ka-cn
/
vibe-coding-cn


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146
							{
  "nodes": [
    {
      "id": "title",
      "type": "text",
      "text": "# 认证鉴权系统设计\n\n**方案**: JWT + D1\n**状态**: 📋 设计中\n\n特点:\n- 无状态 JWT 认证\n- 基于角色的访问控制 (RBAC)\n- 细粒度资源权限\n- 边缘计算友好",
      "x": -100,
      "y": -600,
      "width": 380,
      "height": 160,
      "color": "6"
    },
    {
      "id": "auth_flow",
      "type": "text",
      "text": "## 认证流程\n\n```\n1. 登录请求\n   POST /api/auth/login\n   { username, password }\n        ↓\n2. 验证密码\n   bcrypt.compare()\n        ↓\n3. 生成 JWT\n   { userId, role, exp }\n        ↓\n4. 返回 Token\n   { accessToken, refreshToken }\n        ↓\n5. 客户端存储\n   Authorization: Bearer <token>\n```",
      "x": -500,
      "y": -380,
      "width": 300,
      "height": 340,
      "color": "2"
    },
    {
      "id": "jwt_structure",
      "type": "text",
      "text": "## JWT 结构\n\n**Header**\n```json\n{ \"alg\": \"HS256\", \"typ\": \"JWT\" }\n```\n\n**Payload**\n```json\n{\n  \"sub\": \"user-id\",\n  \"username\": \"admin\",\n  \"role\": \"admin\",\n  \"iat\": 1704067200,\n  \"exp\": 1704153600\n}\n```\n\n**有效期**\n- accessToken: 24h\n- refreshToken: 7d",
      "x": -130,
      "y": -380,
      "width": 300,
      "height": 320,
      "color": "4"
    },
    {
      "id": "rbac",
      "type": "text",
      "text": "## RBAC 角色权限\n\n| 角色 | 权限 |\n|------|------|\n| admin | 全部操作 |\n| operator | 摄像头管理、直播控制 |\n| viewer | 仅查看 |\n\n**资源权限**\n```\nuser_permissions 表\n- view: 查看摄像头\n- control: 控制直播\n- manage: 管理配置\n```",
      "x": 240,
      "y": -380,
      "width": 280,
      "height": 280,
      "color": "3"
    },
    {
      "id": "middleware",
      "type": "text",
      "text": "## 中间件设计\n\n**authMiddleware**\n- 解析 Bearer Token\n- 验证 JWT 签名\n- 检查过期时间\n- 注入 c.set('user', payload)\n\n**requireRole(roles)**\n- 检查用户角色\n- 403 Forbidden\n\n**requirePermission(resource, action)**\n- 查询 user_permissions\n- 检查资源权限",
      "x": -500,
      "y": 20,
      "width": 300,
      "height": 260,
      "color": "5"
    },
    {
      "id": "api_endpoints",
      "type": "text",
      "text": "## API 端点\n\n**认证**\n- POST /api/auth/login\n- POST /api/auth/register\n- POST /api/auth/refresh\n- POST /api/auth/logout\n- GET  /api/auth/me\n\n**用户管理 (admin)**\n- GET  /api/users\n- GET  /api/users/:id\n- POST /api/users\n- PUT  /api/users/:id\n- DELETE /api/users/:id\n\n**权限管理 (admin)**\n- GET  /api/users/:id/permissions\n- POST /api/users/:id/permissions\n- DELETE /api/permissions/:id",
      "x": -130,
      "y": 0,
      "width": 300,
      "height": 340,
      "color": "2"
    },
    {
      "id": "file_structure",
      "type": "text",
      "text": "## 文件结构\n\n```\nsrc/\n├── middleware/\n│   └── auth.ts\n├── services/\n│   ├── auth.ts\n│   └── user.ts\n├── routes/\n│   ├── auth.ts\n│   └── user.ts\n├── utils/\n│   ├── jwt.ts\n│   └── password.ts\n└── types/\n    └── index.ts\n```",
      "x": 240,
      "y": -40,
      "width": 280,
      "height": 280,
      "color": "4"
    },
    {
      "id": "security",
      "type": "text",
      "text": "## 安全措施\n\n- 密码 bcrypt 哈希 (cost=12)\n- JWT 密钥环境变量\n- HTTPS 强制\n- Rate Limiting\n- 登录失败锁定\n- Audit Log 记录\n- CORS 白名单",
      "x": -500,
      "y": 340,
      "width": 300,
      "height": 180,
      "color": "1"
    },
    {
      "id": "env_config",
      "type": "text",
      "text": "## 环境配置\n\n**.dev.vars**\n```\nJWT_SECRET=your-secret-key\nJWT_EXPIRES_IN=86400\nREFRESH_EXPIRES_IN=604800\n```\n\n**wrangler secret**\n```bash\nwrangler secret put JWT_SECRET\n```",
      "x": -130,
      "y": 400,
      "width": 300,
      "height": 180,
      "color": "4"
    },
    {
      "id": "protected_routes",
      "type": "text",
      "text": "## 路由保护\n\n**公开路由**\n- /api/auth/login\n- /api/auth/register\n- / (健康检查)\n\n**需要认证**\n- /api/stream/*\n- /api/users/*\n- /api/auth/me\n\n**需要 admin**\n- POST/PUT/DELETE /api/users\n- /api/permissions/*",
      "x": 240,
      "y": 300,
      "width": 280,
      "height": 240,
      "color": "3"
    }
  ],
  "edges": [
    {
      "id": "edge_flow_jwt",
      "fromNode": "auth_flow",
      "fromSide": "right",
      "toNode": "jwt_structure",
      "toSide": "left",
      "label": "生成"
    },
    {
      "id": "edge_jwt_rbac",
      "fromNode": "jwt_structure",
      "fromSide": "right",
      "toNode": "rbac",
      "toSide": "left",
      "label": "携带 role"
    },
    {
      "id": "edge_mw_api",
      "fromNode": "middleware",
      "fromSide": "right",
      "toNode": "api_endpoints",
      "toSide": "left",
      "label": "保护"
    },
    {
      "id": "edge_api_files",
      "fromNode": "api_endpoints",
      "fromSide": "right",
      "toNode": "file_structure",
      "toSide": "left",
      "label": "实现"
    },
    {
      "id": "edge_mw_security",
      "fromNode": "middleware",
      "fromSide": "bottom",
      "toNode": "security",
      "toSide": "top",
      "label": "安全策略"
    }
  ]
}