wanglei/AuthPlatform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: wanglei:fc5967b213ae856b9541379a0f105ce1ac644461
Branches Tags
wanglei:master
...
compare: wanglei:ff0b020166d41f4756b58924f0e517dfd9c2f131
Branches Tags
wanglei:master

6 Commits
fc5967b213 ... ff0b020166

Author SHA1 Message Date
wanglei
ff0b020166 编写生成ssl认证文件函数和相关的测试例子 2025-11-10 08:30:19 +08:00
wanglei
b3b1f91080 修改测试例子 2025-11-09 13:39:18 +08:00
wanglei
aa65ae0d4b 对前端的调用接口增加权限认证代码,权限认证失败返回403 2025-11-08 16:10:04 +08:00
wanglei
fa7185d1d1 修改权限过滤器文件中的获取角色中的所有权限和删除角色后删除掉所对应的权限 2025-11-08 15:41:10 +08:00
wanglei
e95d2a0ee5 将初始化修改为使用管道进行存储到redis中 2025-11-08 15:10:36 +08:00
wanglei
a662650dc7 对redis部分操作进行修改 2025-11-08 15:08:02 +08:00
19 changed files with 600 additions and 56 deletions
Show Stats Expand all files Collapse all files

7
conf/nginx.conf
View File

@ -80,4 +80,11 @@ http {
}
}
}
server {
listen 9081 ssl http2;
server_name *.*;
ssl_certificate ssl/metroid.crt;
ssl_certificate_key ssl/metroid.key;
}
}

25
src/api/system/account.lua
View File

@ -15,32 +15,47 @@ local routes = {
{
paths = { "/api/system/accounts" },
methods = { "GET" },
filter_fun = function(vars)
ngx.ctx.perms = "system::accounts::list"
return true
end,
handler = systemAccount.getSystemAccounts,
metadata = "system::accounts::list",
},
{
paths = { "/api/system/accounts/:id" },
methods = { "GET" },
filter_fun = function(vars)
ngx.ctx.perms = "system::accounts::view"
return true
end,
handler = systemAccount.getSystemAccount,
metadata = "system::accounts::view",
},
{
paths = { "/api/system/accounts" },
methods = { "POST" },
filter_fun = function(vars)
ngx.ctx.perms = "system::accounts::add"
return true
end,
handler = systemAccount.addSystemAccount,
metadata = "system::accounts::add",
},
{
paths = { "/api/system/accounts/:id" },
methods = { "DELETE" },
filter_fun = function(vars)
ngx.ctx.perms = "system::accounts::delete"
return true
end,
handler = systemAccount.deleteSystemAccount,
metadata = "system::accounts::delete",
},
{
paths = { "/api/system/accounts/:id" },
methods = { "PUT" },
filter_fun = function(vars)
ngx.ctx.perms = "system::accounts::edit"
return true
end,
handler = systemAccount.updateSystemAccount,
metadata = "system::accounts::edit",
},
}

25
src/api/system/application.lua
View File

@ -15,32 +15,47 @@ local routes = {
{
paths = { "/api/system/applications" },
methods = { "GET" },
filter_fun = function(vars)
ngx.ctx.perms = "system::applications::list"
return true
end,
handler = systemApplication.getSystemApplications,
metadata = "system::applications::list",
},
{
paths = { "/api/system/applications/:id" },
methods = { "GET" },
filter_fun = function(vars)
ngx.ctx.perms = "system::applications::view"
return true
end,
handler = systemApplication.getSystemApplication,
metadata = "system::applications::view",
},
{
paths = { "/api/system/applications" },
methods = { "POST" },
filter_fun = function(vars)
ngx.ctx.perms = "system::applications::add"
return true
end,
handler = systemApplication.addSystemApplication,
metadata = "system::applications::add",
},
{
paths = { "/api/system/applications/:id" },
methods = { "DELETE" },
filter_fun = function(vars)
ngx.ctx.perms = "system::applications::delete"
return true
end,
handler = systemApplication.deleteSystemApplication,
metadata = "system::applications::delete",
},
{
paths = { "/api/system/applications/:id" },
methods = { "PUT" },
filter_fun = function(vars)
ngx.ctx.perms = "system::applications::edit"
return true
end,
handler = systemApplication.updateSystemApplication,
metadata = "system::applications::edit",
},
}

25
src/api/system/department.lua
View File

@ -15,32 +15,47 @@ local routes = {
{
paths = { "/api/system/departments" },
methods = { "GET" },
filter_fun = function(vars)
ngx.ctx.perms = "system::departments::list"
return true
end,
handler = systemDepartment.getSystemDepartments,
metadata = "system::departments::list",
},
{
paths = { "/api/system/departments/:id" },
methods = { "GET" },
filter_fun = function(vars)
ngx.ctx.perms = "system::departments::view"
return true
end,
handler = systemDepartment.getSystemDepartment,
metadata = "system::departments::view",
},
{
paths = { "/api/system/departments" },
methods = { "POST" },
filter_fun = function(vars)
ngx.ctx.perms = "system::departments::add"
return true
end,
handler = systemDepartment.addSystemDepartment,
metadata = "system::departments::add",
},
{
paths = { "/api/system/departments/:id" },
methods = { "DELETE" },
filter_fun = function(vars)
ngx.ctx.perms = "system::departments::delete"
return true
end,
handler = systemDepartment.deleteSystemDepartment,
metadata = "system::departments::delete",
},
{
paths = { "/api/system/departments/:id" },
methods = { "PUT" },
filter_fun = function(vars)
ngx.ctx.perms = "system::departments::edit"
return true
end,
handler = systemDepartment.updateSystemDepartment,
metadata = "system::departments::edit",
},
}

25
src/api/system/permission.lua
View File

@ -15,32 +15,47 @@ local routes = {
{
paths = { "/api/system/permissions" },
methods = { "GET" },
filter_fun = function(vars)
ngx.ctx.perms = "system::permissions::list"
return true
end,
handler = systemPermission.getSystemPermissions,
metadata = "system::permissions::list",
},
{
paths = { "/api/system/permissions/:id" },
methods = { "GET" },
filter_fun = function(vars)
ngx.ctx.perms = "system::permissions::view"
return true
end,
handler = systemPermission.getSystemPermission,
metadata = "system::permissions::view",
},
{
paths = { "/api/system/permissions" },
methods = { "POST" },
filter_fun = function(vars)
ngx.ctx.perms = "system::permissions::add"
return true
end,
handler = systemPermission.addSystemPermission,
metadata = "system::permissions::add",
},
{
paths = { "/api/system/permissions/:id" },
methods = { "DELETE" },
filter_fun = function(vars)
ngx.ctx.perms = "system::permissions::delete"
return true
end,
handler = systemPermission.deleteSystemPermission,
metadata = "system::permissions::delete",
},
{
paths = { "/api/system/permissions/:id" },
methods = { "PUT" },
filter_fun = function(vars)
ngx.ctx.perms = "system::permissions::edit"
return true
end,
handler = systemPermission.updateSystemPermission,
metadata = "system::permissions::edit",
},
}

25
src/api/system/postion.lua
View File

@ -15,32 +15,47 @@ local routes = {
{
paths = { "/api/system/positions" },
methods = { "GET" },
filter_fun = function(vars)
ngx.ctx.perms = "system::positions::list"
return true
end,
handler = systemPosition.getSystemPositions,
metadata = "system::positions::list",
},
{
paths = { "/api/system/positions/:id" },
methods = { "GET" },
filter_fun = function(vars)
ngx.ctx.perms = "system::positions::view"
return true
end,
handler = systemPosition.getSystemPosition,
metadata = "system::positions::list",
},
{
paths = { "/api/system/positions" },
methods = { "POST" },
filter_fun = function(vars)
ngx.ctx.perms = "system::positions::add"
return true
end,
handler = systemPosition.addSystemPosition,
metadata = "system::positions::list",
},
{
paths = { "/api/system/positions/:id" },
methods = { "DELETE" },
filter_fun = function(vars)
ngx.ctx.perms = "system::positions::delete"
return true
end,
handler = systemPosition.deleteSystemPosition,
metadata = "system::positions::list",
},
{
paths = { "/api/system/positions/:id" },
methods = { "PUT" },
filter_fun = function(vars)
ngx.ctx.perms = "system::positions::edit"
return true
end,
handler = systemPosition.updateSystemPosition,
metadata = "system::positions::list",
},
}

25
src/api/system/role.lua
View File

@ -15,32 +15,47 @@ local routes = {
{
paths = { "/api/system/roles" },
methods = { "GET" },
filter_fun = function(vars)
ngx.ctx.perms = "system::roles::list"
return true
end,
handler = systemRole.getSystemRoles,
metadata = "system::roles::list",
},
{
paths = { "/api/system/roles/:id" },
methods = { "GET" },
filter_fun = function(vars)
ngx.ctx.perms = "system::roles::view"
return true
end,
handler = systemRole.getSystemRole,
metadata = "system::roles::view",
},
{
paths = { "/api/system/roles" },
methods = { "POST" },
filter_fun = function(vars)
ngx.ctx.perms = "system::roles::add"
return true
end,
handler = systemRole.addSystemRole,
metadata = "system::roles::add",
},
{
paths = { "/api/system/roles/:id" },
methods = { "DELETE" },
filter_fun = function(vars)
ngx.ctx.perms = "system::roles::delete"
return true
end,
handler = systemRole.deleteSystemRole,
metadata = "system::roles::delete",
},
{
paths = { "/api/system/roles/:id" },
methods = { "PUT" },
filter_fun = function(vars)
ngx.ctx.perms = "system::roles::edit"
return true
end,
handler = systemRole.updateSystemRole,
metadata = "system::roles::edit",
},
}

13
src/init.lua
View File

@ -53,6 +53,8 @@ local function handler()
--获取数据表中的记录数
local code, res = roleDao:getAllSystemRoles()
if res == nil then return end
--管道进行redis处理
red:init_pipeline()
--读取角色id和角色名称
for _, row in pairs(res) do
local id = row.id --:1
@ -65,17 +67,20 @@ local function handler()
local perm = ret.permission_code
local key = name.."-"..perm
--role_name-permission_code 组成key进行验证 存储到redis中
local ok, err = red:set(key, "1")
if not ok then
ngx.log(ngx.ERR, "redis failed to set key: "..err)
end
red:set(key, "1")
end
end
local results, err = red:commit_pipeline()
if not results then
ngx.log(ngx.ERR, "init failed to commit the pipelined requests: ", err)
end
--关闭redis连接
red:close()
--共享数据字典进行数据存储
--dict:set("RBAC", "1")
print("init application success")
end
-- 设置定时器执行一次handler函数

36
src/service/system/account.lua
View File

@ -7,11 +7,19 @@ local resp = require("util.response")
local accountDao = require("dao.account")
local validatorJson = require("validator.system.account")
local cjson = require("cjson.safe")
local perm = require("util.permissionfilter")
local _M = {}
--获取所有账户信息
function _M.getSystemAccounts()
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
local pageNum = ngx.var.pagenum or 1
local pageSize = ngx.var.pagesize or 10
local code,ret = accountDao.getSystemAccounts(pageNum, pageSize)
@ -21,6 +29,13 @@ end
--根据账户id获取账户信息
function _M.getSystemAccount(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
local id = m.id
local code,ret = accountDao.getSystemAccount(id)
local result = resp:json(code, ret)
@ -29,6 +44,13 @@ end
--根据账户id获取账户信息
function _M.addSystemAccount()
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--读取请求体的数据
ngx.req.read_body()
--获取请求数据
@ -49,6 +71,13 @@ end
--根据账户id删除账户信息
function _M.deleteSystemAccount(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
local code, ret = accountDao.deleteSystemAccount(m.id)
local result = resp:json(code, ret)
resp:send(result)
@ -56,6 +85,13 @@ end
--根据账户id删除账户信息
function _M.updateSystemAccount(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--读取请求体的数据
ngx.req.read_body()
--获取请求数据

50
src/service/system/application.lua
View File

@ -7,11 +7,19 @@ local resp = require("util.response")
local applicationDao = require("dao.application")
local validatorJson = require("validator.system.application")
local cjson = require("cjson.safe")
local perm = require("util.permissionfilter")
local _M = {}
--获取所有应用程序信息
function _M.getSystemApplications()
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--获取页码和请求的数据量
local pageNum = ngx.var.pagenum or 1
local pageSize = ngx.var.pagesize or 10
@ -22,6 +30,13 @@ end
--根据应用id获取应用信息
function _M.getSystemApplication(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
local code,ret = applicationDao.getSystemApplication(m.id)
local result = resp:json(code, ret)
resp:send(result)
@ -29,6 +44,13 @@ end
--根据组织id获取应用信息
function _M.getOrganizationApplication(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
local code,ret = applicationDao.getOrganizationApplication(m.id)
local result = resp:json(code, ret)
resp:send(result)
@ -36,6 +58,13 @@ end
--根据用户id获取应用的信息
function _M.getUserApplication(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
local code,ret = applicationDao.getUserApplication(m.id)
local result = resp:json(code, ret)
resp:send(result)
@ -43,6 +72,13 @@ end
--根据应用id获取应用信息
function _M.addSystemApplication()
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--读取请求体的数据
ngx.req.read_body()
--获取请求数据
@ -63,6 +99,13 @@ end
--根据应用id删除应用信息
function _M.deleteSystemApplication(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
local code, ret = applicationDao.deleteApplication(m.id)
local result = resp:json(code, ret)
resp:send(result)
@ -70,6 +113,13 @@ end
--根据应用id删除应用信息
function _M.updateSystemApplication(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--读取请求体的数据
ngx.req.read_body()
--获取请求数据

37
src/service/system/department.lua
View File

@ -7,11 +7,19 @@ local resp = require("util.response")
local departmentDao = require("dao.department")
local validatorJson = require("validator.system.department")
local cjson = require("cjson.safe")
local perm = require("util.permissionfilter")
local _M = {}
--获取所有组织架构信息
function _M.getSystemDepartments()
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--获取页码和请求的数据量
local pageNum = ngx.var.pagenum or 1
local pageSize = ngx.var.pagesize or 10
@ -22,6 +30,13 @@ end
--根据组织id获取组织架构信息
function _M.getSystemDepartment(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
local code,ret = departmentDao.getSystemDepartment(m.id)
local result = resp:json(code, ret)
resp:send(result)
@ -29,6 +44,13 @@ end
--根据组织id添加组织架构信息
function _M.addSystemDepartment()
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--读取请求体的数据
ngx.req.read_body()
--获取请求数据
@ -49,6 +71,14 @@ end
--根据组织id删除组织架构信息
function _M.deleteSystemDepartment(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--删除部门数据
local code, ret = departmentDao.deleteSystemDepartment(m.id)
local result = resp:json(code, ret)
resp:send(result)
@ -56,6 +86,13 @@ end
--根据组织id删除组织架构信息
function _M.updateSystemDepartment(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--读取请求体的数据
ngx.req.read_body()
--获取请求数据

43
src/service/system/permission.lua
View File

@ -7,11 +7,19 @@ local resp = require("util.response")
local permissionDao = require("dao.permission")
local validatorJson = require("validator.system.permission")
local cjson = require("cjson.safe")
local perm = require("util.permissionfilter")
local _M = {}
--获取所有权限信息
function _M.getSystemPermissions()
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--获取页码和请求的数据量
local pageNum = ngx.var.pagenum or 1
local pageSize = ngx.var.pagesize or 10
@ -22,6 +30,13 @@ end
--根据权限id获取权限信息
function _M.get_permission(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
local code,ret = permissionDao.getPermission(m.id)
local result = resp:json(code, ret)
resp:send(result)
@ -29,6 +44,13 @@ end
--根据角色id获取使用的权限
function _M.getSystemPermissionByRole(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
local code,ret = dao.getPermissionByRole(m.id)
local result = resp:json(code, ret)
resp:send(result)
@ -36,6 +58,13 @@ end
--根据权限id获取账号信息
function _M.addSystemPermission()
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--读取请求体的数据
ngx.req.read_body()
--获取请求数据
@ -56,6 +85,13 @@ end
--根据账号id删除账号信息
function _M.deleteSystemPermission(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
local code, ret = permissionDao.deleteSystemPermission(m.id)
local result = resp:json(code, ret)
resp:send(result)
@ -63,6 +99,13 @@ end
--根据账号id删除账号信息
function _M.updateSystemPermission(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--读取请求体的数据
ngx.req.read_body()
--获取请求数据

36
src/service/system/position.lua
View File

@ -7,11 +7,19 @@ local resp = require("util.response")
local positionDao = require("dao.position")
local validatorJson = require("validator.system.position")
local cjson = require("cjson.safe")
local perm = require("util.permissionfilter")
local _M = {}
--获取所有岗位信息
function _M.getSystemPositions()
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--获取页码和请求的数据量
local pageNum = ngx.var.pagenum or 1
local pageSize = ngx.var.pagesize or 10
@ -22,6 +30,13 @@ end
--根据岗位id获取岗位信息
function _M.getSystemPosition(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
local code,ret = positionDao.getSystemPosition(m.id)
local result = resp:json(code, ret)
resp:send(result)
@ -29,6 +44,13 @@ end
--根据岗位id添加岗位信息
function _M.addSystemPosition()
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--读取请求体的数据
ngx.req.read_body()
--获取请求数据
@ -49,6 +71,13 @@ end
--根据岗位id删除岗位信息
function _M.deleteSystemPosition(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
local code, ret = positionDao.deleteSystemPosition(m.id)
local result = resp:json(code, ret)
resp:send(result)
@ -56,6 +85,13 @@ end
--根据岗位id删除岗位信息
function _M.updateSystemPosition(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--读取请求体的数据
ngx.req.read_body()
--获取请求数据

36
src/service/system/role.lua
View File

@ -7,11 +7,19 @@ local resp = require("util.response")
local roleDao = require("dao.role")
local validatorJson = require("validator.system.role")
local cjson = require("cjson.safe")
local perm = require("util.permissionfilter")
local _M = {}
--获取所有角色信息
function _M.getSystemRoles()
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--获取页码和请求的数据量
--local args = ngx.req.get_uri_args()
local pageNum = ngx.var.pagenum or 1
@ -23,6 +31,13 @@ end
--根据角色id获取角色信息
function _M.getSystemRole(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
local code,ret = roleDao.getSystemRole(m.id)
local result = resp:json(code, ret)
resp:send(result)
@ -30,6 +45,13 @@ end
--根据角色id获取角色信息
function _M.addSystemRole()
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--读取请求体的数据
ngx.req.read_body()
--获取请求数据
@ -50,6 +72,13 @@ end
--根据角色id删除角色信息
function _M.deleteSystemRole(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
local code, ret = roleDao.deleteSystemRole(m.id)
local result = resp:json(code, ret)
resp:send(result)
@ -57,6 +86,13 @@ end
--根据角色id删除角色信息
function _M.updateSystemRole(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--读取请求体的数据
ngx.req.read_body()
--获取请求数据

45
src/service/system/user.lua
View File

@ -8,6 +8,7 @@ local userDao = require("dao.user")
local validatorJson = require("validator.system.user")
local cjson = require("cjson.safe")
local token = require("util.token")
local perm = require("util.permissionfilter")
local _M = {}
@ -26,17 +27,19 @@ end
--获取所有用户信息
function _M.getSystemUsers(m)
--获取登录的用户信息
local userid = ngx.ctx.userid
local username = ngx.ctx.username
--local userid = ngx.ctx.userid
--local username = ngx.ctx.username
local role = ngx.ctx.role
ngx.log(ngx.INFO, "userid:"..userid.." username:"..username.." role:"..role)
--ngx.log(ngx.INFO, "userid:"..userid.." username:"..username.." role:"..role)
--权限数据
local perms = ngx.ctx.perms
local method = m._method
local path = m._path
ngx.log(ngx.INFO, "path:"..path.." method:"..method)
--local method = m._method
--local path = m._path
--ngx.log(ngx.INFO, "path:"..path.." method:"..method)
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--获取页码和请求的数据量
--local args = ngx.req.get_uri_args()
local pageNum = ngx.var.pagenum or 1
@ -48,6 +51,13 @@ end
--根据用户id获取用户信息
function _M.getSystemUser(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--获取登录的用户信息
local payload = ngx.var.uid
local metadata = m.metadata
@ -66,6 +76,13 @@ end
--根据用户id获取用户信息
function _M.addSystemUser(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--读取请求体的数据
ngx.req.read_body()
--获取请求数据
@ -88,6 +105,13 @@ end
--根据用户id删除用户信息
function _M.deleteSystemUser(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
local code, ret = userDao.deleteSystemUser(m.id)
local result = resp:json(code, ret)
resp:send(result)
@ -95,6 +119,13 @@ end
--根据用户id删除用户信息
function _M.updateSystemUser(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
local userid = getUserId()
if userid ~= m.id then
ngx.log(ngx.WARN, "用户与使用token中的用户id不一致")

4
src/share/redis.lua
View File

@ -59,8 +59,8 @@ function _M:ttl(key)
return self.red:ttl(key)
end
function _M:call(key, ...)
return self.red:call(key, ...)
function _M:scan(cursor, method, pattern)
return self.red:scan(cursor, method, pattern)
end
return _M

39
src/test/test.lua
View File

@ -334,14 +334,44 @@ end
--]]
local perm = require("util.permissionfilter")
local perms = {}
--获取角色的所所有全新信息
local rest = perm:getRolePermissions("admin")
for _, key in ipairs(rest) do
table.insert(perms, key)
end
local val = table.concat(perms, ",")
ngx.say(val)
local rest = perm.getRolePermissions("admin")
for _, row in pairs(rest) do
print(row.key)
local exist = perm:hasPermission("admin", "system::users::add")
if exist then
ngx.say("权限可以使用")
else
ngx.say("权限不能使用")
end
perm.clearRolePermissions("admin")
--清除角色的权限数据
--perm:clearRolePermissions("admin")
local generateCert = require("util.generatorssl")
-- 使用示例
local success, files = generateCert:generate_self_signed_cert(
"example.com",
365,
2048,
"./ssl_certs"
)
if success then
print("SSL证书生成成功:")
print("私钥文件: "..files.key)
print("证书文件: "..files.cert)
else
print("证书生成失败")
end
--[[
--读取用户表、角色表和权限表中配置的权限数据
local roleDao = require("dao.role")
--获取数据表中的记录数
@ -358,6 +388,7 @@ for _, row in pairs(res) do
--row.role_key:超级管理员
print(row.id..row.create_by..row.role_name)
end
--]]
--[[
--获取数据表中的记录数

124
src/util/generatorssl.lua Normal file
View File

@ -0,0 +1,124 @@
---
--- Generated by EmmyLua(https://github.com/EmmyLua)
--- Created by admin.
--- DateTime: 2025/11/9 17:47
---
local openssl = require "openssl"
local fs = require "lfs"
local _M = {}
function _M:generate_self_signed_cert(domain, days, key_size, output_dir)
-- 创建输出目录
if not fs.attributes(output_dir) then
fs.mkdir(output_dir)
end
-- 生成RSA私钥
local pkey = openssl.pkey.new {
type = "RSA",
bits = key_size or 2048
}
-- 创建X.509证书
local x509 = openssl.x509.new {
version = 3,
serial = openssl.rand.bytes(8),
subject = {
commonName = domain
},
notBefore = os.time(),
notAfter = os.time() + (days or 365) * 24 * 60 * 60,
pubkey = pkey
}
-- 设置扩展属性
x509:extensions {
{
object = "basicConstraints",
critical = true,
value = "CA:FALSE"
},
{
object = "keyUsage",
critical = true,
value = "digitalSignature,keyEncipherment"
},
{
object = "subjectAltName",
value = "DNS:"..domain
}
}
-- 自签名
x509:sign(pkey)
-- 保存文件
local key_path = output_dir.."/"..domain..".key"
local cert_path = output_dir.."/"..domain..".crt"
local key_file = io.open(key_path, "w")
key_file:write(pkey:export("PEM"))
key_file:close()
local cert_file = io.open(cert_path, "w")
cert_file:write(x509:export("PEM"))
cert_file:close()
-- 设置文件权限
os.execute("chmod 600 "..key_path)
return true, {key = key_path, cert = cert_path}
end
function _M:verify_cert_chain(cert_path, intermediate_path, root_path)
-- 加载所有证书
local function load_cert(file)
local f = io.open(file, "r")
if not f then return nil end
local data = f:read("*a")
f:close()
return openssl.x509.read(data)
end
local cert = load_cert(cert_path)
local intermediate = load_cert(intermediate_path)
local root = load_cert(root_path)
if not (cert and intermediate and root) then
return false, "证书加载失败"
end
-- 构建证书链
local store = openssl.x509.store.new()
store:add(root)
store:add(intermediate)
-- 验证链
local ctx = openssl.x509.store.ctx.new(store, cert)
ctx:add_cert(intermediate)
local ok, err = ctx:verify()
return ok, ok and "证书链验证通过" or ("验证失败: "..(err or "未知错误"))
end
return _M
--[[
local
-- 使用示例
local success, files = generate_self_signed_cert(
"example.com",
365,
2048,
"./ssl_certs"
)
if success then
print("SSL证书生成成功:")
print("私钥文件: "..files.key)
print("证书文件: "..files.cert)
else
print("证书生成失败")
end
--]]

36
src/util/permissionfilter.lua
View File

@ -56,22 +56,40 @@ function _M:getRolePermissions(role_name)
return allPermissions
end
--获取redis中所有匹配的数据内容
local prefix = role_name.."-"
local pattern = role_name.."-*"
local cursor = "0"
local result = red:call('SCAN', cursor, 'MATCH', prefix .. '*', 'COUNT')
cursor = result[1]
for _, key in ipairs(result[2]) do
table.insert(allPermissions, key)
end
repeat
local result, err = red:scan(cursor, 'MATCH', pattern)
if not result then
return allPermissions
end
cursor = result[1]
for _, key in ipairs(result[2]) do
table.insert(allPermissions, key)
end
until cursor == "0"
return allPermissions
end
-- 清除角色的所有权限
function _M:clearRolePermissions(role_name)
--将redis中角色相关的键值去掉
local keys = red:call("KEYS", role_name.."-*")
if #keys > 0 then
red:call("DEL", unpack(keys))
--获取redis中所有匹配的数据内容
local pattern = role_name.."-*"
local cursor = "0"
local keys = {}
repeat
local result, err = red:scan(cursor, 'MATCH', pattern)
if not result then
break
end
cursor = result[1]
for _, key in ipairs(result[2]) do
table.insert(keys, key)
end
until cursor == "0"
for _, key in ipairs(keys) do
red:del(key)
end
end