完成权限角色守卫

2025-05-07 23:14:57 +08:00
parent 9a705d5b21
commit 69c40c39aa
11 changed files with 201 additions and 3 deletions
--- a/tone-page-server/src/common/decorators/permissions.decorator.ts
+++ b/tone-page-server/src/common/decorators/permissions.decorator.ts
@@ -0,0 +1,3 @@
+import { SetMetadata } from "@nestjs/common";
+
+export const Permissions = (...permissions: string[]) => SetMetadata('permissions', permissions);
--- a/tone-page-server/src/common/decorators/role.decorator.ts
+++ b/tone-page-server/src/common/decorators/role.decorator.ts
@@ -0,0 +1,3 @@
+import { SetMetadata } from "@nestjs/common";
+
+export const Roles = (...roles: string[]) => SetMetadata('roles', roles);
--- a/tone-page-server/src/common/guard/permission.guard.ts
+++ b/tone-page-server/src/common/guard/permission.guard.ts
@@ -0,0 +1,40 @@
+import { CanActivate, ExecutionContext, Injectable } from "@nestjs/common";
+import { Reflector } from '@nestjs/core';
+import { PermissionService } from "src/role/services/permission.service";
+import { RolePermissionService } from "src/role/services/role-permission.service";
+import { UserRoleService } from "src/role/services/user-role.service";
+
+@Injectable()
+export class PermissionGuard implements CanActivate {
+    constructor(
+        private reflector: Reflector,
+        private readonly userRoleService: UserRoleService,
+        private readonly rolePermissionService: RolePermissionService,
+        private readonly permissionService: PermissionService,
+    ) { }
+
+    async canActivate(context: ExecutionContext): Promise<boolean> {
+        const requiredPermissions = this.reflector.getAllAndOverride<string[]>('permissions', [
+            context.getHandler(),
+            context.getClass(),
+        ]);
+
+        if (!requiredPermissions) return true;
+
+        const request = context.switchToHttp().getRequest();
+        const userId = request.user?.userId;
+
+        if (!userId) return false;
+
+        // 查询用户拥有的有效角色ID
+        const userRoleIds = await this.userRoleService.findValidRoleIdsByUserId(userId);
+
+        // 查询用户拥有的有效角色ID对应的权限ID
+        const userPermissionIds = await this.rolePermissionService.findPermissionIdsByRoleIds(userRoleIds);
+
+        // 查询用户拥有的权限ID对应的权限名
+        const userPermissionNames = await this.permissionService.findPermissionNamesByPermissionIds(userPermissionIds);
+
+        return requiredPermissions.every(permission => userPermissionNames.includes(permission))
+    }
+}
--- a/tone-page-server/src/common/guard/roles.guard.ts
+++ b/tone-page-server/src/common/guard/roles.guard.ts
@@ -0,0 +1,36 @@
+import { CanActivate, ExecutionContext, Injectable } from "@nestjs/common";
+import { Reflector } from '@nestjs/core';
+import { RoleService } from "src/role/services/role.service";
+import { UserRoleService } from "src/role/services/user-role.service";
+
+@Injectable()
+export class RolesGuard implements CanActivate {
+    constructor(
+        private reflector: Reflector,
+        private readonly userRoleService: UserRoleService,
+        private readonly roleService: RoleService,
+    ) { }
+
+    async canActivate(context: ExecutionContext): Promise<boolean> {
+        const requiredRoles = this.reflector.getAllAndOverride<string[]>('roles', [
+            context.getHandler(),
+            context.getClass(),
+        ]);
+
+        if (!requiredRoles) return true;
+        
+
+        const request = context.switchToHttp().getRequest();
+        const userId = request.user?.userId;
+
+        if (!userId) return false;
+
+        // 查询用户拥有的有效角色Id
+        const userRoleIds = await this.userRoleService.findValidRoleIdsByUserId(userId);
+
+        // 查询用户角色Id对应的角色名
+        const userRoleNames = await this.roleService.findRoleNamesByRoleIds(userRoleIds);
+
+        return requiredRoles.some(role => userRoleNames.includes(role));
+    }
+}
--- a/tone-page-server/src/role/entities/user-role.entity.ts
+++ b/tone-page-server/src/role/entities/user-role.entity.ts
--- a/tone-page-server/src/role/role.module.ts
+++ b/tone-page-server/src/role/role.module.ts
@@ -3,8 +3,15 @@ import { TypeOrmModule } from '@nestjs/typeorm';
 import { Role } from './entities/role.entity';
 import { Permission } from './entities/permission.entity';
 import { RolePermission } from './entities/role-permission.entity';
+import { RolePermissionService } from './services/role-permission.service';
+import { RoleService } from './services/role.service';
+import { UserRoleService } from './services/user-role.service';
+import { UserRole } from './entities/user-role.entity';
+import { PermissionService } from './services/permission.service';

@Module({
-    imports: [TypeOrmModule.forFeature([Role, Permission, RolePermission])]
+    imports: [TypeOrmModule.forFeature([Role, Permission, RolePermission, UserRole])],
+    providers: [RolePermissionService, RoleService, UserRoleService, PermissionService],
+    exports: [RolePermissionService, RoleService, UserRoleService, PermissionService],
 })
 export class RoleModule { }
--- a/tone-page-server/src/role/services/permission.service.ts
+++ b/tone-page-server/src/role/services/permission.service.ts
@@ -0,0 +1,26 @@
+import { Injectable } from "@nestjs/common";
+import { InjectRepository } from "@nestjs/typeorm";
+import { Permission } from "../entities/permission.entity";
+import { In, Repository } from "typeorm";
+
+@Injectable()
+export class PermissionService {
+
+    constructor(
+        @InjectRepository(Permission)
+        private readonly permissionRepository: Repository<Permission>,
+    ) { }
+
+    async findPermissionNamesByPermissionIds(permissionIds: string[]): Promise<string[]> {
+        const permissions = await this.findPermissionsByPermissionIds(permissionIds);
+        return permissions.map(permission => permission.name);
+    }
+
+    async findPermissionsByPermissionIds(permissionIds: string[]): Promise<Permission[]> {
+        return this.permissionRepository.find({
+            where: {
+                id: In(permissionIds),
+            }
+        })
+    }
+}
--- a/tone-page-server/src/role/services/role-permission.service.ts
+++ b/tone-page-server/src/role/services/role-permission.service.ts
@@ -0,0 +1,23 @@
+import { Injectable } from "@nestjs/common";
+import { InjectRepository } from "@nestjs/typeorm";
+import { RolePermission } from "../entities/role-permission.entity";
+import { In, Repository } from "typeorm";
+
+@Injectable()
+export class RolePermissionService {
+
+    constructor(
+        @InjectRepository(RolePermission)
+        private readonly rolePermissionRepository: Repository<RolePermission>,
+    ) { }
+
+    async findPermissionIdsByRoleIds(roleIds: string[]): Promise<string[]> {
+        const rolePermissions = await this.rolePermissionRepository.find({
+            where: {
+                roleId: In(roleIds),
+            }
+        });
+
+        return rolePermissions.map(rp => rp.permissionId);
+    }
+}
--- a/tone-page-server/src/role/services/role.service.ts
+++ b/tone-page-server/src/role/services/role.service.ts
@@ -0,0 +1,26 @@
+import { Injectable } from "@nestjs/common";
+import { InjectRepository } from "@nestjs/typeorm";
+import { Role } from "../entities/role.entity";
+import { In, Repository } from "typeorm";
+
+@Injectable()
+export class RoleService {
+
+    constructor(
+        @InjectRepository(Role)
+        private readonly roleRepository: Repository<Role>,
+    ) { }
+
+    async findRoleNamesByRoleIds(roleIds: string[]): Promise<string[]> {
+        const roles = await this.findRolesByRoleIds(roleIds);
+        return roles.map(role => role.name);
+    }
+
+    async findRolesByRoleIds(roleIds: string[]): Promise<Role[]> {
+        return this.roleRepository.find({
+            where: {
+                id: In(roleIds),
+            }
+        })
+    }
+}
--- a/tone-page-server/src/role/services/user-role.service.ts
+++ b/tone-page-server/src/role/services/user-role.service.ts
@@ -0,0 +1,35 @@
+import { Injectable } from "@nestjs/common";
+import { InjectRepository } from "@nestjs/typeorm";
+import { UserRole } from "src/role/entities/user-role.entity";
+import { IsNull, MoreThanOrEqual, Repository } from "typeorm";
+
+@Injectable()
+export class UserRoleService {
+    constructor(
+        @InjectRepository(UserRole)
+        private readonly userRoleRepository: Repository<UserRole>,
+    ) { }
+
+    async findValidRoleIdsByUserId(userId: string): Promise<string[]> {
+        return (await this.findValidRolesByUserId(userId)).map(ur => ur.roleId);
+    }
+
+    async findValidRolesByUserId(userId: string) {
+        const now = new Date();
+
+        return this.userRoleRepository.find({
+            where: [
+                {
+                    userId,
+                    isEnabled: true,
+                    expiredAt: MoreThanOrEqual(now),
+                },
+                {
+                    userId,
+                    isEnabled: true,
+                    expiredAt: IsNull(),
+                }
+            ]
+        })
+    }
+}
--- a/tone-page-server/src/user/user.module.ts
+++ b/tone-page-server/src/user/user.module.ts
@@ -6,11 +6,10 @@ import { UserService } from './user.service';
 import { UserSession } from './entities/user-session.entity';
 import { AuthModule } from 'src/auth/auth.module';
 import { UserSessionService } from './services/user-session.service';
-import { UserRole } from './entities/user-role.entity';

@Module({
    imports: [
-        TypeOrmModule.forFeature([User, UserSession, UserRole]),
+        TypeOrmModule.forFeature([User, UserSession]),
        forwardRef(() => AuthModule),// 解决循环依赖问题
    ],
    controllers: [UserController],