IAM/iam-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(role): role bind

Browse Source
This commit is contained in:
shay7sev
2026-01-31 17:23:56 +08:00
parent 4dc46659c9
commit 41cdbb5b29
30 changed files with 1773 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
scripts/db/README.md
View File

@@ -18,6 +18,8 @@
| 0002 | `migrations/0002_enabled_apps.sql` | enabled_apps租户应用开通、平台租户与平台权限SuperAdmin |
| 0003 | `migrations/0003_app_lifecycle.sql` | apps 生命周期管理(扩展字段、变更记录、上下线审批) |
| 0004 | `migrations/0004_password_reset.sql` | 密码重置(权限码与 Admin/SuperAdmin 授权) |
| 0005 | `migrations/0005_refresh_token_fingerprint.sql` | refresh token 指纹索引(支持刷新时安全查找) |
| 0006 | `migrations/0006_cms_permissions.sql` | CMS 最小必要权限permissions 种子) |
校验脚本映射(与 migrations 一一对应):
@@ -27,6 +29,8 @@
| 0002 | `scripts/db/verify/0002_enabled_apps.sql` | 校验 enabled_apps 相关表与平台种子 |
| 0003 | `scripts/db/verify/0003_app_lifecycle.sql` | 校验 apps 生命周期管理相关表与权限种子 |
| 0004 | `scripts/db/verify/0004_password_reset.sql` | 校验密码重置权限码种子 |
| 0005 | `scripts/db/verify/0005_refresh_token_fingerprint.sql` | 校验 refresh_tokens 指纹字段 |
| 0006 | `scripts/db/verify/0006_cms_permissions.sql` | 校验 CMS 权限种子 |
## 执行方式

11
scripts/db/migrations/0005_refresh_token_fingerprint.sql Normal file
View File

@@ -0,0 +1,11 @@
BEGIN;
ALTER TABLE refresh_tokens
ADD COLUMN IF NOT EXISTS token_fingerprint VARCHAR(64);
CREATE UNIQUE INDEX IF NOT EXISTS idx_refresh_tokens_token_fingerprint
ON refresh_tokens(token_fingerprint)
WHERE token_fingerprint IS NOT NULL;
COMMIT;

13
scripts/db/migrations/0006_cms_permissions.sql Normal file
View File

@@ -0,0 +1,13 @@
BEGIN;
INSERT INTO permissions (code, description, resource, action) VALUES
('cms:article:create', 'Create article', 'article', 'create'),
('cms:article:edit', 'Edit article', 'article', 'edit'),
('cms:article:publish', 'Publish article', 'article', 'publish'),
('cms:category:manage', 'Manage categories', 'category', 'manage'),
('cms:media:manage', 'Manage media library', 'media', 'manage'),
('cms:settings:manage', 'Manage system settings', 'settings', 'manage')
ON CONFLICT (code) DO NOTHING;
COMMIT;

9
scripts/db/rollback/0005.down.sql Normal file
View File

@@ -0,0 +1,9 @@
BEGIN;
DROP INDEX IF EXISTS idx_refresh_tokens_token_fingerprint;
ALTER TABLE refresh_tokens
DROP COLUMN IF EXISTS token_fingerprint;
COMMIT;

14
scripts/db/rollback/0006.down.sql Normal file
View File

@@ -0,0 +1,14 @@
BEGIN;
DELETE FROM permissions
WHERE code IN (
'cms:article:create',
'cms:article:edit',
'cms:article:publish',
'cms:category:manage',
'cms:media:manage',
'cms:settings:manage'
);
COMMIT;

12
scripts/db/verify/0005_refresh_token_fingerprint.sql Normal file
View File

@@ -0,0 +1,12 @@
DO $$
BEGIN
IF NOT EXISTS (
SELECT 1 FROM information_schema.columns
WHERE table_schema = 'public'
AND table_name = 'refresh_tokens'
AND column_name = 'token_fingerprint'
) THEN
RAISE EXCEPTION 'refresh_tokens.token_fingerprint missing';
END IF;
END $$;

7
scripts/db/verify/0006_cms_permissions.sql Normal file
View File

@@ -0,0 +1,7 @@
DO $$
BEGIN
IF NOT EXISTS (SELECT 1 FROM permissions WHERE code = 'cms:article:create') THEN
RAISE EXCEPTION 'missing cms permissions seed';
END IF;
END $$;