From f12c32db081465540b3f041f8e7d1c0216a05b94 Mon Sep 17 00:00:00 2001 From: wanglei <34475144@qq.com> Date: Wed, 5 Nov 2025 16:17:17 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E9=85=8D=E7=BD=AE=E6=96=87?= =?UTF-8?q?=E4=BB=B6=EF=BC=8C=E5=A2=9E=E5=8A=A0lua=E4=BD=BF=E7=94=A8?= =?UTF-8?q?=E7=9A=84=E5=85=B1=E4=BA=AB=E5=86=85=E5=AD=98=E4=BE=8B=E5=AD=90?= =?UTF-8?q?=EF=BC=8C=E7=94=A8=E4=BA=8E=E6=B5=8B=E8=AF=95=E4=BD=BF=E7=94=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- conf/nginx.conf | 24 ++++++++++++------------ src/init.lua | 17 +++++++++++------ src/test/test.lua | 7 +++++++ src/util/rbac.lua | 15 +++++++++++++++ 4 files changed, 45 insertions(+), 18 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index e3c042f..df9b4a8 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -25,19 +25,19 @@ http { #lua_ssl_verify_depth 3; #在Nginx启动时执行的Lua代码块 - lua_shared_dict dict_a 1m; - init_by_lua_block { - -- 定义一个全局变量 - ngx.log(ngx.INFO, "Initializing global variable") - global_var = "Hello, Nginx with Lua!" - - -- 初始化一个共享字典(需要 lua-shared-dict 模块) - local shared_dict = ngx.shared.dict_a - shared_dict:set("key", "value") - } + #初始化用户角色权限相关的共享内存 + lua_shared_dict dictRBAC 50m; + #init_by_lua_block { + # -- 定义一个全局变量 + # ngx.log(ngx.INFO, "Initializing global variable") + # global_var = "Hello, Nginx with Lua!" + # -- 初始化一个共享字典(需要 lua-shared-dict 模块) + # local shared_dict = ngx.shared.dict_a + # shared_dict:set("key", "value") + #} #init_by_lua_block 与 init_by_lua_file 只能初始化其中的一个,不能同时启用 #否则报错nginx: [emerg] "init_by_lua_file" directive is duplicate - #init_by_lua_file '/home/frankly/work/AuthPlatform/src/init.lua'; + init_by_lua_file '/home/frankly/work/AuthPlatform/src/init.lua'; server { listen 9080; @@ -60,7 +60,7 @@ http { location /testRBAC { content_by_lua_file '${APP_PATH}/src/test/testRBAC.lua'; } - location /cjson { + location /test { content_by_lua_file '${APP_PATH}/src/test/test.lua'; } location = /testSM { diff --git a/src/init.lua b/src/init.lua index 190a261..5936f52 100644 --- a/src/init.lua +++ b/src/init.lua @@ -10,9 +10,14 @@ print("init application...") --初始化,获取系统默认的用户权限,为实现RBAC框架做权限数据准备 -cjson = require "cjson" -local dict_a = ngx.shared.dict_a -local v = dict_a:get("abc") -if not v then - dict_a:set("abc", 9) -end \ No newline at end of file +local data = { + admin = { + "system:user:add", "system:user:edit", "system:user:delete", "system:user:view", "system:user:list" + }, + guest = { + "system:user:view" + }, +} + +local dict = ngx.shared.dictRBAC +dict:set("users", data) \ No newline at end of file diff --git a/src/test/test.lua b/src/test/test.lua index 1b4ff8a..73b30b7 100644 --- a/src/test/test.lua +++ b/src/test/test.lua @@ -16,8 +16,15 @@ local cjson = require("cjson.safe") --max =a and b or c--a?b:c +--[[ +--调用c库相关例子 local mylib = require "addlib" ngx.say(addlib.add(5,7)) +--]] + +local dict = ngx.shared.dictRBAC +local val = dict:get("users") +ngx.say(val) --[[ local uuid = require("resty.jit-uuid") diff --git a/src/util/rbac.lua b/src/util/rbac.lua index a44eb44..35475dc 100644 --- a/src/util/rbac.lua +++ b/src/util/rbac.lua @@ -75,4 +75,19 @@ function RBAC:get_user_permissions(user_id) return user_permissions end +-- 添加角色 +--_, err = permit.AddPolicy(roleName, roleId, action) + +-- 赋予用户角色 +--_, err = permit.AddRoleForUser(user, roleName) + +-- 查看具有某角色的所有用户 +--res, err = permit.GetUsersForRole(roleName) + +-- 移除用户具有的角色 +--_, err = permit.DeleteRoleForUser(user, roleName) + +-- 移除角色,跟角色相关联的用户都被移除 +--_, err = permit.DeleteRole(roleName) + return RBAC \ No newline at end of file