FEAT: complete business logic

Signed-off-by: daz-3ux <[email protected]>
Daz-3ux · Oct 7, 2023 · 2bbd299 · 2bbd299
1 parent 37d1443
commit 2bbd299
Show file tree

Hide file tree

Showing 31 changed files with 906 additions and 35 deletions.
diff --git a/README.md b/README.md
@@ -20,5 +20,5 @@
 ## 版本信息
 [打印详细版本信息](./pkg/version/README.md)
 
-## 认证系统
+## 认证授权系统
 [dBlog的认证与授权](./docs/devel/zh-CN/conversions/auth.md)
diff --git a/docs/devel/zh-CN/conversions/auth.md b/docs/devel/zh-CN/conversions/auth.md
@@ -57,4 +57,7 @@ eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE1MjgwMTY5MjIsImlkIjowLCJuYmYiOjE
   - POST 用于创建
   - PUT 用于更新,是一个幂等操作
 
-## 授权 - Authorization - Authz
+## 授权 - Authorization - Authz
+- 使用 RBAC (Role-Based Access Control) 模型进行授权
+  - 基于 [casbin](./useCasbin.md) 进行开发
+  - 
diff --git a/docs/devel/zh-CN/conversions/useCasbin.md b/docs/devel/zh-CN/conversions/useCasbin.md
@@ -0,0 +1,69 @@
+# cabin
+
+## 元模型
+- PERM 元模型
+- policy, effect, request, matcher
+  - sub: subject, 访问实体
+  - obj: object, 被访问实体
+  - act: action, 访问行为
+  - eft: effect, 访问结果,一般为空,默认指定为 allow 或 deny
+
+### Policy
+- 策略
+- p = {sub, obj, act, eft}
+- 一般存储与数据库中,因为会有很多
+```text
+[policy_definition]
+p = sub, obj, act, eft
+```
+
+
+### Matchers
+- 匹配规则
+```text
+m = r.sub == p.sub && r.obj == p.obj && r.act == p.act
+```
+- r 是请求, p 是策略
+- 会把 r 和 p 按照上述描述进行匹配
+  - 从而返回匹配结果(eft),如果不定义,则返回allow,否则返回定义值
+
+
+### Effect
+- 影响
+- 决定我们受否放行
+- cabin 支持的 policy effect
+
+| Policy effect                                               | 意义                     |
+|-------------------------------------------------------------|------------------------|
+| some(where (p.eft == allow))                                | allow-override         |
+| !some(p.eft == deny)                                        | deny-override          |
+| some(where (p.eft == allow) && !some(where (p.eft == deny)) | allow-and-deny         |
+| priority(p.eft)\|\|deny                                     | priority               |
+| subjectPriority(p.eft)                                      | priority based on role |
+
+### Resource
+- 请求
+- r = {sub, obj, act}
+
+
+## 角色域
+- role_definition
+  - g = _, _ 表示以角色为基础
+  - g = _, _, _ 表示以域为基础(多商户模式)
+
+
+## dBlog 对 casbin 的使用
+- 使用 RBAC 模型
+  - Role Based Access Control
+- 对资源操作进行授权
+  - `用户`只可以访问自己账户下的 用户/博客 等资源
+  - `管理员`可以访问所有资源
+  - 也就是对 API 路径进行授权
+- 授权策略:   
+
+| A | B    | C              | D                        |
+|---|------|----------------|--------------------------|
+| p | root | /v1/users*     | (GET)(POST)(PUT)(DELETE) |
+| p | bob  | /v1/users/belm | (GET)(POST)(PUT)(DELETE) |
+
+- 因为要对每一个 HTTP 进行授权, 所以将授权功能封装为中间件
diff --git a/go.mod b/go.mod
@@ -4,22 +4,25 @@ go 1.21.0
 
 require (
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2
+	github.com/casbin/casbin/v2 v2.77.2
 	github.com/gin-gonic/gin v1.9.1
 	github.com/golang-jwt/jwt/v4 v4.5.0
 	github.com/google/uuid v1.1.2
 	github.com/gosuri/uitable v0.0.4
+	github.com/jasonsoft/go-short-id v0.0.0-20180410073244-6ed30cc4305d
 	github.com/jinzhu/copier v0.4.0
 	github.com/spf13/cobra v1.7.0
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.16.0
 	go.uber.org/automaxprocs v1.5.3
 	go.uber.org/zap v1.25.0
-	golang.org/x/crypto v0.9.0
+	golang.org/x/crypto v0.12.0
 	gorm.io/driver/mysql v1.5.1
 	gorm.io/gorm v1.25.4
 )
 
 require (
+	github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible // indirect
 	github.com/bytedance/sonic v1.9.1 // indirect
 	github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect
 	github.com/fatih/color v1.13.0 // indirect
@@ -29,6 +32,7 @@ require (
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/go-playground/validator/v10 v10.14.0 // indirect
+	github.com/go-redis/redis v6.15.9+incompatible // indirect
 	github.com/go-sql-driver/mysql v1.7.0 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
@@ -45,19 +49,24 @@ require (
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/onsi/ginkgo v1.16.5 // indirect
+	github.com/onsi/gomega v1.28.0 // indirect
 	github.com/pelletier/go-toml/v2 v2.0.8 // indirect
 	github.com/rivo/uniseg v0.2.0 // indirect
 	github.com/spf13/afero v1.9.5 // indirect
 	github.com/spf13/cast v1.5.1 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/subosito/gotenv v1.4.2 // indirect
+	github.com/tidwall/gjson v1.14.4 // indirect
+	github.com/tidwall/match v1.1.1 // indirect
+	github.com/tidwall/pretty v1.2.0 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.2.11 // indirect
 	go.uber.org/multierr v1.10.0 // indirect
 	golang.org/x/arch v0.3.0 // indirect
-	golang.org/x/net v0.10.0 // indirect
-	golang.org/x/sys v0.8.0 // indirect
-	golang.org/x/text v0.9.0 // indirect
+	golang.org/x/net v0.14.0 // indirect
+	golang.org/x/sys v0.11.0 // indirect
+	golang.org/x/text v0.12.0 // indirect
 	google.golang.org/protobuf v1.30.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect