fix(handlers): add handlers

src/handlers/authorization.rs

@@ -0,0 +1,59 @@
+use crate::handlers::AppState;
+use crate::middleware::TenantId;
+use crate::middleware::auth::AuthContext;
+use axum::extract::State;
+use common_telemetry::{AppError, AppResponse};
+use tracing::instrument;
+
+#[utoipa::path(
+    get,
+    path = "/me/permissions",
+    tag = "Me",
+    security(
+        ("bearer_auth" = [])
+    ),
+    responses(
+        (status = 200, description = "当前用户权限列表", body = [String]),
+        (status = 401, description = "未认证"),
+        (status = 403, description = "无权限")
+    ),
+    params(
+        ("Authorization" = String, Header, description = "Bearer <access_token>（访问令牌）"),
+        ("X-Tenant-ID" = String, Header, description = "租户 UUID（可选，若提供需与 Token 中 tenant_id 一致）")
+    )
+)]
+#[instrument(skip(state))]
+/// 查询当前登录用户在当前租户下的权限编码列表。
+///
+/// 用途：
+/// - 快速自查当前令牌是否携带期望的权限（便于联调与排障）。
+///
+/// 输入：
+/// - Header `Authorization: Bearer <access_token>`（必填）
+/// - Header `X-Tenant-ID`（可选；若提供需与 Token 中 tenant_id 一致，否则返回 403）
+///
+/// 输出：
+/// - `200`：权限字符串数组（如 `user:read`）
+///
+/// 异常：
+/// - `401`：未携带或无法解析访问令牌
+/// - `403`：租户不匹配或无权访问
+pub async fn my_permissions_handler(
+    TenantId(tenant_id): TenantId,
+    State(state): State<AppState>,
+    AuthContext {
+        tenant_id: auth_tenant_id,
+        user_id,
+        ..
+    }: AuthContext,
+) -> Result<AppResponse<Vec<String>>, AppError> {
+    if auth_tenant_id != tenant_id {
+        return Err(AppError::PermissionDenied("tenant:mismatch".into()));
+    }
+
+    let permissions = state
+        .authorization_service
+        .list_permissions_for_user(tenant_id, user_id)
+        .await?;
+    Ok(AppResponse::ok(permissions))
+}