wanglei/AuthPlatform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: wanglei:fc5967b213ae856b9541379a0f105ce1ac644461
Branches Tags
wanglei:master
..
compare: wanglei:e93bbcf259d9cde483583051760c02eba1a1d49c
Branches Tags
wanglei:master

No commits in common. "fc5967b213ae856b9541379a0f105ce1ac644461" and "e93bbcf259d9cde483583051760c02eba1a1d49c" have entirely different histories.
fc5967b213 ... e93bbcf259

5 changed files with 64 additions and 142 deletions
Show Stats Expand all files Collapse all files

7
src/dao/role.lua
View File

@ -31,11 +31,6 @@ local function isExistRole(id)
end end
-- 查询数据表中的所有角色信息 -- 查询数据表中的所有角色信息
function _M.getAllSystemRoles()
return roleModel:all()
end
-- 根据页码和数量查询数据表中的角色信息
function _M.getSystemRoles(pageNum, pageSize) function _M.getSystemRoles(pageNum, pageSize)
return roleModel:paginate(pageNum, pageSize) return roleModel:paginate(pageNum, pageSize)
end end
@ -102,7 +97,7 @@ function _M:getPermission2roleId(role_id, status)
if status ~= nil then if status ~= nil then
sql = sql.." AND \"A\".status='"..status.."'" sql = sql.." AND \"A\".status='"..status.."'"
end end
return roleModel:exec(sql) return roleModel.exec(sql)
end end
return _M return _M

75
src/init.lua
View File

@ -7,11 +7,9 @@
"ngx_lua""init_by_lua_file"; "ngx_lua""init_by_lua_file";
nginx时初始化一次 nginx时初始化一次
--]] --]]
--只在第一个worker进程中执行一次 require("config")
if ngx.worker.id() ~= 0 then
return
end
print("init application...")
--判断程序是否加载权限数据 --判断程序是否加载权限数据
--local dict = ngx.shared.dict --local dict = ngx.shared.dict
--local load = dict:get("RBAC") --local load = dict:get("RBAC")
@ -19,12 +17,28 @@ end
-- return -- return
--end --end
require("config") --只在第一个worker进程中执行一次
print("init application woker id:", ngx.worker.id()) if ngx.worker.id() ~= 0 then
return
end
--初始化获取系统默认的用户权限为实现RBAC框架做权限数据准备 --初始化获取系统默认的用户权限为实现RBAC框架做权限数据准备
local function handler() local function handler()
--与redis进行连接 --读取用户表、角色表和权限表中配置的权限数据
local roleDao = require("dao.role")
--获取数据表中的记录数
local code, res = roleDao:all()
if res == nil then return end
ngx.log(ngx.INFO, "user count:"..res)
--读取角色id和角色名称
for _, row in pairs(res) do
for key, value in pairs(row) do
ngx.say(key .. ":" .. tostring(value))
end
end
--“admin-system::users::edit“ ”1“
--将取到的数据存储到redis中后续进行验证使用
local redis = require("resty.redis") local redis = require("resty.redis")
local red = redis:new() local red = redis:new()
-- 设置超时时间 -- 设置超时时间
@ -48,33 +62,42 @@ local function handler()
-- 从连接池中获取连接 -- 从连接池中获取连接
--red:set_keepalive(SYSTEM_CONFIG.REDIS.POOL_MAX_IDLE_TIME, SYSTEM_CONFIG.REDIS.POOL_SIZE) --red:set_keepalive(SYSTEM_CONFIG.REDIS.POOL_MAX_IDLE_TIME, SYSTEM_CONFIG.REDIS.POOL_SIZE)
--读取用户表、角色表和权限表中配置的权限数据 -- 设置 key-value
local roleDao = require("dao.role") local ok, err = red:set("admin-system:user:add", "1")
--获取数据表中的记录数
local code, res = roleDao:getAllSystemRoles()
if res == nil then return end
--读取角色id和角色名称
for _, row in pairs(res) do
local id = row.id --:1
local name = row.role_name --:admin
--row.status:0,
local code, rest = roleDao:getPermission2roleId(id)
for _, ret in pairs(rest) do
--获取数据表中的数据
local permid = ret.permission_id
local perm = ret.permission_code
local key = name.."-"..perm
--role_name-permission_code 组成key进行验证 存储到redis中
local ok, err = red:set(key, "1")
if not ok then if not ok then
ngx.log(ngx.ERR, "redis failed to set key: "..err) ngx.log(ngx.ERR, "redis failed to set key: "..err)
return
end end
local ok, err = red:set("admin-system:user:edit", "1")
if not ok then
ngx.log(ngx.ERR, "failed to set key: "..err)
return
end end
local ok, err = red:set("admin-system:user:delete", "1")
if not ok then
ngx.log(ngx.ERR, "failed to set key: "..err)
return
end end
local ok, err = red:set("admin-system:user:view", "1")
if not ok then
ngx.log(ngx.ERR, "failed to set key: "..err)
return
end
local ok, err = red:set("admin-system:user:list", "1")
if not ok then
ngx.log(ngx.ERR, "failed to set key: "..err)
return
end
ngx.log(ngx.INFO, "set key successfully")
--关闭redis连接 --关闭redis连接
red:close() red:close()
--共享数据字典进行数据存储
--dict:set("RBAC", "1") --dict:set("RBAC", "1")
end end

4
src/share/redis.lua
View File

@ -59,8 +59,4 @@ function _M:ttl(key)
return self.red:ttl(key) return self.red:ttl(key)
end end
function _M:call(key, ...)
return self.red:call(key, ...)
end
return _M return _M

33
src/test/test.lua
View File

@ -333,30 +333,17 @@ else
end end
--]] --]]
local perm = require("util.permissionfilter")
local rest = perm.getRolePermissions("admin") local userModel = require("dao.user")
for _, row in pairs(rest) do local code, res = userModel:userRole("1")
print(row.key) --显示查询到的数据记录
end if res ~= nil then
print("id value: -- ", res[1].id)
perm.clearRolePermissions("admin") for _, row in pairs(res) do
for key, value in pairs(row) do
--读取用户表、角色表和权限表中配置的权限数据 ngx.say(key .. ":" .. tostring(value))
local roleDao = require("dao.role") end
--获取数据表中的记录数 end
local code, res = roleDao:getAllSystemRoles()
if res == nil then return end
--读取角色id和角色名称
for _, row in pairs(res) do
--row.id:1
--row.create_by:admin
--row.create_time:
--row.role_name:admin
--row.status:0,
--row.remark:超级管理员
--row.role_key:超级管理员
print(row.id..row.create_by..row.role_name)
end end
--[[ --[[

79
src/util/permissionfilter.lua
View File

@ -1,79 +0,0 @@
---
--- Generated by EmmyLua(https://github.com/EmmyLua)
--- Created by admin.
--- DateTime: 2025/11/8 11:15
--- 权限过滤器用于验证用户是否有权限进行接口访问通过redis进行权限获取
local red = require("share.redis")
local _M = {}
-- 为角色增加权限
function _M:addRolePerms(role_name, permissions, description)
local key = role_name.."-"..permissions
local res, err = red:get(key)
if res ~= nil then return end
--键值不存在则增加到redis中
res, err = red:set(key, "1")
end
-- 检查角色是否拥有指定权限
function _M:hasPermission(role_name, permission)
if role_name == nil or permission == nil then
return false
end
-- 检查直接权限
local key = role_name.."-"..permission
local res, err = red:get(key)
if res ~= nil then
return true
end
return false
end
-- 检查多角色是否拥有所有指定权限
function _M:hasMultiRoleNamePermission(rolenameTable, permission)
if rolenameTable == nil or permission == nil then
return false
end
-- 检查直接权限
for i = 1, #rolenameTable do
local role_name = rolenameTable[i]
local key = role_name.."-"..permission
local res, err = red:get(key)
if res ~= nil then
return true
end
end
return false
end
-- 获取角色的所有权限
function _M:getRolePermissions(role_name)
local allPermissions = {}
if role_name == nil then
return allPermissions
end
--获取redis中所有匹配的数据内容
local prefix = role_name.."-"
local cursor = "0"
local result = red:call('SCAN', cursor, 'MATCH', prefix .. '*', 'COUNT')
cursor = result[1]
for _, key in ipairs(result[2]) do
table.insert(allPermissions, key)
end
return allPermissions
end
-- 清除角色的所有权限
function _M:clearRolePermissions(role_name)
--将redis中角色相关的键值去掉
local keys = red:call("KEYS", role_name.."-*")
if #keys > 0 then
red:call("DEL", unpack(keys))
end
end
-- 导出模块
return _M