feat: 接口权限

Author: kuangshp

src/api/login/login.module.ts

@@ -3,6 +3,9 @@ import { RouterModule } from '@nestjs/core';
 import { TypeOrmModule } from '@nestjs/typeorm';
 import { ADMIN_PREFIX } from '@src/constants';
 import { AccountEntity } from '../account/entities/account.entity';
+import { AccountRoleEntity } from '../accountRole/entities/account.role.entity';
+import { ResourcesEntity } from '../resources/entities/resources.entity';
+import { RoleResourcesEntity } from '../roleResources/entities/role.resources.entity';
 import { LoginController } from './login.controller';
 import { LoginService } from './login.service';
 
@@ -14,7 +17,12 @@ import { LoginService } from './login.service';
         module: LoginModule,
       },
     ]),
-    TypeOrmModule.forFeature([AccountEntity]),
+    TypeOrmModule.forFeature([
+      AccountEntity,
+      AccountRoleEntity,
+      RoleResourcesEntity,
+      ResourcesEntity,
+    ]),
   ],
   controllers: [LoginController],
   providers: [LoginService],

src/api/login/login.service.ts

@@ -1,11 +1,15 @@
 import { HttpException, HttpStatus, Injectable } from '@nestjs/common';
 import { ConfigService } from '@nestjs/config';
 import { InjectRepository } from '@nestjs/typeorm';
+import { ResourcesTypeEnum } from '@src/enums/resources.type.enum';
 import { LoggerService } from '@src/plugin/logger/logger.service';
 import { RedisService } from '@src/plugin/redis/redis.service';
 import { ToolsService } from '@src/plugin/tools/tools.service';
-import { Repository, SelectQueryBuilder } from 'typeorm';
+import { In, Repository, SelectQueryBuilder } from 'typeorm';
 import { AccountEntity } from '../account/entities/account.entity';
+import { AccountRoleEntity } from '../accountRole/entities/account.role.entity';
+import { ResourcesEntity } from '../resources/entities/resources.entity';
+import { RoleResourcesEntity } from '../roleResources/entities/role.resources.entity';
 import { LoginDto } from './dto/login.dto';
 import { LoginAccountVo, LoginTokenDataVo, LoginVo } from './vo/login.vo';
 
@@ -14,6 +18,12 @@ export class LoginService {
   constructor(
     @InjectRepository(AccountEntity)
     private readonly accountRepository: Repository<AccountEntity>,
+    @InjectRepository(AccountRoleEntity)
+    private readonly accountRoleRepository: Repository<AccountRoleEntity>,
+    @InjectRepository(RoleResourcesEntity)
+    private readonly roleResourcesRepository: Repository<RoleResourcesEntity>,
+    @InjectRepository(ResourcesEntity)
+    private readonly resourcesRepository: Repository<ResourcesEntity>,
     private readonly toolsService: ToolsService,
     private readonly loggerService: LoggerService,
     private readonly redisService: RedisService,
@@ -106,9 +116,39 @@ export class LoginService {
     const token = this.toolsService.uuidToken;
     const refreshToken = this.toolsService.uuidToken;
     const sign = this.toolsService.uuidToken;
+    // 根据当前用户获取授权的按钮权限
+    const accountRoleEntityList: Pick<AccountRoleEntity, 'roleId'>[] =
+      await this.accountRoleRepository.find({
+        where: {
+          accountId: accountEntity.id,
+        },
+        select: ['roleId'],
+      });
+    const roleIdList = accountRoleEntityList.map((item) => item.roleId);
+    const roleResourcesList: Pick<RoleResourcesEntity, 'resourcesId'>[] =
+      await this.roleResourcesRepository.find({
+        where: {
+          type: 1,
+          roleId: In(roleIdList),
+        },
+        select: ['resourcesId'],
+      });
+    const resourcesIdList = roleResourcesList.map((item) => item.resourcesId);
+    // 查询全部的资源
+    const resourcesEntity = await this.resourcesRepository.find({
+      where: {
+        id: In(resourcesIdList),
+      },
+      select: ['url', 'method', 'title', 'resourcesType'],
+    });
+    console.log(resourcesEntity, '1111');
+    const resources = resourcesEntity.filter((item) => item.resourcesType == ResourcesTypeEnum.API);
+    console.log(resources, '全部的资源');
+    // 根据角色idList去查询授权的按钮
     // 根据资源id获取资源信息
     const redisData: LoginTokenDataVo = {
       userInfo: accountEntity, // 用户信息
+      authApi: resources, // 授权的api接口
       sign,
     };
     // 正常token

src/api/login/vo/login.vo.ts

@@ -1,3 +1,5 @@
+import { ResourcesEntity } from '@src/api/resources/entities/resources.entity';
+
 export class LoginVo {
   readonly id!: number; // 账号id
   readonly username?: string; // 用户名
@@ -20,4 +22,5 @@ export class LoginAccountVo {
 export class LoginTokenDataVo {
   readonly userInfo!: LoginAccountVo; // 用户基本信息
   readonly sign!: string; // 签名key
+  readonly authApi!: Pick<ResourcesEntity, 'id' | 'title' | 'method' | 'resourcesType' | 'url'>[];
 }

src/api/menus/vo/menus.vo.ts

@@ -7,7 +7,7 @@ export class MenusVo {
   method!: MethodEnum; // 接口的请求方式
   icon!: string; // 菜单小图标
   sort!: number; // 菜单,或接口排序
-  type!: number; // 0目录,1菜单,2接口
+  resourcesType!: number; // 0目录,1菜单,2接口
   parentId!: number; // 上一级id
   status!: number; // 状态:0是正常,1是禁止
 }

src/api/resources/entities/resources.entity.ts

@@ -47,15 +47,6 @@ export class ResourcesEntity extends SharedEntity {
   })
   resourcesType!: number;
 
-  @Column({
-    type: 'tinyint',
-    name: 'type',
-    nullable: true,
-    default: '0',
-    comment: '是否为模块:0,菜单:1,按钮(接口):2',
-  })
-  type!: number;
-
   @Column({
     type: 'int',
     name: 'parent_id',

src/app.module.ts

@@ -3,7 +3,12 @@ import { ConfigModule, ConfigService } from '@nestjs/config';
 import { APP_FILTER, APP_INTERCEPTOR, APP_PIPE } from '@nestjs/core';
 import { TypeOrmModule } from '@nestjs/typeorm';
 import { HttpExceptionFilter } from './filters/http-exception.filter';
-import { LoggerInterceptor, RedisCacheInterceptor, RedisLimitInterceptor } from './interceptors';
+import {
+  LoggerInterceptor,
+  RedisCacheInterceptor,
+  RedisLimitInterceptor,
+  ApiInterceptor,
+} from './interceptors';
 import { TransformInterceptor } from './interceptors/transform.interceptor';
 import { ValidationPipe } from './pipe/validation.pipe';
 import { getConfig } from './utils';
@@ -70,6 +75,10 @@ import { PluginModule } from './plugin/plugin.module';
       provide: APP_INTERCEPTOR,
       useClass: TransformInterceptor,
     },
+    {
+      provide: APP_INTERCEPTOR,
+      useClass: ApiInterceptor,
+    },
     // 全局使用管道(数据校验)
     {
       provide: APP_PIPE,

src/interceptors/api.interceptor.ts

@@ -0,0 +1,54 @@
+import {
+  CallHandler,
+  ExecutionContext,
+  HttpException,
+  HttpStatus,
+  Injectable,
+  NestInterceptor,
+} from '@nestjs/common';
+import { LoginTokenDataVo } from '@src/api/login/vo/login.vo';
+import { AccountTypeEnum } from '@src/enums/account.type.enum';
+import { Observable } from 'rxjs';
+
+@Injectable()
+export class ApiInterceptor implements NestInterceptor {
+  // 可以直接访问的
+  private readonly whiteUrlList: string[] = ['/menus/btnList', '/menus'];
+  intercept(context: ExecutionContext, next: CallHandler): Observable<any> {
+    const request = context.switchToHttp().getRequest();
+    /**当前请求方式 */
+    const method = request.method;
+    /**当前请求路径 */
+    const url = request.url;
+    const user = request.user as LoginTokenDataVo;
+    const newUrl = url
+      .replace('//', '/') // 去除双//
+      .replace('/api/v1/admin', '') // 去除双//
+      .replace(/\?.*/, '') // 去除最后一个
+      .replace(/(\d+)$/, '*');
+    console.log(newUrl, '-------------');
+    if (this.whiteUrlList.includes(newUrl)) {
+      return next.handle();
+    }
+    if (user) {
+      const {
+        userInfo: { accountType },
+      } = user;
+      if (accountType == AccountTypeEnum.SUPER_ACCOUNT) {
+        return next.handle();
+      }
+      // 表示已经登录的
+      const currentItem = user.authApi.find((item) => item.method == method && item.url == newUrl);
+      console.log(currentItem, '???');
+      if (currentItem) {
+        return next.handle();
+      } else {
+        throw new HttpException(
+          JSON.stringify({ code: 10034, message: '你没权限访问' }),
+          HttpStatus.OK
+        );
+      }
+    }
+    return next.handle();
+  }
+}

src/interceptors/index.ts

@@ -1,3 +1,4 @@
 export * from './logger.interceptor';
 export * from './redis-limit.interceptor';
 export * from './redis-cache.interceptor';
+export * from './api.interceptor';