5a7c21dd60
feat: implement complete admin authentication system
...
Deploy API Server / build-and-deploy (push) Successful in 9s
- Add AdminRole enum (SUPER_ADMIN/ADMIN/OPERATIONS/DEVELOPER/READONLY) with hierarchy
- Add PasswordService (bcryptjs, 12 rounds), AdminTokenService (type=admin JWT)
- Add AdminAuthService: login/lockout/refresh/logout with audit logging
- Add AdminAuthController: /admin-api/auth/{login,refresh,logout,me}
- Add AdminAuthGuard: validates type=admin, user status, session, lockout
- Add AdminRolesGuard + @AdminRoles() decorator for RBAC
- Add AdminAuditService for audit log persistence
- Add AdminLoginRateLimit (10 req/15min per IP)
- Add prisma/seed.ts for SUPER_ADMIN initialization via env vars
- Update JwtAuthGuard to skip /admin-api/* and /internal/* paths
- Update main.ts to exclude admin-api/internal from global 'api' prefix
- Update jwt.config.ts with admin JWT secrets and expiry config
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-21 15:05:31 +08:00
007b56dad5
feat: AI三层架构 + 全局JwtAuthGuard + 12个Repository迁Prisma
...
Deploy API Server / build-and-deploy (push) Successful in 1m0s
- AI: 新三层架构 Provider→Gateway→Workflow(15文件,DeepSeek+MiniMax)
- Auth: 全局JwtAuthGuard + @Public()装饰器白名单路由
- DB: 12个Repository从Map/Array迁到Prisma
- Schema: 新增AiUsageLog、WaitlistEntry模型
- API: /api-docs-json加Basic Auth保护
- 清理: 删除infrastructure/ai、docs/旧文档
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-17 00:39:46 +08:00
fa69749884
refactor(auth): restructure auth system, align with iOS login flow spec
...
- Split AuthService into AppleAuthService, TokenService, AuthService
- Add dev-login endpoint (dev-only, disabled in production)
- AppleLoginDto: authorizationCode optional, add userIdentifier/email/fullName/nonce
- Login/refresh responses now include user object
- logout: single-token revoke + JwtAuthGuard protection
- users.repository: switch from in-memory Map to Prisma persistence
- JWT payload includes role, guards attach full user info to request
- Dual JWT secret support (JWT_ACCESS_SECRET / JWT_REFRESH_SECRET)
- Replace jwks-rsa+jsonwebtoken with jose library
- Prisma User model: add role field
- Independent DTO files with @Transform for empty string safety
- Add 5 iOS login flow documentation files
2026-05-13 17:31:50 +08:00
ef7c1f1bc9
feat: 安全基线 + 4个安全漏洞修复 - JWT AuthGuard/OptionalAuthGuard, StrictValidationPipe, 全局异常过滤器, Redis限流429, Apple登录mock模式, BigInt精度修复, SECURITY.md
2026-05-09 18:57:33 +08:00
35de65e99b
feat: 重构 api-server 为模块化单体架构,接入 MySQL + Redis
...
- 按 BACKEND-PLAN.md 将项目重构为 4 层架构:
config/ -> common/ -> infrastructure/ -> modules/
- 15 个业务模块,遵循 Controller → Service → Repository 分层
- infrastructure: PrismaService / RedisService / QueueService / AiService / StorageService
- common: guards / interceptors / filters / pipes / decorators / dto / types / utils
- Prisma schema 含 27 张表,MySQL 8.0 服务器 db push 成功
- Redis 7 接入: 限流/任务状态/分布式锁/队列预留
- ai-analysis 模块: 每日 50 次限流 + 重复提交锁 + 异步任务状态追踪
- document-import 模块: 异步导入流程 + 进度追踪
- notifications 模块: BullMQ notification 队列预留
- /health 端点实时返回 database + redis 连接状态
- Swagger 注册 15 个 tag,67 个路由全部映射
2026-05-09 18:25:04 +08:00
