You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
363 lines
8.4 KiB
363 lines
8.4 KiB
package migration |
|
|
|
import ( |
|
"fmt" |
|
"gofaster/internal/auth/model" |
|
"gofaster/internal/auth/repository" |
|
"gofaster/internal/shared/logger" |
|
|
|
"gorm.io/gorm" |
|
) |
|
|
|
// RunMigrations 运行数据库迁移 |
|
func RunMigrations(db *gorm.DB) error { |
|
log := logger.NewLogger("info", "") |
|
defer log.Sync() |
|
// 自动迁移用户表 |
|
if err := db.AutoMigrate(&model.User{}); err != nil { |
|
return err |
|
} |
|
|
|
// 手动检查并添加可能缺失的字段 |
|
if err := ensureUserFields(db); err != nil { |
|
return err |
|
} |
|
|
|
// 自动迁移角色表 |
|
if err := db.AutoMigrate(&model.Role{}); err != nil { |
|
return err |
|
} |
|
|
|
// 自动迁移用户角色关联表 |
|
if err := db.AutoMigrate(&model.UserRole{}); err != nil { |
|
return err |
|
} |
|
|
|
// 自动迁移验证码表 |
|
if err := db.AutoMigrate(&repository.Captcha{}); err != nil { |
|
return err |
|
} |
|
|
|
// 自动迁移密码策略相关表 |
|
if err := db.AutoMigrate( |
|
&model.PasswordPolicy{}, |
|
&model.PasswordHistory{}, |
|
&model.PasswordReset{}, |
|
); err != nil { |
|
return err |
|
} |
|
|
|
// 自动迁移资源相关表 |
|
if err := db.AutoMigrate( |
|
&model.Resource{}, |
|
&model.ResourcePermission{}, |
|
); err != nil { |
|
return err |
|
} |
|
|
|
// 自动迁移权限相关表 |
|
if err := db.AutoMigrate( |
|
&model.Permission{}, |
|
&model.RolePermission{}, |
|
); err != nil { |
|
return err |
|
} |
|
|
|
// 为权限表添加code字段 |
|
if err := AddPermissionCodeField(db); err != nil { |
|
return err |
|
} |
|
|
|
// 创建路由相关表 |
|
if err := CreateRouteTables(db, log); err != nil { |
|
return err |
|
} |
|
|
|
// 移除相关表的 delete_at 字段 |
|
if err := RemoveDeleteAtFields(db, log); err != nil { |
|
return err |
|
} |
|
|
|
// 为 frontend_backend_routes 表添加唯一索引 |
|
if err := AddUniqueIndexToFrontendBackendRoutes(db, log); err != nil { |
|
return err |
|
} |
|
|
|
// 创建默认角色 |
|
if err := createDefaultRoles(db); err != nil { |
|
return err |
|
} |
|
|
|
// 创建默认管理员用户 |
|
if err := createDefaultAdmin(db); err != nil { |
|
return err |
|
} |
|
|
|
// 创建默认密码策略 |
|
if err := createDefaultPasswordPolicy(db); err != nil { |
|
return err |
|
} |
|
|
|
// 创建默认权限 |
|
if err := createDefaultPermissions(db); err != nil { |
|
return err |
|
} |
|
|
|
return nil |
|
} |
|
|
|
// ensureUserFields 确保用户表有必要的字段 |
|
func ensureUserFields(db *gorm.DB) error { |
|
// 检查PasswordChangedAt字段是否存在 |
|
if !db.Migrator().HasColumn(&model.User{}, "password_changed_at") { |
|
fmt.Println("添加 password_changed_at 字段到 users 表") |
|
if err := db.Exec("ALTER TABLE users ADD COLUMN password_changed_at TIMESTAMP NULL").Error; err != nil { |
|
return fmt.Errorf("添加 password_changed_at 字段失败: %w", err) |
|
} |
|
} |
|
|
|
// 检查ForceChangePassword字段是否存在 |
|
if !db.Migrator().HasColumn(&model.User{}, "force_change_password") { |
|
fmt.Println("添加 force_change_password 字段到 users 表") |
|
if err := db.Exec("ALTER TABLE users ADD COLUMN force_change_password BOOLEAN DEFAULT FALSE").Error; err != nil { |
|
return fmt.Errorf("添加 force_change_password 字段失败: %w", err) |
|
} |
|
} |
|
|
|
fmt.Println("用户表字段检查完成") |
|
return nil |
|
} |
|
|
|
// createDefaultRoles 创建默认角色 |
|
func createDefaultRoles(db *gorm.DB) error { |
|
// 检查是否已存在角色 |
|
var count int64 |
|
db.Model(&model.Role{}).Count(&count) |
|
if count > 0 { |
|
return nil // 已存在角色,跳过 |
|
} |
|
|
|
roles := []model.Role{ |
|
{ |
|
Name: "超级管理员", |
|
Code: "SUPER_ADMIN", |
|
Description: "系统超级管理员,拥有所有权限", |
|
}, |
|
{ |
|
Name: "管理员", |
|
Code: "ADMIN", |
|
Description: "系统管理员,拥有大部分权限", |
|
}, |
|
{ |
|
Name: "普通用户", |
|
Code: "USER", |
|
Description: "普通用户,拥有基本权限", |
|
}, |
|
} |
|
|
|
for _, role := range roles { |
|
if err := db.Create(&role).Error; err != nil { |
|
return err |
|
} |
|
} |
|
|
|
return nil |
|
} |
|
|
|
// createDefaultAdmin 创建默认管理员用户 |
|
func createDefaultAdmin(db *gorm.DB) error { |
|
// 检查是否已存在管理员用户 |
|
var count int64 |
|
db.Model(&model.User{}).Where("username = ?", "admin").Count(&count) |
|
if count > 0 { |
|
return nil // 已存在管理员用户,跳过 |
|
} |
|
|
|
// 创建默认管理员用户 |
|
adminUser := &model.User{ |
|
Username: "admin", |
|
Password: "$2a$10$92IXUNpkjO0rOQ5byMi.Ye4oKoEa3Ro9llC/.og/at2.uheWG/igi", // "password" |
|
Email: "admin@gofaster.com", |
|
Phone: "13800138000", |
|
Status: 1, // 正常状态 |
|
} |
|
|
|
if err := db.Create(adminUser).Error; err != nil { |
|
return err |
|
} |
|
|
|
// 获取超级管理员角色 |
|
var superAdminRole model.Role |
|
if err := db.Where("code = ?", "SUPER_ADMIN").First(&superAdminRole).Error; err != nil { |
|
return err |
|
} |
|
|
|
// 关联超级管理员角色 |
|
if err := db.Model(adminUser).Association("Roles").Append(&superAdminRole); err != nil { |
|
return err |
|
} |
|
|
|
return nil |
|
} |
|
|
|
// createDefaultPasswordPolicy 创建默认密码策略 |
|
func createDefaultPasswordPolicy(db *gorm.DB) error { |
|
// 检查是否已存在默认策略 |
|
var count int64 |
|
db.Model(&model.PasswordPolicy{}).Count(&count) |
|
if count > 0 { |
|
return nil // 已存在默认策略,跳过 |
|
} |
|
|
|
// 创建默认密码策略(1级) |
|
defaultPolicy := &model.PasswordPolicy{ |
|
Level: 1, |
|
MinRequiredLevel: 1, // 新增:要求最低1级强度 |
|
MinLength: 6, |
|
RequireUppercase: false, |
|
RequireLowercase: false, |
|
RequireNumbers: false, |
|
RequireSpecial: false, |
|
MinCharTypes: 1, |
|
ExpirationDays: 30, |
|
PreventReuse: 3, |
|
IsActive: true, |
|
} |
|
|
|
if err := db.Create(defaultPolicy).Error; err != nil { |
|
return err |
|
} |
|
|
|
return nil |
|
} |
|
|
|
// createDefaultPermissions 创建默认权限 |
|
func createDefaultPermissions(db *gorm.DB) error { |
|
// 检查是否已存在权限 |
|
var count int64 |
|
db.Model(&model.Permission{}).Count(&count) |
|
if count > 0 { |
|
return nil // 已存在权限,跳过 |
|
} |
|
|
|
permissions := []model.Permission{ |
|
// 用户管理权限 |
|
{ |
|
Name: "查看用户列表", |
|
Code: "user:list", |
|
Description: "查看系统用户列表", |
|
Resource: "user", |
|
Action: "list", |
|
}, |
|
{ |
|
Name: "创建用户", |
|
Code: "user:create", |
|
Description: "创建新用户", |
|
Resource: "user", |
|
Action: "create", |
|
}, |
|
{ |
|
Name: "编辑用户", |
|
Code: "user:update", |
|
Description: "编辑用户信息", |
|
Resource: "user", |
|
Action: "update", |
|
}, |
|
{ |
|
Name: "删除用户", |
|
Code: "user:delete", |
|
Description: "删除用户", |
|
Resource: "user", |
|
Action: "delete", |
|
}, |
|
// 角色管理权限 |
|
{ |
|
Name: "查看角色列表", |
|
Code: "role:list", |
|
Description: "查看系统角色列表", |
|
Resource: "role", |
|
Action: "list", |
|
}, |
|
{ |
|
Name: "创建角色", |
|
Code: "role:create", |
|
Description: "创建新角色", |
|
Resource: "role", |
|
Action: "create", |
|
}, |
|
{ |
|
Name: "编辑角色", |
|
Code: "role:update", |
|
Description: "编辑角色信息", |
|
Resource: "role", |
|
Action: "update", |
|
}, |
|
{ |
|
Name: "删除角色", |
|
Code: "role:delete", |
|
Description: "删除角色", |
|
Resource: "role", |
|
Action: "delete", |
|
}, |
|
{ |
|
Name: "分配角色权限", |
|
Code: "role:assign_permissions", |
|
Description: "为角色分配权限", |
|
Resource: "role", |
|
Action: "assign_permissions", |
|
}, |
|
// 权限管理权限 |
|
{ |
|
Name: "查看权限列表", |
|
Code: "permission:list", |
|
Description: "查看系统权限列表", |
|
Resource: "permission", |
|
Action: "list", |
|
}, |
|
{ |
|
Name: "创建权限", |
|
Code: "permission:create", |
|
Description: "创建新权限", |
|
Resource: "permission", |
|
Action: "create", |
|
}, |
|
{ |
|
Name: "编辑权限", |
|
Code: "permission:update", |
|
Description: "编辑权限信息", |
|
Resource: "permission", |
|
Action: "update", |
|
}, |
|
{ |
|
Name: "删除权限", |
|
Code: "permission:delete", |
|
Description: "删除权限", |
|
Resource: "permission", |
|
Action: "delete", |
|
}, |
|
// 系统管理权限 |
|
{ |
|
Name: "系统设置", |
|
Code: "system:settings", |
|
Description: "管理系统设置", |
|
Resource: "system", |
|
Action: "settings", |
|
}, |
|
{ |
|
Name: "查看系统日志", |
|
Code: "system:logs", |
|
Description: "查看系统日志", |
|
Resource: "system", |
|
Action: "logs", |
|
}, |
|
} |
|
|
|
for _, permission := range permissions { |
|
if err := db.Create(&permission).Error; err != nil { |
|
return err |
|
} |
|
} |
|
|
|
fmt.Println("✅ 默认权限创建完成") |
|
return nil |
|
}
|
|
|