wanglei/AuthPlatform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: wanglei:ff0b020166d41f4756b58924f0e517dfd9c2f131
Branches Tags
wanglei:master
..
compare: wanglei:fc5967b213ae856b9541379a0f105ce1ac644461
Branches Tags
wanglei:master

No commits in common. "ff0b020166d41f4756b58924f0e517dfd9c2f131" and "fc5967b213ae856b9541379a0f105ce1ac644461" have entirely different histories.
ff0b020166 ... fc5967b213

19 changed files with 56 additions and 600 deletions
Show Stats Expand all files Collapse all files

7
conf/nginx.conf
View File

@ -80,11 +80,4 @@ http {
} }
} }
} }
server {
listen 9081 ssl http2;
server_name *.*;
ssl_certificate ssl/metroid.crt;
ssl_certificate_key ssl/metroid.key;
}
} }

25
src/api/system/account.lua
View File

@ -15,47 +15,32 @@ local routes = {
{ {
paths = { "/api/system/accounts" }, paths = { "/api/system/accounts" },
methods = { "GET" }, methods = { "GET" },
filter_fun = function(vars)
ngx.ctx.perms = "system::accounts::list"
return true
end,
handler = systemAccount.getSystemAccounts, handler = systemAccount.getSystemAccounts,
metadata = "system::accounts::list",
}, },
{ {
paths = { "/api/system/accounts/:id" }, paths = { "/api/system/accounts/:id" },
methods = { "GET" }, methods = { "GET" },
filter_fun = function(vars)
ngx.ctx.perms = "system::accounts::view"
return true
end,
handler = systemAccount.getSystemAccount, handler = systemAccount.getSystemAccount,
metadata = "system::accounts::view",
}, },
{ {
paths = { "/api/system/accounts" }, paths = { "/api/system/accounts" },
methods = { "POST" }, methods = { "POST" },
filter_fun = function(vars)
ngx.ctx.perms = "system::accounts::add"
return true
end,
handler = systemAccount.addSystemAccount, handler = systemAccount.addSystemAccount,
metadata = "system::accounts::add",
}, },
{ {
paths = { "/api/system/accounts/:id" }, paths = { "/api/system/accounts/:id" },
methods = { "DELETE" }, methods = { "DELETE" },
filter_fun = function(vars)
ngx.ctx.perms = "system::accounts::delete"
return true
end,
handler = systemAccount.deleteSystemAccount, handler = systemAccount.deleteSystemAccount,
metadata = "system::accounts::delete",
}, },
{ {
paths = { "/api/system/accounts/:id" }, paths = { "/api/system/accounts/:id" },
methods = { "PUT" }, methods = { "PUT" },
filter_fun = function(vars)
ngx.ctx.perms = "system::accounts::edit"
return true
end,
handler = systemAccount.updateSystemAccount, handler = systemAccount.updateSystemAccount,
metadata = "system::accounts::edit",
}, },
} }

25
src/api/system/application.lua
View File

@ -15,47 +15,32 @@ local routes = {
{ {
paths = { "/api/system/applications" }, paths = { "/api/system/applications" },
methods = { "GET" }, methods = { "GET" },
filter_fun = function(vars)
ngx.ctx.perms = "system::applications::list"
return true
end,
handler = systemApplication.getSystemApplications, handler = systemApplication.getSystemApplications,
metadata = "system::applications::list",
}, },
{ {
paths = { "/api/system/applications/:id" }, paths = { "/api/system/applications/:id" },
methods = { "GET" }, methods = { "GET" },
filter_fun = function(vars)
ngx.ctx.perms = "system::applications::view"
return true
end,
handler = systemApplication.getSystemApplication, handler = systemApplication.getSystemApplication,
metadata = "system::applications::view",
}, },
{ {
paths = { "/api/system/applications" }, paths = { "/api/system/applications" },
methods = { "POST" }, methods = { "POST" },
filter_fun = function(vars)
ngx.ctx.perms = "system::applications::add"
return true
end,
handler = systemApplication.addSystemApplication, handler = systemApplication.addSystemApplication,
metadata = "system::applications::add",
}, },
{ {
paths = { "/api/system/applications/:id" }, paths = { "/api/system/applications/:id" },
methods = { "DELETE" }, methods = { "DELETE" },
filter_fun = function(vars)
ngx.ctx.perms = "system::applications::delete"
return true
end,
handler = systemApplication.deleteSystemApplication, handler = systemApplication.deleteSystemApplication,
metadata = "system::applications::delete",
}, },
{ {
paths = { "/api/system/applications/:id" }, paths = { "/api/system/applications/:id" },
methods = { "PUT" }, methods = { "PUT" },
filter_fun = function(vars)
ngx.ctx.perms = "system::applications::edit"
return true
end,
handler = systemApplication.updateSystemApplication, handler = systemApplication.updateSystemApplication,
metadata = "system::applications::edit",
}, },
} }

25
src/api/system/department.lua
View File

@ -15,47 +15,32 @@ local routes = {
{ {
paths = { "/api/system/departments" }, paths = { "/api/system/departments" },
methods = { "GET" }, methods = { "GET" },
filter_fun = function(vars)
ngx.ctx.perms = "system::departments::list"
return true
end,
handler = systemDepartment.getSystemDepartments, handler = systemDepartment.getSystemDepartments,
metadata = "system::departments::list",
}, },
{ {
paths = { "/api/system/departments/:id" }, paths = { "/api/system/departments/:id" },
methods = { "GET" }, methods = { "GET" },
filter_fun = function(vars)
ngx.ctx.perms = "system::departments::view"
return true
end,
handler = systemDepartment.getSystemDepartment, handler = systemDepartment.getSystemDepartment,
metadata = "system::departments::view",
}, },
{ {
paths = { "/api/system/departments" }, paths = { "/api/system/departments" },
methods = { "POST" }, methods = { "POST" },
filter_fun = function(vars)
ngx.ctx.perms = "system::departments::add"
return true
end,
handler = systemDepartment.addSystemDepartment, handler = systemDepartment.addSystemDepartment,
metadata = "system::departments::add",
}, },
{ {
paths = { "/api/system/departments/:id" }, paths = { "/api/system/departments/:id" },
methods = { "DELETE" }, methods = { "DELETE" },
filter_fun = function(vars)
ngx.ctx.perms = "system::departments::delete"
return true
end,
handler = systemDepartment.deleteSystemDepartment, handler = systemDepartment.deleteSystemDepartment,
metadata = "system::departments::delete",
}, },
{ {
paths = { "/api/system/departments/:id" }, paths = { "/api/system/departments/:id" },
methods = { "PUT" }, methods = { "PUT" },
filter_fun = function(vars)
ngx.ctx.perms = "system::departments::edit"
return true
end,
handler = systemDepartment.updateSystemDepartment, handler = systemDepartment.updateSystemDepartment,
metadata = "system::departments::edit",
}, },
} }

25
src/api/system/permission.lua
View File

@ -15,47 +15,32 @@ local routes = {
{ {
paths = { "/api/system/permissions" }, paths = { "/api/system/permissions" },
methods = { "GET" }, methods = { "GET" },
filter_fun = function(vars)
ngx.ctx.perms = "system::permissions::list"
return true
end,
handler = systemPermission.getSystemPermissions, handler = systemPermission.getSystemPermissions,
metadata = "system::permissions::list",
}, },
{ {
paths = { "/api/system/permissions/:id" }, paths = { "/api/system/permissions/:id" },
methods = { "GET" }, methods = { "GET" },
filter_fun = function(vars)
ngx.ctx.perms = "system::permissions::view"
return true
end,
handler = systemPermission.getSystemPermission, handler = systemPermission.getSystemPermission,
metadata = "system::permissions::view",
}, },
{ {
paths = { "/api/system/permissions" }, paths = { "/api/system/permissions" },
methods = { "POST" }, methods = { "POST" },
filter_fun = function(vars)
ngx.ctx.perms = "system::permissions::add"
return true
end,
handler = systemPermission.addSystemPermission, handler = systemPermission.addSystemPermission,
metadata = "system::permissions::add",
}, },
{ {
paths = { "/api/system/permissions/:id" }, paths = { "/api/system/permissions/:id" },
methods = { "DELETE" }, methods = { "DELETE" },
filter_fun = function(vars)
ngx.ctx.perms = "system::permissions::delete"
return true
end,
handler = systemPermission.deleteSystemPermission, handler = systemPermission.deleteSystemPermission,
metadata = "system::permissions::delete",
}, },
{ {
paths = { "/api/system/permissions/:id" }, paths = { "/api/system/permissions/:id" },
methods = { "PUT" }, methods = { "PUT" },
filter_fun = function(vars)
ngx.ctx.perms = "system::permissions::edit"
return true
end,
handler = systemPermission.updateSystemPermission, handler = systemPermission.updateSystemPermission,
metadata = "system::permissions::edit",
}, },
} }

25
src/api/system/postion.lua
View File

@ -15,47 +15,32 @@ local routes = {
{ {
paths = { "/api/system/positions" }, paths = { "/api/system/positions" },
methods = { "GET" }, methods = { "GET" },
filter_fun = function(vars)
ngx.ctx.perms = "system::positions::list"
return true
end,
handler = systemPosition.getSystemPositions, handler = systemPosition.getSystemPositions,
metadata = "system::positions::list",
}, },
{ {
paths = { "/api/system/positions/:id" }, paths = { "/api/system/positions/:id" },
methods = { "GET" }, methods = { "GET" },
filter_fun = function(vars)
ngx.ctx.perms = "system::positions::view"
return true
end,
handler = systemPosition.getSystemPosition, handler = systemPosition.getSystemPosition,
metadata = "system::positions::list",
}, },
{ {
paths = { "/api/system/positions" }, paths = { "/api/system/positions" },
methods = { "POST" }, methods = { "POST" },
filter_fun = function(vars)
ngx.ctx.perms = "system::positions::add"
return true
end,
handler = systemPosition.addSystemPosition, handler = systemPosition.addSystemPosition,
metadata = "system::positions::list",
}, },
{ {
paths = { "/api/system/positions/:id" }, paths = { "/api/system/positions/:id" },
methods = { "DELETE" }, methods = { "DELETE" },
filter_fun = function(vars)
ngx.ctx.perms = "system::positions::delete"
return true
end,
handler = systemPosition.deleteSystemPosition, handler = systemPosition.deleteSystemPosition,
metadata = "system::positions::list",
}, },
{ {
paths = { "/api/system/positions/:id" }, paths = { "/api/system/positions/:id" },
methods = { "PUT" }, methods = { "PUT" },
filter_fun = function(vars)
ngx.ctx.perms = "system::positions::edit"
return true
end,
handler = systemPosition.updateSystemPosition, handler = systemPosition.updateSystemPosition,
metadata = "system::positions::list",
}, },
} }

25
src/api/system/role.lua
View File

@ -15,47 +15,32 @@ local routes = {
{ {
paths = { "/api/system/roles" }, paths = { "/api/system/roles" },
methods = { "GET" }, methods = { "GET" },
filter_fun = function(vars)
ngx.ctx.perms = "system::roles::list"
return true
end,
handler = systemRole.getSystemRoles, handler = systemRole.getSystemRoles,
metadata = "system::roles::list",
}, },
{ {
paths = { "/api/system/roles/:id" }, paths = { "/api/system/roles/:id" },
methods = { "GET" }, methods = { "GET" },
filter_fun = function(vars)
ngx.ctx.perms = "system::roles::view"
return true
end,
handler = systemRole.getSystemRole, handler = systemRole.getSystemRole,
metadata = "system::roles::view",
}, },
{ {
paths = { "/api/system/roles" }, paths = { "/api/system/roles" },
methods = { "POST" }, methods = { "POST" },
filter_fun = function(vars)
ngx.ctx.perms = "system::roles::add"
return true
end,
handler = systemRole.addSystemRole, handler = systemRole.addSystemRole,
metadata = "system::roles::add",
}, },
{ {
paths = { "/api/system/roles/:id" }, paths = { "/api/system/roles/:id" },
methods = { "DELETE" }, methods = { "DELETE" },
filter_fun = function(vars)
ngx.ctx.perms = "system::roles::delete"
return true
end,
handler = systemRole.deleteSystemRole, handler = systemRole.deleteSystemRole,
metadata = "system::roles::delete",
}, },
{ {
paths = { "/api/system/roles/:id" }, paths = { "/api/system/roles/:id" },
methods = { "PUT" }, methods = { "PUT" },
filter_fun = function(vars)
ngx.ctx.perms = "system::roles::edit"
return true
end,
handler = systemRole.updateSystemRole, handler = systemRole.updateSystemRole,
metadata = "system::roles::edit",
}, },
} }

11
src/init.lua
View File

@ -53,8 +53,6 @@ local function handler()
--获取数据表中的记录数 --获取数据表中的记录数
local code, res = roleDao:getAllSystemRoles() local code, res = roleDao:getAllSystemRoles()
if res == nil then return end if res == nil then return end
--管道进行redis处理
red:init_pipeline()
--读取角色id和角色名称 --读取角色id和角色名称
for _, row in pairs(res) do for _, row in pairs(res) do
local id = row.id --:1 local id = row.id --:1
@ -67,20 +65,17 @@ local function handler()
local perm = ret.permission_code local perm = ret.permission_code
local key = name.."-"..perm local key = name.."-"..perm
--role_name-permission_code 组成key进行验证 存储到redis中 --role_name-permission_code 组成key进行验证 存储到redis中
red:set(key, "1") local ok, err = red:set(key, "1")
if not ok then
ngx.log(ngx.ERR, "redis failed to set key: "..err)
end end
end end
local results, err = red:commit_pipeline()
if not results then
ngx.log(ngx.ERR, "init failed to commit the pipelined requests: ", err)
end end
--关闭redis连接 --关闭redis连接
red:close() red:close()
--共享数据字典进行数据存储 --共享数据字典进行数据存储
--dict:set("RBAC", "1") --dict:set("RBAC", "1")
print("init application success")
end end
-- 设置定时器执行一次handler函数 -- 设置定时器执行一次handler函数

36
src/service/system/account.lua
View File

@ -7,19 +7,11 @@ local resp = require("util.response")
local accountDao = require("dao.account") local accountDao = require("dao.account")
local validatorJson = require("validator.system.account") local validatorJson = require("validator.system.account")
local cjson = require("cjson.safe") local cjson = require("cjson.safe")
local perm = require("util.permissionfilter")
local _M = {} local _M = {}
--获取所有账户信息 --获取所有账户信息
function _M.getSystemAccounts() function _M.getSystemAccounts()
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
local pageNum = ngx.var.pagenum or 1 local pageNum = ngx.var.pagenum or 1
local pageSize = ngx.var.pagesize or 10 local pageSize = ngx.var.pagesize or 10
local code,ret = accountDao.getSystemAccounts(pageNum, pageSize) local code,ret = accountDao.getSystemAccounts(pageNum, pageSize)
@ -29,13 +21,6 @@ end
--根据账户id获取账户信息 --根据账户id获取账户信息
function _M.getSystemAccount(m) function _M.getSystemAccount(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
local id = m.id local id = m.id
local code,ret = accountDao.getSystemAccount(id) local code,ret = accountDao.getSystemAccount(id)
local result = resp:json(code, ret) local result = resp:json(code, ret)
@ -44,13 +29,6 @@ end
--根据账户id获取账户信息 --根据账户id获取账户信息
function _M.addSystemAccount() function _M.addSystemAccount()
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--读取请求体的数据 --读取请求体的数据
ngx.req.read_body() ngx.req.read_body()
--获取请求数据 --获取请求数据
@ -71,13 +49,6 @@ end
--根据账户id删除账户信息 --根据账户id删除账户信息
function _M.deleteSystemAccount(m) function _M.deleteSystemAccount(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
local code, ret = accountDao.deleteSystemAccount(m.id) local code, ret = accountDao.deleteSystemAccount(m.id)
local result = resp:json(code, ret) local result = resp:json(code, ret)
resp:send(result) resp:send(result)
@ -85,13 +56,6 @@ end
--根据账户id删除账户信息 --根据账户id删除账户信息
function _M.updateSystemAccount(m) function _M.updateSystemAccount(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--读取请求体的数据 --读取请求体的数据
ngx.req.read_body() ngx.req.read_body()
--获取请求数据 --获取请求数据

50
src/service/system/application.lua
View File

@ -7,19 +7,11 @@ local resp = require("util.response")
local applicationDao = require("dao.application") local applicationDao = require("dao.application")
local validatorJson = require("validator.system.application") local validatorJson = require("validator.system.application")
local cjson = require("cjson.safe") local cjson = require("cjson.safe")
local perm = require("util.permissionfilter")
local _M = {} local _M = {}
--获取所有应用程序信息 --获取所有应用程序信息
function _M.getSystemApplications() function _M.getSystemApplications()
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--获取页码和请求的数据量 --获取页码和请求的数据量
local pageNum = ngx.var.pagenum or 1 local pageNum = ngx.var.pagenum or 1
local pageSize = ngx.var.pagesize or 10 local pageSize = ngx.var.pagesize or 10
@ -30,13 +22,6 @@ end
--根据应用id获取应用信息 --根据应用id获取应用信息
function _M.getSystemApplication(m) function _M.getSystemApplication(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
local code,ret = applicationDao.getSystemApplication(m.id) local code,ret = applicationDao.getSystemApplication(m.id)
local result = resp:json(code, ret) local result = resp:json(code, ret)
resp:send(result) resp:send(result)
@ -44,13 +29,6 @@ end
--根据组织id获取应用信息 --根据组织id获取应用信息
function _M.getOrganizationApplication(m) function _M.getOrganizationApplication(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
local code,ret = applicationDao.getOrganizationApplication(m.id) local code,ret = applicationDao.getOrganizationApplication(m.id)
local result = resp:json(code, ret) local result = resp:json(code, ret)
resp:send(result) resp:send(result)
@ -58,13 +36,6 @@ end
--根据用户id获取应用的信息 --根据用户id获取应用的信息
function _M.getUserApplication(m) function _M.getUserApplication(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
local code,ret = applicationDao.getUserApplication(m.id) local code,ret = applicationDao.getUserApplication(m.id)
local result = resp:json(code, ret) local result = resp:json(code, ret)
resp:send(result) resp:send(result)
@ -72,13 +43,6 @@ end
--根据应用id获取应用信息 --根据应用id获取应用信息
function _M.addSystemApplication() function _M.addSystemApplication()
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--读取请求体的数据 --读取请求体的数据
ngx.req.read_body() ngx.req.read_body()
--获取请求数据 --获取请求数据
@ -99,13 +63,6 @@ end
--根据应用id删除应用信息 --根据应用id删除应用信息
function _M.deleteSystemApplication(m) function _M.deleteSystemApplication(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
local code, ret = applicationDao.deleteApplication(m.id) local code, ret = applicationDao.deleteApplication(m.id)
local result = resp:json(code, ret) local result = resp:json(code, ret)
resp:send(result) resp:send(result)
@ -113,13 +70,6 @@ end
--根据应用id删除应用信息 --根据应用id删除应用信息
function _M.updateSystemApplication(m) function _M.updateSystemApplication(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--读取请求体的数据 --读取请求体的数据
ngx.req.read_body() ngx.req.read_body()
--获取请求数据 --获取请求数据

37
src/service/system/department.lua
View File

@ -7,19 +7,11 @@ local resp = require("util.response")
local departmentDao = require("dao.department") local departmentDao = require("dao.department")
local validatorJson = require("validator.system.department") local validatorJson = require("validator.system.department")
local cjson = require("cjson.safe") local cjson = require("cjson.safe")
local perm = require("util.permissionfilter")
local _M = {} local _M = {}
--获取所有组织架构信息 --获取所有组织架构信息
function _M.getSystemDepartments() function _M.getSystemDepartments()
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--获取页码和请求的数据量 --获取页码和请求的数据量
local pageNum = ngx.var.pagenum or 1 local pageNum = ngx.var.pagenum or 1
local pageSize = ngx.var.pagesize or 10 local pageSize = ngx.var.pagesize or 10
@ -30,13 +22,6 @@ end
--根据组织id获取组织架构信息 --根据组织id获取组织架构信息
function _M.getSystemDepartment(m) function _M.getSystemDepartment(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
local code,ret = departmentDao.getSystemDepartment(m.id) local code,ret = departmentDao.getSystemDepartment(m.id)
local result = resp:json(code, ret) local result = resp:json(code, ret)
resp:send(result) resp:send(result)
@ -44,13 +29,6 @@ end
--根据组织id添加组织架构信息 --根据组织id添加组织架构信息
function _M.addSystemDepartment() function _M.addSystemDepartment()
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--读取请求体的数据 --读取请求体的数据
ngx.req.read_body() ngx.req.read_body()
--获取请求数据 --获取请求数据
@ -71,14 +49,6 @@ end
--根据组织id删除组织架构信息 --根据组织id删除组织架构信息
function _M.deleteSystemDepartment(m) function _M.deleteSystemDepartment(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--删除部门数据
local code, ret = departmentDao.deleteSystemDepartment(m.id) local code, ret = departmentDao.deleteSystemDepartment(m.id)
local result = resp:json(code, ret) local result = resp:json(code, ret)
resp:send(result) resp:send(result)
@ -86,13 +56,6 @@ end
--根据组织id删除组织架构信息 --根据组织id删除组织架构信息
function _M.updateSystemDepartment(m) function _M.updateSystemDepartment(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--读取请求体的数据 --读取请求体的数据
ngx.req.read_body() ngx.req.read_body()
--获取请求数据 --获取请求数据

43
src/service/system/permission.lua
View File

@ -7,19 +7,11 @@ local resp = require("util.response")
local permissionDao = require("dao.permission") local permissionDao = require("dao.permission")
local validatorJson = require("validator.system.permission") local validatorJson = require("validator.system.permission")
local cjson = require("cjson.safe") local cjson = require("cjson.safe")
local perm = require("util.permissionfilter")
local _M = {} local _M = {}
--获取所有权限信息 --获取所有权限信息
function _M.getSystemPermissions() function _M.getSystemPermissions()
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--获取页码和请求的数据量 --获取页码和请求的数据量
local pageNum = ngx.var.pagenum or 1 local pageNum = ngx.var.pagenum or 1
local pageSize = ngx.var.pagesize or 10 local pageSize = ngx.var.pagesize or 10
@ -30,13 +22,6 @@ end
--根据权限id获取权限信息 --根据权限id获取权限信息
function _M.get_permission(m) function _M.get_permission(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
local code,ret = permissionDao.getPermission(m.id) local code,ret = permissionDao.getPermission(m.id)
local result = resp:json(code, ret) local result = resp:json(code, ret)
resp:send(result) resp:send(result)
@ -44,13 +29,6 @@ end
--根据角色id获取使用的权限 --根据角色id获取使用的权限
function _M.getSystemPermissionByRole(m) function _M.getSystemPermissionByRole(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
local code,ret = dao.getPermissionByRole(m.id) local code,ret = dao.getPermissionByRole(m.id)
local result = resp:json(code, ret) local result = resp:json(code, ret)
resp:send(result) resp:send(result)
@ -58,13 +36,6 @@ end
--根据权限id获取账号信息 --根据权限id获取账号信息
function _M.addSystemPermission() function _M.addSystemPermission()
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--读取请求体的数据 --读取请求体的数据
ngx.req.read_body() ngx.req.read_body()
--获取请求数据 --获取请求数据
@ -85,13 +56,6 @@ end
--根据账号id删除账号信息 --根据账号id删除账号信息
function _M.deleteSystemPermission(m) function _M.deleteSystemPermission(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
local code, ret = permissionDao.deleteSystemPermission(m.id) local code, ret = permissionDao.deleteSystemPermission(m.id)
local result = resp:json(code, ret) local result = resp:json(code, ret)
resp:send(result) resp:send(result)
@ -99,13 +63,6 @@ end
--根据账号id删除账号信息 --根据账号id删除账号信息
function _M.updateSystemPermission(m) function _M.updateSystemPermission(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--读取请求体的数据 --读取请求体的数据
ngx.req.read_body() ngx.req.read_body()
--获取请求数据 --获取请求数据

36
src/service/system/position.lua
View File

@ -7,19 +7,11 @@ local resp = require("util.response")
local positionDao = require("dao.position") local positionDao = require("dao.position")
local validatorJson = require("validator.system.position") local validatorJson = require("validator.system.position")
local cjson = require("cjson.safe") local cjson = require("cjson.safe")
local perm = require("util.permissionfilter")
local _M = {} local _M = {}
--获取所有岗位信息 --获取所有岗位信息
function _M.getSystemPositions() function _M.getSystemPositions()
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--获取页码和请求的数据量 --获取页码和请求的数据量
local pageNum = ngx.var.pagenum or 1 local pageNum = ngx.var.pagenum or 1
local pageSize = ngx.var.pagesize or 10 local pageSize = ngx.var.pagesize or 10
@ -30,13 +22,6 @@ end
--根据岗位id获取岗位信息 --根据岗位id获取岗位信息
function _M.getSystemPosition(m) function _M.getSystemPosition(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
local code,ret = positionDao.getSystemPosition(m.id) local code,ret = positionDao.getSystemPosition(m.id)
local result = resp:json(code, ret) local result = resp:json(code, ret)
resp:send(result) resp:send(result)
@ -44,13 +29,6 @@ end
--根据岗位id添加岗位信息 --根据岗位id添加岗位信息
function _M.addSystemPosition() function _M.addSystemPosition()
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--读取请求体的数据 --读取请求体的数据
ngx.req.read_body() ngx.req.read_body()
--获取请求数据 --获取请求数据
@ -71,13 +49,6 @@ end
--根据岗位id删除岗位信息 --根据岗位id删除岗位信息
function _M.deleteSystemPosition(m) function _M.deleteSystemPosition(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
local code, ret = positionDao.deleteSystemPosition(m.id) local code, ret = positionDao.deleteSystemPosition(m.id)
local result = resp:json(code, ret) local result = resp:json(code, ret)
resp:send(result) resp:send(result)
@ -85,13 +56,6 @@ end
--根据岗位id删除岗位信息 --根据岗位id删除岗位信息
function _M.updateSystemPosition(m) function _M.updateSystemPosition(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--读取请求体的数据 --读取请求体的数据
ngx.req.read_body() ngx.req.read_body()
--获取请求数据 --获取请求数据

36
src/service/system/role.lua
View File

@ -7,19 +7,11 @@ local resp = require("util.response")
local roleDao = require("dao.role") local roleDao = require("dao.role")
local validatorJson = require("validator.system.role") local validatorJson = require("validator.system.role")
local cjson = require("cjson.safe") local cjson = require("cjson.safe")
local perm = require("util.permissionfilter")
local _M = {} local _M = {}
--获取所有角色信息 --获取所有角色信息
function _M.getSystemRoles() function _M.getSystemRoles()
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--获取页码和请求的数据量 --获取页码和请求的数据量
--local args = ngx.req.get_uri_args() --local args = ngx.req.get_uri_args()
local pageNum = ngx.var.pagenum or 1 local pageNum = ngx.var.pagenum or 1
@ -31,13 +23,6 @@ end
--根据角色id获取角色信息 --根据角色id获取角色信息
function _M.getSystemRole(m) function _M.getSystemRole(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
local code,ret = roleDao.getSystemRole(m.id) local code,ret = roleDao.getSystemRole(m.id)
local result = resp:json(code, ret) local result = resp:json(code, ret)
resp:send(result) resp:send(result)
@ -45,13 +30,6 @@ end
--根据角色id获取角色信息 --根据角色id获取角色信息
function _M.addSystemRole() function _M.addSystemRole()
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--读取请求体的数据 --读取请求体的数据
ngx.req.read_body() ngx.req.read_body()
--获取请求数据 --获取请求数据
@ -72,13 +50,6 @@ end
--根据角色id删除角色信息 --根据角色id删除角色信息
function _M.deleteSystemRole(m) function _M.deleteSystemRole(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
local code, ret = roleDao.deleteSystemRole(m.id) local code, ret = roleDao.deleteSystemRole(m.id)
local result = resp:json(code, ret) local result = resp:json(code, ret)
resp:send(result) resp:send(result)
@ -86,13 +57,6 @@ end
--根据角色id删除角色信息 --根据角色id删除角色信息
function _M.updateSystemRole(m) function _M.updateSystemRole(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--读取请求体的数据 --读取请求体的数据
ngx.req.read_body() ngx.req.read_body()
--获取请求数据 --获取请求数据

45
src/service/system/user.lua
View File

@ -8,7 +8,6 @@ local userDao = require("dao.user")
local validatorJson = require("validator.system.user") local validatorJson = require("validator.system.user")
local cjson = require("cjson.safe") local cjson = require("cjson.safe")
local token = require("util.token") local token = require("util.token")
local perm = require("util.permissionfilter")
local _M = {} local _M = {}
@ -27,19 +26,17 @@ end
--获取所有用户信息 --获取所有用户信息
function _M.getSystemUsers(m) function _M.getSystemUsers(m)
--获取登录的用户信息 --获取登录的用户信息
--local userid = ngx.ctx.userid local userid = ngx.ctx.userid
--local username = ngx.ctx.username local username = ngx.ctx.username
local role = ngx.ctx.role local role = ngx.ctx.role
--ngx.log(ngx.INFO, "userid:"..userid.." username:"..username.." role:"..role) ngx.log(ngx.INFO, "userid:"..userid.." username:"..username.." role:"..role)
--权限数据 --权限数据
local perms = ngx.ctx.perms local perms = ngx.ctx.perms
--local method = m._method local method = m._method
--local path = m._path local path = m._path
--ngx.log(ngx.INFO, "path:"..path.." method:"..method) ngx.log(ngx.INFO, "path:"..path.." method:"..method)
--判断当前接口用户和角色是否有权限 --判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--获取页码和请求的数据量 --获取页码和请求的数据量
--local args = ngx.req.get_uri_args() --local args = ngx.req.get_uri_args()
local pageNum = ngx.var.pagenum or 1 local pageNum = ngx.var.pagenum or 1
@ -51,13 +48,6 @@ end
--根据用户id获取用户信息 --根据用户id获取用户信息
function _M.getSystemUser(m) function _M.getSystemUser(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--获取登录的用户信息 --获取登录的用户信息
local payload = ngx.var.uid local payload = ngx.var.uid
local metadata = m.metadata local metadata = m.metadata
@ -76,13 +66,6 @@ end
--根据用户id获取用户信息 --根据用户id获取用户信息
function _M.addSystemUser(m) function _M.addSystemUser(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
--读取请求体的数据 --读取请求体的数据
ngx.req.read_body() ngx.req.read_body()
--获取请求数据 --获取请求数据
@ -105,13 +88,6 @@ end
--根据用户id删除用户信息 --根据用户id删除用户信息
function _M.deleteSystemUser(m) function _M.deleteSystemUser(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
local code, ret = userDao.deleteSystemUser(m.id) local code, ret = userDao.deleteSystemUser(m.id)
local result = resp:json(code, ret) local result = resp:json(code, ret)
resp:send(result) resp:send(result)
@ -119,13 +95,6 @@ end
--根据用户id删除用户信息 --根据用户id删除用户信息
function _M.updateSystemUser(m) function _M.updateSystemUser(m)
local role = ngx.ctx.role
--权限数据
local perms = ngx.ctx.perms
--判断当前接口用户和角色是否有权限
if perm:hasPermission(role, perms) == false then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
local userid = getUserId() local userid = getUserId()
if userid ~= m.id then if userid ~= m.id then
ngx.log(ngx.WARN, "用户与使用token中的用户id不一致") ngx.log(ngx.WARN, "用户与使用token中的用户id不一致")

4
src/share/redis.lua
View File

@ -59,8 +59,8 @@ function _M:ttl(key)
return self.red:ttl(key) return self.red:ttl(key)
end end
function _M:scan(cursor, method, pattern) function _M:call(key, ...)
return self.red:scan(cursor, method, pattern) return self.red:call(key, ...)
end end
return _M return _M

39
src/test/test.lua
View File

@ -334,44 +334,14 @@ end
--]] --]]
local perm = require("util.permissionfilter") local perm = require("util.permissionfilter")
local perms = {}
--获取角色的所所有全新信息
local rest = perm:getRolePermissions("admin")
for _, key in ipairs(rest) do
table.insert(perms, key)
end
local val = table.concat(perms, ",")
ngx.say(val)
local exist = perm:hasPermission("admin", "system::users::add") local rest = perm.getRolePermissions("admin")
if exist then for _, row in pairs(rest) do
ngx.say("权限可以使用") print(row.key)
else
ngx.say("权限不能使用")
end end
--清除角色的权限数据 perm.clearRolePermissions("admin")
--perm:clearRolePermissions("admin")
local generateCert = require("util.generatorssl")
-- 使用示例
local success, files = generateCert:generate_self_signed_cert(
"example.com",
365,
2048,
"./ssl_certs"
)
if success then
print("SSL证书生成成功:")
print("私钥文件: "..files.key)
print("证书文件: "..files.cert)
else
print("证书生成失败")
end
--[[
--读取用户表、角色表和权限表中配置的权限数据 --读取用户表、角色表和权限表中配置的权限数据
local roleDao = require("dao.role") local roleDao = require("dao.role")
--获取数据表中的记录数 --获取数据表中的记录数
@ -388,7 +358,6 @@ for _, row in pairs(res) do
--row.role_key:超级管理员 --row.role_key:超级管理员
print(row.id..row.create_by..row.role_name) print(row.id..row.create_by..row.role_name)
end end
--]]
--[[ --[[
--获取数据表中的记录数 --获取数据表中的记录数

124
src/util/generatorssl.lua
View File

@ -1,124 +0,0 @@
---
--- Generated by EmmyLua(https://github.com/EmmyLua)
--- Created by admin.
--- DateTime: 2025/11/9 17:47
---
local openssl = require "openssl"
local fs = require "lfs"
local _M = {}
function _M:generate_self_signed_cert(domain, days, key_size, output_dir)
-- 创建输出目录
if not fs.attributes(output_dir) then
fs.mkdir(output_dir)
end
-- 生成RSA私钥
local pkey = openssl.pkey.new {
type = "RSA",
bits = key_size or 2048
}
-- 创建X.509证书
local x509 = openssl.x509.new {
version = 3,
serial = openssl.rand.bytes(8),
subject = {
commonName = domain
},
notBefore = os.time(),
notAfter = os.time() + (days or 365) * 24 * 60 * 60,
pubkey = pkey
}
-- 设置扩展属性
x509:extensions {
{
object = "basicConstraints",
critical = true,
value = "CA:FALSE"
},
{
object = "keyUsage",
critical = true,
value = "digitalSignature,keyEncipherment"
},
{
object = "subjectAltName",
value = "DNS:"..domain
}
}
-- 自签名
x509:sign(pkey)
-- 保存文件
local key_path = output_dir.."/"..domain..".key"
local cert_path = output_dir.."/"..domain..".crt"
local key_file = io.open(key_path, "w")
key_file:write(pkey:export("PEM"))
key_file:close()
local cert_file = io.open(cert_path, "w")
cert_file:write(x509:export("PEM"))
cert_file:close()
-- 设置文件权限
os.execute("chmod 600 "..key_path)
return true, {key = key_path, cert = cert_path}
end
function _M:verify_cert_chain(cert_path, intermediate_path, root_path)
-- 加载所有证书
local function load_cert(file)
local f = io.open(file, "r")
if not f then return nil end
local data = f:read("*a")
f:close()
return openssl.x509.read(data)
end
local cert = load_cert(cert_path)
local intermediate = load_cert(intermediate_path)
local root = load_cert(root_path)
if not (cert and intermediate and root) then
return false, "证书加载失败"
end
-- 构建证书链
local store = openssl.x509.store.new()
store:add(root)
store:add(intermediate)
-- 验证链
local ctx = openssl.x509.store.ctx.new(store, cert)
ctx:add_cert(intermediate)
local ok, err = ctx:verify()
return ok, ok and "证书链验证通过" or ("验证失败: "..(err or "未知错误"))
end
return _M
--[[
local
-- 使用示例
local success, files = generate_self_signed_cert(
"example.com",
365,
2048,
"./ssl_certs"
)
if success then
print("SSL证书生成成功:")
print("私钥文件: "..files.key)
print("证书文件: "..files.cert)
else
print("证书生成失败")
end
--]]

28
src/util/permissionfilter.lua
View File

@ -56,40 +56,22 @@ function _M:getRolePermissions(role_name)
return allPermissions return allPermissions
end end
--获取redis中所有匹配的数据内容 --获取redis中所有匹配的数据内容
local pattern = role_name.."-*" local prefix = role_name.."-"
local cursor = "0" local cursor = "0"
repeat local result = red:call('SCAN', cursor, 'MATCH', prefix .. '*', 'COUNT')
local result, err = red:scan(cursor, 'MATCH', pattern)
if not result then
return allPermissions
end
cursor = result[1] cursor = result[1]
for _, key in ipairs(result[2]) do for _, key in ipairs(result[2]) do
table.insert(allPermissions, key) table.insert(allPermissions, key)
end end
until cursor == "0"
return allPermissions return allPermissions
end end
-- 清除角色的所有权限 -- 清除角色的所有权限
function _M:clearRolePermissions(role_name) function _M:clearRolePermissions(role_name)
--将redis中角色相关的键值去掉 --将redis中角色相关的键值去掉
--获取redis中所有匹配的数据内容 local keys = red:call("KEYS", role_name.."-*")
local pattern = role_name.."-*" if #keys > 0 then
local cursor = "0" red:call("DEL", unpack(keys))
local keys = {}
repeat
local result, err = red:scan(cursor, 'MATCH', pattern)
if not result then
break
end
cursor = result[1]
for _, key in ipairs(result[2]) do
table.insert(keys, key)
end
until cursor == "0"
for _, key in ipairs(keys) do
red:del(key)
end end
end end