OrgTJWater/TJWaterServerBinary
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

初步实现数据加密、权限管理、日志审计等功能

Browse Source
This commit is contained in:
Jiang
2026-02-02 10:09:28 +08:00
parent b6b37a453b
commit 807e634318
27 changed files with 3787 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

67
resources/sql/001_create_users_table.sql Normal file
View File

@@ -0,0 +1,67 @@
-- ============================================
-- TJWater Server 用户系统数据库迁移脚本
-- ============================================
-- 创建用户表
CREATE TABLE IF NOT EXISTS users (
id SERIAL PRIMARY KEY,
username VARCHAR(50) UNIQUE NOT NULL,
email VARCHAR(100) UNIQUE NOT NULL,
hashed_password VARCHAR(255) NOT NULL,
role VARCHAR(20) DEFAULT 'USER' NOT NULL,
is_active BOOLEAN DEFAULT TRUE NOT NULL,
is_superuser BOOLEAN DEFAULT FALSE NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL,
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL,
CONSTRAINT users_role_check CHECK (role IN ('ADMIN', 'OPERATOR', 'USER', 'VIEWER'))
);
-- 创建索引
CREATE INDEX IF NOT EXISTS idx_users_username ON users(username);
CREATE INDEX IF NOT EXISTS idx_users_email ON users(email);
CREATE INDEX IF NOT EXISTS idx_users_role ON users(role);
CREATE INDEX IF NOT EXISTS idx_users_is_active ON users(is_active);
-- 创建触发器自动更新 updated_at
CREATE OR REPLACE FUNCTION update_updated_at_column()
RETURNS TRIGGER AS $$
BEGIN
NEW.updated_at = CURRENT_TIMESTAMP;
RETURN NEW;
END;
$$ LANGUAGE plpgsql;
DROP TRIGGER IF EXISTS update_users_updated_at ON users;
CREATE TRIGGER update_users_updated_at
BEFORE UPDATE ON users
FOR EACH ROW
EXECUTE FUNCTION update_updated_at_column();
-- 创建默认管理员账号 (密码: admin123)
INSERT INTO users (username, email, hashed_password, role, is_superuser)
VALUES (
'admin',
'admin@tjwater.com',
'$2b$12$LQv3c1yqBWVHxkd0LHAkCOYz6TtxMQJqhN8/LewY5aeAJK.1tYKAW',
'ADMIN',
TRUE
) ON CONFLICT (username) DO NOTHING;
-- 迁移现有硬编码用户 (tjwater/tjwater@123)
INSERT INTO users (username, email, hashed_password, role, is_superuser)
VALUES (
'tjwater',
'tjwater@tjwater.com',
'$2b$12$EixZaYVK1fsbw1ZfbX3OXePaWxn96p36WQoeG6Lruj3vjPGga31lW',
'ADMIN',
TRUE
) ON CONFLICT (username) DO NOTHING;
-- 添加注释
COMMENT ON TABLE users IS '用户表 - 存储系统用户信息';
COMMENT ON COLUMN users.id IS '用户ID主键';
COMMENT ON COLUMN users.username IS '用户名(唯一)';
COMMENT ON COLUMN users.email IS '邮箱地址(唯一)';
COMMENT ON COLUMN users.hashed_password IS 'bcrypt 密码哈希';
COMMENT ON COLUMN users.role IS '用户角色: ADMIN, OPERATOR, USER, VIEWER';