8117958bd6
- Add user management with roles and permissions (RBAC) - Implement OAuth2 service provider supporting 4 grant types: authorization_code, password, client_credentials, refresh_token - Add JWT authentication with 7-day expiry - Add admin API for users, roles and OAuth clients management - Add CLI tool for user management (scripts/user-cli.js) - Add collapsible sidebar layout with login dialog - Add user management page and OAuth client management page - Add server middleware for auth token verification - Add seed script for initial data (admin/admin123)
97 lines
2.2 KiB
TypeScript
97 lines
2.2 KiB
TypeScript
import { verifyToken, decodeToken } from '../utils/jwt'
|
|
import { getUserById } from '../modules/auth/user'
|
|
import { hasPermission, PERMISSIONS } from '../modules/auth/permissions'
|
|
import type { User } from 'server/modules/auth/types'
|
|
|
|
declare module 'h3' {
|
|
interface H3EventContext {
|
|
user?: User
|
|
}
|
|
}
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
const authHeader = getHeader(event, 'authorization')
|
|
|
|
if (!authHeader || !authHeader.startsWith('Bearer ')) {
|
|
return
|
|
}
|
|
|
|
const token = authHeader.substring(7)
|
|
const payload = verifyToken(token)
|
|
|
|
if (!payload || payload.type !== 'access') {
|
|
return
|
|
}
|
|
|
|
const user = getUserById(payload.userId)
|
|
if (user && user.status === 'active') {
|
|
event.context.user = user
|
|
}
|
|
})
|
|
|
|
export function requireAuth(event: any) {
|
|
if (!event.context.user) {
|
|
throw createError({
|
|
statusCode: 401,
|
|
message: '请先登录'
|
|
})
|
|
}
|
|
}
|
|
|
|
export function requireRole(event: any, ...roles: string[]) {
|
|
requireAuth(event)
|
|
|
|
if (!event.context.user?.role_name) {
|
|
throw createError({
|
|
statusCode: 403,
|
|
message: '无权限访问'
|
|
})
|
|
}
|
|
|
|
if (!roles.includes(event.context.user.role_name)) {
|
|
throw createError({
|
|
statusCode: 403,
|
|
message: '无权限访问此资源'
|
|
})
|
|
}
|
|
}
|
|
|
|
export function requirePermission(event: any, permission: string) {
|
|
requireAuth(event)
|
|
|
|
const user = event.context.user
|
|
if (!user?.permissions || !hasPermission(user.permissions, permission)) {
|
|
if (hasPermission(user?.permissions || [], PERMISSIONS.ADMIN_ACCESS)) {
|
|
return
|
|
}
|
|
throw createError({
|
|
statusCode: 403,
|
|
message: '无此操作权限'
|
|
})
|
|
}
|
|
}
|
|
|
|
export function optionalAuth(event: any) {
|
|
const authHeader = getHeader(event, 'authorization')
|
|
|
|
if (!authHeader || !authHeader.startsWith('Bearer ')) {
|
|
return
|
|
}
|
|
|
|
const token = authHeader.substring(7)
|
|
const payload = verifyToken(token)
|
|
|
|
if (!payload || payload.type !== 'access') {
|
|
return
|
|
}
|
|
|
|
const user = getUserById(payload.userId)
|
|
if (user && user.status === 'active') {
|
|
event.context.user = user
|
|
}
|
|
}
|
|
|
|
export function getCurrentUser(event: any): User | null {
|
|
return event.context.user || null
|
|
}
|