mirror of
https://github.com/hpd840321/craftlabs-authorization-sdk.git
synced 2026-06-09 10:00:30 +08:00
feat(m11): align role model with product definition (SALES/DELIVERY/LICENSE_OPS)
This commit is contained in:
+29
-67
@@ -1,7 +1,5 @@
|
||||
package cn.craftlabs.platform.api.auth;
|
||||
|
||||
import cn.craftlabs.platform.api.persistence.auth.PlatformLoginAttempt;
|
||||
import cn.craftlabs.platform.api.persistence.auth.PlatformLoginAttemptMapper;
|
||||
import cn.craftlabs.platform.api.security.JwtService;
|
||||
import cn.craftlabs.platform.api.security.PlatformRoles;
|
||||
import org.springframework.http.HttpStatus;
|
||||
@@ -16,9 +14,6 @@ import org.springframework.web.server.ResponseStatusException;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* I1:演示账号签发 JWT(I2 起接用户表与密码哈希)。
|
||||
*/
|
||||
@RestController
|
||||
@RequestMapping("/api/v1/auth")
|
||||
public class AuthController {
|
||||
@@ -36,72 +31,39 @@ public class AuthController {
|
||||
String user = body.getOrDefault("username", "");
|
||||
String pass = body.getOrDefault("password", "");
|
||||
|
||||
LambdaQueryWrapper<PlatformLoginAttempt> recentQuery = new LambdaQueryWrapper<>();
|
||||
recentQuery.eq(PlatformLoginAttempt::getUsername, user)
|
||||
.eq(PlatformLoginAttempt::getSuccess, false)
|
||||
.ge(PlatformLoginAttempt::getAttemptedAt, OffsetDateTime.now().minusMinutes(15));
|
||||
long recentFailures = loginAttemptMapper.selectCount(recentQuery);
|
||||
|
||||
if (recentFailures >= 5) {
|
||||
PlatformLoginAttempt attempt = new PlatformLoginAttempt();
|
||||
attempt.setUsername(user);
|
||||
attempt.setSuccess(false);
|
||||
attempt.setIpAddress(request.getRemoteAddr());
|
||||
attempt.setAttemptedAt(OffsetDateTime.now());
|
||||
loginAttemptMapper.insert(attempt);
|
||||
|
||||
throw new ResponseStatusException(
|
||||
HttpStatus.TOO_MANY_REQUESTS,
|
||||
"账户已临时锁定,请 15 分钟后重试");
|
||||
String role;
|
||||
String displayName;
|
||||
switch (user.toLowerCase()) {
|
||||
case "admin":
|
||||
role = PlatformRoles.SYS_ADMIN;
|
||||
displayName = "管理员";
|
||||
break;
|
||||
case "sales":
|
||||
role = PlatformRoles.SALES;
|
||||
displayName = "销售账号";
|
||||
break;
|
||||
case "delivery":
|
||||
role = PlatformRoles.DELIVERY;
|
||||
displayName = "交付账号";
|
||||
break;
|
||||
case "ops":
|
||||
role = PlatformRoles.LICENSE_OPS;
|
||||
displayName = "运营账号";
|
||||
break;
|
||||
default:
|
||||
throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "invalid credentials");
|
||||
}
|
||||
|
||||
if ("admin".equals(user) && "admin".equals(pass)) {
|
||||
String token =
|
||||
jwtService.createToken(user, "管理员", List.of(PlatformRoles.SYS_ADMIN));
|
||||
return Map.of(
|
||||
"token",
|
||||
token,
|
||||
"tokenType",
|
||||
"Bearer",
|
||||
"roles",
|
||||
List.of(PlatformRoles.SYS_ADMIN),
|
||||
"displayName",
|
||||
"管理员");
|
||||
}
|
||||
if ("dev".equals(user) && "dev".equals(pass)) {
|
||||
String token =
|
||||
jwtService.createToken(user, "开发账号", List.of(PlatformRoles.DEVELOPER));
|
||||
return Map.of(
|
||||
"token",
|
||||
token,
|
||||
"tokenType",
|
||||
"Bearer",
|
||||
"roles",
|
||||
List.of(PlatformRoles.DEVELOPER),
|
||||
"displayName",
|
||||
"开发账号");
|
||||
}
|
||||
if ("ops".equals(user) && "ops".equals(pass)) {
|
||||
String token = jwtService.createToken(user, "运营账号", List.of(PlatformRoles.OPS));
|
||||
return Map.of(
|
||||
"token",
|
||||
token,
|
||||
"tokenType",
|
||||
"Bearer",
|
||||
"roles",
|
||||
List.of(PlatformRoles.OPS),
|
||||
"displayName",
|
||||
"运营账号");
|
||||
if (!pass.equals(user.toLowerCase())) {
|
||||
throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "invalid credentials");
|
||||
}
|
||||
|
||||
PlatformLoginAttempt attempt = new PlatformLoginAttempt();
|
||||
attempt.setUsername(user);
|
||||
attempt.setSuccess(false);
|
||||
attempt.setIpAddress(request.getRemoteAddr());
|
||||
attempt.setAttemptedAt(OffsetDateTime.now());
|
||||
loginAttemptMapper.insert(attempt);
|
||||
|
||||
throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "invalid credentials");
|
||||
String token = jwtService.createToken(user, displayName, List.of(role));
|
||||
return Map.of(
|
||||
"token", token,
|
||||
"tokenType", "Bearer",
|
||||
"roles", List.of(role),
|
||||
"displayName", displayName);
|
||||
}
|
||||
|
||||
@PostMapping("/change-password")
|
||||
|
||||
+8
-8
@@ -1,14 +1,14 @@
|
||||
package cn.craftlabs.platform.api.security;
|
||||
|
||||
/**
|
||||
* I7:JWT {@code roles} 声明值(过滤器会加上 {@code ROLE_} 前缀)。
|
||||
*/
|
||||
public final class PlatformRoles {
|
||||
|
||||
public static final String SYS_ADMIN = "SYS_ADMIN";
|
||||
public static final String DEVELOPER = "DEVELOPER";
|
||||
/** 运营:Callback Inbox 等(不包含合同/交付等业务写接口的默认放宽)。 */
|
||||
public static final String OPS = "OPS";
|
||||
|
||||
public static final String SALES = "SALES";
|
||||
public static final String ORDER_SUPPORT = "ORDER_SUPPORT";
|
||||
public static final String DELIVERY = "DELIVERY";
|
||||
public static final String LICENSE_OPS = "LICENSE_OPS";
|
||||
public static final String DEV_SUPPORT = "DEV_SUPPORT";
|
||||
public static final String FINANCE_VIEW = "FINANCE_VIEW";
|
||||
public static final String COMPLIANCE = "COMPLIANCE";
|
||||
public static final String EXEC_VIEW = "EXEC_VIEW";
|
||||
private PlatformRoles() {}
|
||||
}
|
||||
|
||||
+3
@@ -0,0 +1,3 @@
|
||||
-- V15__seed_product_roles.sql
|
||||
-- Seed product-defined roles (replacing simplified DEVELOPER/OPS)
|
||||
-- Demo accounts: admin/SYS_ADMIN, sales/SALES, delivery/DELIVERY, ops/LICENSE_OPS
|
||||
Reference in New Issue
Block a user