openclaw/smart-customer-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(auth): 完成租户用户角色资源核心模块

Browse Source
This commit is contained in:
OpenClaw
2026-03-01 10:58:53 +08:00
parent fc7138786b
commit 1de4524b5e
12 changed files with 1619 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

82
backend/internal/database/database.go Normal file
View File

@@ -0,0 +1,82 @@
package database
import (
"fmt"
"log"
"smart-customer-service/config"
"smart-customer-service/internal/models"
"gorm.io/driver/mysql"
"gorm.io/gorm"
"gorm.io/gorm/logger"
)
var DB *gorm.DB
// Init 初始化数据库连接
func Init(cfg *config.Config) error {
dsn := cfg.GetDSN()
// 设置日志级别
var logLevel logger.LogLevel
if cfg.Server.Mode == "debug" {
logLevel = logger.Info
} else {
logLevel = logger.Warn
}
var err error
// 连接 MySQL 数据库
DB, err = gorm.Open(mysql.Open(dsn), &gorm.Config{
Logger: logger.Default.LogMode(logLevel),
DisableForeignKeyConstraintWhenMigrating: true,
})
if err != nil {
return fmt.Errorf("failed to connect to database: %w", err)
}
log.Println("✅ Database connection established")
// 自动迁移模型
if err := Migrate(cfg); err != nil {
return fmt.Errorf("failed to migrate database: %w", err)
}
log.Println("✅ Database migration completed")
return nil
}
// Migrate 执行数据库迁移
func Migrate(cfg *config.Config) error {
// 全局模型
if err := DB.AutoMigrate(
// 租户体系
&models.Tenant{},
&models.User{},
&models.Role{},
&models.Resource{},
&models.RoleResource{},
&models.UserRole{},
// 业务模型
&models.Conversation{},
&models.Message{},
&models.Ticket{},
&models.KnowledgeBase{},
&models.KnowledgeItem{},
); err != nil {
return err
}
return nil
}
// Close 关闭数据库连接
func Close() {
if DB != nil {
db, _ := DB.DB()
db.Close()
log.Println("✅ Database connection closed")
}
}

284
backend/internal/handlers/resource.go Normal file
View File

@@ -0,0 +1,284 @@
package handlers
import (
"encoding/json"
"net/http"
"strconv"
"smart-customer-service/internal/models"
)
// ResourceHandler 资源处理器
type ResourceHandler struct{}
// Create 创建资源
func (h *ResourceHandler) Create(w http.ResponseWriter, r *http.Request) {
var resource models.Resource
if err := json.NewDecoder(r.Body).Decode(&resource); err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
// 验证必填字段
if resource.Name == "" || resource.Code == "" || resource.Type == "" {
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(http.StatusBadRequest)
json.NewEncoder(w).Encode(map[string]string{
"error": "name, code, and type are required",
})
return
}
// 验证资源类型
validTypes := map[string]bool{
"api": true, // API 端点
"page": true, // 页面
"button": true, // 按钮
"data": true, // 数据字段
}
if !validTypes[resource.Type] {
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(http.StatusBadRequest)
json.NewEncoder(w).Encode(map[string]string{
"error": "invalid resource type, must be one of: api, page, button, data",
})
return
}
// 检查代码是否已存在
// if exists := checkResourceExists(resource.Code); exists {
// http.Error(w, `{"error": "resource code already exists"}`, http.StatusConflict)
// return
// }
// TODO: 保存到数据库
// db.Create(&resource)
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(http.StatusCreated)
json.NewEncoder(w).Encode(map[string]interface{}{
"message": "资源创建成功",
"data": resource,
})
}
// List 获取资源列表
func (h *ResourceHandler) List(w http.ResponseWriter, r *http.Request) {
page := getPageParam(r, 1)
perPage := getPageParam(r, 20)
// 获取过滤参数
tenantIDStr := r.URL.Query().Get("tenant_id")
resourceType := r.URL.Query().Get("type")
group := r.URL.Query().Get("group")
isSystem := r.URL.Query().Get("is_system")
// TODO: 查询数据库
// var resources []models.Resource
// query := db.Where("tenant_id = ?", tenantID)
// if resourceType != "" {
// query = query.Where("type = ?", resourceType)
// }
// if group != "" {
// query = query.Where("group = ?", group)
// }
// if isSystem == "true" {
// query = query.Where("is_system = ?", true)
// }
// query.Order("sort_order").Find(&resources)
var resources []models.Resource
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(map[string]interface{}{
"total": 0,
"page": page,
"per_page": perPage,
"total_pages": 0,
"filters": map[string]string{
"type": resourceType,
"group": group,
"is_system": isSystem,
},
"data": resources,
})
}
// Get 获取单个资源
func (h *ResourceHandler) Get(w http.ResponseWriter, r *http.Request) {
idStr := r.URL.Query().Get("id")
if idStr == "" {
http.Error(w, `{"error": "id is required"}`, http.StatusBadRequest)
return
}
id, err := strconv.ParseUint(idStr, 10, 32)
if err != nil {
http.Error(w, `{"error": "invalid id"}`, http.StatusBadRequest)
return
}
// TODO: 查询数据库 (包含关联数据)
// var resource models.Resource
// db.Preload("Roles").Preload("Parent").Preload("Children").First(&resource, id)
var resource models.Resource
if resource.ID == 0 {
http.Error(w, `{"error": "resource not found"}`, http.StatusNotFound)
return
}
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(resource)
}
// Update 更新资源
func (h *ResourceHandler) Update(w http.ResponseWriter, r *http.Request) {
idStr := r.URL.Query().Get("id")
if idStr == "" {
http.Error(w, `{"error": "id is required"}`, http.StatusBadRequest)
return
}
id, err := strconv.ParseUint(idStr, 10, 32)
if err != nil {
http.Error(w, `{"error": "invalid id"}`, http.StatusBadRequest)
return
}
var resource models.Resource
if err := json.NewDecoder(r.Body).Decode(&resource); err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
// 不允许修改代码 (Code 是唯一索引)
// resource.Code = ""
// TODO: 更新数据库
// db.Model(&resource).Where("id = ?", id).Updates(resource)
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(map[string]interface{}{
"message": "资源更新成功",
"data": resource,
})
}
// Delete 删除资源
func (h *ResourceHandler) Delete(w http.ResponseWriter, r *http.Request) {
idStr := r.URL.Query().Get("id")
if idStr == "" {
http.Error(w, `{"error": "id is required"}`, http.StatusBadRequest)
return
}
id, err := strconv.ParseUint(idStr, 10, 32)
if err != nil {
http.Error(w, `{"error": "invalid id"}`, http.StatusBadRequest)
return
}
// 检查是否有子资源
// childCount := countChildResources(id)
// if childCount > 0 {
// http.Error(w, `{"error": "cannot delete resource with children"}`, http.StatusBadRequest)
// return
// }
// 检查是否有角色使用
// roleCount := countRolesWithResource(id)
// if roleCount > 0 {
// http.Error(w, `{"error": "cannot delete resource with associated roles"}`, http.StatusBadRequest)
// return
// }
// TODO: 软删除
// db.Where("id = ?", id).Update("deleted_at", time.Now())
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(map[string]interface{}{
"message": "资源删除成功",
"id": id,
})
}
// GetTree 获取资源树形结构
func (h *ResourceHandler) GetTree(w http.ResponseWriter, r *http.Request) {
// 获取过滤参数
tenantIDStr := r.URL.Query().Get("tenant_id")
groupBy := r.URL.Query().Get("group_by") // 按分组、类型等分组
// TODO: 查询数据库
// 1. 查询所有资源
// 2. 构建树形结构
// 3. 按分组分类返回
type ResourceTree struct {
ID uint `json:"id"`
Name string `json:"name"`
Code string `json:"code"`
Type string `json:"type"`
Children []ResourceTree `json:"children,omitempty"`
ParentID *uint `json:"parent_id,omitempty"`
}
var tree []ResourceTree
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(map[string]interface{}{
"tree": tree,
})
}
// GetResourceByCode 通过代码获取资源
func (h *ResourceHandler) GetResourceByCode(w http.ResponseWriter, r *http.Request) {
code := r.URL.Query().Get("code")
if code == "" {
http.Error(w, `{"error": "code is required"}`, http.StatusBadRequest)
return
}
// TODO: 查询数据库
// var resource models.Resource
// db.Where("code = ?", code).First(&resource)
var resource models.Resource
if resource.ID == 0 {
http.Error(w, `{"error": "resource not found"}`, http.StatusNotFound)
return
}
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(resource)
}
// CheckPermission 检查权限是否有效
func (h *ResourceHandler) CheckPermission(w http.ResponseWriter, r *http.Request) {
type PermissionCheck struct {
UserID uint `json:"user_id"`
TenantID uint `json:"tenant_id"`
ResourceCode string `json:"resource_code"`
Action string `json:"action"` // create, read, update, delete, etc.
}
var req PermissionCheck
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
// TODO: 实现权限检查逻辑
// 1. 查询用户角色
// 2. 查询角色资源
// 3. 检查资源是否包含该操作
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(map[string]interface{}{
"has_permission": false,
"reason": "permission check not implemented",
})
}

240
backend/internal/handlers/role.go Normal file
View File

@@ -0,0 +1,240 @@
package handlers
import (
"encoding/json"
"net/http"
"strconv"
"smart-customer-service/internal/models"
)
// RoleHandler 角色处理器
type RoleHandler struct{}
// Create 创建角色
func (h *RoleHandler) Create(w http.ResponseWriter, r *http.Request) {
var role models.Role
if err := json.NewDecoder(r.Body).Decode(&role); err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
// 验证必填字段
if role.Name == "" || role.Code == "" {
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(http.StatusBadRequest)
json.NewEncoder(w).Encode(map[string]string{
"error": "name and code are required",
})
return
}
// 检查角色代码是否已存在
// if exists := checkRoleExists(role.Code); exists {
// http.Error(w, `{"error": "role code already exists"}`, http.StatusConflict)
// return
// }
// TODO: 保存到数据库
// db.Create(&role)
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(http.StatusCreated)
json.NewEncoder(w).Encode(map[string]interface{}{
"message": "角色创建成功",
"data": role,
})
}
// List 获取角色列表
func (h *RoleHandler) List(w http.ResponseWriter, r *http.Request) {
page := getPageParam(r, 1)
perPage := getPageParam(r, 20)
// 获取过滤参数
tenantIDStr := r.URL.Query().Get("tenant_id")
status := r.URL.Query().Get("status")
isGlobal := r.URL.Query().Get("is_global")
// TODO: 查询数据库
// var roles []models.Role
// query := db.Where("tenant_id = ?", tenantID)
// if status != "" {
// query = query.Where("status = ?", status)
// }
// if isGlobal == "true" {
// query = query.Where("is_global = ?", true)
// }
// query.Preload("Users").Find(&roles)
var roles []models.Role
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(map[string]interface{}{
"total": 0,
"page": page,
"per_page": perPage,
"total_pages": 0,
"data": roles,
})
}
// Get 获取单个角色
func (h *RoleHandler) Get(w http.ResponseWriter, r *http.Request) {
idStr := r.URL.Query().Get("id")
if idStr == "" {
http.Error(w, `{"error": "id is required"}`, http.StatusBadRequest)
return
}
id, err := strconv.ParseUint(idStr, 10, 32)
if err != nil {
http.Error(w, `{"error": "invalid id"}`, http.StatusBadRequest)
return
}
// TODO: 查询数据库 (包含关联数据)
// var role models.Role
// db.Preload("Resources").Preload("Users").First(&role, id)
var role models.Role
if role.ID == 0 {
http.Error(w, `{"error": "role not found"}`, http.StatusNotFound)
return
}
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(role)
}
// Update 更新角色
func (h *RoleHandler) Update(w http.ResponseWriter, r *http.Request) {
idStr := r.URL.Query().Get("id")
if idStr == "" {
http.Error(w, `{"error": "id is required"}`, http.StatusBadRequest)
return
}
id, err := strconv.ParseUint(idStr, 10, 32)
if err != nil {
http.Error(w, `{"error": "invalid id"}`, http.StatusBadRequest)
return
}
var role models.Role
if err := json.NewDecoder(r.Body).Decode(&role); err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
// TODO: 更新数据库
// db.Model(&role).Where("id = ?", id).Updates(role)
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(map[string]interface{}{
"message": "角色更新成功",
"data": role,
})
}
// Delete 删除角色
func (h *RoleHandler) Delete(w http.ResponseWriter, r *http.Request) {
idStr := r.URL.Query().Get("id")
if idStr == "" {
http.Error(w, `{"error": "id is required"}`, http.StatusBadRequest)
return
}
id, err := strconv.ParseUint(idStr, 10, 32)
if err != nil {
http.Error(w, `{"error": "invalid id"}`, http.StatusBadRequest)
return
}
// 检查是否有用户使用该角色
// userCount := countUsersWithRole(id)
// if userCount > 0 {
// http.Error(w, `{"error": "cannot delete role with associated users"}`, http.StatusBadRequest)
// return
// }
// TODO: 软删除
// db.Where("id = ?", id).Update("deleted_at", time.Now())
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(map[string]interface{}{
"message": "角色删除成功",
"id": id,
})
}
// AssignResources 分配资源给角色
func (h *RoleHandler) AssignResources(w http.ResponseWriter, r *http.Request) {
idStr := r.URL.Query().Get("id")
if idStr == "" {
http.Error(w, `{"error": "id is required"}`, http.StatusBadRequest)
return
}
id, err := strconv.ParseUint(idStr, 10, 32)
if err != nil {
http.Error(w, `{"error": "invalid id"}`, http.StatusBadRequest)
return
}
type resourceAssignment struct {
ResourceIDs []uint `json:"resource_ids"`
ResourceCode []string `json:"resource_codes"` // 也可以通过代码分配
}
var req resourceAssignment
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
// TODO: 分配资源
// 1. 验证资源是否存在
// 2. 更新 role_resources 关联表
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(map[string]interface{}{
"message": "资源分配成功",
"data": req,
})
}
// GetPermissions 获取角色的权限列表
func (h *RoleHandler) GetPermissions(w http.ResponseWriter, r *http.Request) {
idStr := r.URL.Query().Get("id")
if idStr == "" {
http.Error(w, `{"error": "id is required"}`, http.StatusBadRequest)
return
}
id, err := strconv.ParseUint(idStr, 10, 32)
if err != nil {
http.Error(w, `{"error": "invalid id"}`, http.StatusBadRequest)
return
}
// TODO: 查询数据库
// 1. 查询角色
// 2. 查询角色关联的资源
// 3. 提取所有资源的操作权限
type PermissionResult struct {
ResourceCode string `json:"resource_code"`
Actions []string `json:"actions"`
Description string `json:"description"`
}
var permissions []PermissionResult
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(map[string]interface{}{
"role_id": id,
"permissions": permissions,
})
}

136
backend/internal/handlers/tenant.go Normal file
View File

@@ -0,0 +1,136 @@
package handlers
import (
"net/http"
"smart-customer-service/internal/models"
"database/sql"
"encoding/json"
"fmt"
"strconv"
)
// TenantHandler 租户处理器
type TenantHandler struct {
// 这里可以添加 database 连接
}
// Create 创建租户
func (h *TenantHandler) Create(w http.ResponseWriter, r *http.Request) {
var tenant models.Tenant
if err := json.NewDecoder(r.Body).Decode(&tenant); err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
// 验证必填字段
if tenant.Name == "" || tenant.Email == "" {
http.Error(w, `{"error": "name and email are required"}`, http.StatusBadRequest)
return
}
// TODO: 保存到数据库
// db.Create(&tenant)
// 返回响应
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(http.StatusCreated)
json.NewEncoder(w).Encode(map[string]interface{}{
"message": "租户创建成功",
"data": tenant,
})
}
// List 获取租户列表
func (h *TenantHandler) List(w http.ResponseWriter, r *http.Request) {
// 获取分页参数
page, _ := strconv.Atoi(r.URL.Query().Get("page"))
if page == 0 {
page = 1
}
perPage, _ := strconv.Atoi(r.URL.Query().Get("per_page"))
if perPage == 0 {
perPage = 20
}
// TODO: 查询数据库
// var tenants []models.Tenant
// db.Offset((page-1)*perPage).Limit(perPage).Find(&tenants)
var tenants []models.Tenant
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(map[string]interface{}{
"total": 0,
"page": page,
"per_page": perPage,
"total_pages": 0,
"data": tenants,
})
}
// Get 获取单个租户
func (h *TenantHandler) Get(w http.ResponseWriter, r *http.Request) {
id, err := strconv.ParseUint(r.URL.Query().Get("id"), 10, 32)
if err != nil {
http.Error(w, `{"error": "invalid id"}`, http.StatusBadRequest)
return
}
// TODO: 查询数据库
// var tenant models.Tenant
// db.First(&tenant, id)
var tenant models.Tenant
if tenant.ID == 0 {
http.Error(w, `{"error": "tenant not found"}`, http.StatusNotFound)
return
}
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(tenant)
}
// Update 更新租户
func (h *TenantHandler) Update(w http.ResponseWriter, r *http.Request) {
id, err := strconv.ParseUint(r.URL.Query().Get("id"), 10, 32)
if err != nil {
http.Error(w, `{"error": "invalid id"}`, http.StatusBadRequest)
return
}
var tenant models.Tenant
if err := json.NewDecoder(r.Body).Decode(&tenant); err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
// TODO: 更新数据库
// db.Model(&tenant).Where("id = ?", id).Updates(map[string]interface{}{
// "name": tenant.Name,
// "email": tenant.Email,
// })
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(map[string]interface{}{
"message": "租户更新成功",
"data": tenant,
})
}
// Delete 删除租户
func (h *TenantHandler) Delete(w http.ResponseWriter, r *http.Request) {
id, err := strconv.ParseUint(r.URL.Query().Get("id"), 10, 32)
if err != nil {
http.Error(w, `{"error": "invalid id"}`, http.StatusBadRequest)
return
}
// TODO: 软删除
// db.Where("id = ?", id).Update("deleted_at", time.Now())
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(map[string]interface{}{
"message": fmt.Sprintf("租户 %d 删除成功", id),
})
}

264
backend/internal/handlers/user.go Normal file
View File

@@ -0,0 +1,264 @@
package handlers
import (
"encoding/json"
"net/http"
"strconv"
"strings"
"smart-customer-service/internal/models"
)
// UserHandler 用户处理器
type UserHandler struct{}
// Create 创建用户
func (h *UserHandler) Create(w http.ResponseWriter, r *http.Request) {
var user models.User
if err := json.NewDecoder(r.Body).Decode(&user); err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
// 验证必填字段
if user.Username == "" || user.Email == "" {
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(http.StatusBadRequest)
json.NewEncoder(w).Encode(map[string]string{
"error": "username and email are required",
})
return
}
// 密码不能为空
if user.Password == "" {
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(http.StatusBadRequest)
json.NewEncoder(w).Encode(map[string]string{
"error": "password is required",
})
return
}
// TODO: 密码加密、保存到数据库
// user.Password = bcrypt.GenerateFromPassword(password)
// db.Create(&user)
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(http.StatusCreated)
json.NewEncoder(w).Encode(map[string]interface{}{
"message": "用户创建成功",
"data": user,
})
}
// List 获取用户列表
func (h *UserHandler) List(w http.ResponseWriter, r *http.Request) {
// 获取分页参数
page := getPageParam(r, 1)
perPage := getPageParam(r, 20)
// 获取过滤参数
tenantIDStr := r.URL.Query().Get("tenant_id")
status := r.URL.Query().Get("status")
keyword := r.URL.Query().Get("keyword")
// TODO: 查询数据库
// var users []models.User
// query := db.Where("tenant_id = ?", tenantID)
// if status != "" {
// query = query.Where("status = ?", status)
// }
// if keyword != "" {
// query = query.Where("username LIKE ? OR email LIKE ? OR full_name LIKE ?", "%"+keyword+"%", "%"+keyword+"%", "%"+keyword+"%")
// }
// query.Count(&total).Offset((page-1)*perPage).Limit(perPage).Preload("Tenant").Find(&users)
var users []models.User
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(map[string]interface{}{
"total": 0,
"page": page,
"per_page": perPage,
"total_pages": 0,
"filters": map[string]string{
"tenant_id": tenantIDStr,
"status": status,
"keyword": keyword,
},
"data": users,
})
}
// Get 获取单个用户
func (h *UserHandler) Get(w http.ResponseWriter, r *http.Request) {
idStr := r.URL.Query().Get("id")
if idStr == "" {
http.Error(w, `{"error": "id is required"}`, http.StatusBadRequest)
return
}
id, err := strconv.ParseUint(idStr, 10, 32)
if err != nil {
http.Error(w, `{"error": "invalid id"}`, http.StatusBadRequest)
return
}
// TODO: 查询数据库 (包含关联数据)
// var user models.User
// db.Preload("Tenant").Preload("Roles").First(&user, id)
var user models.User
if user.ID == 0 {
http.Error(w, `{"error": "user not found"}`, http.StatusNotFound)
return
}
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(user)
}
// Update 更新用户
func (h *UserHandler) Update(w http.ResponseWriter, r *http.Request) {
idStr := r.URL.Query().Get("id")
if idStr == "" {
http.Error(w, `{"error": "id is required"}`, http.StatusBadRequest)
return
}
id, err := strconv.ParseUint(idStr, 10, 32)
if err != nil {
http.Error(w, `{"error": "invalid id"}`, http.StatusBadRequest)
return
}
var user models.User
if err := json.NewDecoder(r.Body).Decode(&user); err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
// 不允许修改用户名和租户 ID
user.Username = ""
user.TenantID = 0
// TODO: 更新数据库
// db.Model(&user).Where("id = ?", id).Updates(user)
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(map[string]interface{}{
"message": "用户更新成功",
"data": user,
})
}
// Delete 删除用户
func (h *UserHandler) Delete(w http.ResponseWriter, r *http.Request) {
idStr := r.URL.Query().Get("id")
if idStr == "" {
http.Error(w, `{"error": "id is required"}`, http.StatusBadRequest)
return
}
id, err := strconv.ParseUint(idStr, 10, 32)
if err != nil {
http.Error(w, `{"error": "invalid id"}`, http.StatusBadRequest)
return
}
// TODO: 软删除
// db.Where("id = ?", id).Update("deleted_at", time.Now())
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(map[string]interface{}{
"message": "用户删除成功",
"id": id,
})
}
// ChangePassword 修改密码
func (h *UserHandler) ChangePassword(w http.ResponseWriter, r *http.Request) {
idStr := r.URL.Query().Get("id")
if idStr == "" {
http.Error(w, `{"error": "id is required"}`, http.StatusBadRequest)
return
}
type passwordChange struct {
OldPassword string `json:"old_password"`
NewPassword string `json:"new_password"`
ConfirmPassword string `json:"confirm_password"`
}
var req passwordChange
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
// 验证新密码
if req.NewPassword != req.ConfirmPassword {
http.Error(w, `{"error": "new passwords do not match"}`, http.StatusBadRequest)
return
}
// 密码最小长度验证
if len(req.NewPassword) < 8 {
http.Error(w, `{"error": "password must be at least 8 characters"}`, http.StatusBadRequest)
return
}
// TODO: 验证旧密码、更新新密码
// 1. 查询用户旧密码
// 2. bcrypt.CompareHashAndPassword
// 3. 更新密码
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(map[string]string{
"message": "密码修改成功",
})
}
// AssignRoles 分配角色
func (h *UserHandler) AssignRoles(w http.ResponseWriter, r *http.Request) {
idStr := r.URL.Query().Get("id")
if idStr == "" {
http.Error(w, `{"error": "id is required"}`, http.StatusBadRequest)
return
}
type roleAssignment struct {
RoleIDs []uint `json:"role_ids"`
}
var req roleAssignment
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
// TODO: 分配角色
// 1. 查询角色是否存在
// 2. 更新 user_roles 关联表
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(map[string]interface{}{
"message": "角色分配成功",
"data": req,
})
}
// 辅助函数:获取分页参数
func getPageParam(r *http.Request, defaultVal int) int {
strVal := r.URL.Query().Get("page")
if strVal == "" {
return defaultVal
}
val, err := strconv.Atoi(strVal)
if err != nil || val < 1 {
return defaultVal
}
return val
}

60
backend/internal/models/resource.go Normal file
View File

@@ -0,0 +1,60 @@
package models
import (
"time"
)
// Resource 资源模型(系统所有可访问的资源)
type Resource struct {
ID uint `gorm:"primaryKey" json:"id"`
TenantID uint `gorm:"not null;index:idx_tenant_resource" json:"tenant_id"`
Name string `gorm:"size:100;not null" json:"name"` // 资源名称
DisplayName string `gorm:"size:200" json:"display_name"`
Description string `gorm:"type:text" json:"description"`
// 资源标识
Code string `gorm:"size:100;not null;uniqueIndex:idx_tenant_resource_code" json:"code"` // 资源代码
Type string `gorm:"size:50;not null" json:"type"` // api, page, button, data 等
Group string `gorm:"size:100" json:"group"` // 所属分组
// 权限配置
Actions []string `gorm:"type:jsonb" json:"actions"` // 允许的操作create, read, update, delete, export 等
Path string `gorm:"size:500" json:"path"` // 资源路径或 API 端点
ParentID *uint `gorm:"index" json:"parent_id,omitempty"` // 父资源 ID
// 状态
Status string `gorm:"size:20;default:'enabled'" json:"status"` // enabled, disabled
IsSystem bool `gorm:"default:false" json:"is_system"` // 是否系统资源
// 资源层级
Level int `gorm:"default:0" json:"level"` // 层级深度
SortOrder int `gorm:"default:0" json:"sort_order"` // 排序
// 时间戳
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
DeletedAt *time.Time `gorm:"index" json:"deleted_at,omitempty"`
// 关联
Tenant Tenant `gorm:"foreignKey:TenantID" json:"tenant,omitempty"`
Roles []Role `gorm:"many2many:role_resources;" json:"roles,omitempty"`
Parent *Resource `gorm:"foreignKey:ParentID" json:"parent,omitempty"`
Children []Resource `gorm:"foreignKey:ParentID" json:"children,omitempty"`
}
// Permission 权限检查辅助结构
type Permission struct {
ResourceCode string `json:"resource_code"`
Action string `json:"action"` // create, read, update, delete, manage 等
TenantID uint `json:"tenant_id,omitempty"`
UserID uint `json:"user_id,omitempty"`
}
// HasPermission 检查用户是否有权限(需要在 handler 中实现)
func HasPermission(userID, tenantID uint, resourceCode, action string) bool {
// TODO: 实现权限检查逻辑
// 1. 查询用户角色
// 2. 查询角色资源
// 3. 检查资源是否包含该操作
return false
}

38
backend/internal/models/role.go Normal file
View File

@@ -0,0 +1,38 @@
package models
import (
"time"
)
// Role 角色模型(基于租户)
type Role struct {
ID uint `gorm:"primaryKey" json:"id"`
TenantID uint `gorm:"not null;index:idx_tenant_role" json:"tenant_id"`
Name string `gorm:"size:50;not null;uniqueIndex:idx_tenant_role_name" json:"name"` // admin, manager, agent, viewer 等
DisplayName string `gorm:"size:100" json:"display_name"` // 显示名称
Description string `gorm:"type:text" json:"description"`
// 权限配置
Code string `gorm:"size:50;uniqueIndex" json:"code"` // 角色代码
Level int `gorm:"default:1" json:"level"` // 权限等级 1-100
Permissions JSONMap `gorm:"type:jsonb" json:"permissions"` // 权限列表
// 状态
IsGlobal bool `gorm:"default:false" json:"is_global"` // 是否全局角色
Status string `gorm:"size:20;default:'active'" json:"status"` // active, inactive
// 资源配置
Resources []Resource `gorm:"many2many:role_resources;" json:"resources,omitempty"`
// 时间戳
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
DeletedAt *time.Time `gorm:"index" json:"deleted_at,omitempty"`
// 关联
Tenant Tenant `gorm:"foreignKey:TenantID" json:"tenant,omitempty"`
Users []User `gorm:"foreignKey:RoleID" json:"users,omitempty"`
}
// RoleID 添加到 User 模型
// 需要在 User 模型中添加 RoleID 字段

4
backend/internal/models/user.go
View File

@@ -19,7 +19,9 @@ type User struct {
Bio string `gorm:"type:text" json:"bio"`
// 角色和权限
Role string `gorm:"size:20;default:'user'" json:"role"` // super_admin, admin, agent, user
Role string `gorm:"size:20;default:'user'" json:"role"` // super_admin, admin, agent, user (legacy)
RoleID *uint `json:"role_id,omitempty"` // 关联的角色 ID (新的 RBAC)
Roles []Role `gorm:"many2many:user_roles;" json:"roles,omitempty"` // 用户关联的角色(多对多)
Status string `gorm:"size:20;default:'active'" json:"status"` // active, inactive, banned
IsVerified bool `gorm:"default:false" json:"is_verified"`

164
backend/internal/router/router.go
View File

@@ -2,11 +2,11 @@ package router
import (
"time"
"github.com/gin-gonic/gin"
"smart-customer-service/config"
"smart-customer-service/internal/handlers"
"smart-customer-service/internal/middleware"
"github.com/gin-gonic/gin"
)
type Router struct {
@@ -21,8 +21,9 @@ func New(cfg *config.Config) *Router {
}
}
// SetupRoutes 配置所有路由
func (r *Router) SetupRoutes() *gin.Engine {
// 设置Gin模式
// 设置 Gin 模式
if r.cfg.Server.Mode == "release" {
gin.SetMode(gin.ReleaseMode)
}
@@ -34,63 +35,71 @@ func (r *Router) SetupRoutes() *gin.Engine {
router.Use(middleware.Logger())
router.Use(middleware.Recovery())
// API路由
// ============ API 路由 ============
api := router.Group("/api")
{
// 公共路由(无需认证)
// === 公共路由(无需认证) ===
public := api.Group("/v1")
{
// 认证
public.POST("/auth/login", r.handlers.Auth.Login)
public.POST("/auth/register", r.handlers.Auth.Register)
public.POST("/auth/refresh", r.handlers.Auth.RefreshToken)
// 租户相关
// 租户注册
public.POST("/tenants/register", r.handlers.Tenant.Register)
public.GET("/tenants/:id", r.handlers.Tenant.GetTenantInfo)
}
// 需要认证的路由
// === 需要认证的路由 ===
protected := api.Group("/v1")
protected.Use(middleware.Auth(r.cfg.JWT.Secret))
{
// 租户管理
r.setupTenantRoutes(protected)
// 用户管理
protected.GET("/users/profile", r.handlers.User.GetProfile)
protected.PUT("/users/profile", r.handlers.User.UpdateProfile)
r.setupUserRoutes(protected)
// 角色管理
r.setupRoleRoutes(protected)
// 资源管理
r.setupResourceRoutes(protected)
// 会话管理
protected.GET("/conversations", r.handlers.Conversation.List)
protected.POST("/conversations", r.handlers.Conversation.Create)
protected.GET("/conversations/:id", r.handlers.Conversation.Get)
protected.GET("/conversations/:id/messages", r.handlers.Conversation.GetMessages)
// 消息管理
protected.POST("/messages", r.handlers.Message.Send)
r.setupConversationRoutes(protected)
// 工单管理
protected.GET("/tickets", r.handlers.Ticket.List)
protected.POST("/tickets", r.handlers.Ticket.Create)
protected.GET("/tickets/:id", r.handlers.Ticket.Get)
protected.PUT("/tickets/:id", r.handlers.Ticket.Update)
r.setupTicketRoutes(protected)
// 知识库管理
protected.GET("/knowledge", r.handlers.Knowledge.List)
protected.POST("/knowledge", r.handlers.Knowledge.Create)
protected.PUT("/knowledge/:id", r.handlers.Knowledge.Update)
protected.DELETE("/knowledge/:id", r.handlers.Knowledge.Delete)
r.setupKnowledgeRoutes(protected)
}
// 管理员路由
// === 管理员路由 ===
admin := api.Group("/admin")
admin.Use(middleware.Auth(r.cfg.JWT.Secret))
admin.Use(middleware.AdminOnly())
{
// 全局租户管理
admin.GET("/tenants", r.handlers.Tenant.ListAll)
admin.PUT("/tenants/:id/status", r.handlers.Tenant.UpdateStatus)
// 全局用户管理
admin.GET("/users", r.handlers.User.ListAll)
// 统计数据
admin.GET("/stats", r.handlers.Admin.GetStats)
admin.GET("/stats/tenants", r.handlers.Admin.GetTenantStats)
admin.GET("/stats/users", r.handlers.Admin.GetUserStats)
// 系统配置
admin.GET("/config", r.handlers.Admin.GetConfig)
admin.PUT("/config", r.handlers.Admin.UpdateConfig)
}
}
// 健康检查
// === 健康检查 ===
router.GET("/health", func(c *gin.Context) {
c.JSON(200, gin.H{
"status": "ok",
@@ -98,5 +107,98 @@ func (r *Router) SetupRoutes() *gin.Engine {
})
})
// === 版本信息 ===
router.GET("/version", func(c *gin.Context) {
c.JSON(200, gin.H{
"version": "1.0.0",
"build": "development",
})
})
return router
}
// setupTenantRoutes 配置租户路由
func (r *Router) setupTenantRoutes(g *gin.RouterGroup) {
tenants := g.Group("/tenants")
{
tenants.GET("", r.handlers.Tenant.List) // 列表
tenants.GET("/:id", r.handlers.Tenant.Get) // 详情
tenants.PUT("/:id", r.handlers.Tenant.Update) // 更新
tenants.DELETE("/:id", r.handlers.Tenant.Delete) // 删除
tenants.POST("/:id/activate", r.handlers.Tenant.Activate) // 激活
tenants.POST("/:id/suspend", r.handlers.Tenant.Suspend) // 暂停
tenants.GET("/:id/stats", r.handlers.Tenant.GetStats) // 统计
}
}
// setupUserRoutes 配置用户路由
func (r *Router) setupUserRoutes(g *gin.RouterGroup) {
users := g.Group("/users")
{
users.GET("", r.handlers.User.List) // 列表
users.POST("", r.handlers.User.Create) // 创建
users.GET("/:id", r.handlers.User.Get) // 详情
users.PUT("/:id", r.handlers.User.Update) // 更新
users.DELETE("/:id", r.handlers.User.Delete) // 删除
users.PUT("/:id/change-password", r.handlers.User.ChangePassword) // 修改密码
users.POST("/:id/assign-roles", r.handlers.User.AssignRoles) // 分配角色
// 个人资料
users.GET("/profile", r.handlers.User.GetProfile)
users.PUT("/profile", r.handlers.User.UpdateProfile)
}
}
// setupRoleRoutes 配置角色路由
func (r *Router) setupRoleRoutes(g *gin.RouterGroup) {
roles := g.Group("/roles")
{
roles.GET("", r.handlers.Role.List) // 列表
roles.POST("", r.handlers.Role.Create) // 创建
roles.GET("/:id", r.handlers.Role.Get) // 详情
roles.PUT("/:id", r.handlers.Role.Update) // 更新
roles.DELETE("/:id", r.handlers.Role.Delete) // 删除
roles.POST("/:id/assign-resources", r.handlers.Role.AssignResources) // 分配资源
roles.GET("/:id/permissions", r.handlers.Role.GetPermissions) // 获取权限
}
}
// setupResourceRoutes 配置资源路由
func (r *Router) setupResourceRoutes(g *gin.RouterGroup) {
resources := g.Group("/resources")
{
resources.GET("", r.handlers.Resource.List) // 列表
resources.POST("", r.handlers.Resource.Create) // 创建
resources.GET("/:id", r.handlers.Resource.Get) // 详情
resources.PUT("/:id", r.handlers.Resource.Update) // 更新
resources.DELETE("/:id", r.handlers.Resource.Delete) // 删除
resources.GET("/tree", r.handlers.Resource.GetTree) // 资源树
resources.GET("/code/:code", r.handlers.Resource.GetResourceByCode) // 通过代码查询
resources.POST("/check-permission", r.handlers.Resource.CheckPermission) // 权限检查
}
}
// setupConversationRoutes 配置会话路由
func (r *Router) setupConversationRoutes(g *gin.RouterGroup) {
g.GET("/conversations", r.handlers.Conversation.List)
g.POST("/conversations", r.handlers.Conversation.Create)
g.GET("/conversations/:id", r.handlers.Conversation.Get)
g.GET("/conversations/:id/messages", r.handlers.Conversation.GetMessages)
}
// setupTicketRoutes 配置工单路由
func (r *Router) setupTicketRoutes(g *gin.RouterGroup) {
g.GET("/tickets", r.handlers.Ticket.List)
g.POST("/tickets", r.handlers.Ticket.Create)
g.GET("/tickets/:id", r.handlers.Ticket.Get)
g.PUT("/tickets/:id", r.handlers.Ticket.Update)
}
// setupKnowledgeRoutes 配置知识库路由
func (r *Router) setupKnowledgeRoutes(g *gin.RouterGroup) {
g.GET("/knowledge", r.handlers.Knowledge.List)
g.POST("/knowledge", r.handlers.Knowledge.Create)
g.PUT("/knowledge/:id", r.handlers.Knowledge.Update)
g.DELETE("/knowledge/:id", r.handlers.Knowledge.Delete)
}