {type = "object", properties = { - {name = "username", type = "string", minLength = 8, maxLength = 20}, - {name = "phone", type = "string",minLength = 11}, - {name = "email", type = "string"}, - {name = "idcard", type = "string"}, - {name = "name", type = "string"}, - {name = "office_phone", type = "string"}, - {name = "telephone", type = "string",minLength = 11}, - {name = "display_name", type = "string"}, - }, required = {"username", "phone", "email", "idcard"}} + type = "object", + properties = { + username = { type = "string" }, + phone = { type = "string" }, + email = { type = "string" }, + idcard = { type = "string" }, + office_phone = { type = "string" }, + telephone = { type = "string" }, + display_name = { type = "string" }, + }, + required = { "username", "phone", "email", "idcard" } } function _M.validatorJson(jsonData)