fa50c64ee4
- Multi-tenant RBAC: permission catalog, roles, role-permission mapping, user-role assignment, and external IdP role mapping (zitadel/ldap/scim). - Casbin enforcer with Redis-backed adapter and Pub/Sub reload for multi-instance policy sync; HTTP middleware enforces (tenant, role, path, method) with platform admin bypass. - /api/v1/permissions routes: catalog, me, policy/reload, roles CRUD, role permissions, user roles, role mappings. - New error scope (31) for Permission and biz code descriptions. - Wire Permission module into ServiceContext, config, mongo-index, and add cmd/permission-seed CLI plus etc/rbac.conf model. - Redis client gains lazy PubSubClient helper (go-zero wrapper lacks Subscribe). - Rewrite internal/model/member/README to cover Tenant/Member/Identity. Co-authored-by: Cursor <cursoragent@cursor.com> |
||
|---|---|---|
| .. | ||
| README.md | ||
| auth.api | ||
| common.api | ||
| gateway.api | ||
| member.api | ||
| normal.api | ||
| permission.api | ||
README.md
API 定義(goctl + go-doc 共用)
檔案
| 檔案 | 用途 |
|---|---|
gateway.api |
入口:info() + import |
common.api |
共用文件型別(APIErrorStatus、ErrorDetail) |
auth.api |
Auth 路由(scope 28) |
member.api |
Member 路由(scope 29) |
normal.api |
路由與業務 data 型別 |
指令
make gen-api # 生成 handler / logic / types
make gen-doc # 生成 docs/openapi/gateway.yaml(OpenAPI 3.0)
註解約定
- Logic
returns:只寫業務 data(如PingData) - 文件
@respdoc:寫實際 HTTP JSON(如PingOKStatus、APIErrorStatus) @doc:單一 API 的 summary / description- 多狀態碼用
/* @respdoc-200 ... */區塊,放在@handler前 - Request 驗證:欄位可加
validate:"required,email"等 tag;make gen-api後 handler 會自動ValidateAll(見generate/goctl/api/handler.tpl)
與 runtime 對齊
Handler 使用 response.Write 輸出:
{ "code": 102000, "message": "SUCCESS", "data": { ... } }
失敗時含 error.biz_code / error.scope 等欄位。Handler parse 錯誤為 Facade scope(10101000);各模組 logic/usecase 使用對應 scope(Auth=28、Member=29)。