From 4022a395c81d0e1290d90d222b732ad06e3a5f2a Mon Sep 17 00:00:00 2001
From: wanglei <34475144@qqcom>
Date: Wed, 29 Oct 2025 23:54:17 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E7=B3=BB=E7=BB=9F=E5=90=8D?=
 =?UTF-8?q?=E7=A7=B0=EF=BC=8C=E4=BF=AE=E6=94=B9=E9=85=8D=E7=BD=AE=E6=96=87?=
 =?UTF-8?q?=E4=BB=B6=E9=94=99=E8=AF=AF=EF=BC=8C=E5=A2=9E=E5=8A=A0=E7=99=BB?=
 =?UTF-8?q?=E5=BD=95=E9=AA=8C=E8=AF=81=E7=9B=B8=E5=85=B3=E9=80=BB=E8=BE=91?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 conf/auth/auth.conf                           |   4 +-
 .../{organization.conf => department.conf}    |   0
 src/api/auth/auth.lua                         |  10 +-
 src/config.lua                                |   2 +
 src/dao/auth.lua                              |  69 +++++++++
 src/service/auth/auth.lua                     | 137 ++++++------------
 src/share/database.lua                        |   4 +-
 src/share/model.lua                           |  36 ++---
 8 files changed, 140 insertions(+), 122 deletions(-)
 rename conf/system/{organization.conf => department.conf} (100%)
 create mode 100644 src/dao/auth.lua

diff --git a/conf/auth/auth.conf b/conf/auth/auth.conf
index 287e670..b5782f1 100644
--- a/conf/auth/auth.conf
+++ b/conf/auth/auth.conf
@@ -1,4 +1,4 @@
 #API接口文件
-location /api/system/auth {
-    content_by_lua_file '/home/frankly/work/AuthPlatform/src/api/system/auth.lua';
+location /api/auth {
+    content_by_lua_file '/home/frankly/work/AuthPlatform/src/api/auth/auth.lua';
 }
\ No newline at end of file
diff --git a/conf/system/organization.conf b/conf/system/department.conf
similarity index 100%
rename from conf/system/organization.conf
rename to conf/system/department.conf
diff --git a/src/api/auth/auth.lua b/src/api/auth/auth.lua
index 2c70f83..ba4da4c 100644
--- a/src/api/auth/auth.lua
+++ b/src/api/auth/auth.lua
@@ -6,7 +6,7 @@
 --解析url路由过滤库
 local radix = require("resty.radixtree")
 --数据表业务处理
-local systemAuth = require("service.system.auth")
+local authService = require("service.auth.auth")
 
 --定义相关路由，前端接口url地址
 local routes = {
@@ -15,15 +15,15 @@ local routes = {
     --------------------------------------------
     --用户登录路由接口
     {
-        paths = { "/api/login" },
+        paths = { "/api/auth/login" },
         methods = { "POST" },
-        handler = systemAuth.login,
+        handler = authService.login,
     },
     --用户退出路由接口
     {
-        paths = { "/api/logout/:id" },
+        paths = { "/api/auth/logout/:id" },
         methods = { "POST" },
-        handler = systemAuth.logout,
+        handler = authService.logout,
     },
 }
 
diff --git a/src/config.lua b/src/config.lua
index df4fba9..6970a85 100644
--- a/src/config.lua
+++ b/src/config.lua
@@ -11,6 +11,8 @@ return {
 
     time_zone = "+8:00", -- UTC + 8
 
+    secret_key = "!@#$5412$#@!",  -- 确保这个密钥足够安全并保密
+
     REDIS_PREFIX = 'Auth:',
     -- 配置redis数据库连接
     REDIS = {
diff --git a/src/dao/auth.lua b/src/dao/auth.lua
new file mode 100644
index 0000000..2f23a68
--- /dev/null
+++ b/src/dao/auth.lua
@@ -0,0 +1,69 @@
+---
+--- Generated by EmmyLua(https://github.com/EmmyLua)
+--- Created by frankly.
+--- DateTime: 2025/10/29 23:36
+---
+local userDao = require("dao.user")
+
+local _M = {}
+
+--认证用户返回用户数据信息
+local function authenticate(name, passwd)
+    --验证用户名是否为空
+    if name == "" then
+        return 0x010003, nil
+    end
+    --验证密码是否为空
+    if passwd == "" then
+        return 0x010002, nil
+    end
+    --根据用户进行验证用户是否存在
+    local code, res = userDao:where("name", "=", name):where("password", "=", passwd):get()
+    if code == 0 and res ~= nil then
+        return code, res
+    end
+    --根据手机号进行验证用户是否存在
+    code, res = userDao:where("phone", "=", name):where("password", "=", passwd):get()
+    if code == 0 and res ~= nil then
+        return code, res
+    end
+    --根据邮箱进行验证用户是否存在
+    code, res = userDao:where("email", "=", name):where("password", "=", passwd):get()
+    if code == 0 and res ~= nil then
+        return code, res
+    end
+    --查询不到用户信息
+    return 0x010003, nil
+end
+
+--用户登录业务逻辑处理
+function _M.login(jsonData)
+    --解析json中的键和数据值
+    local name = jsonData["name"]
+    local passwd = jsonData["password"]
+    local captcha = jsonData["captcha"]
+    local checkKey = jsonData["checkKey"]
+    --验证用户名是否为空
+    local code, res = authenticate(name, passwd)
+    if code ~= 0 then
+        return 0x000001,res
+    end
+    local num = 0
+    if res ~= nil then
+        num = table.getn(res)
+    end
+    --用户存在时返回用户已经存在
+    if num <= 0 then
+        return 0x01000C,nil
+    end
+    return 0, res
+end
+
+--用户登出业务逻辑处理
+function _M.logout(jsonData)
+    local code = 0
+    local ret = "{}"
+    return code, ret
+end
+
+return _M
\ No newline at end of file
diff --git a/src/service/auth/auth.lua b/src/service/auth/auth.lua
index ff6eabc..806f2d9 100644
--- a/src/service/auth/auth.lua
+++ b/src/service/auth/auth.lua
@@ -3,46 +3,70 @@
 --- Created by admin.
 --- DateTime: 2025/10/28 11:09
 ---
-local helpers = require("share.helpers")
+local jsonschema = require("jsonschema")
 local resp = require("util.response")
-local user = require("model.user")
+local authDao = require("dao.auth")
+local jwt = require("resty.jwt")
+local conf = require("config")
 
 local _M = {}
 
-local dao = require("service.system.auth")
+-- 定义一个JSON Schema
+local schema = {
+    {type = "object", properties = {
+        {name = "username", type = "string"},
+        {name = "password", type = "string"},
+        {name = "captcha", type = "string"},
+        {name = "checkKey", type = "string"},
+    }, required = {"username", "password"}}
+}
+
+--设置JWT的有效载荷
+local obj = {
+    header = {typ="JWT", alg="HS256"},
+    payload = {                 -- 自定义数据
+        username = "",
+        role = "",
+        --iss = "your_issuer",        -- 签发者
+        --sub = "1234567890",       -- 主题
+        exp = os.time() + 3600,    -- 过期时间（例如：当前时间+1小时）
+        iat = os.time()          -- 签发时间
+    }
+}
 
 --用户登录业务逻辑处理
 function _M.login()
-    --获取请求头并进行校验
-    if validator.checkReqHeader() == false then
-        local result = resp:json(0x000001)
-        resp:send(result)
-        return
-    end
     --读取请求体的数据
     ngx.req.read_body()
     --获取请求数据
     local body_data = ngx.req.get_body_data()
-    --判断请求体数据是否为空
-    if body_data == nil then
+    -- 验证数据是否符合schema
+    local ok, err = jsonschema:generate_validator(body_data, schema)
+    --验证失败则返回
+    if not ok then
         local result = resp:json(0x000001)
         resp:send(result)
         return
     end
     --ngx.say(body_data)
-    local code, ret = dao.login(body_data)
+    local code, ret = authDao.login(body_data)
+    --读取数据错误
+    if code ~= 0 or table.getn(ret) < 0 then
+        local result = resp:json(0x000001)
+        resp:send(result)
+        return
+    end
+    --获取的登陆的用户信息，返回tocken
+    obj.payload.username = body_data["name"]
+    obj.payload.role = ""
+    local jwt_token = jwt:sign(conf.secret_key, obj)
+    ngx.say(jwt_token)
     local result = resp:json(code, ret)
     resp:send(result)
 end
 
 --用户登出业务逻辑处理
 function _M.logout()
-    --获取请求头并进行校验
-    if validator.checkReqHeader() == false then
-        local result = resp:json(0x000001)
-        resp:send(result)
-        return
-    end
     --读取请求体的数据
     ngx.req.read_body()
     --获取请求数据
@@ -54,82 +78,7 @@ function _M.logout()
         return
     end
     --ngx.say(body_data)
-    local code, ret = dao.logout(body_data)
-    local result = resp:json(code, ret)
-    resp:send(result)
-end
-
---认证用户返回用户数据信息
-local function authenticate(name, passwd)
-    --验证用户名是否为空
-    if name == "" then
-        return 0x010003, nil
-    end
-    --验证密码是否为空
-    if passwd == "" then
-        return 0x010002, nil
-    end
-    --根据用户进行验证用户是否存在
-    local code, res = user:where("name", "=", name):where("password", "=", passwd):get()
-    if code == 0 and res ~= nil then
-        return code, res
-    end
-    --根据手机号进行验证用户是否存在
-    code, res = user:where("phone", "=", name):where("password", "=", passwd):get()
-    if code == 0 and res ~= nil then
-        return code, res
-    end
-    --根据邮箱进行验证用户是否存在
-    code, res = user:where("email", "=", name):where("password", "=", passwd):get()
-    if code == 0 and res ~= nil then
-        return code, res
-    end
-    --查询不到用户信息
-    return 0x010003, nil
-end
-
---用户登录业务逻辑处理
-function _M.login(jsonData)
-    --验证数据的正确性，错误时返回
-    local success, result = validator.checkJson(jsonData)
-    if success == false then
-        return 0x000001,result
-    end
-    --解析json中的键和数据值
-    local name = ""
-    local passwd = ""
-    local captcha = ""
-    local checkKey = ""
-    for key, value in pairs(result) do
-        if key == "username" then name = value end
-        if key == "password" then passwd = value end
-        if key == "captcha" then captcha = value end
-        if key == "checkKey" then checkKey = value end
-    end
-    --验证用户名是否为空
-    local code, res = authenticate(name, passwd)
-    if code ~= 0 then
-        return 0x000001,res
-    end
-    local num = 0
-    for _, row in ipairs(res) do
-        for key, value in pairs(row) do
-            num = num + 1
-        end
-    end
-    --用户存在时返回用户已经存在
-    if num <= 0 then
-        return 0x01000C,nil
-    end
-    --对用户进行认证返回相关的数据
-    local result = resp:json(code, res)
-    resp:send(result)
-end
-
---用户登出业务逻辑处理
-function _M.logout(jsonData)
-    local code = 0
-    local ret = "{}"
+    local code, ret = authDao.logout(body_data)
     local result = resp:json(code, ret)
     resp:send(result)
 end
diff --git a/src/share/database.lua b/src/share/database.lua
index f52e0e2..2298a29 100644
--- a/src/share/database.lua
+++ b/src/share/database.lua
@@ -14,8 +14,6 @@ local mt = { __index = _M }
 function _M:get_connection()
     local code = 0
     -- modify by wanglei : 修改添加支持postgresql连接
-
-
     if ngx.ctx[self.db_type] then
         -- if write before read, make sure write read connection the same
         if ngx.ctx[WRITE] then
@@ -35,7 +33,7 @@ function _M:get_connection()
     ---- 连接到数据库
     local ok, err = conn:connect()
     if not ok then
-        print("Connection failed: " .. err)
+        ngx.log(ngx.ERR, "Connection failed: " .. err)
         code = 0x000002
     end
     ngx.log(ngx.INFO, 'Connection success')
diff --git a/src/share/model.lua b/src/share/model.lua
index 77fb448..0992a7d 100644
--- a/src/share/model.lua
+++ b/src/share/model.lua
@@ -12,28 +12,28 @@ local WRITE = 'WRITE'
 local READ = 'READ'
 
 local database_write = Database:new({
-	host = conf.POSTGRES.host,
-	port = conf.POSTGRES.port,
-	user = conf.POSTGRES.user,
-	password = conf.POSTGRES.password,
-    database = conf.POSTGRES.database,
-	--charset = conf.POSTGRES.charset,
-	--timeout = conf.POSTGRES.timeout,
-	db_pool_timeout = conf.POSTGRES.pool_timeout,
-	db_pool_size = conf.POSTGRES.pool_size,
+	host = conf.POSTGRES.HOST,
+	port = conf.POSTGRES.PORT,
+	user = conf.POSTGRES.USERNAME,
+	password = conf.POSTGRES.PASSWORD,
+    database = conf.POSTGRES.DATABASE,
+	charset = conf.POSTGRES.CHARSET,
+	timeout = conf.POSTGRES.TIMEOUT,
+	db_pool_timeout = conf.POSTGRES.POOL_TIMEOUT,
+	db_pool_size = conf.POSTGRES.POOL_SIZE,
 	db_type = WRITE
 })
 
 local database_read = Database:new({
-	host = conf.POSTGRES.host,
-	port = conf.POSTGRES.port,
-	user = conf.POSTGRES.user,
-	password = conf.POSTGRES.password,
-	database = conf.POSTGRES.database,
-	--charset = conf.POSTGRES.charset,
-	--timeout = conf.POSTGRES.timeout,
-	db_pool_timeout = conf.POSTGRES.pool_timeout,
-	db_pool_size = conf.POSTGRES.pool_size,
+	host = conf.POSTGRES.HOST,
+	port = conf.POSTGRES.PORT,
+	user = conf.POSTGRES.USERNAME,
+	password = conf.POSTGRES.PASSWORD,
+	database = conf.POSTGRES.DATABASE,
+	charset = conf.POSTGRES.CHARSET,
+	timeout = conf.POSTGRES.TIMEOUT,
+	db_pool_timeout = conf.POSTGRES.POOL_TIMEOUT,
+	db_pool_size = conf.POSTGRES.POOL_SIZE,
 	db_type = READ
 })