refactor(account): 统一账号管理API、完善权限检查和操作审计
All checks were successful
构建并部署到测试环境(无 SSH) / build-and-deploy (push) Successful in 6m17s
All checks were successful
构建并部署到测试环境(无 SSH) / build-and-deploy (push) Successful in 6m17s
- 合并 customer_account 和 shop_account 路由到统一的 account 接口 - 新增统一认证接口 (auth handler) - 实现越权防护中间件和权限检查工具函数 - 新增操作审计日志模型和服务 - 更新数据库迁移 (版本 39: account_operation_log 表) - 补充集成测试覆盖权限检查和审计日志场景
This commit is contained in:
@@ -4,163 +4,114 @@ import (
|
||||
"github.com/gofiber/fiber/v2"
|
||||
|
||||
"github.com/break/junhong_cmp_fiber/internal/handler/admin"
|
||||
"github.com/break/junhong_cmp_fiber/internal/model"
|
||||
"github.com/break/junhong_cmp_fiber/internal/model/dto"
|
||||
"github.com/break/junhong_cmp_fiber/pkg/constants"
|
||||
"github.com/break/junhong_cmp_fiber/pkg/errors"
|
||||
"github.com/break/junhong_cmp_fiber/pkg/middleware"
|
||||
"github.com/break/junhong_cmp_fiber/pkg/openapi"
|
||||
)
|
||||
|
||||
// registerAccountRoutes 注册账号相关路由
|
||||
// 统一路由结构:/api/admin/accounts/*
|
||||
// 账号类型通过请求体的 user_type 字段区分(2=平台用户,3=代理账号,4=企业账号)
|
||||
func registerAccountRoutes(api fiber.Router, h *admin.AccountHandler, doc *openapi.Generator, basePath string) {
|
||||
accounts := api.Group("/accounts")
|
||||
groupPath := basePath + "/accounts"
|
||||
accountsPath := basePath + "/accounts"
|
||||
|
||||
// 账号 CRUD
|
||||
Register(accounts, doc, groupPath, "POST", "", h.Create, RouteSpec{
|
||||
// 企业用户拦截中间件:禁止企业用户访问账号管理接口
|
||||
accounts.Use(func(c *fiber.Ctx) error {
|
||||
userType := middleware.GetUserTypeFromContext(c.UserContext())
|
||||
if userType == constants.UserTypeEnterprise {
|
||||
return errors.New(errors.CodeForbidden, "无权限访问账号管理功能")
|
||||
}
|
||||
return c.Next()
|
||||
})
|
||||
|
||||
// 创建账号(user_type: 2=平台, 3=代理, 4=企业)
|
||||
Register(accounts, doc, accountsPath, "POST", "", h.Create, RouteSpec{
|
||||
Summary: "创建账号",
|
||||
Tags: []string{"账号相关"},
|
||||
Tags: []string{"账号管理"},
|
||||
Input: new(dto.CreateAccountRequest),
|
||||
Output: new(dto.AccountResponse),
|
||||
Auth: true,
|
||||
})
|
||||
|
||||
Register(accounts, doc, groupPath, "GET", "", h.List, RouteSpec{
|
||||
Summary: "账号列表",
|
||||
Tags: []string{"账号相关"},
|
||||
// 查询账号列表(可通过 user_type 参数筛选)
|
||||
Register(accounts, doc, accountsPath, "GET", "", h.List, RouteSpec{
|
||||
Summary: "查询账号列表",
|
||||
Tags: []string{"账号管理"},
|
||||
Input: new(dto.AccountListRequest),
|
||||
Output: new(dto.AccountPageResult),
|
||||
Auth: true,
|
||||
})
|
||||
|
||||
Register(accounts, doc, groupPath, "GET", "/:id", h.Get, RouteSpec{
|
||||
// 获取账号详情
|
||||
Register(accounts, doc, accountsPath, "GET", "/:id", h.Get, RouteSpec{
|
||||
Summary: "获取账号详情",
|
||||
Tags: []string{"账号相关"},
|
||||
Tags: []string{"账号管理"},
|
||||
Input: new(dto.IDReq),
|
||||
Output: new(dto.AccountResponse),
|
||||
Auth: true,
|
||||
})
|
||||
|
||||
Register(accounts, doc, groupPath, "PUT", "/:id", h.Update, RouteSpec{
|
||||
// 更新账号
|
||||
Register(accounts, doc, accountsPath, "PUT", "/:id", h.Update, RouteSpec{
|
||||
Summary: "更新账号",
|
||||
Tags: []string{"账号相关"},
|
||||
Tags: []string{"账号管理"},
|
||||
Input: new(dto.UpdateAccountParams),
|
||||
Output: new(dto.AccountResponse),
|
||||
Auth: true,
|
||||
})
|
||||
|
||||
Register(accounts, doc, groupPath, "DELETE", "/:id", h.Delete, RouteSpec{
|
||||
// 删除账号
|
||||
Register(accounts, doc, accountsPath, "DELETE", "/:id", h.Delete, RouteSpec{
|
||||
Summary: "删除账号",
|
||||
Tags: []string{"账号相关"},
|
||||
Tags: []string{"账号管理"},
|
||||
Input: new(dto.IDReq),
|
||||
Output: nil,
|
||||
Auth: true,
|
||||
})
|
||||
|
||||
// 账号-角色关联
|
||||
Register(accounts, doc, groupPath, "POST", "/:id/roles", h.AssignRoles, RouteSpec{
|
||||
Summary: "分配角色",
|
||||
Tags: []string{"账号相关"},
|
||||
Input: new(dto.AssignRolesParams),
|
||||
Output: nil, // TODO: Define AccountRole response DTO
|
||||
})
|
||||
|
||||
Register(accounts, doc, groupPath, "GET", "/:id/roles", h.GetRoles, RouteSpec{
|
||||
Summary: "获取账号角色",
|
||||
Tags: []string{"账号相关"},
|
||||
Input: new(dto.IDReq),
|
||||
Output: new([]model.Role),
|
||||
Auth: true,
|
||||
})
|
||||
|
||||
Register(accounts, doc, groupPath, "DELETE", "/:account_id/roles/:role_id", h.RemoveRole, RouteSpec{
|
||||
Summary: "移除角色",
|
||||
Tags: []string{"账号相关"},
|
||||
Input: new(dto.RemoveRoleParams),
|
||||
Output: nil,
|
||||
Auth: true,
|
||||
})
|
||||
|
||||
registerPlatformAccountRoutes(api, h, doc, basePath)
|
||||
}
|
||||
|
||||
func registerPlatformAccountRoutes(api fiber.Router, h *admin.AccountHandler, doc *openapi.Generator, basePath string) {
|
||||
platformAccounts := api.Group("/platform-accounts")
|
||||
groupPath := basePath + "/platform-accounts"
|
||||
|
||||
Register(platformAccounts, doc, groupPath, "GET", "", h.ListPlatformAccounts, RouteSpec{
|
||||
Summary: "平台账号列表",
|
||||
Tags: []string{"平台账号"},
|
||||
Input: new(dto.PlatformAccountListRequest),
|
||||
Output: new(dto.AccountPageResult),
|
||||
Auth: true,
|
||||
})
|
||||
|
||||
Register(platformAccounts, doc, groupPath, "POST", "", h.Create, RouteSpec{
|
||||
Summary: "新增平台账号",
|
||||
Tags: []string{"平台账号"},
|
||||
Input: new(dto.CreateAccountRequest),
|
||||
Output: new(dto.AccountResponse),
|
||||
Auth: true,
|
||||
})
|
||||
|
||||
Register(platformAccounts, doc, groupPath, "GET", "/:id", h.Get, RouteSpec{
|
||||
Summary: "获取平台账号详情",
|
||||
Tags: []string{"平台账号"},
|
||||
Input: new(dto.IDReq),
|
||||
Output: new(dto.AccountResponse),
|
||||
Auth: true,
|
||||
})
|
||||
|
||||
Register(platformAccounts, doc, groupPath, "PUT", "/:id", h.Update, RouteSpec{
|
||||
Summary: "编辑平台账号",
|
||||
Tags: []string{"平台账号"},
|
||||
Input: new(dto.UpdateAccountParams),
|
||||
Output: new(dto.AccountResponse),
|
||||
Auth: true,
|
||||
})
|
||||
|
||||
Register(platformAccounts, doc, groupPath, "DELETE", "/:id", h.Delete, RouteSpec{
|
||||
Summary: "删除平台账号",
|
||||
Tags: []string{"平台账号"},
|
||||
Input: new(dto.IDReq),
|
||||
Output: nil,
|
||||
Auth: true,
|
||||
})
|
||||
|
||||
Register(platformAccounts, doc, groupPath, "PUT", "/:id/password", h.UpdatePassword, RouteSpec{
|
||||
Summary: "修改密码",
|
||||
Tags: []string{"平台账号"},
|
||||
// 修改账号密码
|
||||
Register(accounts, doc, accountsPath, "PUT", "/:id/password", h.UpdatePassword, RouteSpec{
|
||||
Summary: "修改账号密码",
|
||||
Tags: []string{"账号管理"},
|
||||
Input: new(dto.UpdatePasswordParams),
|
||||
Output: nil,
|
||||
Auth: true,
|
||||
})
|
||||
|
||||
Register(platformAccounts, doc, groupPath, "PUT", "/:id/status", h.UpdateStatus, RouteSpec{
|
||||
Summary: "启用/禁用账号",
|
||||
Tags: []string{"平台账号"},
|
||||
// 修改账号状态
|
||||
Register(accounts, doc, accountsPath, "PUT", "/:id/status", h.UpdateStatus, RouteSpec{
|
||||
Summary: "修改账号状态",
|
||||
Tags: []string{"账号管理"},
|
||||
Input: new(dto.UpdateStatusParams),
|
||||
Output: nil,
|
||||
Auth: true,
|
||||
})
|
||||
|
||||
Register(platformAccounts, doc, groupPath, "POST", "/:id/roles", h.AssignRoles, RouteSpec{
|
||||
Summary: "分配角色",
|
||||
Tags: []string{"平台账号"},
|
||||
// 为账号分配角色
|
||||
Register(accounts, doc, accountsPath, "POST", "/:id/roles", h.AssignRoles, RouteSpec{
|
||||
Summary: "为账号分配角色",
|
||||
Tags: []string{"账号管理"},
|
||||
Input: new(dto.AssignRolesParams),
|
||||
Output: nil,
|
||||
Output: new([]dto.AccountRoleResponse),
|
||||
Auth: true,
|
||||
})
|
||||
|
||||
Register(platformAccounts, doc, groupPath, "GET", "/:id/roles", h.GetRoles, RouteSpec{
|
||||
// 获取账号角色
|
||||
Register(accounts, doc, accountsPath, "GET", "/:id/roles", h.GetRoles, RouteSpec{
|
||||
Summary: "获取账号角色",
|
||||
Tags: []string{"平台账号"},
|
||||
Tags: []string{"账号管理"},
|
||||
Input: new(dto.IDReq),
|
||||
Output: new([]model.Role),
|
||||
Output: new(dto.AccountRolesResponse),
|
||||
Auth: true,
|
||||
})
|
||||
|
||||
Register(platformAccounts, doc, groupPath, "DELETE", "/:account_id/roles/:role_id", h.RemoveRole, RouteSpec{
|
||||
Summary: "移除角色",
|
||||
Tags: []string{"平台账号"},
|
||||
// 移除账号角色
|
||||
Register(accounts, doc, accountsPath, "DELETE", "/:account_id/roles/:role_id", h.RemoveRole, RouteSpec{
|
||||
Summary: "移除账号角色",
|
||||
Tags: []string{"账号管理"},
|
||||
Input: new(dto.RemoveRoleParams),
|
||||
Output: nil,
|
||||
Auth: true,
|
||||
|
||||
Reference in New Issue
Block a user