feat: 权限控制

packages/ui/certd-server/src/modules/authority/controller/permission-controller.ts

@@ -23,7 +23,7 @@ export class PermissionController extends CrudController<PermissionService> {
     return this.service;
   }
 
-  @Post('/page')
+  @Post('/page', { summary: 'sys:auth:per:view' })
   async page(
     @Body(ALL)
     body
@@ -31,7 +31,7 @@ export class PermissionController extends CrudController<PermissionService> {
     return await super.page(body);
   }
 
-  @Post('/add')
+  @Post('/add', { summary: 'sys:auth:per:add' })
   async add(
     @Body(ALL)
     bean
@@ -39,14 +39,14 @@ export class PermissionController extends CrudController<PermissionService> {
     return await super.add(bean);
   }
 
-  @Post('/update')
+  @Post('/update', { summary: 'sys:auth:per:edit' })
   async update(
     @Body(ALL)
     bean
   ) {
     return await super.update(bean);
   }
-  @Post('/delete')
+  @Post('/delete', { summary: 'sys:auth:per:remove' })
   async delete(
     @Query('id')
     id
@@ -54,7 +54,7 @@ export class PermissionController extends CrudController<PermissionService> {
     return await super.delete(id);
   }
 
-  @Post('/tree')
+  @Post('/tree', { summary: 'sys:auth:per:view' })
   async tree() {
     const tree = await this.service.tree({});
     return this.ok(tree);

packages/ui/certd-server/src/modules/authority/controller/role-controller.ts

@@ -23,7 +23,7 @@ export class RoleController extends CrudController<RoleService> {
     return this.service;
   }
 
-  @Post('/page')
+  @Post('/page', { summary: 'sys:auth:role:view' })
   async page(
     @Body(ALL)
     body
@@ -31,13 +31,13 @@ export class RoleController extends CrudController<RoleService> {
     return await super.page(body);
   }
 
-  @Post('/list')
+  @Post('/list', { summary: 'sys:auth:role:view' })
   async list() {
     const ret = await this.service.find({});
     return this.ok(ret);
   }
 
-  @Post('/add')
+  @Post('/add', { summary: 'sys:auth:role:add' })
   async add(
     @Body(ALL)
     bean
@@ -45,14 +45,14 @@ export class RoleController extends CrudController<RoleService> {
     return await super.add(bean);
   }
 
-  @Post('/update')
+  @Post('/update', { summary: 'sys:auth:role:edit' })
   async update(
     @Body(ALL)
     bean
   ) {
     return await super.update(bean);
   }
-  @Post('/delete')
+  @Post('/delete', { summary: 'sys:auth:role:remove' })
   async delete(
     @Query('id')
     id
@@ -60,7 +60,7 @@ export class RoleController extends CrudController<RoleService> {
     return await super.delete(id);
   }
 
-  @Post('/getPermissionTree')
+  @Post('/getPermissionTree', { summary: 'sys:auth:role:view' })
   async getPermissionTree(
     @Query('id')
     id
@@ -69,7 +69,7 @@ export class RoleController extends CrudController<RoleService> {
     return this.ok(ret);
   }
 
-  @Post('/getPermissionIds')
+  @Post('/getPermissionIds', { summary: 'sys:auth:role:view' })
   async getPermissionIds(
     @Query('id')
     id
@@ -80,9 +80,10 @@ export class RoleController extends CrudController<RoleService> {
 
   /**
    * 给角色授予权限
-   * @param id
+   * @param roleId
+   * @param permissionIds
    */
-  @Post('/authz')
+  @Post('/authz', { summary: 'sys:auth:role:edit' })
   async authz(
     @Body('roleId')
     roleId,
@@ -93,4 +94,3 @@ export class RoleController extends CrudController<RoleService> {
     return this.ok(null);
   }
 }
-

packages/ui/certd-server/src/modules/authority/controller/user-controller.ts

@@ -11,6 +11,7 @@ import { UserService } from '../service/user-service';
 import { CrudController } from '../../../basic/crud-controller';
 import { RoleService } from '../service/role-service';
 import { PermissionService } from '../service/permission-service';
+import { Constants } from '../../../basic/constants';
 
 /**
  * 系统用户
@@ -30,7 +31,7 @@ export class UserController extends CrudController<UserService> {
     return this.service;
   }
 
-  @Post('/page')
+  @Post('/page', { summary: 'sys:auth:user:view' })
   async page(
     @Body(ALL)
     body
@@ -62,7 +63,7 @@ export class UserController extends CrudController<UserService> {
     return ret;
   }
 
-  @Post('/add')
+  @Post('/add', { summary: 'sys:auth:user:add' })
   async add(
     @Body(ALL)
     bean
@@ -70,14 +71,14 @@ export class UserController extends CrudController<UserService> {
     return await super.add(bean);
   }
 
-  @Post('/update')
+  @Post('/update', { summary: 'sys:auth:user:edit' })
   async update(
     @Body(ALL)
     bean
   ) {
     return await super.update(bean);
   }
-  @Post('/delete')
+  @Post('/delete', { summary: 'sys:auth:user:remove' })
   async delete(
     @Query('id')
     id
@@ -88,7 +89,7 @@ export class UserController extends CrudController<UserService> {
   /**
    * 当前登录用户的个人信息
    */
-  @Post('/mine')
+  @Post('/mine', { summary: Constants.per.authOnly })
   public async mine() {
     const id = this.ctx.user.id;
     const info = await this.service.info(id, ['password']);
@@ -98,7 +99,7 @@ export class UserController extends CrudController<UserService> {
   /**
    * 当前登录用户的权限列表
    */
-  @Post('/permissions')
+  @Post('/permissions', { summary: Constants.per.authOnly })
   public async permissions() {
     const id = this.ctx.user.id;
     const permissions = await this.service.getUserPermissions(id);
@@ -108,7 +109,7 @@ export class UserController extends CrudController<UserService> {
   /**
    * 当前登录用户的权限树形列表
    */
-  @Post('/permissionTree')
+  @Post('/permissionTree', { summary: Constants.per.authOnly })
   public async permissionTree() {
     const id = this.ctx.user.id;
     const permissions = await this.service.getUserPermissions(id);

packages/ui/certd-server/src/modules/authority/entity/user-role.ts

@@ -9,4 +9,8 @@ export class UserRoleEntity {
   roleId: number;
   @PrimaryColumn({ name: 'user_id' })
   userId: number;
+
+  static of(userId: number, roleId: number): UserRoleEntity {
+    return Object.assign(new UserRoleEntity(), { userId, roleId });
+  }
 }

packages/ui/certd-server/src/modules/authority/entity/user.ts

@@ -60,4 +60,7 @@ export class UserEntity {
   //   },
   // })
   // roles: RoleEntity[];
+  static of(user: Partial<UserEntity>) {
+    return Object.assign(new UserEntity(), user);
+  }
 }

packages/ui/certd-server/src/modules/authority/service/permission-service.ts

@@ -1,4 +1,4 @@
-import { Provide } from '@midwayjs/decorator';
+import { Provide, Scope, ScopeEnum } from '@midwayjs/decorator';
 import { InjectEntityModel } from '@midwayjs/typeorm';
 import { Repository } from 'typeorm';
 import { BaseService } from '../../../basic/base-service';
@@ -8,6 +8,7 @@ import { PermissionEntity } from '../entity/permission';
  * 权限资源
  */
 @Provide()
+@Scope(ScopeEnum.Singleton)
 export class PermissionService extends BaseService<PermissionEntity> {
   @InjectEntityModel(PermissionEntity)
   repository: Repository<PermissionEntity>;

packages/ui/certd-server/src/modules/authority/service/role-permission-service.ts

@@ -1,4 +1,4 @@
-import { Provide } from '@midwayjs/decorator';
+import { Provide, Scope, ScopeEnum } from '@midwayjs/decorator';
 import { InjectEntityModel } from '@midwayjs/typeorm';
 import { Repository } from 'typeorm';
 import { BaseService } from '../../../basic/base-service';
@@ -8,6 +8,7 @@ import { RolePermissionEntity } from '../entity/role-permission';
  * 角色->权限
  */
 @Provide()
+@Scope(ScopeEnum.Singleton)
 export class RolePermissionService extends BaseService<RolePermissionEntity> {
   @InjectEntityModel(RolePermissionEntity)
   repository: Repository<RolePermissionEntity>;

packages/ui/certd-server/src/modules/authority/service/role-service.ts

@@ -1,4 +1,4 @@
-import { Inject, Provide } from '@midwayjs/decorator';
+import { Inject, Provide, Scope, ScopeEnum } from '@midwayjs/decorator';
 import { InjectEntityModel } from '@midwayjs/typeorm';
 import { In, Repository } from 'typeorm';
 import { BaseService } from '../../../basic/base-service';
@@ -8,10 +8,12 @@ import { RolePermissionEntity } from '../entity/role-permission';
 import { PermissionService } from './permission-service';
 import * as _ from 'lodash';
 import { RolePermissionService } from './role-permission-service';
+import { LRUCache } from 'lru-cache';
 /**
  * 角色
  */
 @Provide()
+@Scope(ScopeEnum.Singleton)
 export class RoleService extends BaseService<RoleEntity> {
   @InjectEntityModel(RoleEntity)
   repository: Repository<RoleEntity>;
@@ -22,6 +24,11 @@ export class RoleService extends BaseService<RoleEntity> {
   @Inject()
   rolePermissionService: RolePermissionService;
 
+  permissionCache = new LRUCache<string, any>({
+    max: 1000,
+    ttl: 1000 * 60 * 10,
+  });
+
   getRepository() {
     return this.repository;
   }
@@ -77,6 +84,8 @@ export class RoleService extends BaseService<RoleEntity> {
     await this.userRoleService.delete({ userId });
     //再添加
     await this.addRoles(userId, roles);
+
+    this.permissionCache.clear();
   }
 
   async getPermissionTreeByRoleId(id: any) {
@@ -97,5 +106,29 @@ export class RoleService extends BaseService<RoleEntity> {
         permissionId,
       });
     }
+    this.permissionCache.clear();
+  }
+
+  async getPermissionSetByRoleIds(roleIds: number[]): Promise<Set<string>> {
+    const list = await this.getPermissionByRoleIds(roleIds);
+
+    const permissionSet = new Set<string>();
+    for (const entity of list) {
+      permissionSet.add(entity.permission);
+    }
+    return permissionSet;
+  }
+
+  async getCachedPermissionSetByRoleIds(
+    roleIds: number[]
+  ): Promise<Set<string>> {
+    const roleIdsKey = roleIds.join(',');
+    let permissionSet = this.permissionCache.get(roleIdsKey);
+    if (permissionSet) {
+      return permissionSet;
+    }
+    permissionSet = await this.getPermissionSetByRoleIds(roleIds);
+    this.permissionCache.set(roleIdsKey, permissionSet);
+    return permissionSet;
   }
 }

packages/ui/certd-server/src/modules/authority/service/user-role-service.ts

@@ -1,4 +1,4 @@
-import { Provide } from '@midwayjs/decorator';
+import { Provide, Scope, ScopeEnum } from '@midwayjs/decorator';
 import { InjectEntityModel } from '@midwayjs/typeorm';
 import { Repository } from 'typeorm';
 import { BaseService } from '../../../basic/base-service';
@@ -8,6 +8,7 @@ import { UserRoleEntity } from '../entity/user-role';
  * 用户->角色
  */
 @Provide()
+@Scope(ScopeEnum.Singleton)
 export class UserRoleService extends BaseService<UserRoleEntity> {
   @InjectEntityModel(UserRoleEntity)
   repository: Repository<UserRoleEntity>;

packages/ui/certd-server/src/modules/authority/service/user-service.ts

@@ -1,4 +1,4 @@
-import { Inject, Provide } from '@midwayjs/decorator';
+import { Inject, Provide, Scope, ScopeEnum } from '@midwayjs/decorator';
 import { InjectEntityModel } from '@midwayjs/typeorm';
 import { Repository } from 'typeorm';
 import { UserEntity } from '../entity/user';
@@ -6,15 +6,18 @@ import * as _ from 'lodash';
 import md5 from 'md5';
 import { CommonException } from '../../../basic/exception/common-exception';
 import { BaseService } from '../../../basic/base-service';
-import { logger } from '../../../utils/logger';
 import { RoleService } from './role-service';
 import { PermissionService } from './permission-service';
 import { UserRoleService } from './user-role-service';
+import { Constants } from '../../../basic/constants';
+import { UserRoleEntity } from '../entity/user-role';
+import { randomText } from 'svg-captcha';
 
 /**
  * 系统用户
  */
 @Provide()
+@Scope(ScopeEnum.Singleton)
 export class UserService extends BaseService<UserEntity> {
   @InjectEntityModel(UserEntity)
   repository: Repository<UserEntity>;
@@ -32,10 +35,10 @@ export class UserService extends BaseService<UserEntity> {
   /**
    * 获得个人信息
    */
-  async mine() {
+  async mine(userId: number) {
     const info = await this.repository.findOne({
       where: {
-        id: this.ctx.user.id,
+        id: userId,
       },
     });
     delete info.password;
@@ -55,7 +58,7 @@ export class UserService extends BaseService<UserEntity> {
     if (!_.isEmpty(exists)) {
       throw new CommonException('用户名已经存在');
     }
-    const password = param.password ?? '123456';
+    const password = param.password ?? randomText(6);
     param.password = md5(password); // 默认密码  建议未改密码不能登陆
     await super.add(param);
     //添加角色
@@ -97,7 +100,7 @@ export class UserService extends BaseService<UserEntity> {
   }
 
   checkPassword(rawPassword: any, md5Password: any) {
-    logger.info('md5', md5('123456'));
+    // logger.info('md5', md5('123456'));
     return md5(rawPassword) === md5Password;
   }
 
@@ -107,7 +110,36 @@ export class UserService extends BaseService<UserEntity> {
    */
   async getUserPermissions(id: any) {
     const roleIds = await this.roleService.getRoleIdsByUserId(id);
-
     return await this.roleService.getPermissionByRoleIds(roleIds);
   }
+
+  async register(user: UserEntity) {
+    const old = await this.findOne({ username: user.username });
+    if (old != null) {
+      throw new CommonException('用户名已经存在');
+    }
+    let newUser: UserEntity = UserEntity.of({
+      username: user.username,
+      password: user.password,
+      nickName: user.nickName || user.username,
+      avatar: user.avatar || '',
+      email: user.email || '',
+      mobile: user.mobile || '',
+      phoneCode: user.phoneCode || '',
+      status: 1,
+    });
+    newUser.password = md5(newUser.password);
+
+    await this.transaction(async txManager => {
+      newUser = await txManager.save(newUser);
+      const userRole: UserRoleEntity = UserRoleEntity.of(
+        newUser.id,
+        Constants.role.defaultUser
+      );
+      await txManager.save(userRole);
+    });
+
+    delete newUser.password;
+    return newUser;
+  }
 }