ka-cn
/
vibe-coding-cn


			
				
					
						
						
							123456789101112131415161718192021
							{
	"nodes":[
		{"id":"title","type":"text","text":"# 认证鉴权系统设计\n\n**方案**: JWT + D1\n**状态**: 📋 设计中\n\n特点:\n- 无状态 JWT 认证\n- 基于角色的访问控制 (RBAC)\n- 细粒度资源权限\n- 边缘计算友好","x":-100,"y":-600,"width":380,"height":160,"color":"6"},
		{"id":"auth_flow","type":"text","text":"## 认证流程\n\n```\n1. 登录请求\n   POST /api/auth/login\n   { username, password }\n        ↓\n2. 验证密码\n   bcrypt.compare()\n        ↓\n3. 生成 JWT\n   { userId, role, exp }\n        ↓\n4. 返回 Token\n   { accessToken, refreshToken }\n        ↓\n5. 客户端存储\n   Authorization: Bearer <token>\n```","x":-500,"y":-380,"width":300,"height":340,"color":"2"},
		{"id":"jwt_structure","type":"text","text":"## JWT 结构\n\n**Header**\n```json\n{ \"alg\": \"HS256\", \"typ\": \"JWT\" }\n```\n\n**Payload**\n```json\n{\n  \"sub\": \"user-id\",\n  \"username\": \"admin\",\n  \"role\": \"admin\",\n  \"iat\": 1704067200,\n  \"exp\": 1704153600\n}\n```\n\n**有效期**\n- accessToken: 24h\n- refreshToken: 7d","x":-130,"y":-380,"width":300,"height":320,"color":"4"},
		{"id":"rbac","type":"text","text":"## RBAC 角色权限\n\n| 角色 | 权限 |\n|------|------|\n| admin | 全部操作 |\n| operator | 摄像头管理、直播控制 |\n| viewer | 仅查看 |\n\n**资源权限**\n```\nuser_permissions 表\n- view: 查看摄像头\n- control: 控制直播\n- manage: 管理配置\n```","x":240,"y":-380,"width":280,"height":280,"color":"3"},
		{"id":"middleware","type":"text","text":"## 中间件设计\n\n**authMiddleware**\n- 解析 Bearer Token\n- 验证 JWT 签名\n- 检查过期时间\n- 注入 c.set('user', payload)\n\n**requireRole(roles)**\n- 检查用户角色\n- 403 Forbidden\n\n**requirePermission(resource, action)**\n- 查询 user_permissions\n- 检查资源权限","x":-500,"y":20,"width":300,"height":260,"color":"5"},
		{"id":"api_endpoints","type":"text","text":"## API 端点\n\n**认证**\n- POST /api/auth/login\n- POST /api/auth/register\n- POST /api/auth/refresh\n- POST /api/auth/logout\n- GET  /api/auth/me\n\n**用户管理 (admin)**\n- GET  /api/users\n- GET  /api/users/:id\n- POST /api/users\n- PUT  /api/users/:id\n- DELETE /api/users/:id\n\n**权限管理 (admin)**\n- GET  /api/users/:id/permissions\n- POST /api/users/:id/permissions\n- DELETE /api/permissions/:id","x":-130,"y":0,"width":300,"height":340,"color":"2"},
		{"id":"file_structure","type":"text","text":"## 文件结构\n\n```\nsrc/\n├── middleware/\n│   └── auth.ts\n├── services/\n│   ├── auth.ts\n│   └── user.ts\n├── routes/\n│   ├── auth.ts\n│   └── user.ts\n├── utils/\n│   ├── jwt.ts\n│   └── password.ts\n└── types/\n    └── index.ts\n```","x":240,"y":-40,"width":280,"height":280,"color":"4"},
		{"id":"security","type":"text","text":"## 安全措施\n\n- 密码 bcrypt 哈希 (cost=12)\n- JWT 密钥环境变量\n- HTTPS 强制\n- Rate Limiting\n- 登录失败锁定\n- Audit Log 记录\n- CORS 白名单","x":-500,"y":340,"width":300,"height":180,"color":"1"},
		{"id":"env_config","type":"text","text":"## 环境配置\n\n**.dev.vars**\n```\nJWT_SECRET=your-secret-key\nJWT_EXPIRES_IN=86400\nREFRESH_EXPIRES_IN=604800\n```\n\n**wrangler secret**\n```bash\nwrangler secret put JWT_SECRET\n```","x":-130,"y":400,"width":300,"height":180,"color":"4"},
		{"id":"protected_routes","type":"text","text":"## 路由保护\n\n**公开路由**\n- /api/auth/login\n- /api/auth/register\n- / (健康检查)\n\n**需要认证**\n- /api/stream/*\n- /api/users/*\n- /api/auth/me\n\n**需要 admin**\n- POST/PUT/DELETE /api/users\n- /api/permissions/*","x":240,"y":300,"width":280,"height":240,"color":"3"}
	],
	"edges":[
		{"id":"edge_flow_jwt","fromNode":"auth_flow","fromSide":"right","toNode":"jwt_structure","toSide":"left","label":"生成"},
		{"id":"edge_jwt_rbac","fromNode":"jwt_structure","fromSide":"right","toNode":"rbac","toSide":"left","label":"携带 role"},
		{"id":"edge_mw_api","fromNode":"middleware","fromSide":"right","toNode":"api_endpoints","toSide":"left","label":"保护"},
		{"id":"edge_api_files","fromNode":"api_endpoints","fromSide":"right","toNode":"file_structure","toSide":"left","label":"实现"},
		{"id":"edge_mw_security","fromNode":"middleware","fromSide":"bottom","toNode":"security","toSide":"top","label":"安全策略"}
	]
}