From bcfe46f79257a8e9092d71e2771c2d40dad0516a Mon Sep 17 00:00:00 2001 From: tylor Date: Tue, 14 Apr 2026 16:35:25 +0800 Subject: [PATCH 1/2] fix: sign token with acl --- openapi.json | 6 +++++- src/auth/auth.controller.ts | 2 ++ src/auth/dto/sign-token.dto.ts | 11 ++++++++++- 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/openapi.json b/openapi.json index 430c3ee..1da4c58 100644 --- a/openapi.json +++ b/openapi.json @@ -1,5 +1,5 @@ { - "hash": "beb77cb0b37924ed4121b87dbd01aea157eb2cde455025934bcea22b64dba1a6", + "hash": "9c9667fc9c2b41847a5dca17a8678df533cbcbdc717cf5fd34dddf4ed5e556b8", "openapi": "3.0.0", "paths": { "/hello": { @@ -6305,6 +6305,10 @@ "items": { "type": "string" } + }, + "acl": { + "type": "object", + "description": "访问控制列表" } }, "required": [ diff --git a/src/auth/auth.controller.ts b/src/auth/auth.controller.ts index 0c0b374..b89d27e 100644 --- a/src/auth/auth.controller.ts +++ b/src/auth/auth.controller.ts @@ -493,10 +493,12 @@ export class AuthController { } const jwtpayload: JwtPayload = { + roles: user.roles, ns: user.ns, type: user.type, groups: user.groups, permissions: dto.permissions, + acl: dto.acl, }; const token = this.jwtService.sign(jwtpayload, { diff --git a/src/auth/dto/sign-token.dto.ts b/src/auth/dto/sign-token.dto.ts index 1df4b7e..5d66f77 100644 --- a/src/auth/dto/sign-token.dto.ts +++ b/src/auth/dto/sign-token.dto.ts @@ -1,4 +1,6 @@ -import { IsNotEmpty, IsOptional, IsString } from 'class-validator'; +import { IsNotEmpty, IsObject, IsOptional, IsString } from 'class-validator'; + +import { Acl } from 'src/auth/entities/jwt.entity'; export class SignTokenDto { /** @@ -35,4 +37,11 @@ export class SignTokenDto { @IsOptional() @IsString({ each: true }) permissions?: string[]; + + /** + * 访问控制列表 + */ + @IsOptional() + @IsObject() + acl?: Acl; } From 4c6fc829696a905449d4ae424ed436d259e5d3e9 Mon Sep 17 00:00:00 2001 From: tylor Date: Tue, 14 Apr 2026 16:55:56 +0800 Subject: [PATCH 2/2] feat: set user active and roles while auto register --- openapi.json | 35 ++++++++++++++++++++++++++++++- src/auth/auth.controller.ts | 6 ++++++ src/auth/dto/login.dto.ts | 42 +++++++++++++++++++++++++++++++++++++ 3 files changed, 82 insertions(+), 1 deletion(-) diff --git a/openapi.json b/openapi.json index 1da4c58..e4f913b 100644 --- a/openapi.json +++ b/openapi.json @@ -1,5 +1,5 @@ { - "hash": "9c9667fc9c2b41847a5dca17a8678df533cbcbdc717cf5fd34dddf4ed5e556b8", + "hash": "3e45e84c633b2b3f2d51343bd71a6f525010b2ef4b9717314525a4d36568452e", "openapi": "3.0.0", "paths": { "/hello": { @@ -5816,6 +5816,17 @@ "type": "boolean", "description": "不存在用户时是否自动注册" }, + "active": { + "type": "boolean", + "description": "自动注册时是否启用(不传则使用服务端默认)" + }, + "roles": { + "description": "自动注册时的角色(不传则使用服务端默认)", + "type": "array", + "items": { + "type": "string" + } + }, "ns": { "type": "string", "description": "命名空间" @@ -5869,6 +5880,17 @@ "type": "boolean", "description": "不存在用户时是否自动注册" }, + "active": { + "type": "boolean", + "description": "自动注册时是否启用(不传则使用服务端默认)" + }, + "roles": { + "description": "自动注册时的角色(不传则使用服务端默认)", + "type": "array", + "items": { + "type": "string" + } + }, "ns": { "type": "string", "description": "命名空间" @@ -5914,6 +5936,17 @@ "type": "boolean", "description": "不存在用户时是否自动注册" }, + "active": { + "type": "boolean", + "description": "自动注册时是否启用(不传则使用服务端默认)" + }, + "roles": { + "description": "自动注册时的角色(不传则使用服务端默认)", + "type": "array", + "items": { + "type": "string" + } + }, "ns": { "type": "string", "description": "命名空间" diff --git a/src/auth/auth.controller.ts b/src/auth/auth.controller.ts index b89d27e..1b75401 100644 --- a/src/auth/auth.controller.ts +++ b/src/auth/auth.controller.ts @@ -257,6 +257,8 @@ export class AuthController { registerIp: dto.registerIp, registerRegion: dto.registerRegion, type: dto.type, + ...(dto.active !== undefined && { active: dto.active }), + ...(dto.roles !== undefined && { roles: dto.roles }), }); } @@ -300,6 +302,8 @@ export class AuthController { registerIp: dto.registerIp, registerRegion: dto.registerRegion, type: dto.type, + ...(dto.active !== undefined && { active: dto.active }), + ...(dto.roles !== undefined && { roles: dto.roles }), }); } @@ -344,6 +348,8 @@ export class AuthController { registerIp: dto.registerIp, registerRegion: dto.registerRegion, type: dto.type, + ...(dto.active !== undefined && { active: dto.active }), + ...(dto.roles !== undefined && { roles: dto.roles }), }); } diff --git a/src/auth/dto/login.dto.ts b/src/auth/dto/login.dto.ts index 6fec2e3..d1b54f1 100644 --- a/src/auth/dto/login.dto.ts +++ b/src/auth/dto/login.dto.ts @@ -47,6 +47,20 @@ export class LoginByPhoneDto { @IsBoolean() autoRegister?: boolean; + /** + * 自动注册时是否启用(不传则使用服务端默认) + */ + @IsOptional() + @IsBoolean() + active?: boolean; + + /** + * 自动注册时的角色(不传则使用服务端默认) + */ + @IsOptional() + @IsString({ each: true }) + roles?: string[]; + /** * 命名空间 */ @@ -105,6 +119,20 @@ export class LoginByPhoneQuickAuthDto { @IsBoolean() autoRegister?: boolean; + /** + * 自动注册时是否启用(不传则使用服务端默认) + */ + @IsOptional() + @IsBoolean() + active?: boolean; + + /** + * 自动注册时的角色(不传则使用服务端默认) + */ + @IsOptional() + @IsString({ each: true }) + roles?: string[]; + /** * 命名空间 */ @@ -178,6 +206,20 @@ export class LoginByEmailDto { @IsBoolean() autoRegister?: boolean; + /** + * 自动注册时是否启用(不传则使用服务端默认) + */ + @IsOptional() + @IsBoolean() + active?: boolean; + + /** + * 自动注册时的角色(不传则使用服务端默认) + */ + @IsOptional() + @IsString({ each: true }) + roles?: string[]; + /** * 命名空间 */