my-project/access-manage
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: 增加登录鉴权和固定角色权限

Browse Source
This commit is contained in:
湛兮
2026-05-26 12:14:33 +08:00
parent 643244abab
commit 55b99b5307
21 changed files with 957 additions and 250 deletions
Download Patch File Download Diff File Expand all files Collapse all files
migrations/003_create_super_admins.sql
+32
View File
@@ -0,0 +1,32 @@
-- 003_create_super_admins.sql
-- 这个迁移文件新增超级管理员表,用于后台登录和后续所有管理接口的 JWT 鉴权。
CREATE TABLE IF NOT EXISTS super_admins (
id INT UNSIGNED NOT NULL AUTO_INCREMENT,
username VARCHAR(50) NOT NULL COMMENT '登录账号',
password_hash VARCHAR(255) NOT NULL COMMENT '密码哈希,禁止存储明文密码',
display_name VARCHAR(50) NOT NULL COMMENT '展示名称',
status ENUM('ACTIVE', 'INACTIVE') NOT NULL DEFAULT 'ACTIVE' COMMENT '账号状态',
last_login_at DATETIME(3) NULL COMMENT '最后登录时间',
created_at DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
updated_at DATETIME(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3),
PRIMARY KEY (id),
UNIQUE KEY uk_super_admins_username (username),
KEY idx_super_admins_status (status)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci COMMENT='超级管理员表';
-- 初始化一个本地开发用超级管理员账号。
-- 账号:admin
-- 密码:Admin@123456
-- password_hash 使用 PBKDF2-SHA256 生成,登录校验逻辑在 src/modules/auth/password.ts。
INSERT INTO super_admins (id, username, password_hash, display_name, status)
VALUES (
1,
'admin',
'pbkdf2$sha256$310000$vXBBypwmLVKkGa1Og8Z3SQ$yAV40TqZjrzx1-xg27ucQqL3Hc5HQ44t-sarPwpjLUA',
'超级管理员',
'ACTIVE'
)
ON DUPLICATE KEY UPDATE
display_name = VALUES(display_name),
status = VALUES(status);
migrations/004_add_employee_login_fields.sql
+16
View File
@@ -0,0 +1,16 @@
-- 004_add_employee_login_fields.sql
-- 员工也可以登录系统,因此在 employees 表上补充密码哈希和最后登录时间。
ALTER TABLE employees
ADD COLUMN password_hash VARCHAR(255) NULL COMMENT '员工登录密码哈希,禁止存储明文密码' AFTER phone,
ADD COLUMN last_login_at DATETIME(3) NULL COMMENT '员工最后登录时间' AFTER deleted_at;
-- 给已有员工设置本地开发默认密码。
-- 默认密码:Employee@123456
-- 生产环境应在真实上线前改成独立密码或补充重置密码流程。
UPDATE employees
SET password_hash = 'pbkdf2$sha256$310000$Vd5Mh3XgZPZ4ozECQzmviA$YnzG8OAqy9bZE9ZmA2yT1RpUl0bbC0yA9LpYUO8LltQ'
WHERE password_hash IS NULL;
ALTER TABLE employees
MODIFY password_hash VARCHAR(255) NOT NULL DEFAULT 'pbkdf2$sha256$310000$Vd5Mh3XgZPZ4ozECQzmviA$YnzG8OAqy9bZE9ZmA2yT1RpUl0bbC0yA9LpYUO8LltQ' COMMENT '员工登录密码哈希,禁止存储明文密码';