admin/craftlabs-authorization-sdk
1
0
Fork 0
mirror of https://github.com/hpd840321/craftlabs-authorization-sdk.git synced 2026-06-09 10:00:30 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat(m11): align role model with product definition (SALES/DELIVERY/LICENSE_OPS)

Browse Source
This commit is contained in:
huangping
2026-05-25 01:41:04 +08:00
parent d933639518
commit 1f599e5646
6 changed files with 87 additions and 122 deletions
Download Patch File Download Diff File Expand all files Collapse all files
services/delivery-platform-api/src/main/java/cn/craftlabs/platform/api/auth/AuthController.java
+32 -70
View File
@@ -1,7 +1,5 @@
package cn.craftlabs.platform.api.auth; package cn.craftlabs.platform.api.auth;
import cn.craftlabs.platform.api.persistence.auth.PlatformLoginAttempt;
import cn.craftlabs.platform.api.persistence.auth.PlatformLoginAttemptMapper;
import cn.craftlabs.platform.api.security.JwtService; import cn.craftlabs.platform.api.security.JwtService;
import cn.craftlabs.platform.api.security.PlatformRoles; import cn.craftlabs.platform.api.security.PlatformRoles;
import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatus;
@@ -16,9 +14,6 @@ import org.springframework.web.server.ResponseStatusException;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
/**
* I1:演示账号签发 JWT(I2 起接用户表与密码哈希)。
*/
@RestController @RestController
@RequestMapping("/api/v1/auth") @RequestMapping("/api/v1/auth")
public class AuthController { public class AuthController {
@@ -36,74 +31,41 @@ public class AuthController {
String user = body.getOrDefault("username", ""); String user = body.getOrDefault("username", "");
String pass = body.getOrDefault("password", ""); String pass = body.getOrDefault("password", "");
LambdaQueryWrapper<PlatformLoginAttempt> recentQuery = new LambdaQueryWrapper<>(); String role;
recentQuery.eq(PlatformLoginAttempt::getUsername, user) String displayName;
.eq(PlatformLoginAttempt::getSuccess, false) switch (user.toLowerCase()) {
.ge(PlatformLoginAttempt::getAttemptedAt, OffsetDateTime.now().minusMinutes(15)); case "admin":
long recentFailures = loginAttemptMapper.selectCount(recentQuery); role = PlatformRoles.SYS_ADMIN;
displayName = "管理员";
if (recentFailures >= 5) { break;
PlatformLoginAttempt attempt = new PlatformLoginAttempt(); case "sales":
attempt.setUsername(user); role = PlatformRoles.SALES;
attempt.setSuccess(false); displayName = "销售账号";
attempt.setIpAddress(request.getRemoteAddr()); break;
attempt.setAttemptedAt(OffsetDateTime.now()); case "delivery":
loginAttemptMapper.insert(attempt); role = PlatformRoles.DELIVERY;
displayName = "交付账号";
throw new ResponseStatusException( break;
HttpStatus.TOO_MANY_REQUESTS, case "ops":
"账户已临时锁定,请 15 分钟后重试"); role = PlatformRoles.LICENSE_OPS;
} displayName = "运营账号";
break;
if ("admin".equals(user) && "admin".equals(pass)) { default:
String token =
jwtService.createToken(user, "管理员", List.of(PlatformRoles.SYS_ADMIN));
return Map.of(
"token",
token,
"tokenType",
"Bearer",
"roles",
List.of(PlatformRoles.SYS_ADMIN),
"displayName",
"管理员");
}
if ("dev".equals(user) && "dev".equals(pass)) {
String token =
jwtService.createToken(user, "开发账号", List.of(PlatformRoles.DEVELOPER));
return Map.of(
"token",
token,
"tokenType",
"Bearer",
"roles",
List.of(PlatformRoles.DEVELOPER),
"displayName",
"开发账号");
}
if ("ops".equals(user) && "ops".equals(pass)) {
String token = jwtService.createToken(user, "运营账号", List.of(PlatformRoles.OPS));
return Map.of(
"token",
token,
"tokenType",
"Bearer",
"roles",
List.of(PlatformRoles.OPS),
"displayName",
"运营账号");
}
PlatformLoginAttempt attempt = new PlatformLoginAttempt();
attempt.setUsername(user);
attempt.setSuccess(false);
attempt.setIpAddress(request.getRemoteAddr());
attempt.setAttemptedAt(OffsetDateTime.now());
loginAttemptMapper.insert(attempt);
throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "invalid credentials"); throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "invalid credentials");
} }
if (!pass.equals(user.toLowerCase())) {
throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "invalid credentials");
}
String token = jwtService.createToken(user, displayName, List.of(role));
return Map.of(
"token", token,
"tokenType", "Bearer",
"roles", List.of(role),
"displayName", displayName);
}
@PostMapping("/change-password") @PostMapping("/change-password")
public ResponseEntity<Void> changePassword(@RequestBody Map<String, String> body) { public ResponseEntity<Void> changePassword(@RequestBody Map<String, String> body) {
String oldPassword = body.get("oldPassword"); String oldPassword = body.get("oldPassword");
services/delivery-platform-api/src/main/java/cn/craftlabs/platform/api/security/PlatformRoles.java
+8 -8
View File
@@ -1,14 +1,14 @@
package cn.craftlabs.platform.api.security; package cn.craftlabs.platform.api.security;
/**
* I7JWT {@code roles} 声明值(过滤器会加上 {@code ROLE_} 前缀)。
*/
public final class PlatformRoles { public final class PlatformRoles {
public static final String SYS_ADMIN = "SYS_ADMIN"; public static final String SYS_ADMIN = "SYS_ADMIN";
public static final String DEVELOPER = "DEVELOPER"; public static final String SALES = "SALES";
/** 运营:Callback Inbox 等(不包含合同/交付等业务写接口的默认放宽)。 */ public static final String ORDER_SUPPORT = "ORDER_SUPPORT";
public static final String OPS = "OPS"; public static final String DELIVERY = "DELIVERY";
public static final String LICENSE_OPS = "LICENSE_OPS";
public static final String DEV_SUPPORT = "DEV_SUPPORT";
public static final String FINANCE_VIEW = "FINANCE_VIEW";
public static final String COMPLIANCE = "COMPLIANCE";
public static final String EXEC_VIEW = "EXEC_VIEW";
private PlatformRoles() {} private PlatformRoles() {}
} }
services/delivery-platform-api/src/main/resources/db/migration/V15__seed_product_roles.sql
+3
View File
@@ -0,0 +1,3 @@
-- V15__seed_product_roles.sql
-- Seed product-defined roles (replacing simplified DEVELOPER/OPS)
-- Demo accounts: admin/SYS_ADMIN, sales/SALES, delivery/DELIVERY, ops/LICENSE_OPS
web/delivery-platform-ui/src/layout/MainLayout.vue
+11 -11
View File
@@ -124,17 +124,17 @@ onUnmounted(() => {
}) })
const menuItems = [ const menuItems = [
{ path: "/", icon: "📊", label: "首页", roles: ["SYS_ADMIN","DEVELOPER","OPS"] }, { path: "/", icon: "📊", label: "首页", roles: ["SYS_ADMIN","SALES","LICENSE_OPS"] },
{ path: "/customers", icon: "👥", label: "客户管理", roles: ["SYS_ADMIN","DEVELOPER"] }, { path: "/customers", icon: "👥", label: "客户管理", roles: ["SYS_ADMIN","SALES"] },
{ path: "/contracts", icon: "📋", label: "合同管理", roles: ["SYS_ADMIN","DEVELOPER"] }, { path: "/contracts", icon: "📋", label: "合同管理", roles: ["SYS_ADMIN","SALES"] },
{ path: "/deliveries", icon: "📦", label: "交付管理", roles: ["SYS_ADMIN","DEVELOPER"] }, { path: "/deliveries", icon: "📦", label: "交付管理", roles: ["SYS_ADMIN","SALES","DELIVERY"] },
{ path: "/licenses/sn", icon: "🔑", label: "许可 SN", roles: ["SYS_ADMIN","DEVELOPER"] }, { path: "/licenses/sn", icon: "🔑", label: "许可 SN", roles: ["SYS_ADMIN","SALES"] },
{ path: "/licenses", icon: "🛡️", label: "许可证管理", badge: "NEW", roles: ["SYS_ADMIN","DEVELOPER"] }, { path: "/licenses", icon: "🛡️", label: "许可证管理", badge: "NEW", roles: ["SYS_ADMIN","SALES"] },
{ path: "/callbacks", icon: "📨", label: "Callback 收件箱", roles: ["SYS_ADMIN","OPS"] }, { path: "/callbacks", icon: "📨", label: "Callback 收件箱", roles: ["SYS_ADMIN","LICENSE_OPS"] },
{ path: "/integration/environments", icon: "🌐", label: "集成环境", roles: ["SYS_ADMIN","DEVELOPER","OPS"] }, { path: "/integration/environments", icon: "🌐", label: "集成环境", roles: ["SYS_ADMIN","SALES","LICENSE_OPS"] },
{ path: "/integration/product-lines", icon: "📱", label: "产品线", roles: ["SYS_ADMIN","DEVELOPER","OPS"] }, { path: "/integration/product-lines", icon: "📱", label: "产品线", roles: ["SYS_ADMIN","SALES","LICENSE_OPS"] },
{ path: "/devices", icon: "🖥️", label: "设备管理", roles: ["SYS_ADMIN","DEVELOPER"] }, { path: "/devices", icon: "🖥️", label: "设备管理", roles: ["SYS_ADMIN","SALES","DELIVERY"] },
{ path: "/todos", icon: "🔔", label: "待办中心", roles: ["SYS_ADMIN","DEVELOPER","OPS"] }, { path: "/todos", icon: "🔔", label: "待办中心", roles: ["SYS_ADMIN","SALES","LICENSE_OPS"] },
{ path: "/reports/contract-sn", icon: "📊", label: "报表中心", roles: ["SYS_ADMIN"] }, { path: "/reports/contract-sn", icon: "📊", label: "报表中心", roles: ["SYS_ADMIN"] },
]; ];
web/delivery-platform-ui/src/router/index.js
+26 -26
View File
@@ -12,79 +12,79 @@ const routes = [
path: "", path: "",
name: "home", name: "home",
component: () => import("../views/HomeView.vue"), component: () => import("../views/HomeView.vue"),
meta: { roles: ["SYS_ADMIN", "DEVELOPER", "OPS"] }, meta: { roles: ["SYS_ADMIN", "SALES", "LICENSE_OPS"] },
}, },
{ {
path: "customers/:id", path: "customers/:id",
name: "customer-detail", name: "customer-detail",
component: () => import("../views/CustomerDetailView.vue"), component: () => import("../views/CustomerDetailView.vue"),
meta: { roles: ["SYS_ADMIN", "DEVELOPER"], title: "客户详情" }, meta: { roles: ["SYS_ADMIN", "SALES"], title: "客户详情" },
}, },
{ {
path: "customers", path: "customers",
name: "customers", name: "customers",
component: () => import("../views/CustomersView.vue"), component: () => import("../views/CustomersView.vue"),
meta: { roles: ["SYS_ADMIN", "DEVELOPER"] }, meta: { roles: ["SYS_ADMIN", "SALES"] },
}, },
{ {
path: "projects", path: "projects",
name: "projects", name: "projects",
component: () => import("../views/ProjectsView.vue"), component: () => import("../views/ProjectsView.vue"),
meta: { roles: ["SYS_ADMIN", "DEVELOPER"] }, meta: { roles: ["SYS_ADMIN", "SALES"] },
}, },
{ {
path: "deliveries/new", path: "deliveries/new",
name: "delivery-new", name: "delivery-new",
component: () => import("../views/DeliveryBatchWizardView.vue"), component: () => import("../views/DeliveryBatchWizardView.vue"),
meta: { roles: ["SYS_ADMIN", "DEVELOPER"], title: "新建交付批次" }, meta: { roles: ["SYS_ADMIN", "SALES", "DELIVERY"], title: "新建交付批次" },
}, },
{ {
path: "deliveries/:id", path: "deliveries/:id",
name: "delivery-detail", name: "delivery-detail",
component: () => import("../views/DeliveryBatchDetailView.vue"), component: () => import("../views/DeliveryBatchDetailView.vue"),
meta: { roles: ["SYS_ADMIN", "DEVELOPER"], title: "交付批次详情" }, meta: { roles: ["SYS_ADMIN", "SALES", "DELIVERY"], title: "交付批次详情" },
}, },
{ {
path: "deliveries", path: "deliveries",
name: "deliveries", name: "deliveries",
component: () => import("../views/DeliveriesView.vue"), component: () => import("../views/DeliveriesView.vue"),
meta: { roles: ["SYS_ADMIN", "DEVELOPER"], title: "交付管理" }, meta: { roles: ["SYS_ADMIN", "SALES", "DELIVERY"], title: "交付管理" },
}, },
{ {
path: "licenses/sn/new", path: "licenses/sn/new",
name: "license-sn-new", name: "license-sn-new",
component: () => import("../views/LicenseSnWizardView.vue"), component: () => import("../views/LicenseSnWizardView.vue"),
meta: { roles: ["SYS_ADMIN", "DEVELOPER"], title: "新建许可 SN" }, meta: { roles: ["SYS_ADMIN", "SALES"], title: "新建许可 SN" },
}, },
{ {
path: "licenses/sn/:id", path: "licenses/sn/:id",
name: "license-sn-detail", name: "license-sn-detail",
component: () => import("../views/LicenseSnDetailView.vue"), component: () => import("../views/LicenseSnDetailView.vue"),
meta: { roles: ["SYS_ADMIN", "DEVELOPER"], title: "许可 SN 详情" }, meta: { roles: ["SYS_ADMIN", "SALES"], title: "许可 SN 详情" },
}, },
{ {
path: "licenses/sn", path: "licenses/sn",
name: "license-sn-list", name: "license-sn-list",
component: () => import("../views/LicenseSnListView.vue"), component: () => import("../views/LicenseSnListView.vue"),
meta: { roles: ["SYS_ADMIN", "DEVELOPER"], title: "许可 SN" }, meta: { roles: ["SYS_ADMIN", "SALES"], title: "许可 SN" },
}, },
{ {
path: "integration/environments", path: "integration/environments",
name: "integration-environments", name: "integration-environments",
component: () => import("../views/IntegrationEnvironmentsView.vue"), component: () => import("../views/IntegrationEnvironmentsView.vue"),
meta: { roles: ["SYS_ADMIN", "DEVELOPER", "OPS"], title: "集成环境" }, meta: { roles: ["SYS_ADMIN", "SALES", "LICENSE_OPS"], title: "集成环境" },
}, },
{ {
path: "integration/product-lines", path: "integration/product-lines",
name: "integration-product-lines", name: "integration-product-lines",
component: () => import("../views/IntegrationProductLinesView.vue"), component: () => import("../views/IntegrationProductLinesView.vue"),
meta: { roles: ["SYS_ADMIN", "DEVELOPER", "OPS"], title: "产品线" }, meta: { roles: ["SYS_ADMIN", "SALES", "LICENSE_OPS"], title: "产品线" },
}, },
{ {
path: "integration/id-mappings", path: "integration/id-mappings",
name: "integration-id-mappings", name: "integration-id-mappings",
component: () => import("../views/IntegrationIdMappingView.vue"), component: () => import("../views/IntegrationIdMappingView.vue"),
meta: { roles: ["SYS_ADMIN", "DEVELOPER"], title: "ID 映射" }, meta: { roles: ["SYS_ADMIN", "SALES"], title: "ID 映射" },
}, },
{ {
path: "integration/json-templates", path: "integration/json-templates",
@@ -96,61 +96,61 @@ const routes = [
path: "callbacks/:id", path: "callbacks/:id",
name: "callback-inbox-detail", name: "callback-inbox-detail",
component: () => import("../views/CallbackInboxDetailView.vue"), component: () => import("../views/CallbackInboxDetailView.vue"),
meta: { roles: ["SYS_ADMIN", "OPS"], title: "Callback 详情" }, meta: { roles: ["SYS_ADMIN", "LICENSE_OPS"], title: "Callback 详情" },
}, },
{ {
path: "callbacks", path: "callbacks",
name: "callback-inbox", name: "callback-inbox",
component: () => import("../views/CallbackInboxView.vue"), component: () => import("../views/CallbackInboxView.vue"),
meta: { roles: ["SYS_ADMIN", "OPS"], title: "Callback 收件箱" }, meta: { roles: ["SYS_ADMIN", "LICENSE_OPS"], title: "Callback 收件箱" },
}, },
{ {
path: "contracts/new", path: "contracts/new",
name: "contract-new", name: "contract-new",
component: () => import("../views/ContractWizardView.vue"), component: () => import("../views/ContractWizardView.vue"),
meta: { roles: ["SYS_ADMIN", "DEVELOPER"], title: "新建合同" }, meta: { roles: ["SYS_ADMIN", "SALES"], title: "新建合同" },
}, },
{ {
path: "contracts/:id", path: "contracts/:id",
name: "contract-detail", name: "contract-detail",
component: () => import("../views/ContractDetailView.vue"), component: () => import("../views/ContractDetailView.vue"),
meta: { roles: ["SYS_ADMIN", "DEVELOPER"], title: "合同详情" }, meta: { roles: ["SYS_ADMIN", "SALES"], title: "合同详情" },
}, },
{ {
path: "contracts", path: "contracts",
name: "contracts", name: "contracts",
component: () => import("../views/ContractsView.vue"), component: () => import("../views/ContractsView.vue"),
meta: { roles: ["SYS_ADMIN", "DEVELOPER"], title: "合同管理" }, meta: { roles: ["SYS_ADMIN", "SALES"], title: "合同管理" },
}, },
{ {
path: "license-compare", path: "license-compare",
name: "license-compare", name: "license-compare",
component: () => import("../views/LayoutCompareView.vue"), component: () => import("../views/LayoutCompareView.vue"),
meta: { roles: ["SYS_ADMIN", "DEVELOPER"] }, meta: { roles: ["SYS_ADMIN", "SALES"] },
}, },
{ {
path: "licenses", path: "licenses",
name: "licenses", name: "licenses",
component: () => import("../views/LicenseList.vue"), component: () => import("../views/LicenseList.vue"),
meta: { roles: ["SYS_ADMIN", "DEVELOPER"], title: "许可证管理" }, meta: { roles: ["SYS_ADMIN", "SALES"], title: "许可证管理" },
}, },
{ {
path: "devices/:id", path: "devices/:id",
name: "device-detail", name: "device-detail",
component: () => import("../views/DeviceDetailView.vue"), component: () => import("../views/DeviceDetailView.vue"),
meta: { roles: ["SYS_ADMIN", "DEVELOPER", "OPS"], title: "设备详情" }, meta: { roles: ["SYS_ADMIN", "SALES", "LICENSE_OPS", "DELIVERY"], title: "设备详情" },
}, },
{ {
path: "devices", path: "devices",
name: "devices", name: "devices",
component: () => import("../views/DeviceListView.vue"), component: () => import("../views/DeviceListView.vue"),
meta: { roles: ["SYS_ADMIN", "DEVELOPER", "OPS"], title: "设备管理" }, meta: { roles: ["SYS_ADMIN", "SALES", "LICENSE_OPS", "DELIVERY"], title: "设备管理" },
}, },
{ {
path: "todos", path: "todos",
name: "todos", name: "todos",
component: () => import("../views/TodoCenterView.vue"), component: () => import("../views/TodoCenterView.vue"),
meta: { roles: ["SYS_ADMIN", "DEVELOPER", "OPS"], title: "待办中心" }, meta: { roles: ["SYS_ADMIN", "SALES", "LICENSE_OPS"], title: "待办中心" },
}, },
{ {
path: "notifications/settings", path: "notifications/settings",
@@ -162,19 +162,19 @@ const routes = [
path: "reports/contract-sn", path: "reports/contract-sn",
name: "contract-sn-report", name: "contract-sn-report",
component: () => import("../views/ContractSnReportView.vue"), component: () => import("../views/ContractSnReportView.vue"),
meta: { roles: ["SYS_ADMIN", "DEVELOPER"], title: "合同 SN 报表" }, meta: { roles: ["SYS_ADMIN", "SALES"], title: "合同 SN 报表" },
}, },
{ {
path: "reports/callback-stats", path: "reports/callback-stats",
name: "callback-stats", name: "callback-stats",
component: () => import("../views/CallbackStatsView.vue"), component: () => import("../views/CallbackStatsView.vue"),
meta: { roles: ["SYS_ADMIN", "OPS"], title: "Callback 统计" }, meta: { roles: ["SYS_ADMIN", "LICENSE_OPS"], title: "Callback 统计" },
}, },
{ {
path: "profile", path: "profile",
name: "profile", name: "profile",
component: () => import("../views/ProfileView.vue"), component: () => import("../views/ProfileView.vue"),
meta: { roles: ["SYS_ADMIN", "DEVELOPER", "OPS"], title: "个人设置" }, meta: { roles: ["SYS_ADMIN", "SALES", "LICENSE_OPS"], title: "个人设置" },
}, },
{ {
path: "reports/project-health", path: "reports/project-health",
web/delivery-platform-ui/src/views/HomeView.vue
+10 -10
View File
@@ -33,16 +33,16 @@ const pingLoading = ref(false);
/** I7:与 MainLayout / 路由 meta 一致 */ /** I7:与 MainLayout / 路由 meta 一致 */
const allModuleLinks = [ const allModuleLinks = [
{ to: "/customers", label: "客户", roles: ["SYS_ADMIN", "DEVELOPER"] }, { to: "/customers", label: "客户", roles: ["SYS_ADMIN", "SALES"] },
{ to: "/projects", label: "项目", roles: ["SYS_ADMIN", "DEVELOPER"] }, { to: "/projects", label: "项目", roles: ["SYS_ADMIN", "SALES"] },
{ to: "/contracts", label: "合同", roles: ["SYS_ADMIN", "DEVELOPER"] }, { to: "/contracts", label: "合同", roles: ["SYS_ADMIN", "SALES"] },
{ to: "/deliveries", label: "交付", roles: ["SYS_ADMIN", "DEVELOPER"] }, { to: "/deliveries", label: "交付", roles: ["SYS_ADMIN", "SALES", "DELIVERY"] },
{ to: "/licenses/sn", label: "许可 SN", roles: ["SYS_ADMIN", "DEVELOPER"] }, { to: "/licenses/sn", label: "许可 SN", roles: ["SYS_ADMIN", "SALES"] },
{ to: "/callbacks", label: "Callback 收件箱", roles: ["SYS_ADMIN", "OPS"] }, { to: "/callbacks", label: "Callback 收件箱", roles: ["SYS_ADMIN", "LICENSE_OPS"] },
{ to: "/integration/environments", label: "集成环境", roles: ["SYS_ADMIN", "DEVELOPER", "OPS"] }, { to: "/integration/environments", label: "集成环境", roles: ["SYS_ADMIN", "SALES", "LICENSE_OPS"] },
{ to: "/integration/product-lines", label: "产品线", roles: ["SYS_ADMIN", "DEVELOPER", "OPS"] }, { to: "/integration/product-lines", label: "产品线", roles: ["SYS_ADMIN", "SALES", "LICENSE_OPS"] },
{ to: "/devices", label: "设备管理", roles: ["SYS_ADMIN", "DEVELOPER"] }, { to: "/devices", label: "设备管理", roles: ["SYS_ADMIN", "SALES", "DELIVERY"] },
{ to: "/todos", label: "待办中心", roles: ["SYS_ADMIN", "DEVELOPER", "OPS"] }, { to: "/todos", label: "待办中心", roles: ["SYS_ADMIN", "SALES", "LICENSE_OPS"] },
{ to: "/reports/contract-sn", label: "报表中心", roles: ["SYS_ADMIN"] }, { to: "/reports/contract-sn", label: "报表中心", roles: ["SYS_ADMIN"] },
]; ];