8117958bd6
- Add user management with roles and permissions (RBAC) - Implement OAuth2 service provider supporting 4 grant types: authorization_code, password, client_credentials, refresh_token - Add JWT authentication with 7-day expiry - Add admin API for users, roles and OAuth clients management - Add CLI tool for user management (scripts/user-cli.js) - Add collapsible sidebar layout with login dialog - Add user management page and OAuth client management page - Add server middleware for auth token verification - Add seed script for initial data (admin/admin123)
92 lines
2.3 KiB
TypeScript
92 lines
2.3 KiB
TypeScript
import { getRoles, createRole } from '../../../modules/auth/user'
|
|
import { DEFAULT_ROLES, getPermissionGroups } from '../../../modules/auth/permissions'
|
|
import { verifyToken } from '../../../utils/jwt'
|
|
import { z } from 'zod'
|
|
import db from '../../../db'
|
|
|
|
const createRoleSchema = z.object({
|
|
name: z.string().min(2, '角色名称至少2个字符').max(20, '角色名称最多20个字符'),
|
|
description: z.string().optional(),
|
|
permissions: z.array(z.string())
|
|
})
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
const authHeader = getHeader(event, 'authorization')
|
|
|
|
if (!authHeader || !authHeader.startsWith('Bearer ')) {
|
|
throw createError({ statusCode: 401, message: '请先登录' })
|
|
}
|
|
|
|
const token = authHeader.substring(7)
|
|
const payload = verifyToken(token)
|
|
|
|
if (!payload || payload.type !== 'access' || payload.role !== 'admin') {
|
|
throw createError({ statusCode: 403, message: '需要管理员权限' })
|
|
}
|
|
|
|
const query = getQuery(event)
|
|
|
|
if (query.action === 'init') {
|
|
const existingRoles = getRoles()
|
|
if (existingRoles.length === 0) {
|
|
for (const role of Object.values(DEFAULT_ROLES)) {
|
|
createRole(role.name, role.description, role.permissions, role.isSystem)
|
|
}
|
|
}
|
|
|
|
const roles = getRoles()
|
|
const permissionGroups = getPermissionGroups()
|
|
|
|
return {
|
|
success: true,
|
|
data: {
|
|
roles,
|
|
permissionGroups
|
|
}
|
|
}
|
|
}
|
|
|
|
if (event.method === 'GET') {
|
|
const roles = getRoles()
|
|
const permissionGroups = getPermissionGroups()
|
|
|
|
return {
|
|
success: true,
|
|
data: {
|
|
roles,
|
|
permissionGroups
|
|
}
|
|
}
|
|
}
|
|
|
|
if (event.method === 'POST') {
|
|
const body = await readBody(event)
|
|
|
|
const result = createRoleSchema.safeParse(body)
|
|
if (!result.success) {
|
|
throw createError({
|
|
statusCode: 400,
|
|
message: result.error.errors[0].message
|
|
})
|
|
}
|
|
|
|
const { name, description, permissions } = result.data
|
|
|
|
const existingRole = db.prepare('SELECT id FROM roles WHERE name = ?').get(name)
|
|
if (existingRole) {
|
|
throw createError({
|
|
statusCode: 409,
|
|
message: '角色名称已存在'
|
|
})
|
|
}
|
|
|
|
const role = createRole(name, description || '', permissions)
|
|
|
|
return {
|
|
success: true,
|
|
data: role,
|
|
message: '角色创建成功'
|
|
}
|
|
}
|
|
})
|