refactor(account): 统一账号管理API、完善权限检查和操作审计
All checks were successful
构建并部署到测试环境(无 SSH) / build-and-deploy (push) Successful in 6m17s
All checks were successful
构建并部署到测试环境(无 SSH) / build-and-deploy (push) Successful in 6m17s
- 合并 customer_account 和 shop_account 路由到统一的 account 接口 - 新增统一认证接口 (auth handler) - 实现越权防护中间件和权限检查工具函数 - 新增操作审计日志模型和服务 - 更新数据库迁移 (版本 39: account_operation_log 表) - 补充集成测试覆盖权限检查和审计日志场景
This commit is contained in:
63
internal/model/account_operation_log.go
Normal file
63
internal/model/account_operation_log.go
Normal file
@@ -0,0 +1,63 @@
|
||||
package model
|
||||
|
||||
import (
|
||||
"database/sql/driver"
|
||||
"encoding/json"
|
||||
"time"
|
||||
)
|
||||
|
||||
// AccountOperationLog 账号操作审计日志模型
|
||||
// 记录所有账号管理操作,包括创建、更新、删除、角色分配等
|
||||
// 用于审计追踪和合规要求
|
||||
type AccountOperationLog struct {
|
||||
ID uint `gorm:"column:id;primaryKey;comment:主键ID" json:"id"`
|
||||
CreatedAt time.Time `gorm:"column:created_at;not null;comment:创建时间" json:"created_at"`
|
||||
|
||||
OperatorID uint `gorm:"column:operator_id;not null;index:idx_account_log_operator,priority:1;comment:操作人ID" json:"operator_id"`
|
||||
OperatorType int `gorm:"column:operator_type;type:int;not null;comment:操作人类型 1=超级管理员 2=平台用户 3=代理账号 4=企业账号" json:"operator_type"`
|
||||
OperatorName string `gorm:"column:operator_name;type:varchar(255);not null;comment:操作人用户名" json:"operator_name"`
|
||||
|
||||
TargetAccountID *uint `gorm:"column:target_account_id;type:bigint;index:idx_account_log_target,priority:1;comment:目标账号ID(删除操作后可能查不到)" json:"target_account_id,omitempty"`
|
||||
TargetUsername *string `gorm:"column:target_username;type:varchar(255);comment:目标账号用户名" json:"target_username,omitempty"`
|
||||
TargetUserType *int `gorm:"column:target_user_type;type:int;comment:目标账号类型" json:"target_user_type,omitempty"`
|
||||
|
||||
OperationType string `gorm:"column:operation_type;type:varchar(50);not null;comment:操作类型 create/update/delete/assign_roles/remove_role" json:"operation_type"`
|
||||
OperationDesc string `gorm:"column:operation_desc;type:text;not null;comment:操作描述(中文)" json:"operation_desc"`
|
||||
|
||||
BeforeData JSONB `gorm:"column:before_data;type:jsonb;comment:变更前数据(JSONB格式,用于update操作)" json:"before_data,omitempty"`
|
||||
AfterData JSONB `gorm:"column:after_data;type:jsonb;comment:变更后数据(JSONB格式,用于create/update操作)" json:"after_data,omitempty"`
|
||||
|
||||
RequestID *string `gorm:"column:request_id;type:varchar(255);comment:请求ID(可关联访问日志)" json:"request_id,omitempty"`
|
||||
IPAddress *string `gorm:"column:ip_address;type:varchar(50);comment:操作来源IP地址" json:"ip_address,omitempty"`
|
||||
UserAgent *string `gorm:"column:user_agent;type:text;comment:用户代理(浏览器信息)" json:"user_agent,omitempty"`
|
||||
}
|
||||
|
||||
// TableName 指定表名
|
||||
func (AccountOperationLog) TableName() string {
|
||||
return "tb_account_operation_log"
|
||||
}
|
||||
|
||||
// JSONB 自定义JSONB类型,用于存储变更数据
|
||||
type JSONB map[string]interface{}
|
||||
|
||||
// Value 实现 driver.Valuer 接口
|
||||
func (j JSONB) Value() (driver.Value, error) {
|
||||
if j == nil {
|
||||
return nil, nil
|
||||
}
|
||||
return json.Marshal(j)
|
||||
}
|
||||
|
||||
// Scan 实现 sql.Scanner 接口
|
||||
func (j *JSONB) Scan(value interface{}) error {
|
||||
if value == nil {
|
||||
*j = nil
|
||||
return nil
|
||||
}
|
||||
|
||||
bytes, ok := value.([]byte)
|
||||
if !ok {
|
||||
return json.Unmarshal([]byte(value.(string)), j)
|
||||
}
|
||||
return json.Unmarshal(bytes, j)
|
||||
}
|
||||
Reference in New Issue
Block a user