hailin
/
rwadurian
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(authorization-service): Implement complete authorization service with DDD architecture 

## Features
- Province/City Company authorization (省代/市代授权)
- Community authorization (社区授权)
- Monthly assessment with ladder targets (月度阶梯考核)
- Team validation for referral chain conflicts (推荐链授权冲突检测)
- First place ranking rewards (区域第一名奖励)

## Architecture
- Domain Layer: Aggregates, Entities, Value Objects, Domain Events, Services
- Application Layer: Commands, Services, Schedulers
- Infrastructure Layer: Prisma ORM, Redis Cache, Kafka Events
- API Layer: Controllers, DTOs, Guards

## Testing
- Unit tests: 33 tests (aggregates, entities, value objects)
- Integration tests: 30 tests (domain services)
- E2E tests: 6 tests (API endpoints)
- Docker test environment with PostgreSQL, Redis, Kafka

## Documentation
- ARCHITECTURE.md: System design and DDD patterns
- API.md: REST API endpoints reference
- DEVELOPMENT.md: Development guide
- TESTING.md: Testing strategies and examples
- DEPLOYMENT.md: Docker/Kubernetes deployment

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Developer 2025-12-01 06:30:07 -08:00
parent 9ab7ff3ef1
commit ea03df9059
118 changed files with 20325 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
backend/services/authorization-service/.env.example Normal file
View File

@ -0,0 +1,24 @@
# Application
APP_PORT=3002
APP_ENV=development
# Database
DATABASE_URL=postgresql://postgres:password@localhost:5432/authorization_db?schema=public
# Redis
REDIS_HOST=localhost
REDIS_PORT=6379
REDIS_PASSWORD=
# Kafka
KAFKA_BROKERS=localhost:9092
KAFKA_CLIENT_ID=authorization-service
KAFKA_CONSUMER_GROUP=authorization-consumer-group
# JWT
JWT_SECRET=your-jwt-secret-key
JWT_EXPIRES_IN=7d
# Service URLs
IDENTITY_SERVICE_URL=http://localhost:3000
REFERRAL_SERVICE_URL=http://localhost:3001

25
backend/services/authorization-service/.eslintrc.js Normal file
View File

@ -0,0 +1,25 @@
module.exports = {
parser: '@typescript-eslint/parser',
parserOptions: {
project: 'tsconfig.json',
tsconfigRootDir: __dirname,
sourceType: 'module',
},
plugins: ['@typescript-eslint/eslint-plugin'],
extends: [
'plugin:@typescript-eslint/recommended',
'plugin:prettier/recommended',
],
root: true,
env: {
node: true,
jest: true,
},
ignorePatterns: ['.eslintrc.js'],
rules: {
'@typescript-eslint/interface-name-prefix': 'off',
'@typescript-eslint/explicit-function-return-type': 'off',
'@typescript-eslint/explicit-module-boundary-types': 'off',
'@typescript-eslint/no-explicit-any': 'off',
},
}

47
backend/services/authorization-service/.gitignore vendored Normal file
View File

@ -0,0 +1,47 @@
# compiled output
/dist
/node_modules
# Logs
logs
*.log
npm-debug.log*
pnpm-debug.log*
yarn-debug.log*
yarn-error.log*
lerna-debug.log*
# OS
.DS_Store
# Tests
/coverage
/.nyc_output
# IDEs and editors
/.idea
.project
.classpath
.c9/
*.launch
.settings/
*.sublime-workspace
# IDE - VSCode
.vscode/*
!.vscode/settings.json
!.vscode/tasks.json
!.vscode/launch.json
!.vscode/extensions.json
# Environment
.env
.env.local
.env.development
.env.test
.env.production
!.env.example
# Prisma
prisma/migrations/*
!prisma/migrations/.gitkeep

7
backend/services/authorization-service/.prettierrc Normal file
View File

@ -0,0 +1,7 @@
{
"singleQuote": true,
"trailingComma": "all",
"semi": false,
"printWidth": 100,
"tabWidth": 2
}

44
backend/services/authorization-service/Dockerfile
View File

@ -0,0 +1,44 @@
# Build stage
FROM node:20-alpine AS builder
WORKDIR /app
# Copy package files
COPY package*.json ./
COPY prisma ./prisma/
# Install dependencies
RUN npm ci
# Generate Prisma client
RUN npx prisma generate
# Copy source code
COPY . .
# Build application
RUN npm run build
# Production stage
FROM node:20-alpine AS production
WORKDIR /app
# Copy package files
COPY package*.json ./
COPY prisma ./prisma/
# Install production dependencies only
RUN npm ci --only=production
# Copy Prisma client
COPY --from=builder /app/node_modules/.prisma ./node_modules/.prisma
# Copy built application
COPY --from=builder /app/dist ./dist
# Expose port
EXPOSE 3002
# Start application
CMD ["node", "dist/main"]

23
backend/services/authorization-service/Dockerfile.test Normal file
View File

@ -0,0 +1,23 @@
# Test Dockerfile
FROM node:20-alpine
WORKDIR /app
# Install OpenSSL for Prisma
RUN apk add --no-cache openssl openssl-dev libc6-compat
# Copy package files
COPY package*.json ./
COPY prisma ./prisma/
# Install all dependencies (including devDependencies)
RUN npm ci
# Generate Prisma client
RUN npx prisma generate
# Copy source code and tests
COPY . .
# Default command
CMD ["npm", "run", "test:all"]

97
backend/services/authorization-service/Makefile Normal file
View File

@ -0,0 +1,97 @@
.PHONY: test test-unit test-integration test-e2e test-cov test-docker test-docker-all clean
# Default test command
test:
npm test
# Unit tests only
test-unit:
npm run test:unit
# Integration tests only
test-integration:
npm run test:integration
# E2E tests only
test-e2e:
npm run test:e2e
# Run all tests with coverage
test-cov:
npm run test:cov
# Run all tests locally
test-all:
npm run test:all
# Docker-based tests
test-docker:
docker-compose -f docker-compose.test.yml up --build --abort-on-container-exit
test-docker-all:
docker-compose -f docker-compose.test.yml up --build --abort-on-container-exit authorization-service-test
# Clean up test containers
test-docker-clean:
docker-compose -f docker-compose.test.yml down -v --remove-orphans
# Build the application
build:
npm run build
# Lint the code
lint:
npm run lint
# Format the code
format:
npm run format
# Generate Prisma client
prisma-generate:
npx prisma generate
# Run database migrations
prisma-migrate:
npx prisma migrate dev
# Start development server
dev:
npm run start:dev
# Start production server
start:
npm run start:prod
# Clean build artifacts
clean:
rm -rf dist coverage node_modules/.cache
# Install dependencies
install:
npm ci && npx prisma generate
# Full CI pipeline
ci: install lint test-all build
@echo "CI pipeline completed successfully"
# Help
help:
@echo "Available targets:"
@echo " test - Run all tests"
@echo " test-unit - Run unit tests"
@echo " test-integration - Run integration tests"
@echo " test-e2e - Run E2E tests"
@echo " test-cov - Run tests with coverage"
@echo " test-all - Run all test suites"
@echo " test-docker - Run tests in Docker"
@echo " test-docker-all - Run all tests in Docker"
@echo " test-docker-clean - Clean up Docker test containers"
@echo " build - Build the application"
@echo " lint - Lint the code"
@echo " format - Format the code"
@echo " dev - Start development server"
@echo " start - Start production server"
@echo " clean - Clean build artifacts"
@echo " install - Install dependencies"
@echo " ci - Run full CI pipeline"

75
backend/services/authorization-service/docker-compose.test.yml Normal file
View File

@ -0,0 +1,75 @@
services:
test-db:
image: postgres:15-alpine
environment:
POSTGRES_USER: test
POSTGRES_PASSWORD: test
POSTGRES_DB: authorization_test
ports:
- "5433:5432"
healthcheck:
test: ["CMD-SHELL", "pg_isready -U test -d authorization_test"]
interval: 5s
timeout: 5s
retries: 5
test-redis:
image: redis:7-alpine
ports:
- "6380:6379"
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 5s
timeout: 5s
retries: 5
test-kafka:
image: apache/kafka:3.7.0
environment:
KAFKA_NODE_ID: 1
KAFKA_PROCESS_ROLES: broker,controller
KAFKA_LISTENERS: PLAINTEXT://:9092,CONTROLLER://:9093
KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://test-kafka:9092
KAFKA_CONTROLLER_LISTENER_NAMES: CONTROLLER
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: CONTROLLER:PLAINTEXT,PLAINTEXT:PLAINTEXT
KAFKA_CONTROLLER_QUORUM_VOTERS: 1@test-kafka:9093
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR: 1
KAFKA_TRANSACTION_STATE_LOG_MIN_ISR: 1
KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS: 0
CLUSTER_ID: MkU3OEVBNTcwNTJENDM2Qk
ports:
- "9093:9092"
healthcheck:
test: ["CMD-SHELL", "/opt/kafka/bin/kafka-topics.sh --bootstrap-server localhost:9092 --list || exit 1"]
interval: 10s
timeout: 10s
retries: 10
start_period: 30s
authorization-service-test:
build:
context: .
dockerfile: Dockerfile.test
environment:
DATABASE_URL: postgresql://test:test@test-db:5432/authorization_test
REDIS_HOST: test-redis
REDIS_PORT: 6379
KAFKA_BROKERS: test-kafka:9092
JWT_SECRET: test-jwt-secret-key-for-docker-tests
JWT_EXPIRES_IN: 1h
NODE_ENV: test
depends_on:
test-db:
condition: service_healthy
test-redis:
condition: service_healthy
test-kafka:
condition: service_healthy
volumes:
- ./coverage:/app/coverage
command: sh -c "npx prisma migrate deploy && npm run test:unit && npm run test:integration && npm run test:e2e"
networks:
default:
driver: bridge

796
backend/services/authorization-service/docs/API.md Normal file
View File

@ -0,0 +1,796 @@
# Authorization Service API 文档
## 目录
1. [概述](#概述)
2. [认证](#认证)
3. [通用响应格式](#通用响应格式)
4. [用户授权接口](#用户授权接口)
5. [管理员授权接口](#管理员授权接口)
6. [考核接口](#考核接口)
7. [管理员考核接口](#管理员考核接口)
8. [错误码](#错误码)
---
## 概述
Authorization Service 提供 RESTful API 用于管理用户授权和月度考核。
- **Base URL**: `/api/v1`
- **Content-Type**: `application/json`
- **认证方式**: JWT Bearer Token
---
## 认证
所有接口都需要 JWT 认证,除非特别说明。
### 请求头
```http
Authorization: Bearer <jwt_token>
```
### Token 结构
```json
{
"sub": "user-id",
"roles": ["USER", "ADMIN"],
"iat": 1700000000,
"exp": 1700086400
}
```
---
## 通用响应格式
### 成功响应
```json
{
"success": true,
"data": { ... },
"message": "操作成功"
}
```
### 错误响应
```json
{
"success": false,
"error": {
"code": "ERROR_CODE",
"message": "错误描述"
}
}
```
---
## 用户授权接口
### 1. 获取我的授权列表
获取当前用户的所有授权角色。
**请求**
```http
GET /api/v1/authorizations/my
```
**响应**
```json
{
"success": true,
"data": [
{
"id": "auth-123",
"roleType": "AUTH_PROVINCE_COMPANY",
"status": "ACTIVE",
"provinceCode": "430000",
"provinceName": "湖南省",
"cityCode": null,
"cityName": null,
"communityName": null,
"authorizedAt": "2024-01-15T10:30:00Z",
"createdAt": "2024-01-01T08:00:00Z"
}
]
}
```
---
### 2. 申请省代公司授权
用户申请成为省代公司。
**请求**
```http
POST /api/v1/authorizations/province
Content-Type: application/json
{
"provinceCode": "430000",
"provinceName": "湖南省"
}
```
**参数说明**
| 参数 | 类型 | 必填 | 说明 |
|------|------|------|------|
| provinceCode | string | 是 | 省份代码6位数字 |
| provinceName | string | 是 | 省份名称 |
**响应**
```json
{
"success": true,
"data": {
"id": "auth-456",
"roleType": "AUTH_PROVINCE_COMPANY",
"status": "PENDING",
"provinceCode": "430000",
"provinceName": "湖南省",
"createdAt": "2024-01-20T09:00:00Z"
},
"message": "授权申请已提交,等待审核"
}
```
**错误场景**
| 错误码 | 说明 |
|--------|------|
| ALREADY_HAS_AUTHORIZATION | 用户已有省代或市代授权 |
| TEAM_CONFLICT | 本团队已有人申请该区域授权 |
| INVALID_PROVINCE_CODE | 省份代码格式无效 |
---
### 3. 申请市代公司授权
用户申请成为市代公司。
**请求**
```http
POST /api/v1/authorizations/city
Content-Type: application/json
{
"provinceCode": "430000",
"provinceName": "湖南省",
"cityCode": "430100",
"cityName": "长沙市"
}
```
**参数说明**
| 参数 | 类型 | 必填 | 说明 |
|------|------|------|------|
| provinceCode | string | 是 | 省份代码 |
| provinceName | string | 是 | 省份名称 |
| cityCode | string | 是 | 城市代码6位数字 |
| cityName | string | 是 | 城市名称 |
**响应**
```json
{
"success": true,
"data": {
"id": "auth-789",
"roleType": "AUTH_CITY_COMPANY",
"status": "PENDING",
"provinceCode": "430000",
"provinceName": "湖南省",
"cityCode": "430100",
"cityName": "长沙市",
"createdAt": "2024-01-20T09:00:00Z"
},
"message": "授权申请已提交,等待审核"
}
```
---
### 4. 申请社区授权
用户申请成为社区管理员。
**请求**
```http
POST /api/v1/authorizations/community
Content-Type: application/json
{
"communityName": "阳光社区"
}
```
**参数说明**
| 参数 | 类型 | 必填 | 说明 |
|------|------|------|------|
| communityName | string | 是 | 社区名称 |
**响应**
```json
{
"success": true,
"data": {
"id": "auth-abc",
"roleType": "COMMUNITY",
"status": "PENDING",
"communityName": "阳光社区",
"createdAt": "2024-01-20T09:00:00Z"
},
"message": "授权申请已提交,等待审核"
}
```
---
### 5. 获取授权详情
获取指定授权的详细信息。
**请求**
```http
GET /api/v1/authorizations/:id
```
**响应**
```json
{
"success": true,
"data": {
"id": "auth-123",
"userId": "user-001",
"roleType": "AUTH_PROVINCE_COMPANY",
"status": "ACTIVE",
"provinceCode": "430000",
"provinceName": "湖南省",
"cityCode": null,
"cityName": null,
"communityName": null,
"authorizedBy": "admin-001",
"authorizedAt": "2024-01-15T10:30:00Z",
"activatedAt": "2024-02-01T00:00:00Z",
"createdAt": "2024-01-01T08:00:00Z",
"updatedAt": "2024-02-01T00:00:00Z"
}
}
```
---
## 管理员授权接口
> 需要 `ADMIN` 角色
### 1. 创建省代公司授权(直接)
管理员直接为用户创建省代公司授权。
**请求**
```http
POST /api/v1/admin/authorizations/province-company
Content-Type: application/json
{
"userId": "user-001",
"provinceCode": "430000",
"provinceName": "湖南省"
}
```
**参数说明**
| 参数 | 类型 | 必填 | 说明 |
|------|------|------|------|
| userId | string | 是 | 目标用户ID |
| provinceCode | string | 是 | 省份代码 |
| provinceName | string | 是 | 省份名称 |
**响应**
```json
{
"success": true,
"data": {
"id": "auth-123",
"userId": "user-001",
"roleType": "AUTH_PROVINCE_COMPANY",
"status": "APPROVED",
"provinceCode": "430000",
"provinceName": "湖南省",
"authorizedBy": "admin-001",
"authorizedAt": "2024-01-20T10:00:00Z"
},
"message": "省代公司授权创建成功"
}
```
---
### 2. 创建市代公司授权(直接)
管理员直接为用户创建市代公司授权。
**请求**
```http
POST /api/v1/admin/authorizations/city-company
Content-Type: application/json
{
"userId": "user-002",
"provinceCode": "430000",
"provinceName": "湖南省",
"cityCode": "430100",
"cityName": "长沙市"
}
```
---
### 3. 审核授权申请
审核用户提交的授权申请。
**请求**
```http
POST /api/v1/admin/authorizations/:id/review
Content-Type: application/json
{
"approved": true,
"reason": "审核通过"
}
```
**参数说明**
| 参数 | 类型 | 必填 | 说明 |
|------|------|------|------|
| approved | boolean | 是 | 是否通过 |
| reason | string | 否 | 审核原因/备注 |
**响应**
```json
{
"success": true,
"data": {
"id": "auth-123",
"status": "APPROVED",
"reviewedBy": "admin-001",
"reviewedAt": "2024-01-20T11:00:00Z",
"reviewReason": "审核通过"
},
"message": "授权审核完成"
}
```
---
### 4. 撤销授权
撤销用户的授权角色。
**请求**
```http
POST /api/v1/admin/authorizations/:id/revoke
Content-Type: application/json
{
"reason": "违规操作"
}
```
**响应**
```json
{
"success": true,
"data": {
"id": "auth-123",
"status": "REVOKED",
"revokedBy": "admin-001",
"revokedAt": "2024-03-01T14:00:00Z",
"revokeReason": "违规操作"
},
"message": "授权已撤销"
}
```
---
### 5. 查询待审核列表
获取所有待审核的授权申请。
**请求**
```http
GET /api/v1/admin/authorizations/pending?page=1&limit=20
```
**查询参数**
| 参数 | 类型 | 必填 | 默认值 | 说明 |
|------|------|------|--------|------|
| page | number | 否 | 1 | 页码 |
| limit | number | 否 | 20 | 每页数量 |
| roleType | string | 否 | - | 筛选角色类型 |
**响应**
```json
{
"success": true,
"data": {
"items": [
{
"id": "auth-456",
"userId": "user-003",
"userName": "张三",
"roleType": "AUTH_PROVINCE_COMPANY",
"status": "PENDING",
"provinceCode": "440000",
"provinceName": "广东省",
"createdAt": "2024-01-19T16:00:00Z"
}
],
"total": 15,
"page": 1,
"limit": 20,
"totalPages": 1
}
}
```
---
### 6. 查询区域授权列表
按区域查询授权列表。
**请求**
```http
GET /api/v1/admin/authorizations/region/:regionCode
```
**响应**
```json
{
"success": true,
"data": [
{
"id": "auth-123",
"userId": "user-001",
"userName": "李四",
"roleType": "AUTH_PROVINCE_COMPANY",
"status": "ACTIVE",
"provinceCode": "430000",
"provinceName": "湖南省"
}
]
}
```
---
## 考核接口
### 1. 获取我的考核记录
获取当前用户的考核历史。
**请求**
```http
GET /api/v1/assessments/my?page=1&limit=12
```
**响应**
```json
{
"success": true,
"data": {
"items": [
{
"id": "assess-001",
"authorizationId": "auth-123",
"roleType": "AUTH_PROVINCE_COMPANY",
"assessmentMonth": "2024-01",
"monthIndex": 1,
"monthlyTarget": 150,
"cumulativeTarget": 150,
"monthlyCompleted": 180,
"cumulativeCompleted": 180,
"localPercentage": 35.5,
"localPercentagePass": true,
"exceedRatio": 1.2,
"result": "PASS",
"rankingInRegion": 3,
"isFirstPlace": false,
"isBypassed": false,
"assessedAt": "2024-02-01T00:30:00Z"
}
],
"total": 6,
"page": 1,
"limit": 12
}
}
```
---
### 2. 获取当月考核进度
获取当前授权的本月考核进度。
**请求**
```http
GET /api/v1/assessments/current/:authorizationId
```
**响应**
```json
{
"success": true,
"data": {
"authorizationId": "auth-123",
"roleType": "AUTH_PROVINCE_COMPANY",
"currentMonth": "2024-02",
"monthIndex": 2,
"monthlyTarget": 300,
"cumulativeTarget": 450,
"currentProgress": 280,
"cumulativeProgress": 460,
"progressPercentage": 93.3,
"cumulativePercentage": 102.2,
"localTeamCount": 50,
"totalTeamCount": 140,
"localPercentage": 35.7,
"requiredLocalPercentage": 30,
"daysRemaining": 12
}
}
```
---
### 3. 获取区域排名
获取指定区域的授权排名。
**请求**
```http
GET /api/v1/assessments/rankings/:regionCode?month=2024-01
```
**查询参数**
| 参数 | 类型 | 必填 | 说明 |
|------|------|------|------|
| month | string | 否 | 考核月份(默认上月) |
**响应**
```json
{
"success": true,
"data": {
"regionCode": "430000",
"regionName": "湖南省",
"month": "2024-01",
"rankings": [
{
"rank": 1,
"userId": "user-005",
"userName": "王五",
"exceedRatio": 1.85,
"cumulativeCompleted": 277,
"cumulativeTarget": 150,
"isFirstPlace": true
},
{
"rank": 2,
"userId": "user-001",
"userName": "李四",
"exceedRatio": 1.20,
"cumulativeCompleted": 180,
"cumulativeTarget": 150,
"isFirstPlace": false
}
]
}
}
```
---
## 管理员考核接口
> 需要 `ADMIN` 角色
### 1. 授予考核豁免
为指定用户的考核授予单月豁免。
**请求**
```http
POST /api/v1/admin/assessments/:assessmentId/bypass
Content-Type: application/json
{
"reason": "特殊情况豁免"
}
```
**响应**
```json
{
"success": true,
"data": {
"id": "assess-001",
"result": "BYPASSED",
"bypassedBy": "admin-001",
"bypassedAt": "2024-02-15T10:00:00Z"
},
"message": "豁免已授予"
}
```
---
### 2. 手动执行月度考核
手动触发指定月份的考核计算。
**请求**
```http
POST /api/v1/admin/assessments/run
Content-Type: application/json
{
"month": "2024-01",
"roleType": "AUTH_PROVINCE_COMPANY",
"regionCode": "430000"
}
```
**参数说明**
| 参数 | 类型 | 必填 | 说明 |
|------|------|------|------|
| month | string | 是 | 考核月份YYYY-MM |
| roleType | string | 否 | 角色类型(不填则全部) |
| regionCode | string | 否 | 区域代码(不填则全部) |
**响应**
```json
{
"success": true,
"data": {
"month": "2024-01",
"processedCount": 45,
"passedCount": 38,
"failedCount": 7,
"bypassedCount": 0
},
"message": "考核执行完成"
}
```
---
### 3. 查询区域考核汇总
查询指定区域的考核统计数据。
**请求**
```http
GET /api/v1/admin/assessments/summary/:regionCode?month=2024-01
```
**响应**
```json
{
"success": true,
"data": {
"regionCode": "430000",
"month": "2024-01",
"totalAuthorizations": 50,
"assessedCount": 48,
"passedCount": 40,
"failedCount": 6,
"bypassedCount": 2,
"passRate": 83.3,
"averageExceedRatio": 1.15
}
}
```
---
## 错误码
| 错误码 | HTTP状态码 | 说明 |
|--------|------------|------|
| UNAUTHORIZED | 401 | 未认证或Token无效 |
| FORBIDDEN | 403 | 无权限访问 |
| NOT_FOUND | 404 | 资源不存在 |
| VALIDATION_ERROR | 400 | 请求参数验证失败 |
| ALREADY_HAS_AUTHORIZATION | 400 | 用户已有省代或市代授权 |
| TEAM_CONFLICT | 400 | 团队内存在冲突授权 |
| INVALID_STATUS_TRANSITION | 400 | 无效的状态转换 |
| AUTHORIZATION_NOT_ACTIVE | 400 | 授权未激活 |
| ASSESSMENT_ALREADY_BYPASSED | 400 | 考核已豁免 |
| INTERNAL_ERROR | 500 | 服务器内部错误 |
---
## 枚举值
### RoleType角色类型
| 值 | 说明 |
|----|------|
| AUTH_PROVINCE_COMPANY | 省代公司 |
| AUTH_CITY_COMPANY | 市代公司 |
| COMMUNITY | 社区 |
### AuthorizationStatus授权状态
| 值 | 说明 |
|----|------|
| PENDING | 待审核 |
| APPROVED | 已审核(待激活) |
| REJECTED | 已拒绝 |
| ACTIVE | 已激活 |
| REVOKED | 已撤销 |
### AssessmentResult考核结果
| 值 | 说明 |
|----|------|
| NOT_ASSESSED | 未考核 |
| PASS | 通过 |
| FAIL | 未通过 |
| BYPASSED | 已豁免 |

393
backend/services/authorization-service/docs/ARCHITECTURE.md Normal file
View File

@ -0,0 +1,393 @@
# Authorization Service 架构文档
## 目录
1. [概述](#概述)
2. [架构设计](#架构设计)
3. [分层架构](#分层架构)
4. [领域模型](#领域模型)
5. [技术栈](#技术栈)
6. [目录结构](#目录结构)
---
## 概述
Authorization Service授权服务是 RWAdurian 平台的核心微服务之一,负责管理用户的授权角色,包括省代公司、市代公司和社区授权。该服务采用 **领域驱动设计DDD****六边形架构Hexagonal Architecture** 模式构建,确保业务逻辑的清晰性和系统的可维护性。
### 核心功能
- **授权角色管理**:省代公司、市代公司、社区授权的申请、审核、激活和撤销
- **月度考核评估**:基于阶梯目标的月度业绩考核和排名
- **团队验证**:推荐链路中的授权冲突检测
- **事件驱动**:通过 Kafka 发布领域事件,实现服务间解耦
---
## 架构设计
### 六边形架构(端口与适配器)
```
┌─────────────────────────────────────────┐
│ API Layer │
│ (Controllers, DTOs, Guards) │
└──────────────────┬──────────────────────┘
┌──────────────────▼──────────────────────┐
│ Application Layer │
│ (Commands, Services, Schedulers) │
└──────────────────┬──────────────────────┘
┌──────────────────────────────────▼──────────────────────────────────┐
│ Domain Layer │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐│
│ │ Aggregates │ │ Entities │ │Value Objects│ │ Events ││
│ └─────────────┘ └─────────────┘ └─────────────┘ └─────────────┘│
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ Repositories│ │ Services │ │ Enums │ │
│ │ (Interfaces)│ │ (Domain) │ │ │ │
│ └─────────────┘ └─────────────┘ └─────────────┘ │
└──────────────────────────────────┬──────────────────────────────────┘
┌──────────────────▼──────────────────────┐
│ Infrastructure Layer │
│ ┌─────────────┐ ┌─────────────┐ │
│ │ Prisma │ │ Redis │ │
│ │ Repositories│ │ Cache │ │
│ └─────────────┘ └─────────────┘ │
│ ┌─────────────┐ ┌─────────────┐ │
│ │ Kafka │ │ External │ │
│ │ Publisher │ │ Services │ │
│ └─────────────┘ └─────────────┘ │
└─────────────────────────────────────────┘
```
### 依赖方向
- 外层依赖内层,内层不依赖外层
- Domain Layer 是核心,不依赖任何外部框架
- Infrastructure Layer 实现 Domain Layer 定义的接口
- Application Layer 编排领域对象完成用例
---
## 分层架构
### 1. Domain Layer领域层
领域层是系统的核心,包含所有业务逻辑。
#### 聚合根Aggregates
| 聚合根 | 说明 |
|--------|------|
| `AuthorizationRole` | 授权角色聚合根,管理授权的完整生命周期 |
| `MonthlyAssessment` | 月度考核聚合根,管理考核评估和排名 |
#### 实体Entities
| 实体 | 说明 |
|------|------|
| `LadderTargetRule` | 阶梯目标规则,定义省代/市代/社区的考核目标 |
#### 值对象Value Objects
| 值对象 | 说明 |
|--------|------|
| `AuthorizationId` | 授权ID |
| `AssessmentId` | 考核ID |
| `UserId` | 用户ID |
| `AdminUserId` | 管理员用户ID |
| `RegionCode` | 区域代码(省/市) |
| `Month` | 月份YYYY-MM格式 |
| `ValidationResult` | 验证结果 |
#### 领域服务Domain Services
| 服务 | 说明 |
|------|------|
| `AuthorizationValidatorService` | 授权验证服务,检查推荐链路冲突 |
| `AssessmentCalculatorService` | 考核计算服务,计算业绩和排名 |
#### 领域事件Domain Events
| 事件 | 触发时机 |
|------|----------|
| `AuthorizationAppliedEvent` | 授权申请提交 |
| `AuthorizationApprovedEvent` | 授权审核通过 |
| `AuthorizationRejectedEvent` | 授权审核拒绝 |
| `AuthorizationActivatedEvent` | 授权激活 |
| `AuthorizationRevokedEvent` | 授权撤销 |
| `MonthlyAssessmentPassedEvent` | 月度考核通过 |
| `MonthlyAssessmentFailedEvent` | 月度考核失败 |
| `MonthlyBypassGrantedEvent` | 授予考核豁免 |
| `FirstPlaceAchievedEvent` | 获得区域第一名 |
### 2. Application Layer应用层
应用层负责编排领域对象,实现用例。
#### 命令Commands
```typescript
// 用户命令
ApplyProvincialAuthorizationCommand // 申请省代授权
ApplyCityAuthorizationCommand // 申请市代授权
ApplyCommunityAuthorizationCommand // 申请社区授权
// 管理员命令
AdminApproveAuthorizationCommand // 审核通过
AdminRejectAuthorizationCommand // 审核拒绝
AdminRevokeAuthorizationCommand // 撤销授权
AdminGrantBypassCommand // 授予豁免
// 系统命令
RunMonthlyAssessmentCommand // 执行月度考核
```
#### 应用服务Application Services
| 服务 | 说明 |
|------|------|
| `AuthorizationCommandService` | 处理授权相关命令 |
| `AuthorizationQueryService` | 处理授权相关查询 |
| `AssessmentCommandService` | 处理考核相关命令 |
| `AssessmentQueryService` | 处理考核相关查询 |
#### 定时任务Schedulers
| 任务 | 说明 |
|------|------|
| `MonthlyAssessmentScheduler` | 每月1日执行上月考核 |
### 3. Infrastructure Layer基础设施层
基础设施层提供技术实现。
#### 持久化Persistence
- **Prisma ORM**PostgreSQL 数据库访问
- **Repository 实现**:实现领域层定义的仓储接口
#### 缓存Cache
- **Redis**:缓存热点数据,如用户授权信息
#### 消息队列Messaging
- **Kafka**:发布领域事件到其他服务
#### 外部服务External Services
- **Identity Service**:用户身份验证
- **Referral Service**:推荐关系查询
- **Statistics Service**:团队统计数据查询
### 4. API Layer接口层
API 层处理 HTTP 请求和响应。
#### 控制器Controllers
| 控制器 | 路由前缀 | 说明 |
|--------|----------|------|
| `AuthorizationController` | `/authorizations` | 用户授权操作 |
| `AdminAuthorizationController` | `/admin/authorizations` | 管理员授权操作 |
| `AssessmentController` | `/assessments` | 考核查询 |
| `AdminAssessmentController` | `/admin/assessments` | 管理员考核操作 |
---
## 领域模型
### 授权角色状态机
```
┌─────────┐
│ PENDING │ ◄─── 用户申请
└────┬────┘
┌───────┴───────┐
▼ ▼
┌─────────┐ ┌──────────┐
│APPROVED │ │ REJECTED │
└────┬────┘ └──────────┘
┌─────────┐
│ ACTIVE │ ◄─── 首月考核通过后激活
└────┬────┘
┌─────────┐
│ REVOKED │ ◄─── 管理员撤销或考核失败
└─────────┘
```
### 考核规则
#### 省代公司阶梯目标
| 月份 | 月度目标 | 累计目标 |
|------|----------|----------|
| 1 | 150 | 150 |
| 2 | 300 | 450 |
| 3 | 600 | 1,050 |
| 4 | 1,200 | 2,250 |
| 5 | 2,400 | 4,650 |
| 6 | 4,700 | 9,350 |
| 7 | 6,900 | 16,250 |
| 8 | 10,000 | 26,250 |
| 9+ | 11,750 | 50,000 |
#### 市代公司阶梯目标
| 月份 | 月度目标 | 累计目标 |
|------|----------|----------|
| 1 | 30 | 30 |
| 2 | 60 | 90 |
| 3 | 120 | 210 |
| 4 | 240 | 450 |
| 5 | 480 | 930 |
| 6 | 940 | 1,870 |
| 7 | 1,380 | 3,250 |
| 8 | 2,000 | 5,250 |
| 9+ | 2,350 | 10,000 |
#### 社区授权目标
固定目标10无阶梯
---
## 技术栈
| 技术 | 用途 |
|------|------|
| **NestJS** | Node.js 后端框架 |
| **TypeScript** | 编程语言 |
| **Prisma** | ORM 数据库访问 |
| **PostgreSQL** | 关系型数据库 |
| **Redis** | 缓存 |
| **Kafka** | 消息队列 |
| **Jest** | 测试框架 |
| **Docker** | 容器化部署 |
---
## 目录结构
```
authorization-service/
├── src/
│ ├── domain/ # 领域层
│ │ ├── aggregates/ # 聚合根
│ │ │ ├── authorization-role.aggregate.ts
│ │ │ └── monthly-assessment.aggregate.ts
│ │ ├── entities/ # 实体
│ │ │ └── ladder-target-rule.entity.ts
│ │ ├── value-objects/ # 值对象
│ │ │ ├── authorization-id.vo.ts
│ │ │ ├── assessment-id.vo.ts
│ │ │ ├── user-id.vo.ts
│ │ │ ├── region-code.vo.ts
│ │ │ ├── month.vo.ts
│ │ │ └── validation-result.vo.ts
│ │ ├── events/ # 领域事件
│ │ │ ├── authorization-applied.event.ts
│ │ │ ├── authorization-approved.event.ts
│ │ │ └── ...
│ │ ├── services/ # 领域服务
│ │ │ ├── authorization-validator.service.ts
│ │ │ └── assessment-calculator.service.ts
│ │ ├── repositories/ # 仓储接口
│ │ │ ├── authorization-role.repository.ts
│ │ │ └── monthly-assessment.repository.ts
│ │ └── enums/ # 枚举
│ │ ├── role-type.enum.ts
│ │ ├── authorization-status.enum.ts
│ │ └── assessment-result.enum.ts
│ │
│ ├── application/ # 应用层
│ │ ├── commands/ # 命令
│ │ │ ├── apply-provincial-authorization.command.ts
│ │ │ └── ...
│ │ ├── services/ # 应用服务
│ │ │ ├── authorization-command.service.ts
│ │ │ ├── authorization-query.service.ts
│ │ │ ├── assessment-command.service.ts
│ │ │ └── assessment-query.service.ts
│ │ └── schedulers/ # 定时任务
│ │ └── monthly-assessment.scheduler.ts
│ │
│ ├── infrastructure/ # 基础设施层
│ │ ├── persistence/ # 持久化
│ │ │ ├── prisma/
│ │ │ │ └── prisma.service.ts
│ │ │ └── repositories/ # 仓储实现
│ │ │ ├── authorization-role.repository.impl.ts
│ │ │ └── monthly-assessment.repository.impl.ts
│ │ ├── cache/ # 缓存
│ │ │ └── redis.service.ts
│ │ ├── messaging/ # 消息队列
│ │ │ └── kafka/
│ │ │ └── event-publisher.service.ts
│ │ └── external/ # 外部服务
│ │ ├── referral.service.ts
│ │ └── statistics.service.ts
│ │
│ ├── api/ # 接口层
│ │ ├── controllers/ # 控制器
│ │ │ ├── authorization.controller.ts
│ │ │ ├── admin-authorization.controller.ts
│ │ │ ├── assessment.controller.ts
│ │ │ └── admin-assessment.controller.ts
│ │ ├── dtos/ # 数据传输对象
│ │ │ ├── apply-authorization.dto.ts
│ │ │ └── ...
│ │ └── guards/ # 守卫
│ │ ├── jwt-auth.guard.ts
│ │ └── admin.guard.ts
│ │
│ ├── shared/ # 共享模块
│ │ ├── filters/ # 异常过滤器
│ │ │ └── global-exception.filter.ts
│ │ ├── interceptors/ # 拦截器
│ │ │ └── transform.interceptor.ts
│ │ └── exceptions/ # 自定义异常
│ │ └── domain.exception.ts
│ │
│ ├── app.module.ts # 应用模块
│ └── main.ts # 入口文件
├── prisma/
│ ├── schema.prisma # 数据库模型
│ └── migrations/ # 数据库迁移
├── test/ # 测试
│ ├── app.e2e-spec.ts # E2E 测试
│ └── domain-services.integration-spec.ts # 集成测试
├── docs/ # 文档
│ ├── ARCHITECTURE.md # 架构文档
│ ├── API.md # API 文档
│ ├── DEVELOPMENT.md # 开发指南
│ ├── TESTING.md # 测试文档
│ └── DEPLOYMENT.md # 部署文档
├── docker-compose.test.yml # 测试环境配置
├── Dockerfile # 生产镜像
├── Dockerfile.test # 测试镜像
├── Makefile # 常用命令
└── package.json # 项目配置
```
---
## 参考资料
- [Domain-Driven Design Reference](https://www.domainlanguage.com/ddd/reference/)
- [Hexagonal Architecture](https://alistair.cockburn.us/hexagonal-architecture/)
- [NestJS Documentation](https://docs.nestjs.com/)
- [Prisma Documentation](https://www.prisma.io/docs/)

813
backend/services/authorization-service/docs/DEPLOYMENT.md Normal file
View File

@ -0,0 +1,813 @@
# Authorization Service 部署文档
## 目录
1. [部署架构](#部署架构)
2. [环境配置](#环境配置)
3. [Docker 部署](#docker-部署)
4. [Kubernetes 部署](#kubernetes-部署)
5. [数据库迁移](#数据库迁移)
6. [监控与日志](#监控与日志)
7. [故障排除](#故障排除)
---
## 部署架构
### 整体架构
```
┌─────────────────┐
│ Load Balancer │
│ (Nginx/ALB) │
└────────┬────────┘
┌───────────────────┼───────────────────┐
│ │ │
┌─────────▼─────────┐ ┌──────▼──────┐ ┌─────────▼─────────┐
│ Authorization │ │ Identity │ │ Other │
│ Service │ │ Service │ │ Services │
│ (Port 3002) │ │ (Port 3001) │ │ │
└─────────┬─────────┘ └─────────────┘ └──────────────────┘
┌─────────┴─────────────────────────────────┐
│ │
┌───▼───┐ ┌────────┐ ┌────────┐ ┌──────────┐
│ DB │ │ Redis │ │ Kafka │ │ External │
│(PG 15)│ │ (7.x) │ │(3.7.x) │ │ Services │
└───────┘ └────────┘ └────────┘ └──────────┘
```
### 服务依赖
| 依赖 | 版本 | 用途 |
|------|------|------|
| PostgreSQL | 15.x | 主数据库 |
| Redis | 7.x | 缓存、会话 |
| Kafka | 3.7.x | 事件消息队列 |
| Identity Service | - | JWT 验证 |
| Referral Service | - | 推荐关系查询 |
| Statistics Service | - | 团队统计查询 |
---
## 环境配置
### 环境变量
```bash
# .env.production
# 应用配置
NODE_ENV=production
PORT=3002
# 数据库配置
DATABASE_URL=postgresql://user:password@db-host:5432/authorization_prod
# Redis 配置
REDIS_HOST=redis-host
REDIS_PORT=6379
REDIS_PASSWORD=redis-password
# Kafka 配置
KAFKA_BROKERS=kafka-1:9092,kafka-2:9092,kafka-3:9092
KAFKA_CLIENT_ID=authorization-service
KAFKA_CONSUMER_GROUP=authorization-service-group
# JWT 配置
JWT_SECRET=your-production-jwt-secret-key
JWT_EXPIRES_IN=1h
# 外部服务
IDENTITY_SERVICE_URL=http://identity-service:3001
REFERRAL_SERVICE_URL=http://referral-service:3003
STATISTICS_SERVICE_URL=http://statistics-service:3004
# 日志
LOG_LEVEL=info
```
### 配置说明
| 配置项 | 说明 | 默认值 |
|--------|------|--------|
| NODE_ENV | 运行环境 | production |
| PORT | 服务端口 | 3002 |
| DATABASE_URL | PostgreSQL 连接字符串 | - |
| REDIS_HOST | Redis 主机地址 | localhost |
| REDIS_PORT | Redis 端口 | 6379 |
| KAFKA_BROKERS | Kafka broker 地址列表 | - |
| JWT_SECRET | JWT 签名密钥 | - |
| LOG_LEVEL | 日志级别 | info |
### 密钥管理
生产环境建议使用密钥管理服务:
- **AWS**: AWS Secrets Manager / Parameter Store
- **阿里云**: KMS / 密钥管理服务
- **Kubernetes**: Secrets
---
## Docker 部署
### 生产 Dockerfile
```dockerfile
# Dockerfile
# 构建阶段
FROM node:20-alpine AS builder
WORKDIR /app
# 安装 OpenSSL
RUN apk add --no-cache openssl openssl-dev libc6-compat
# 复制依赖文件
COPY package*.json ./
COPY prisma ./prisma/
# 安装依赖
RUN npm ci --only=production
# 生成 Prisma 客户端
RUN npx prisma generate
# 复制源代码
COPY . .
# 构建
RUN npm run build
# 生产阶段
FROM node:20-alpine AS production
WORKDIR /app
# 安装运行时依赖
RUN apk add --no-cache openssl libc6-compat
# 复制构建产物
COPY --from=builder /app/dist ./dist
COPY --from=builder /app/node_modules ./node_modules
COPY --from=builder /app/package*.json ./
COPY --from=builder /app/prisma ./prisma
# 创建非 root 用户
RUN addgroup -g 1001 -S nodejs && \
adduser -S nestjs -u 1001 && \
chown -R nestjs:nodejs /app
USER nestjs
# 健康检查
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
CMD wget --no-verbose --tries=1 --spider http://localhost:3002/health || exit 1
EXPOSE 3002
CMD ["node", "dist/main.js"]
```
### Docker Compose (生产)
```yaml
# docker-compose.prod.yml
version: '3.8'
services:
authorization-service:
build:
context: .
dockerfile: Dockerfile
ports:
- "3002:3002"
environment:
- NODE_ENV=production
- DATABASE_URL=postgresql://postgres:password@db:5432/authorization
- REDIS_HOST=redis
- REDIS_PORT=6379
- KAFKA_BROKERS=kafka:9092
- JWT_SECRET=${JWT_SECRET}
depends_on:
db:
condition: service_healthy
redis:
condition: service_healthy
kafka:
condition: service_healthy
restart: unless-stopped
deploy:
resources:
limits:
cpus: '1'
memory: 1G
reservations:
cpus: '0.5'
memory: 512M
db:
image: postgres:15-alpine
environment:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: password
POSTGRES_DB: authorization
volumes:
- postgres_data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres"]
interval: 10s
timeout: 5s
retries: 5
restart: unless-stopped
redis:
image: redis:7-alpine
command: redis-server --requirepass ${REDIS_PASSWORD}
volumes:
- redis_data:/data
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 5s
retries: 5
restart: unless-stopped
kafka:
image: apache/kafka:3.7.0
environment:
KAFKA_NODE_ID: 1
KAFKA_PROCESS_ROLES: broker,controller
KAFKA_LISTENERS: PLAINTEXT://:9092,CONTROLLER://:9093
KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://kafka:9092
KAFKA_CONTROLLER_LISTENER_NAMES: CONTROLLER
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: CONTROLLER:PLAINTEXT,PLAINTEXT:PLAINTEXT
KAFKA_CONTROLLER_QUORUM_VOTERS: 1@kafka:9093
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
CLUSTER_ID: MkU3OEVBNTcwNTJENDM2Qk
volumes:
- kafka_data:/var/lib/kafka/data
healthcheck:
test: ["CMD-SHELL", "/opt/kafka/bin/kafka-topics.sh --bootstrap-server localhost:9092 --list"]
interval: 30s
timeout: 10s
retries: 5
start_period: 60s
restart: unless-stopped
volumes:
postgres_data:
redis_data:
kafka_data:
networks:
default:
driver: bridge
```
### 构建和部署
```bash
# 构建镜像
docker build -t authorization-service:latest .
# 推送到镜像仓库
docker tag authorization-service:latest your-registry/authorization-service:latest
docker push your-registry/authorization-service:latest
# 使用 Docker Compose 部署
docker compose -f docker-compose.prod.yml up -d
# 查看日志
docker compose -f docker-compose.prod.yml logs -f authorization-service
# 扩容
docker compose -f docker-compose.prod.yml up -d --scale authorization-service=3
```
---
## Kubernetes 部署
### Deployment
```yaml
# k8s/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: authorization-service
namespace: rwadurian
labels:
app: authorization-service
spec:
replicas: 3
selector:
matchLabels:
app: authorization-service
template:
metadata:
labels:
app: authorization-service
spec:
containers:
- name: authorization-service
image: your-registry/authorization-service:latest
ports:
- containerPort: 3002
env:
- name: NODE_ENV
value: "production"
- name: PORT
value: "3002"
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: authorization-secrets
key: database-url
- name: REDIS_HOST
valueFrom:
configMapKeyRef:
name: authorization-config
key: redis-host
- name: REDIS_PORT
valueFrom:
configMapKeyRef:
name: authorization-config
key: redis-port
- name: KAFKA_BROKERS
valueFrom:
configMapKeyRef:
name: authorization-config
key: kafka-brokers
- name: JWT_SECRET
valueFrom:
secretKeyRef:
name: authorization-secrets
key: jwt-secret
resources:
requests:
memory: "512Mi"
cpu: "250m"
limits:
memory: "1Gi"
cpu: "1000m"
readinessProbe:
httpGet:
path: /health
port: 3002
initialDelaySeconds: 10
periodSeconds: 5
livenessProbe:
httpGet:
path: /health
port: 3002
initialDelaySeconds: 30
periodSeconds: 10
imagePullSecrets:
- name: registry-credentials
```
### Service
```yaml
# k8s/service.yaml
apiVersion: v1
kind: Service
metadata:
name: authorization-service
namespace: rwadurian
spec:
selector:
app: authorization-service
ports:
- port: 3002
targetPort: 3002
type: ClusterIP
```
### ConfigMap
```yaml
# k8s/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: authorization-config
namespace: rwadurian
data:
redis-host: "redis-master.redis.svc.cluster.local"
redis-port: "6379"
kafka-brokers: "kafka-0.kafka.svc.cluster.local:9092,kafka-1.kafka.svc.cluster.local:9092"
```
### Secret
```yaml
# k8s/secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: authorization-secrets
namespace: rwadurian
type: Opaque
stringData:
database-url: "postgresql://user:password@postgres:5432/authorization"
jwt-secret: "your-production-jwt-secret"
```
### Ingress
```yaml
# k8s/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: authorization-ingress
namespace: rwadurian
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: nginx
rules:
- host: api.rwadurian.com
http:
paths:
- path: /authorization
pathType: Prefix
backend:
service:
name: authorization-service
port:
number: 3002
```
### HPA (自动扩缩容)
```yaml
# k8s/hpa.yaml
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: authorization-service-hpa
namespace: rwadurian
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: authorization-service
minReplicas: 2
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80
```
### 部署命令
```bash
# 创建命名空间
kubectl create namespace rwadurian
# 应用配置
kubectl apply -f k8s/
# 查看部署状态
kubectl get pods -n rwadurian -l app=authorization-service
# 查看日志
kubectl logs -f -n rwadurian -l app=authorization-service
# 扩缩容
kubectl scale deployment authorization-service -n rwadurian --replicas=5
```
---
## 数据库迁移
### 迁移策略
1. **新部署**: 自动运行所有迁移
2. **升级部署**: 先迁移数据库,再部署新版本
3. **回滚**: 支持向下迁移
### 迁移命令
```bash
# 创建新迁移
npx prisma migrate dev --name add_new_field
# 应用迁移(生产)
npx prisma migrate deploy
# 重置数据库(仅开发)
npx prisma migrate reset
# 查看迁移状态
npx prisma migrate status
```
### 迁移脚本
```bash
#!/bin/bash
# scripts/migrate.sh
set -e
echo "Running database migrations..."
# 等待数据库就绪
until npx prisma migrate status > /dev/null 2>&1; do
echo "Waiting for database..."
sleep 2
done
# 运行迁移
npx prisma migrate deploy
echo "Migrations completed successfully!"
```
### Kubernetes Job (迁移)
```yaml
# k8s/migration-job.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: authorization-migration
namespace: rwadurian
spec:
template:
spec:
containers:
- name: migration
image: your-registry/authorization-service:latest
command: ["npx", "prisma", "migrate", "deploy"]
env:
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: authorization-secrets
key: database-url
restartPolicy: Never
backoffLimit: 3
```
---
## 监控与日志
### 健康检查端点
```typescript
// src/health/health.controller.ts
@Controller('health')
export class HealthController {
constructor(
private health: HealthCheckService,
private db: PrismaHealthIndicator,
private redis: RedisHealthIndicator,
) {}
@Get()
@HealthCheck()
check() {
return this.health.check([
() => this.db.pingCheck('database'),
() => this.redis.pingCheck('redis'),
])
}
@Get('live')
live() {
return { status: 'ok' }
}
@Get('ready')
@HealthCheck()
ready() {
return this.health.check([
() => this.db.pingCheck('database'),
])
}
}
```
### Prometheus 指标
```typescript
// src/metrics/metrics.module.ts
import { PrometheusModule } from '@willsoto/nestjs-prometheus'
@Module({
imports: [
PrometheusModule.register({
defaultMetrics: {
enabled: true,
},
path: '/metrics',
}),
],
})
export class MetricsModule {}
```
### 日志配置
```typescript
// src/main.ts
import { WinstonModule } from 'nest-winston'
import * as winston from 'winston'
const app = await NestFactory.create(AppModule, {
logger: WinstonModule.createLogger({
transports: [
new winston.transports.Console({
format: winston.format.combine(
winston.format.timestamp(),
winston.format.json(),
),
}),
],
}),
})
```
### 结构化日志格式
```json
{
"timestamp": "2024-01-20T10:30:00.000Z",
"level": "info",
"message": "Authorization created",
"service": "authorization-service",
"traceId": "abc-123",
"userId": "user-001",
"authorizationId": "auth-456",
"roleType": "AUTH_PROVINCE_COMPANY"
}
```
---
## 故障排除
### 常见问题
#### 1. 数据库连接失败
```bash
# 检查数据库连接
npx prisma db pull
# 查看连接字符串
echo $DATABASE_URL
# 测试网络连通性
nc -zv db-host 5432
```
#### 2. Redis 连接失败
```bash
# 测试 Redis 连接
redis-cli -h redis-host -p 6379 -a password ping
# 查看 Redis 状态
redis-cli -h redis-host info
```
#### 3. Kafka 连接失败
```bash
# 列出 topics
kafka-topics.sh --bootstrap-server kafka:9092 --list
# 查看 consumer groups
kafka-consumer-groups.sh --bootstrap-server kafka:9092 --list
```
#### 4. Pod 启动失败
```bash
# 查看 Pod 状态
kubectl describe pod <pod-name> -n rwadurian
# 查看容器日志
kubectl logs <pod-name> -n rwadurian
# 进入容器调试
kubectl exec -it <pod-name> -n rwadurian -- sh
```
### 性能调优
#### 数据库连接池
```typescript
// prisma/schema.prisma
datasource db {
provider = "postgresql"
url = env("DATABASE_URL")
// 连接池配置
// ?connection_limit=20&pool_timeout=30
}
```
#### Redis 连接池
```typescript
// src/infrastructure/cache/redis.service.ts
const redis = new Redis({
host: process.env.REDIS_HOST,
port: parseInt(process.env.REDIS_PORT),
password: process.env.REDIS_PASSWORD,
maxRetriesPerRequest: 3,
enableReadyCheck: true,
// 连接池大小
lazyConnect: true,
})
```
### 运维命令
```bash
# 查看服务状态
kubectl get all -n rwadurian
# 查看资源使用
kubectl top pods -n rwadurian
# 滚动更新
kubectl rollout restart deployment/authorization-service -n rwadurian
# 回滚
kubectl rollout undo deployment/authorization-service -n rwadurian
# 查看回滚历史
kubectl rollout history deployment/authorization-service -n rwadurian
```
---
## 部署检查清单
### 部署前
- [ ] 环境变量配置完成
- [ ] 数据库迁移已准备
- [ ] 镜像已构建并推送
- [ ] 配置文件已验证
- [ ] 密钥已配置
### 部署中
- [ ] 数据库迁移成功
- [ ] Pod 启动正常
- [ ] 健康检查通过
- [ ] 服务可访问
### 部署后
- [ ] 功能测试通过
- [ ] 监控指标正常
- [ ] 日志无异常
- [ ] 通知相关人员
---
## 参考资源
- [Docker 官方文档](https://docs.docker.com/)
- [Kubernetes 官方文档](https://kubernetes.io/docs/)
- [Prisma 部署指南](https://www.prisma.io/docs/guides/deployment)
- [NestJS 部署指南](https://docs.nestjs.com/faq/common-errors)

615
backend/services/authorization-service/docs/DEVELOPMENT.md Normal file
View File

@ -0,0 +1,615 @@
# Authorization Service 开发指南
## 目录
1. [环境准备](#环境准备)
2. [项目初始化](#项目初始化)
3. [开发规范](#开发规范)
4. [代码结构约定](#代码结构约定)
5. [DDD 实践指南](#ddd-实践指南)
6. [常见开发任务](#常见开发任务)
7. [调试技巧](#调试技巧)
---
## 环境准备
### 系统要求
| 软件 | 版本 | 说明 |
|------|------|------|
| Node.js | 20.x LTS | 推荐使用 nvm 管理 |
| npm | 10.x | 随 Node.js 安装 |
| PostgreSQL | 15.x | 关系型数据库 |
| Redis | 7.x | 缓存服务 |
| Kafka | 3.7.x | 消息队列 |
| Docker | 24.x | 容器运行时 |
### 开发工具推荐
- **IDE**: VSCode
- **VSCode 扩展**:
- ESLint
- Prettier
- Prisma
- REST Client
- Docker
### 本地环境配置
#### 1. 安装 Node.js
```bash
# 使用 nvm 安装 Node.js
nvm install 20
nvm use 20
```
#### 2. 启动基础设施
使用 Docker Compose 启动开发环境:
```bash
# 启动 PostgreSQL、Redis、Kafka
docker compose up -d
```
#### 3. 配置环境变量
复制环境变量模板:
```bash
cp .env.example .env.development
```
编辑 `.env.development`
```env
# 数据库
DATABASE_URL="postgresql://postgres:postgres@localhost:5432/authorization_dev"
# Redis
REDIS_HOST=localhost
REDIS_PORT=6379
# Kafka
KAFKA_BROKERS=localhost:9092
# JWT
JWT_SECRET=your-development-secret-key
JWT_EXPIRES_IN=1h
# 应用
NODE_ENV=development
PORT=3002
```
---
## 项目初始化
### 1. 安装依赖
```bash
npm install
```
### 2. 生成 Prisma 客户端
```bash
npx prisma generate
```
### 3. 运行数据库迁移
```bash
npx prisma migrate dev
```
### 4. 启动开发服务器
```bash
npm run start:dev
```
服务将在 `http://localhost:3002` 启动。
### 5. 访问 API 文档
```
http://localhost:3002/api/docs
```
---
## 开发规范
### 代码风格
项目使用 ESLint + Prettier 进行代码规范检查:
```bash
# 检查代码风格
npm run lint
# 自动修复
npm run lint:fix
# 格式化代码
npm run format
```
### 命名规范
#### 文件命名
| 类型 | 格式 | 示例 |
|------|------|------|
| 聚合根 | `{name}.aggregate.ts` | `authorization-role.aggregate.ts` |
| 实体 | `{name}.entity.ts` | `ladder-target-rule.entity.ts` |
| 值对象 | `{name}.vo.ts` | `month.vo.ts` |
| 服务 | `{name}.service.ts` | `authorization-command.service.ts` |
| 控制器 | `{name}.controller.ts` | `authorization.controller.ts` |
| 仓储接口 | `{name}.repository.ts` | `authorization-role.repository.ts` |
| 仓储实现 | `{name}.repository.impl.ts` | `authorization-role.repository.impl.ts` |
| DTO | `{name}.dto.ts` | `apply-authorization.dto.ts` |
| 测试 | `{name}.spec.ts` | `authorization-role.aggregate.spec.ts` |
#### 类命名
| 类型 | 格式 | 示例 |
|------|------|------|
| 聚合根 | `{Name}` | `AuthorizationRole` |
| 值对象 | `{Name}` | `Month`, `RegionCode` |
| 服务 | `{Name}Service` | `AuthorizationCommandService` |
| 控制器 | `{Name}Controller` | `AuthorizationController` |
| 仓储接口 | `I{Name}Repository` | `IAuthorizationRoleRepository` |
| DTO | `{Name}Dto` | `ApplyAuthorizationDto` |
### Git 提交规范
使用 Conventional Commits 规范:
```
<type>(<scope>): <subject>
<body>
<footer>
```
#### Type 类型
| 类型 | 说明 |
|------|------|
| feat | 新功能 |
| fix | Bug 修复 |
| docs | 文档变更 |
| style | 代码格式(不影响功能) |
| refactor | 重构 |
| test | 测试相关 |
| chore | 构建/工具变更 |
#### 示例
```bash
git commit -m "feat(authorization): add province company authorization"
git commit -m "fix(assessment): correct ranking calculation"
git commit -m "docs(api): update API documentation"
```
---
## 代码结构约定
### 领域层Domain Layer
#### 聚合根结构
```typescript
// src/domain/aggregates/authorization-role.aggregate.ts
import { AggregateRoot } from './aggregate-root.base'
import { AuthorizationId, UserId, RegionCode } from '@/domain/value-objects'
import { RoleType, AuthorizationStatus } from '@/domain/enums'
import { AuthorizationAppliedEvent } from '@/domain/events'
export interface AuthorizationRoleProps {
// 定义聚合根属性
}
export class AuthorizationRole extends AggregateRoot {
// 私有属性
private _id: AuthorizationId
private _userId: UserId
private _roleType: RoleType
private _status: AuthorizationStatus
// Getters只读访问
get id(): AuthorizationId { return this._id }
get userId(): UserId { return this._userId }
// 私有构造函数
private constructor(props: AuthorizationRoleProps) {
super()
// 初始化属性
}
// 工厂方法 - 创建新实例
static createAuthProvinceCompany(params: {
userId: UserId
provinceCode: string
provinceName: string
}): AuthorizationRole {
const role = new AuthorizationRole({
// 初始化
})
// 添加领域事件
role.addDomainEvent(new AuthorizationAppliedEvent({
// 事件数据
}))
return role
}
// 工厂方法 - 从持久化恢复
static fromPersistence(props: AuthorizationRoleProps): AuthorizationRole {
return new AuthorizationRole(props)
}
// 业务方法
authorize(adminId: UserId): void {
// 状态验证
if (this._status !== AuthorizationStatus.PENDING) {
throw new DomainError('只有待审核状态才能审核')
}
// 状态变更
this._status = AuthorizationStatus.APPROVED
this._authorizedBy = adminId
this._authorizedAt = new Date()
// 发布领域事件
this.addDomainEvent(new AuthorizationApprovedEvent({
// 事件数据
}))
}
// 持久化转换
toPersistence(): Record<string, any> {
return {
id: this._id.value,
userId: this._userId.value,
// ...
}
}
}
```
#### 值对象结构
```typescript
// src/domain/value-objects/month.vo.ts
export class Month {
private constructor(private readonly _value: string) {}
get value(): string {
return this._value
}
// 工厂方法
static create(value: string): Month {
// 验证格式
if (!/^\d{4}-\d{2}$/.test(value)) {
throw new DomainError('月份格式无效,应为 YYYY-MM')
}
return new Month(value)
}
static current(): Month {
const now = new Date()
const year = now.getFullYear()
const month = String(now.getMonth() + 1).padStart(2, '0')
return new Month(`${year}-${month}`)
}
// 业务方法
next(): Month {
const [year, month] = this._value.split('-').map(Number)
if (month === 12) {
return new Month(`${year + 1}-01`)
}
return new Month(`${year}-${String(month + 1).padStart(2, '0')}`)
}
// 比较方法
equals(other: Month): boolean {
return this._value === other._value
}
isBefore(other: Month): boolean {
return this._value < other._value
}
}
```
#### 领域事件结构
```typescript
// src/domain/events/authorization-applied.event.ts
import { DomainEvent } from './domain-event.base'
export interface AuthorizationAppliedEventPayload {
authorizationId: string
userId: string
roleType: string
regionCode: string
}
export class AuthorizationAppliedEvent extends DomainEvent {
static readonly EVENT_NAME = 'authorization.applied'
constructor(public readonly payload: AuthorizationAppliedEventPayload) {
super(AuthorizationAppliedEvent.EVENT_NAME)
}
}
```
### 应用层Application Layer
#### 命令服务结构
```typescript
// src/application/services/authorization-command.service.ts
import { Injectable, Inject } from '@nestjs/common'
import { IAuthorizationRoleRepository } from '@/domain/repositories'
import { AUTHORIZATION_ROLE_REPOSITORY } from '@/infrastructure/persistence/repositories'
import { AuthorizationValidatorService } from '@/domain/services'
import { EventPublisherService } from '@/infrastructure/messaging/kafka'
@Injectable()
export class AuthorizationCommandService {
constructor(
@Inject(AUTHORIZATION_ROLE_REPOSITORY)
private readonly authorizationRepository: IAuthorizationRoleRepository,
private readonly validatorService: AuthorizationValidatorService,
private readonly eventPublisher: EventPublisherService,
) {}
async applyProvincialAuthorization(
userId: string,
provinceCode: string,
provinceName: string,
): Promise<AuthorizationRole> {
// 1. 创建值对象
const userIdVo = UserId.create(userId)
const regionCodeVo = RegionCode.create(provinceCode)
// 2. 业务验证
const validationResult = await this.validatorService.validateAuthorizationRequest(
userIdVo,
RoleType.AUTH_PROVINCE_COMPANY,
regionCodeVo,
)
if (!validationResult.isValid) {
throw new BusinessException(validationResult.errorMessage)
}
// 3. 创建聚合根
const authorization = AuthorizationRole.createAuthProvinceCompany({
userId: userIdVo,
provinceCode,
provinceName,
})
// 4. 持久化
await this.authorizationRepository.save(authorization)
// 5. 发布领域事件
await this.eventPublisher.publishAll(authorization.domainEvents)
return authorization
}
}
```
### 基础设施层Infrastructure Layer
#### 仓储实现结构
```typescript
// src/infrastructure/persistence/repositories/authorization-role.repository.impl.ts
import { Injectable } from '@nestjs/common'
import { PrismaService } from '../prisma/prisma.service'
import { IAuthorizationRoleRepository } from '@/domain/repositories'
import { AuthorizationRole } from '@/domain/aggregates'
import { AuthorizationId, UserId, RegionCode } from '@/domain/value-objects'
export const AUTHORIZATION_ROLE_REPOSITORY = Symbol('AUTHORIZATION_ROLE_REPOSITORY')
@Injectable()
export class AuthorizationRoleRepositoryImpl implements IAuthorizationRoleRepository {
constructor(private readonly prisma: PrismaService) {}
async save(authorization: AuthorizationRole): Promise<void> {
const data = authorization.toPersistence()
await this.prisma.authorizationRole.upsert({
where: { id: data.id },
create: data,
update: data,
})
}
async findById(id: AuthorizationId): Promise<AuthorizationRole | null> {
const record = await this.prisma.authorizationRole.findUnique({
where: { id: id.value },
})
if (!record) return null
return this.toDomain(record)
}
private toDomain(record: any): AuthorizationRole {
return AuthorizationRole.fromPersistence({
id: AuthorizationId.create(record.id),
userId: UserId.create(record.userId),
// ... 映射其他属性
})
}
}
```
---
## DDD 实践指南
### 1. 聚合根设计原则
- **单一职责**:每个聚合根只负责一个业务概念
- **事务边界**:聚合根是事务的边界,一次事务只修改一个聚合根
- **不变量保护**:聚合根负责保护业务不变量
- **最小化聚合**:聚合应该尽可能小
### 2. 值对象使用场景
适合使用值对象的场景:
- ID 类型AuthorizationId, UserId
- 度量和数量Money, Percentage
- 时间相关Month, DateRange
- 描述性数据Address, Email
### 3. 领域事件设计
```typescript
// 事件命名:{聚合根}.{动作}
authorization.applied // 授权申请
authorization.approved // 授权通过
authorization.rejected // 授权拒绝
authorization.activated // 授权激活
authorization.revoked // 授权撤销
assessment.passed // 考核通过
assessment.failed // 考核失败
assessment.bypassed // 考核豁免
```
### 4. 仓储模式最佳实践
```typescript
// 仓储接口只定义业务需要的方法
interface IAuthorizationRoleRepository {
save(authorization: AuthorizationRole): Promise<void>
findById(id: AuthorizationId): Promise<AuthorizationRole | null>
findByUserId(userId: UserId): Promise<AuthorizationRole[]>
findActiveByRoleTypeAndRegion(
roleType: RoleType,
regionCode: RegionCode,
): Promise<AuthorizationRole[]>
}
// 避免:
// - 暴露底层数据库细节
// - 返回原始数据库记录
// - 提供过于通用的查询方法
```
---
## 常见开发任务
### 添加新的授权类型
1. 在 `RoleType` 枚举中添加新类型
2. 在 `AuthorizationRole` 聚合根中添加工厂方法
3. 在 `LadderTargetRule` 中添加对应的考核目标
4. 添加相应的 DTO 和控制器端点
5. 编写单元测试和集成测试
### 添加新的领域事件
1. 在 `src/domain/events` 中创建事件类
2. 在聚合根的相应方法中发布事件
3. 在 Kafka 配置中注册事件主题
4. (可选)创建事件处理器
### 修改数据库模型
1. 修改 `prisma/schema.prisma`
2. 生成迁移:`npx prisma migrate dev --name describe_change`
3. 更新仓储实现中的映射逻辑
4. 更新相应的 DTO
---
## 调试技巧
### 启用调试日志
```typescript
// main.ts
const app = await NestFactory.create(AppModule, {
logger: ['error', 'warn', 'log', 'debug', 'verbose'],
})
```
### Prisma 查询日志
```typescript
// prisma.service.ts
const prisma = new PrismaClient({
log: ['query', 'info', 'warn', 'error'],
})
```
### VSCode 调试配置
```json
// .vscode/launch.json
{
"version": "0.2.0",
"configurations": [
{
"type": "node",
"request": "launch",
"name": "Debug NestJS",
"runtimeExecutable": "npm",
"runtimeArgs": ["run", "start:debug"],
"console": "integratedTerminal",
"restart": true,
"protocol": "inspector",
"port": 9229
}
]
}
```
### 常用调试命令
```bash
# 查看 Prisma 生成的 SQL
DEBUG=prisma:query npm run start:dev
# 查看 Redis 操作
redis-cli monitor
# 查看 Kafka 消息
kafka-console-consumer.sh --bootstrap-server localhost:9092 --topic authorization-events --from-beginning
```
---
## 参考资源
- [NestJS 官方文档](https://docs.nestjs.com/)
- [Prisma 官方文档](https://www.prisma.io/docs/)
- [领域驱动设计参考](https://www.domainlanguage.com/ddd/reference/)
- [TypeScript 风格指南](https://google.github.io/styleguide/tsguide.html)

1052
backend/services/authorization-service/docs/TESTING.md Normal file
View File

File diff suppressed because it is too large Load Diff

17
backend/services/authorization-service/nest-cli.json Normal file
View File

@ -0,0 +1,17 @@
{
"$schema": "https://json.schemastore.org/nest-cli",
"collection": "@nestjs/schematics",
"sourceRoot": "src",
"compilerOptions": {
"deleteOutDir": true,
"plugins": [
{
"name": "@nestjs/swagger",
"options": {
"classValidatorShim": true,
"introspectComments": true
}
}
]
}
}

10263
backend/services/authorization-service/package-lock.json generated Normal file
View File

File diff suppressed because it is too large Load Diff

93
backend/services/authorization-service/package.json
View File

@ -0,0 +1,93 @@
{
"name": "authorization-service",
"version": "1.0.0",
"description": "RWA Authorization Management Service",
"author": "RWA Team",
"private": true,
"license": "UNLICENSED",
"prisma": {
"schema": "prisma/schema.prisma",
"seed": "ts-node prisma/seed.ts"
},
"scripts": {
"build": "nest build",
"format": "prettier --write \"src/**/*.ts\" \"test/**/*.ts\"",
"start": "nest start",
"start:dev": "nest start --watch",
"start:debug": "nest start --debug --watch",
"start:prod": "node dist/main",
"lint": "eslint \"{src,apps,libs,test}/**/*.ts\" --fix",
"test": "jest",
"test:unit": "jest --testPathPattern=\\.spec\\.ts$",
"test:integration": "jest --config ./test/jest-integration.json",
"test:watch": "jest --watch",
"test:cov": "jest --coverage",
"test:debug": "node --inspect-brk -r tsconfig-paths/register -r ts-node/register node_modules/.bin/jest --runInBand",
"test:e2e": "jest --config ./test/jest-e2e.json --runInBand",
"test:all": "npm run test:unit && npm run test:integration && npm run test:e2e",
"prisma:generate": "prisma generate",
"prisma:migrate": "prisma migrate dev",
"prisma:migrate:prod": "prisma migrate deploy",
"prisma:studio": "prisma studio"
},
"dependencies": {
"@nestjs/common": "^10.0.0",
"@nestjs/config": "^3.1.1",
"@nestjs/core": "^10.0.0",
"@nestjs/jwt": "^10.2.0",
"@nestjs/microservices": "^10.0.0",
"@nestjs/passport": "^10.0.0",
"@nestjs/platform-express": "^10.0.0",
"@nestjs/schedule": "^4.0.0",
"@nestjs/swagger": "^7.1.17",
"@prisma/client": "^5.7.0",
"class-transformer": "^0.5.1",
"class-validator": "^0.14.0",
"ioredis": "^5.3.2",
"kafkajs": "^2.2.4",
"passport-jwt": "^4.0.1",
"reflect-metadata": "^0.1.13",
"rxjs": "^7.8.1",
"uuid": "^9.0.0"
},
"devDependencies": {
"@nestjs/cli": "^10.0.0",
"@nestjs/schematics": "^10.0.0",
"@nestjs/testing": "^10.0.0",
"@types/express": "^4.17.17",
"@types/jest": "^29.5.2",
"@types/node": "^20.3.1",
"@types/passport-jwt": "^4.0.0",
"@types/supertest": "^6.0.0",
"@types/uuid": "^9.0.0",
"@typescript-eslint/eslint-plugin": "^6.0.0",
"@typescript-eslint/parser": "^6.0.0",
"eslint": "^8.42.0",
"eslint-config-prettier": "^9.0.0",
"eslint-plugin-prettier": "^5.0.0",
"jest": "^29.5.0",
"prettier": "^3.0.0",
"prisma": "^5.7.0",
"source-map-support": "^0.5.21",
"supertest": "^6.3.3",
"ts-jest": "^29.1.0",
"ts-loader": "^9.4.3",
"ts-node": "^10.9.1",
"tsconfig-paths": "^4.2.0",
"typescript": "^5.1.3"
},
"jest": {
"moduleFileExtensions": ["js", "json", "ts"],
"rootDir": "src",
"testRegex": ".*\\.spec\\.ts$",
"transform": {
"^.+\\.(t|j)s$": "ts-jest"
},
"collectCoverageFrom": ["**/*.(t|j)s"],
"coverageDirectory": "../coverage",
"testEnvironment": "node",
"moduleNameMapper": {
"^@/(.*)$": "<rootDir>/$1"
}
}
}

0
backend/services/authorization-service/prisma/migrations/.gitkeep Normal file
View File

374
backend/services/authorization-service/prisma/schema.prisma Normal file
View File

@ -0,0 +1,374 @@
// This is your Prisma schema file,
// learn more about it in the docs: https://pris.ly/d/prisma-schema
generator client {
provider = "prisma-client-js"
}
datasource db {
provider = "postgresql"
url = env("DATABASE_URL")
}
// ============ 授权角色表 ============
model AuthorizationRole {
id String @id @default(uuid())
userId String @map("user_id")
roleType RoleType @map("role_type")
regionCode String @map("region_code")
regionName String @map("region_name")
status AuthorizationStatus @default(PENDING)
displayTitle String @map("display_title")
// 授权信息
authorizedAt DateTime? @map("authorized_at")
authorizedBy String? @map("authorized_by")
revokedAt DateTime? @map("revoked_at")
revokedBy String? @map("revoked_by")
revokeReason String? @map("revoke_reason")
// 考核配置
initialTargetTreeCount Int @map("initial_target_tree_count")
monthlyTargetType MonthlyTargetType @map("monthly_target_type")
// 自有团队占比
requireLocalPercentage Decimal @default(5.0) @map("require_local_percentage") @db.Decimal(5, 2)
exemptFromPercentageCheck Boolean @default(false) @map("exempt_from_percentage_check")
// 权益状态
benefitActive Boolean @default(false) @map("benefit_active")
benefitActivatedAt DateTime? @map("benefit_activated_at")
benefitDeactivatedAt DateTime? @map("benefit_deactivated_at")
// 当前考核月份索引
currentMonthIndex Int @default(0) @map("current_month_index")
// 时间戳
createdAt DateTime @default(now()) @map("created_at")
updatedAt DateTime @updatedAt @map("updated_at")
// 关联
assessments MonthlyAssessment[]
bypassRecords MonthlyBypass[]
@@unique([userId, roleType, regionCode])
@@index([userId])
@@index([roleType, regionCode])
@@index([status])
@@index([roleType, status])
@@map("authorization_roles")
}
// ============ 月度考核表 ============
model MonthlyAssessment {
id String @id @default(uuid())
authorizationId String @map("authorization_id")
userId String @map("user_id")
roleType RoleType @map("role_type")
regionCode String @map("region_code")
// 考核月份
assessmentMonth String @map("assessment_month") // YYYY-MM
monthIndex Int @map("month_index") // 第几个月考核
// 考核目标
monthlyTarget Int @map("monthly_target")
cumulativeTarget Int @map("cumulative_target")
// 完成情况
monthlyCompleted Int @default(0) @map("monthly_completed")
cumulativeCompleted Int @default(0) @map("cumulative_completed")
completedAt DateTime? @map("completed_at") // 达标时间(用于排名)
// 自有团队占比
localTeamCount Int @default(0) @map("local_team_count")
totalTeamCount Int @default(0) @map("total_team_count")
localPercentage Decimal @default(0) @map("local_percentage") @db.Decimal(5, 2)
localPercentagePass Boolean @default(false) @map("local_percentage_pass")
// 超越目标占比
exceedRatio Decimal @default(0) @map("exceed_ratio") @db.Decimal(10, 4)
// 考核结果
result AssessmentResult @default(NOT_ASSESSED)
// 排名
rankingInRegion Int? @map("ranking_in_region")
isFirstPlace Boolean @default(false) @map("is_first_place")
// 豁免
isBypassed Boolean @default(false) @map("is_bypassed")
bypassedBy String? @map("bypassed_by")
bypassedAt DateTime? @map("bypassed_at")
// 时间戳
assessedAt DateTime? @map("assessed_at")
createdAt DateTime @default(now()) @map("created_at")
updatedAt DateTime @updatedAt @map("updated_at")
// 关联
authorization AuthorizationRole @relation(fields: [authorizationId], references: [id])
@@unique([authorizationId, assessmentMonth])
@@index([userId, assessmentMonth])
@@index([roleType, regionCode, assessmentMonth])
@@index([assessmentMonth, result])
@@index([assessmentMonth, roleType, exceedRatio(sort: Desc)])
@@map("monthly_assessments")
}
// ============ 单月豁免记录表 ============
model MonthlyBypass {
id String @id @default(uuid())
authorizationId String @map("authorization_id")
userId String @map("user_id")
roleType RoleType @map("role_type")
bypassMonth String @map("bypass_month") // YYYY-MM
// 授权信息
grantedBy String @map("granted_by")
grantedAt DateTime @map("granted_at")
reason String?
// 审批信息(三人授权)
approver1Id String @map("approver1_id")
approver1At DateTime @map("approver1_at")
approver2Id String? @map("approver2_id")
approver2At DateTime? @map("approver2_at")
approver3Id String? @map("approver3_id")
approver3At DateTime? @map("approver3_at")
approvalStatus ApprovalStatus @default(PENDING) @map("approval_status")
createdAt DateTime @default(now()) @map("created_at")
authorization AuthorizationRole @relation(fields: [authorizationId], references: [id])
@@unique([authorizationId, bypassMonth])
@@index([userId, bypassMonth])
@@map("monthly_bypasses")
}
// ============ 阶梯考核目标配置表 ============
model LadderTargetConfig {
id String @id @default(uuid())
roleType RoleType @map("role_type")
monthIndex Int @map("month_index")
monthlyTarget Int @map("monthly_target")
cumulativeTarget Int @map("cumulative_target")
isActive Boolean @default(true) @map("is_active")
createdAt DateTime @default(now()) @map("created_at")
updatedAt DateTime @updatedAt @map("updated_at")
@@unique([roleType, monthIndex])
@@map("ladder_target_configs")
}
// ============ 认种限制配置表 ============
model PlantingRestriction {
id String @id @default(uuid())
restrictionType RestrictionType @map("restriction_type")
// 账户限制配置
accountLimitDays Int? @map("account_limit_days")
accountLimitCount Int? @map("account_limit_count")
// 总量限制配置
totalLimitDays Int? @map("total_limit_days")
totalLimitCount Int? @map("total_limit_count")
currentTotalCount Int @default(0) @map("current_total_count")
// 生效时间
startAt DateTime @map("start_at")
endAt DateTime @map("end_at")
isActive Boolean @default(true) @map("is_active")
createdBy String @map("created_by")
createdAt DateTime @default(now()) @map("created_at")
updatedAt DateTime @updatedAt @map("updated_at")
@@map("planting_restrictions")
}
// ============ 管理员授权审批表 ============
model AdminApproval {
id String @id @default(uuid())
operationType OperationType @map("operation_type")
targetId String @map("target_id")
targetType String @map("target_type")
requestData Json @map("request_data")
// 审批状态
status ApprovalStatus @default(PENDING)
// 审批人
requesterId String @map("requester_id")
approver1Id String? @map("approver1_id")
approver1At DateTime? @map("approver1_at")
approver2Id String? @map("approver2_id")
approver2At DateTime? @map("approver2_at")
approver3Id String? @map("approver3_id")
approver3At DateTime? @map("approver3_at")
// 完成信息
completedAt DateTime? @map("completed_at")
rejectedBy String? @map("rejected_by")
rejectedAt DateTime? @map("rejected_at")
rejectReason String? @map("reject_reason")
createdAt DateTime @default(now()) @map("created_at")
updatedAt DateTime @updatedAt @map("updated_at")
@@index([status])
@@index([targetId, targetType])
@@map("admin_approvals")
}
// ============ 授权操作日志表 ============
model AuthorizationAuditLog {
id String @id @default(uuid())
operationType String @map("operation_type")
targetUserId String @map("target_user_id")
targetRoleType RoleType? @map("target_role_type")
targetRegionCode String? @map("target_region_code")
operatorId String @map("operator_id")
operatorRole String @map("operator_role")
beforeState Json? @map("before_state")
afterState Json? @map("after_state")
ipAddress String? @map("ip_address")
userAgent String? @map("user_agent")
createdAt DateTime @default(now()) @map("created_at")
@@index([targetUserId])
@@index([operatorId])
@@index([createdAt])
@@map("authorization_audit_logs")
}
// ============ 省市热度统计表 ============
model RegionHeatMap {
id String @id @default(uuid())
regionCode String @map("region_code")
regionName String @map("region_name")
regionType RegionType @map("region_type")
totalPlantings Int @default(0) @map("total_plantings")
monthlyPlantings Int @default(0) @map("monthly_plantings")
weeklyPlantings Int @default(0) @map("weekly_plantings")
dailyPlantings Int @default(0) @map("daily_plantings")
activeUsers Int @default(0) @map("active_users")
authCompanyCount Int @default(0) @map("auth_company_count")
heatScore Decimal @default(0) @map("heat_score") @db.Decimal(10, 2)
updatedAt DateTime @updatedAt @map("updated_at")
@@unique([regionCode, regionType])
@@map("region_heat_maps")
}
// ============ 火柴人排名视图数据表 ============
model StickmanRanking {
id String @id @default(uuid())
userId String @map("user_id")
authorizationId String @map("authorization_id")
roleType RoleType @map("role_type")
regionCode String @map("region_code")
regionName String @map("region_name")
// 用户信息
nickname String
avatarUrl String? @map("avatar_url")
// 进度信息
currentMonth String @map("current_month")
cumulativeCompleted Int @map("cumulative_completed")
cumulativeTarget Int @map("cumulative_target")
progressPercentage Decimal @map("progress_percentage") @db.Decimal(5, 2)
exceedRatio Decimal @map("exceed_ratio") @db.Decimal(10, 4)
// 排名
ranking Int
isFirstPlace Boolean @map("is_first_place")
// 本月收益
monthlyRewardUsdt Decimal @map("monthly_reward_usdt") @db.Decimal(18, 2)
monthlyRewardRwad Decimal @map("monthly_reward_rwad") @db.Decimal(18, 8)
updatedAt DateTime @updatedAt @map("updated_at")
@@unique([authorizationId, currentMonth])
@@index([roleType, regionCode, currentMonth])
@@map("stickman_rankings")
}
// ============ 系统配置表 ============
model AuthorizationConfig {
id String @id @default(uuid())
configKey String @unique @map("config_key")
configValue String @map("config_value")
description String?
isActive Boolean @default(true) @map("is_active")
createdAt DateTime @default(now()) @map("created_at")
updatedAt DateTime @updatedAt @map("updated_at")
@@map("authorization_configs")
}
// ============ 枚举定义 ============
enum RoleType {
COMMUNITY // 社区
AUTH_PROVINCE_COMPANY // 授权省公司团队权益20U
PROVINCE_COMPANY // 正式省公司区域权益15U+1%算力)
AUTH_CITY_COMPANY // 授权市公司团队权益40U
CITY_COMPANY // 正式市公司区域权益35U+2%算力)
}
enum AuthorizationStatus {
PENDING // 待授权/待考核
AUTHORIZED // 已授权
REVOKED // 已撤销
}
enum AssessmentResult {
NOT_ASSESSED // 未考核
PASS // 达标
FAIL // 未达标
BYPASSED // 豁免
}
enum MonthlyTargetType {
NONE // 无月度考核(正式省市公司)
FIXED // 固定目标社区10棵/月)
LADDER // 阶梯目标(授权省市公司)
}
enum RestrictionType {
ACCOUNT_LIMIT // 账户限时限量
TOTAL_LIMIT // 总量限制
}
enum ApprovalStatus {
PENDING // 待审批
APPROVED // 已通过
REJECTED // 已拒绝
}
enum OperationType {
GRANT_AUTHORIZATION // 授予授权
REVOKE_AUTHORIZATION // 撤销授权
GRANT_BYPASS // 授予豁免
EXEMPT_PERCENTAGE // 豁免占比考核
MODIFY_CONFIG // 修改配置
}
enum RegionType {
PROVINCE // 省
CITY // 市
}

51
backend/services/authorization-service/src/api/controllers/admin-authorization.controller.ts Normal file
View File

@ -0,0 +1,51 @@
import { Controller, Post, Body, UseGuards, HttpCode, HttpStatus } from '@nestjs/common'
import { ApiTags, ApiOperation, ApiResponse, ApiBearerAuth } from '@nestjs/swagger'
import { AuthorizationApplicationService } from '@/application/services'
import { GrantProvinceCompanyCommand, GrantCityCompanyCommand } from '@/application/commands'
import { GrantProvinceCompanyDto, GrantCityCompanyDto } from '@/api/dto/request'
import { CurrentUser } from '@/shared/decorators'
import { JwtAuthGuard } from '@/shared/guards'
@ApiTags('Admin Authorization')
@Controller('admin/authorizations')
@UseGuards(JwtAuthGuard)
@ApiBearerAuth()
export class AdminAuthorizationController {
constructor(private readonly applicationService: AuthorizationApplicationService) {}
@Post('province-company')
@HttpCode(HttpStatus.CREATED)
@ApiOperation({ summary: '授权正式省公司(管理员)' })
@ApiResponse({ status: 201, description: '授权成功' })
async grantProvinceCompany(
@CurrentUser() user: { userId: string },
@Body() dto: GrantProvinceCompanyDto,
): Promise<{ message: string }> {
const command = new GrantProvinceCompanyCommand(
dto.userId,
dto.provinceCode,
dto.provinceName,
user.userId,
)
await this.applicationService.grantProvinceCompany(command)
return { message: '正式省公司授权成功' }
}
@Post('city-company')
@HttpCode(HttpStatus.CREATED)
@ApiOperation({ summary: '授权正式市公司(管理员)' })
@ApiResponse({ status: 201, description: '授权成功' })
async grantCityCompany(
@CurrentUser() user: { userId: string },
@Body() dto: GrantCityCompanyDto,
): Promise<{ message: string }> {
const command = new GrantCityCompanyCommand(
dto.userId,
dto.cityCode,
dto.cityName,
user.userId,
)
await this.applicationService.grantCityCompany(command)
return { message: '正式市公司授权成功' }
}
}

161
backend/services/authorization-service/src/api/controllers/authorization.controller.ts Normal file
View File

@ -0,0 +1,161 @@
import {
Controller,
Get,
Post,
Delete,
Param,
Body,
Query,
UseGuards,
HttpCode,
HttpStatus,
} from '@nestjs/common'
import {
ApiTags,
ApiOperation,
ApiResponse,
ApiBearerAuth,
ApiParam,
ApiQuery,
} from '@nestjs/swagger'
import { AuthorizationApplicationService } from '@/application/services'
import {
ApplyCommunityAuthCommand,
ApplyAuthProvinceCompanyCommand,
ApplyAuthCityCompanyCommand,
RevokeAuthorizationCommand,
GrantMonthlyBypassCommand,
ExemptLocalPercentageCheckCommand,
} from '@/application/commands'
import {
ApplyCommunityAuthDto,
ApplyAuthProvinceDto,
ApplyAuthCityDto,
RevokeAuthorizationDto,
GrantMonthlyBypassDto,
} from '@/api/dto/request'
import {
AuthorizationResponse,
ApplyAuthorizationResponse,
StickmanRankingResponse,
} from '@/api/dto/response'
import { CurrentUser } from '@/shared/decorators'
import { JwtAuthGuard } from '@/shared/guards'
import { RoleType } from '@/domain/enums'
@ApiTags('Authorization')
@Controller('authorizations')
@UseGuards(JwtAuthGuard)
@ApiBearerAuth()
export class AuthorizationController {
constructor(private readonly applicationService: AuthorizationApplicationService) {}
@Post('community')
@ApiOperation({ summary: '申请社区授权' })
@ApiResponse({ status: 201, type: ApplyAuthorizationResponse })
async applyCommunityAuth(
@CurrentUser() user: { userId: string },
@Body() dto: ApplyCommunityAuthDto,
): Promise<ApplyAuthorizationResponse> {
const command = new ApplyCommunityAuthCommand(user.userId, dto.communityName)
return await this.applicationService.applyCommunityAuth(command)
}
@Post('province')
@ApiOperation({ summary: '申请授权省公司' })
@ApiResponse({ status: 201, type: ApplyAuthorizationResponse })
async applyAuthProvinceCompany(
@CurrentUser() user: { userId: string },
@Body() dto: ApplyAuthProvinceDto,
): Promise<ApplyAuthorizationResponse> {
const command = new ApplyAuthProvinceCompanyCommand(
user.userId,
dto.provinceCode,
dto.provinceName,
)
return await this.applicationService.applyAuthProvinceCompany(command)
}
@Post('city')
@ApiOperation({ summary: '申请授权市公司' })
@ApiResponse({ status: 201, type: ApplyAuthorizationResponse })
async applyAuthCityCompany(
@CurrentUser() user: { userId: string },
@Body() dto: ApplyAuthCityDto,
): Promise<ApplyAuthorizationResponse> {
const command = new ApplyAuthCityCompanyCommand(user.userId, dto.cityCode, dto.cityName)
return await this.applicationService.applyAuthCityCompany(command)
}
@Get('my')
@ApiOperation({ summary: '获取我的授权列表' })
@ApiResponse({ status: 200, type: [AuthorizationResponse] })
async getMyAuthorizations(
@CurrentUser() user: { userId: string },
): Promise<AuthorizationResponse[]> {
return await this.applicationService.getUserAuthorizations(user.userId)
}
@Get(':id')
@ApiOperation({ summary: '获取授权详情' })
@ApiParam({ name: 'id', description: '授权ID' })
@ApiResponse({ status: 200, type: AuthorizationResponse })
async getAuthorizationById(@Param('id') id: string): Promise<AuthorizationResponse | null> {
return await this.applicationService.getAuthorizationById(id)
}
@Get('ranking/stickman')
@ApiOperation({ summary: '获取火柴人排名' })
@ApiQuery({ name: 'month', description: '月份 (YYYY-MM)', example: '2024-01' })
@ApiQuery({ name: 'roleType', description: '角色类型', enum: RoleType })
@ApiQuery({ name: 'regionCode', description: '区域代码' })
@ApiResponse({ status: 200, type: [StickmanRankingResponse] })
async getStickmanRanking(
@Query('month') month: string,
@Query('roleType') roleType: RoleType,
@Query('regionCode') regionCode: string,
): Promise<StickmanRankingResponse[]> {
return await this.applicationService.getStickmanRanking(month, roleType, regionCode)
}
@Delete(':id')
@HttpCode(HttpStatus.NO_CONTENT)
@ApiOperation({ summary: '撤销授权(管理员)' })
@ApiParam({ name: 'id', description: '授权ID' })
@ApiResponse({ status: 204 })
async revokeAuthorization(
@Param('id') id: string,
@CurrentUser() user: { userId: string },
@Body() dto: RevokeAuthorizationDto,
): Promise<void> {
const command = new RevokeAuthorizationCommand(id, user.userId, dto.reason)
await this.applicationService.revokeAuthorization(command)
}
@Post(':id/bypass')
@HttpCode(HttpStatus.NO_CONTENT)
@ApiOperation({ summary: '授予单月豁免(管理员)' })
@ApiParam({ name: 'id', description: '授权ID' })
@ApiResponse({ status: 204 })
async grantMonthlyBypass(
@Param('id') id: string,
@CurrentUser() user: { userId: string },
@Body() dto: GrantMonthlyBypassDto,
): Promise<void> {
const command = new GrantMonthlyBypassCommand(id, dto.month, user.userId, dto.reason)
await this.applicationService.grantMonthlyBypass(command)
}
@Post(':id/exempt-percentage')
@HttpCode(HttpStatus.NO_CONTENT)
@ApiOperation({ summary: '豁免占比考核(管理员)' })
@ApiParam({ name: 'id', description: '授权ID' })
@ApiResponse({ status: 204 })
async exemptLocalPercentageCheck(
@Param('id') id: string,
@CurrentUser() user: { userId: string },
): Promise<void> {
const command = new ExemptLocalPercentageCheckCommand(id, user.userId)
await this.applicationService.exemptLocalPercentageCheck(command)
}
}

2
backend/services/authorization-service/src/api/controllers/index.ts Normal file
View File

@ -0,0 +1,2 @@
export * from './authorization.controller'
export * from './admin-authorization.controller'

16
backend/services/authorization-service/src/api/dto/request/apply-auth-city.dto.ts Normal file
View File

@ -0,0 +1,16 @@
import { IsString, IsNotEmpty, MaxLength } from 'class-validator'
import { ApiProperty } from '@nestjs/swagger'
export class ApplyAuthCityDto {
@ApiProperty({ description: '城市代码', example: '430100' })
@IsString()
@IsNotEmpty({ message: '城市代码不能为空' })
@MaxLength(20, { message: '城市代码最大20字符' })
cityCode: string
@ApiProperty({ description: '城市名称', example: '长沙市' })
@IsString()
@IsNotEmpty({ message: '城市名称不能为空' })
@MaxLength(50, { message: '城市名称最大50字符' })
cityName: string
}

16
backend/services/authorization-service/src/api/dto/request/apply-auth-province.dto.ts Normal file
View File

@ -0,0 +1,16 @@
import { IsString, IsNotEmpty, MaxLength } from 'class-validator'
import { ApiProperty } from '@nestjs/swagger'
export class ApplyAuthProvinceDto {
@ApiProperty({ description: '省份代码', example: '430000' })
@IsString()
@IsNotEmpty({ message: '省份代码不能为空' })
@MaxLength(20, { message: '省份代码最大20字符' })
provinceCode: string
@ApiProperty({ description: '省份名称', example: '湖南省' })
@IsString()
@IsNotEmpty({ message: '省份名称不能为空' })
@MaxLength(50, { message: '省份名称最大50字符' })
provinceName: string
}

10
backend/services/authorization-service/src/api/dto/request/apply-community-auth.dto.ts Normal file
View File

@ -0,0 +1,10 @@
import { IsString, IsNotEmpty, MaxLength } from 'class-validator'
import { ApiProperty } from '@nestjs/swagger'
export class ApplyCommunityAuthDto {
@ApiProperty({ description: '社区名称', example: '量子社区' })
@IsString()
@IsNotEmpty({ message: '社区名称不能为空' })
@MaxLength(50, { message: '社区名称最大50字符' })
communityName: string
}

21
backend/services/authorization-service/src/api/dto/request/grant-city-company.dto.ts Normal file
View File

@ -0,0 +1,21 @@
import { IsString, IsNotEmpty, MaxLength } from 'class-validator'
import { ApiProperty } from '@nestjs/swagger'
export class GrantCityCompanyDto {
@ApiProperty({ description: '用户ID' })
@IsString()
@IsNotEmpty({ message: '用户ID不能为空' })
userId: string
@ApiProperty({ description: '城市代码', example: '430100' })
@IsString()
@IsNotEmpty({ message: '城市代码不能为空' })
@MaxLength(20, { message: '城市代码最大20字符' })
cityCode: string
@ApiProperty({ description: '城市名称', example: '长沙市' })
@IsString()
@IsNotEmpty({ message: '城市名称不能为空' })
@MaxLength(50, { message: '城市名称最大50字符' })
cityName: string
}

16
backend/services/authorization-service/src/api/dto/request/grant-monthly-bypass.dto.ts Normal file
View File

@ -0,0 +1,16 @@
import { IsString, IsNotEmpty, IsOptional, MaxLength, Matches } from 'class-validator'
import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger'
export class GrantMonthlyBypassDto {
@ApiProperty({ description: '豁免月份', example: '2024-01' })
@IsString()
@IsNotEmpty({ message: '豁免月份不能为空' })
@Matches(/^\d{4}-\d{2}$/, { message: '月份格式应为YYYY-MM' })
month: string
@ApiPropertyOptional({ description: '豁免原因', example: '特殊情况' })
@IsOptional()
@IsString()
@MaxLength(200, { message: '豁免原因最大200字符' })
reason?: string
}

21
backend/services/authorization-service/src/api/dto/request/grant-province-company.dto.ts Normal file
View File

@ -0,0 +1,21 @@
import { IsString, IsNotEmpty, MaxLength } from 'class-validator'
import { ApiProperty } from '@nestjs/swagger'
export class GrantProvinceCompanyDto {
@ApiProperty({ description: '用户ID' })
@IsString()
@IsNotEmpty({ message: '用户ID不能为空' })
userId: string
@ApiProperty({ description: '省份代码', example: '430000' })
@IsString()
@IsNotEmpty({ message: '省份代码不能为空' })
@MaxLength(20, { message: '省份代码最大20字符' })
provinceCode: string
@ApiProperty({ description: '省份名称', example: '湖南省' })
@IsString()
@IsNotEmpty({ message: '省份名称不能为空' })
@MaxLength(50, { message: '省份名称最大50字符' })
provinceName: string
}

7
backend/services/authorization-service/src/api/dto/request/index.ts Normal file
View File

@ -0,0 +1,7 @@
export * from './apply-community-auth.dto'
export * from './apply-auth-province.dto'
export * from './apply-auth-city.dto'
export * from './grant-province-company.dto'
export * from './grant-city-company.dto'
export * from './revoke-authorization.dto'
export * from './grant-monthly-bypass.dto'

10
backend/services/authorization-service/src/api/dto/request/revoke-authorization.dto.ts Normal file
View File

@ -0,0 +1,10 @@
import { IsString, IsNotEmpty, MaxLength } from 'class-validator'
import { ApiProperty } from '@nestjs/swagger'
export class RevokeAuthorizationDto {
@ApiProperty({ description: '撤销原因', example: '违规操作' })
@IsString()
@IsNotEmpty({ message: '撤销原因不能为空' })
@MaxLength(200, { message: '撤销原因最大200字符' })
reason: string
}

113
backend/services/authorization-service/src/api/dto/response/authorization.response.ts Normal file
View File

@ -0,0 +1,113 @@
import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger'
import { RoleType, AuthorizationStatus } from '@/domain/enums'
export class AuthorizationResponse {
@ApiProperty({ description: '授权ID' })
authorizationId: string
@ApiProperty({ description: '用户ID' })
userId: string
@ApiProperty({ description: '角色类型', enum: RoleType })
roleType: RoleType
@ApiProperty({ description: '区域代码' })
regionCode: string
@ApiProperty({ description: '区域名称' })
regionName: string
@ApiProperty({ description: '授权状态', enum: AuthorizationStatus })
status: AuthorizationStatus
@ApiProperty({ description: '显示标题' })
displayTitle: string
@ApiProperty({ description: '权益是否激活' })
benefitActive: boolean
@ApiProperty({ description: '当前考核月份索引' })
currentMonthIndex: number
@ApiProperty({ description: '本地占比要求' })
requireLocalPercentage: number
@ApiProperty({ description: '是否豁免占比考核' })
exemptFromPercentageCheck: boolean
@ApiProperty({ description: '创建时间' })
createdAt: Date
@ApiProperty({ description: '更新时间' })
updatedAt: Date
}
export class ApplyAuthorizationResponse {
@ApiProperty({ description: '授权ID' })
authorizationId: string
@ApiProperty({ description: '授权状态' })
status: string
@ApiProperty({ description: '权益是否激活' })
benefitActive: boolean
@ApiPropertyOptional({ description: '显示标题' })
displayTitle?: string
@ApiProperty({ description: '消息提示' })
message: string
@ApiProperty({ description: '当前认种数量' })
currentTreeCount: number
@ApiProperty({ description: '所需认种数量' })
requiredTreeCount: number
}
export class StickmanRankingResponse {
@ApiProperty({ description: '用户ID' })
userId: string
@ApiProperty({ description: '授权ID' })
authorizationId: string
@ApiProperty({ description: '角色类型', enum: RoleType })
roleType: RoleType
@ApiProperty({ description: '区域代码' })
regionCode: string
@ApiPropertyOptional({ description: '昵称' })
nickname?: string
@ApiPropertyOptional({ description: '头像URL' })
avatarUrl?: string
@ApiProperty({ description: '排名' })
ranking: number
@ApiProperty({ description: '是否第一名' })
isFirstPlace: boolean
@ApiProperty({ description: '累计完成数量' })
cumulativeCompleted: number
@ApiProperty({ description: '累计目标数量' })
cumulativeTarget: number
@ApiProperty({ description: '最终目标数量' })
finalTarget: number
@ApiProperty({ description: '进度百分比' })
progressPercentage: number
@ApiProperty({ description: '超越比例' })
exceedRatio: number
@ApiProperty({ description: '本月USDT收益' })
monthlyRewardUsdt: number
@ApiProperty({ description: '本月RWAD收益' })
monthlyRewardRwad: number
}

1
backend/services/authorization-service/src/api/dto/response/index.ts Normal file
View File

@ -0,0 +1 @@
export * from './authorization.response'

97
backend/services/authorization-service/src/app.module.ts Normal file
View File

@ -0,0 +1,97 @@
import { Module } from '@nestjs/common'
import { ConfigModule } from '@nestjs/config'
import { ScheduleModule } from '@nestjs/schedule'
import { PassportModule } from '@nestjs/passport'
import { JwtModule } from '@nestjs/jwt'
// Config
import { appConfig, databaseConfig, redisConfig, kafkaConfig, jwtConfig } from '@/config'
// Infrastructure
import { PrismaService } from '@/infrastructure/persistence/prisma/prisma.service'
import {
AuthorizationRoleRepositoryImpl,
AUTHORIZATION_ROLE_REPOSITORY,
} from '@/infrastructure/persistence/repositories/authorization-role.repository.impl'
import {
MonthlyAssessmentRepositoryImpl,
MONTHLY_ASSESSMENT_REPOSITORY,
} from '@/infrastructure/persistence/repositories/monthly-assessment.repository.impl'
import { RedisModule } from '@/infrastructure/redis/redis.module'
import { KafkaModule } from '@/infrastructure/kafka/kafka.module'
// Application
import { AuthorizationApplicationService, REFERRAL_REPOSITORY, TEAM_STATISTICS_REPOSITORY } from '@/application/services'
import { MonthlyAssessmentScheduler } from '@/application/schedulers'
// API
import { AuthorizationController, AdminAuthorizationController } from '@/api/controllers'
// Shared
import { JwtStrategy } from '@/shared/strategies'
// Mock repositories for external services (should be replaced with actual implementations)
const MockReferralRepository = {
provide: REFERRAL_REPOSITORY,
useValue: {
findByUserId: async () => null,
getAllAncestors: async () => [],
getAllDescendants: async () => [],
},
}
const MockTeamStatisticsRepository = {
provide: TEAM_STATISTICS_REPOSITORY,
useValue: {
findByUserId: async () => ({
userId: '',
totalTeamPlantingCount: 0,
getProvinceTeamCount: () => 0,
getCityTeamCount: () => 0,
}),
},
}
@Module({
imports: [
ConfigModule.forRoot({
isGlobal: true,
load: [appConfig, databaseConfig, redisConfig, kafkaConfig, jwtConfig],
}),
ScheduleModule.forRoot(),
PassportModule.register({ defaultStrategy: 'jwt' }),
JwtModule.registerAsync({
useFactory: () => ({
secret: process.env.JWT_SECRET,
signOptions: { expiresIn: process.env.JWT_EXPIRES_IN || '7d' },
}),
}),
RedisModule,
KafkaModule,
],
controllers: [AuthorizationController, AdminAuthorizationController],
providers: [
// Prisma
PrismaService,
// Repositories
{
provide: AUTHORIZATION_ROLE_REPOSITORY,
useClass: AuthorizationRoleRepositoryImpl,
},
{
provide: MONTHLY_ASSESSMENT_REPOSITORY,
useClass: MonthlyAssessmentRepositoryImpl,
},
MockReferralRepository,
MockTeamStatisticsRepository,
// Application Services
AuthorizationApplicationService,
MonthlyAssessmentScheduler,
// Strategies
JwtStrategy,
],
})
export class AppModule {}

17
backend/services/authorization-service/src/application/commands/apply-auth-city-company.command.ts Normal file
View File

@ -0,0 +1,17 @@
export class ApplyAuthCityCompanyCommand {
constructor(
public readonly userId: string,
public readonly cityCode: string,
public readonly cityName: string,
) {}
}
export interface ApplyAuthCityCompanyResult {
authorizationId: string
status: string
benefitActive: boolean
displayTitle: string
message: string
currentTreeCount: number
requiredTreeCount: number
}

17
backend/services/authorization-service/src/application/commands/apply-auth-province-company.command.ts Normal file
View File

@ -0,0 +1,17 @@
export class ApplyAuthProvinceCompanyCommand {
constructor(
public readonly userId: string,
public readonly provinceCode: string,
public readonly provinceName: string,
) {}
}
export interface ApplyAuthProvinceCompanyResult {
authorizationId: string
status: string
benefitActive: boolean
displayTitle: string
message: string
currentTreeCount: number
requiredTreeCount: number
}

15
backend/services/authorization-service/src/application/commands/apply-community-auth.command.ts Normal file
View File

@ -0,0 +1,15 @@
export class ApplyCommunityAuthCommand {
constructor(
public readonly userId: string,
public readonly communityName: string,
) {}
}
export interface ApplyCommunityAuthResult {
authorizationId: string
status: string
benefitActive: boolean
message: string
currentTreeCount: number
requiredTreeCount: number
}

6
backend/services/authorization-service/src/application/commands/exempt-percentage-check.command.ts Normal file
View File

@ -0,0 +1,6 @@
export class ExemptLocalPercentageCheckCommand {
constructor(
public readonly authorizationId: string,
public readonly adminId: string,
) {}
}

8
backend/services/authorization-service/src/application/commands/grant-city-company.command.ts Normal file
View File

@ -0,0 +1,8 @@
export class GrantCityCompanyCommand {
constructor(
public readonly userId: string,
public readonly cityCode: string,
public readonly cityName: string,
public readonly adminId: string,
) {}
}

8
backend/services/authorization-service/src/application/commands/grant-monthly-bypass.command.ts Normal file
View File

@ -0,0 +1,8 @@
export class GrantMonthlyBypassCommand {
constructor(
public readonly authorizationId: string,
public readonly month: string,
public readonly adminId: string,
public readonly reason?: string,
) {}
}

8
backend/services/authorization-service/src/application/commands/grant-province-company.command.ts Normal file
View File

@ -0,0 +1,8 @@
export class GrantProvinceCompanyCommand {
constructor(
public readonly userId: string,
public readonly provinceCode: string,
public readonly provinceName: string,
public readonly adminId: string,
) {}
}

8
backend/services/authorization-service/src/application/commands/index.ts Normal file
View File

@ -0,0 +1,8 @@
export * from './apply-community-auth.command'
export * from './apply-auth-province-company.command'
export * from './apply-auth-city-company.command'
export * from './grant-province-company.command'
export * from './grant-city-company.command'
export * from './revoke-authorization.command'
export * from './grant-monthly-bypass.command'
export * from './exempt-percentage-check.command'

7
backend/services/authorization-service/src/application/commands/revoke-authorization.command.ts Normal file
View File

@ -0,0 +1,7 @@
export class RevokeAuthorizationCommand {
constructor(
public readonly authorizationId: string,
public readonly adminId: string,
public readonly reason: string,
) {}
}

56
backend/services/authorization-service/src/application/dto/authorization.dto.ts Normal file
View File

@ -0,0 +1,56 @@
import { RoleType, AuthorizationStatus } from '@/domain/enums'
export interface AuthorizationDTO {
authorizationId: string
userId: string
roleType: RoleType
regionCode: string
regionName: string
status: AuthorizationStatus
displayTitle: string
benefitActive: boolean
currentMonthIndex: number
requireLocalPercentage: number
exemptFromPercentageCheck: boolean
createdAt: Date
updatedAt: Date
}
export interface StickmanRankingDTO {
userId: string
authorizationId: string
roleType: RoleType
regionCode: string
nickname?: string
avatarUrl?: string
ranking: number
isFirstPlace: boolean
cumulativeCompleted: number
cumulativeTarget: number
finalTarget: number
progressPercentage: number
exceedRatio: number
monthlyRewardUsdt: number
monthlyRewardRwad: number
}
export interface MonthlyAssessmentDTO {
assessmentId: string
authorizationId: string
userId: string
roleType: RoleType
regionCode: string
assessmentMonth: string
monthIndex: number
monthlyTarget: number
cumulativeTarget: number
monthlyCompleted: number
cumulativeCompleted: number
localPercentage: number
localPercentagePass: boolean
exceedRatio: number
result: string
rankingInRegion: number | null
isFirstPlace: boolean
isBypassed: boolean
}

1
backend/services/authorization-service/src/application/dto/index.ts Normal file
View File

@ -0,0 +1 @@
export * from './authorization.dto'

1
backend/services/authorization-service/src/application/schedulers/index.ts Normal file
View File

@ -0,0 +1 @@
export * from './monthly-assessment.scheduler'

185
backend/services/authorization-service/src/application/schedulers/monthly-assessment.scheduler.ts Normal file
View File

@ -0,0 +1,185 @@
import { Injectable, Inject, Logger } from '@nestjs/common'
import { Cron, CronExpression } from '@nestjs/schedule'
import { AuthorizationRole } from '@/domain/aggregates'
import { Month, RegionCode } from '@/domain/value-objects'
import { RoleType, AssessmentResult } from '@/domain/enums'
import {
IAuthorizationRoleRepository,
AUTHORIZATION_ROLE_REPOSITORY,
IMonthlyAssessmentRepository,
MONTHLY_ASSESSMENT_REPOSITORY,
} from '@/domain/repositories'
import { AssessmentCalculatorService, ITeamStatisticsRepository } from '@/domain/services'
import { EventPublisherService } from '@/infrastructure/kafka'
import { TEAM_STATISTICS_REPOSITORY } from '@/application/services'
@Injectable()
export class MonthlyAssessmentScheduler {
private readonly logger = new Logger(MonthlyAssessmentScheduler.name)
private readonly calculatorService = new AssessmentCalculatorService()
constructor(
@Inject(AUTHORIZATION_ROLE_REPOSITORY)
private readonly authorizationRepository: IAuthorizationRoleRepository,
@Inject(MONTHLY_ASSESSMENT_REPOSITORY)
private readonly assessmentRepository: IMonthlyAssessmentRepository,
@Inject(TEAM_STATISTICS_REPOSITORY)
private readonly statsRepository: ITeamStatisticsRepository,
private readonly eventPublisher: EventPublisherService,
) {}
/**
* 12
*/
@Cron('0 2 1 * *')
async executeMonthlyAssessment(): Promise<void> {
this.logger.log('开始执行月度考核...')
const previousMonth = Month.current().previous()
try {
// 1. 获取所有激活的授权
const activeAuths = await this.authorizationRepository.findAllActive()
// 2. 按角色类型和区域分组处理
const groupedByRoleAndRegion = this.groupByRoleAndRegion(activeAuths)
for (const [key, auths] of groupedByRoleAndRegion) {
const [roleTypeStr, regionCodeStr] = key.split('|')
const roleType = roleTypeStr as RoleType
// 跳过正式省市公司(无月度考核)
if (roleType === RoleType.PROVINCE_COMPANY || roleType === RoleType.CITY_COMPANY) {
continue
}
// 执行考核并排名
const assessments = await this.calculatorService.assessAndRankRegion(
roleType,
RegionCode.create(regionCodeStr),
previousMonth,
this.authorizationRepository,
this.statsRepository,
this.assessmentRepository,
)
// 保存考核结果
await this.assessmentRepository.saveAll(assessments)
// 处理不达标的授权
for (const assessment of assessments) {
if (assessment.result === AssessmentResult.FAIL) {
const auth = auths.find((a) =>
a.authorizationId.equals(assessment.authorizationId),
)
if (auth) {
// 权益失效
auth.deactivateBenefit('月度考核不达标')
await this.authorizationRepository.save(auth)
await this.eventPublisher.publishAll(auth.domainEvents)
auth.clearDomainEvents()
}
} else if (assessment.isPassed()) {
// 达标,递增月份索引
const auth = auths.find((a) =>
a.authorizationId.equals(assessment.authorizationId),
)
if (auth) {
auth.incrementMonthIndex()
await this.authorizationRepository.save(auth)
}
}
await this.eventPublisher.publishAll(assessment.domainEvents)
assessment.clearDomainEvents()
}
}
this.logger.log('月度考核执行完成')
} catch (error) {
this.logger.error('月度考核执行失败', error)
throw error
}
}
/**
* 1
*/
@Cron('0 1 * * *')
async updateStickmanRankings(): Promise<void> {
this.logger.log('开始更新火柴人排名数据...')
try {
const currentMonth = Month.current()
// 获取所有激活的授权省/市公司
const activeAuths = await this.authorizationRepository.findAllActive()
const provinceAuths = activeAuths.filter(
(a) => a.roleType === RoleType.AUTH_PROVINCE_COMPANY,
)
const cityAuths = activeAuths.filter(
(a) => a.roleType === RoleType.AUTH_CITY_COMPANY,
)
// 按区域分组并更新排名
const provinceRegions = new Set(provinceAuths.map((a) => a.regionCode.value))
const cityRegions = new Set(cityAuths.map((a) => a.regionCode.value))
for (const regionCode of provinceRegions) {
await this.updateRegionRankings(
RoleType.AUTH_PROVINCE_COMPANY,
regionCode,
currentMonth,
)
}
for (const regionCode of cityRegions) {
await this.updateRegionRankings(
RoleType.AUTH_CITY_COMPANY,
regionCode,
currentMonth,
)
}
this.logger.log('火柴人排名数据更新完成')
} catch (error) {
this.logger.error('火柴人排名数据更新失败', error)
}
}
private async updateRegionRankings(
roleType: RoleType,
regionCode: string,
currentMonth: Month,
): Promise<void> {
const assessments = await this.calculatorService.assessAndRankRegion(
roleType,
RegionCode.create(regionCode),
currentMonth,
this.authorizationRepository,
this.statsRepository,
this.assessmentRepository,
)
await this.assessmentRepository.saveAll(assessments)
}
private groupByRoleAndRegion(
authorizations: AuthorizationRole[],
): Map<string, AuthorizationRole[]> {
const map = new Map<string, AuthorizationRole[]>()
for (const auth of authorizations) {
const key = `${auth.roleType}|${auth.regionCode.value}`
const list = map.get(key) || []
list.push(auth)
map.set(key, list)
}
return map
}
}

446
backend/services/authorization-service/src/application/services/authorization-application.service.ts Normal file
View File

@ -0,0 +1,446 @@
import { Injectable, Inject, Logger } from '@nestjs/common'
import { AuthorizationRole, MonthlyAssessment } from '@/domain/aggregates'
import { LadderTargetRule } from '@/domain/entities'
import {
UserId,
AdminUserId,
RegionCode,
AuthorizationId,
Month,
} from '@/domain/value-objects'
import { RoleType, AuthorizationStatus } from '@/domain/enums'
import {
IAuthorizationRoleRepository,
AUTHORIZATION_ROLE_REPOSITORY,
IMonthlyAssessmentRepository,
MONTHLY_ASSESSMENT_REPOSITORY,
} from '@/domain/repositories'
import {
AuthorizationValidatorService,
IReferralRepository,
ITeamStatisticsRepository,
TeamStatistics,
} from '@/domain/services'
import { EventPublisherService } from '@/infrastructure/kafka'
import { ApplicationError, NotFoundError } from '@/shared/exceptions'
import {
ApplyCommunityAuthCommand,
ApplyCommunityAuthResult,
ApplyAuthProvinceCompanyCommand,
ApplyAuthProvinceCompanyResult,
ApplyAuthCityCompanyCommand,
ApplyAuthCityCompanyResult,
GrantProvinceCompanyCommand,
GrantCityCompanyCommand,
RevokeAuthorizationCommand,
GrantMonthlyBypassCommand,
ExemptLocalPercentageCheckCommand,
} from '@/application/commands'
import { AuthorizationDTO, StickmanRankingDTO } from '@/application/dto'
export const REFERRAL_REPOSITORY = Symbol('IReferralRepository')
export const TEAM_STATISTICS_REPOSITORY = Symbol('ITeamStatisticsRepository')
@Injectable()
export class AuthorizationApplicationService {
private readonly logger = new Logger(AuthorizationApplicationService.name)
private readonly validatorService = new AuthorizationValidatorService()
constructor(
@Inject(AUTHORIZATION_ROLE_REPOSITORY)
private readonly authorizationRepository: IAuthorizationRoleRepository,
@Inject(MONTHLY_ASSESSMENT_REPOSITORY)
private readonly assessmentRepository: IMonthlyAssessmentRepository,
@Inject(REFERRAL_REPOSITORY)
private readonly referralRepository: IReferralRepository,
@Inject(TEAM_STATISTICS_REPOSITORY)
private readonly statsRepository: ITeamStatisticsRepository,
private readonly eventPublisher: EventPublisherService,
) {}
/**
*
*/
async applyCommunityAuth(
command: ApplyCommunityAuthCommand,
): Promise<ApplyCommunityAuthResult> {
const userId = UserId.create(command.userId)
// 1. 检查是否已有社区授权
const existing = await this.authorizationRepository.findByUserIdAndRoleType(
userId,
RoleType.COMMUNITY,
)
if (existing && existing.status !== AuthorizationStatus.REVOKED) {
throw new ApplicationError('您已申请过社区授权')
}
// 2. 创建社区授权
const authorization = AuthorizationRole.createCommunityAuth({
userId,
communityName: command.communityName,
})
// 3. 检查初始考核10棵
const teamStats = await this.statsRepository.findByUserId(userId.value)
const totalTreeCount = teamStats?.totalTeamPlantingCount || 0
if (totalTreeCount >= authorization.getInitialTarget()) {
// 达标,激活权益
authorization.activateBenefit()
}
await this.authorizationRepository.save(authorization)
await this.eventPublisher.publishAll(authorization.domainEvents)
authorization.clearDomainEvents()
return {
authorizationId: authorization.authorizationId.value,
status: authorization.status,
benefitActive: authorization.benefitActive,
message: authorization.benefitActive
? '社区权益已激活'
: `需要团队累计认种达到${authorization.getInitialTarget()}棵才能激活`,
currentTreeCount: totalTreeCount,
requiredTreeCount: authorization.getInitialTarget(),
}
}
/**
*
*/
async applyAuthProvinceCompany(
command: ApplyAuthProvinceCompanyCommand,
): Promise<ApplyAuthProvinceCompanyResult> {
const userId = UserId.create(command.userId)
const regionCode = RegionCode.create(command.provinceCode)
// 1. 验证授权申请(团队内唯一性)
const validation = await this.validatorService.validateAuthorizationRequest(
userId,
RoleType.AUTH_PROVINCE_COMPANY,
regionCode,
this.referralRepository,
this.authorizationRepository,
)
if (!validation.isValid) {
throw new ApplicationError(validation.errorMessage!)
}
// 2. 创建授权
const authorization = AuthorizationRole.createAuthProvinceCompany({
userId,
provinceCode: command.provinceCode,
provinceName: command.provinceName,
})
// 3. 检查初始考核500棵
const teamStats = await this.statsRepository.findByUserId(userId.value)
const totalTreeCount = teamStats?.totalTeamPlantingCount || 0
if (totalTreeCount >= authorization.getInitialTarget()) {
// 达标,激活权益并创建首月考核
authorization.activateBenefit()
await this.createInitialAssessment(authorization, teamStats!)
}
await this.authorizationRepository.save(authorization)
await this.eventPublisher.publishAll(authorization.domainEvents)
authorization.clearDomainEvents()
return {
authorizationId: authorization.authorizationId.value,
status: authorization.status,
benefitActive: authorization.benefitActive,
displayTitle: authorization.displayTitle,
message: authorization.benefitActive
? '授权省公司权益已激活,开始阶梯考核'
: `需要团队累计认种达到${authorization.getInitialTarget()}棵才能激活`,
currentTreeCount: totalTreeCount,
requiredTreeCount: authorization.getInitialTarget(),
}
}
/**
*
*/
async applyAuthCityCompany(
command: ApplyAuthCityCompanyCommand,
): Promise<ApplyAuthCityCompanyResult> {
const userId = UserId.create(command.userId)
const regionCode = RegionCode.create(command.cityCode)
// 1. 验证
const validation = await this.validatorService.validateAuthorizationRequest(
userId,
RoleType.AUTH_CITY_COMPANY,
regionCode,
this.referralRepository,
this.authorizationRepository,
)
if (!validation.isValid) {
throw new ApplicationError(validation.errorMessage!)
}
// 2. 创建授权
const authorization = AuthorizationRole.createAuthCityCompany({
userId,
cityCode: command.cityCode,
cityName: command.cityName,
})
// 3. 检查初始考核100棵
const teamStats = await this.statsRepository.findByUserId(userId.value)
const totalTreeCount = teamStats?.totalTeamPlantingCount || 0
if (totalTreeCount >= authorization.getInitialTarget()) {
authorization.activateBenefit()
await this.createInitialAssessment(authorization, teamStats!)
}
await this.authorizationRepository.save(authorization)
await this.eventPublisher.publishAll(authorization.domainEvents)
authorization.clearDomainEvents()
return {
authorizationId: authorization.authorizationId.value,
status: authorization.status,
benefitActive: authorization.benefitActive,
displayTitle: authorization.displayTitle,
message: authorization.benefitActive
? '授权市公司权益已激活,开始阶梯考核'
: `需要团队累计认种达到${authorization.getInitialTarget()}棵才能激活`,
currentTreeCount: totalTreeCount,
requiredTreeCount: authorization.getInitialTarget(),
}
}
/**
*
*/
async grantProvinceCompany(command: GrantProvinceCompanyCommand): Promise<void> {
const userId = UserId.create(command.userId)
const adminId = AdminUserId.create(command.adminId)
const authorization = AuthorizationRole.createProvinceCompany({
userId,
provinceCode: command.provinceCode,
provinceName: command.provinceName,
adminId,
})
await this.authorizationRepository.save(authorization)
await this.eventPublisher.publishAll(authorization.domainEvents)
authorization.clearDomainEvents()
}
/**
*
*/
async grantCityCompany(command: GrantCityCompanyCommand): Promise<void> {
const userId = UserId.create(command.userId)
const adminId = AdminUserId.create(command.adminId)
const authorization = AuthorizationRole.createCityCompany({
userId,
cityCode: command.cityCode,
cityName: command.cityName,
adminId,
})
await this.authorizationRepository.save(authorization)
await this.eventPublisher.publishAll(authorization.domainEvents)
authorization.clearDomainEvents()
}
/**
*
*/
async revokeAuthorization(command: RevokeAuthorizationCommand): Promise<void> {
const authorization = await this.authorizationRepository.findById(
AuthorizationId.create(command.authorizationId),
)
if (!authorization) {
throw new NotFoundError('授权不存在')
}
authorization.revoke(AdminUserId.create(command.adminId), command.reason)
await this.authorizationRepository.save(authorization)
await this.eventPublisher.publishAll(authorization.domainEvents)
authorization.clearDomainEvents()
}
/**
*
*/
async grantMonthlyBypass(command: GrantMonthlyBypassCommand): Promise<void> {
const assessment = await this.assessmentRepository.findByAuthorizationAndMonth(
AuthorizationId.create(command.authorizationId),
Month.create(command.month),
)
if (!assessment) {
throw new NotFoundError('考核记录不存在')
}
assessment.grantBypass(AdminUserId.create(command.adminId))
await this.assessmentRepository.save(assessment)
await this.eventPublisher.publishAll(assessment.domainEvents)
assessment.clearDomainEvents()
}
/**
*
*/
async exemptLocalPercentageCheck(command: ExemptLocalPercentageCheckCommand): Promise<void> {
const authorization = await this.authorizationRepository.findById(
AuthorizationId.create(command.authorizationId),
)
if (!authorization) {
throw new NotFoundError('授权不存在')
}
authorization.exemptLocalPercentageCheck(AdminUserId.create(command.adminId))
await this.authorizationRepository.save(authorization)
await this.eventPublisher.publishAll(authorization.domainEvents)
authorization.clearDomainEvents()
}
/**
*
*/
async getUserAuthorizations(userId: string): Promise<AuthorizationDTO[]> {
const authorizations = await this.authorizationRepository.findByUserId(
UserId.create(userId),
)
return authorizations.map((auth) => this.toAuthorizationDTO(auth))
}
/**
*
*/
async getAuthorizationById(authorizationId: string): Promise<AuthorizationDTO | null> {
const authorization = await this.authorizationRepository.findById(
AuthorizationId.create(authorizationId),
)
return authorization ? this.toAuthorizationDTO(authorization) : null
}
/**
*
*/
async getStickmanRanking(
month: string,
roleType: RoleType,
regionCode: string,
): Promise<StickmanRankingDTO[]> {
const assessments = await this.assessmentRepository.findRankingsByMonthAndRegion(
Month.create(month),
roleType,
RegionCode.create(regionCode),
)
const rankings: StickmanRankingDTO[] = []
const finalTarget = LadderTargetRule.getFinalTarget(roleType)
for (const assessment of assessments) {
rankings.push({
userId: assessment.userId.value,
authorizationId: assessment.authorizationId.value,
roleType: assessment.roleType,
regionCode: assessment.regionCode.value,
ranking: assessment.rankingInRegion || 0,
isFirstPlace: assessment.isFirstPlace,
cumulativeCompleted: assessment.cumulativeCompleted,
cumulativeTarget: assessment.cumulativeTarget,
finalTarget,
progressPercentage: (assessment.cumulativeCompleted / finalTarget) * 100,
exceedRatio: assessment.exceedRatio,
monthlyRewardUsdt: 0, // TODO: 从奖励服务获取
monthlyRewardRwad: 0,
})
}
return rankings
}
// 辅助方法
private async createInitialAssessment(
authorization: AuthorizationRole,
teamStats: TeamStatistics,
): Promise<void> {
const currentMonth = Month.current()
const target = LadderTargetRule.getTarget(authorization.roleType, 1)
const assessment = MonthlyAssessment.create({
authorizationId: authorization.authorizationId,
userId: authorization.userId,
roleType: authorization.roleType,
regionCode: authorization.regionCode,
assessmentMonth: currentMonth,
monthIndex: 1,
monthlyTarget: target.monthlyTarget,
cumulativeTarget: target.cumulativeTarget,
})
// 立即评估首月
const localTeamCount = this.getLocalTeamCount(
teamStats,
authorization.roleType,
authorization.regionCode,
)
assessment.assess({
cumulativeCompleted: teamStats.totalTeamPlantingCount,
localTeamCount,
totalTeamCount: teamStats.totalTeamPlantingCount,
requireLocalPercentage: authorization.requireLocalPercentage,
exemptFromPercentageCheck: authorization.exemptFromPercentageCheck,
})
await this.assessmentRepository.save(assessment)
await this.eventPublisher.publishAll(assessment.domainEvents)
assessment.clearDomainEvents()
}
private getLocalTeamCount(
teamStats: TeamStatistics,
roleType: RoleType,
regionCode: RegionCode,
): number {
if (roleType === RoleType.AUTH_PROVINCE_COMPANY) {
return teamStats.getProvinceTeamCount(regionCode.value)
} else if (roleType === RoleType.AUTH_CITY_COMPANY) {
return teamStats.getCityTeamCount(regionCode.value)
}
return 0
}
private toAuthorizationDTO(auth: AuthorizationRole): AuthorizationDTO {
return {
authorizationId: auth.authorizationId.value,
userId: auth.userId.value,
roleType: auth.roleType,
regionCode: auth.regionCode.value,
regionName: auth.regionName,
status: auth.status,
displayTitle: auth.displayTitle,
benefitActive: auth.benefitActive,
currentMonthIndex: auth.currentMonthIndex,
requireLocalPercentage: auth.requireLocalPercentage,
exemptFromPercentageCheck: auth.exemptFromPercentageCheck,
createdAt: auth.createdAt,
updatedAt: auth.updatedAt,
}
}
}

1
backend/services/authorization-service/src/application/services/index.ts Normal file
View File

@ -0,0 +1 @@
export * from './authorization-application.service'

4
backend/services/authorization-service/src/config/app.config.ts Normal file
View File

@ -0,0 +1,4 @@
export const appConfig = () => ({
port: parseInt(process.env.APP_PORT || '3002', 10),
env: process.env.APP_ENV || 'development',
})

3
backend/services/authorization-service/src/config/database.config.ts Normal file
View File

@ -0,0 +1,3 @@
export const databaseConfig = () => ({
databaseUrl: process.env.DATABASE_URL,
})

5
backend/services/authorization-service/src/config/index.ts Normal file
View File

@ -0,0 +1,5 @@
export * from './app.config'
export * from './database.config'
export * from './redis.config'
export * from './kafka.config'
export * from './jwt.config'

4
backend/services/authorization-service/src/config/jwt.config.ts Normal file
View File

@ -0,0 +1,4 @@
export const jwtConfig = () => ({
secret: process.env.JWT_SECRET || 'your-jwt-secret-key',
expiresIn: process.env.JWT_EXPIRES_IN || '7d',
})

5
backend/services/authorization-service/src/config/kafka.config.ts Normal file
View File

@ -0,0 +1,5 @@
export const kafkaConfig = () => ({
brokers: (process.env.KAFKA_BROKERS || 'localhost:9092').split(','),
clientId: process.env.KAFKA_CLIENT_ID || 'authorization-service',
consumerGroup: process.env.KAFKA_CONSUMER_GROUP || 'authorization-consumer-group',
})

5
backend/services/authorization-service/src/config/redis.config.ts Normal file
View File

@ -0,0 +1,5 @@
export const redisConfig = () => ({
host: process.env.REDIS_HOST || 'localhost',
port: parseInt(process.env.REDIS_PORT || '6379', 10),
password: process.env.REDIS_PASSWORD || '',
})

17
backend/services/authorization-service/src/domain/aggregates/aggregate-root.base.ts Normal file
View File

@ -0,0 +1,17 @@
import { IDomainEvent } from '@/domain/events'
export abstract class AggregateRoot {
private _domainEvents: IDomainEvent[] = []
get domainEvents(): IDomainEvent[] {
return [...this._domainEvents]
}
protected addDomainEvent(event: IDomainEvent): void {
this._domainEvents.push(event)
}
clearDomainEvents(): void {
this._domainEvents = []
}
}

193
backend/services/authorization-service/src/domain/aggregates/authorization-role.aggregate.spec.ts Normal file
View File

@ -0,0 +1,193 @@
import { AuthorizationRole } from './authorization-role.aggregate'
import { UserId, AdminUserId } from '@/domain/value-objects'
import { RoleType, AuthorizationStatus, MonthlyTargetType } from '@/domain/enums'
import { DomainError } from '@/shared/exceptions'
describe('AuthorizationRole Aggregate', () => {
describe('createCommunityAuth', () => {
it('should create community authorization', () => {
const auth = AuthorizationRole.createCommunityAuth({
userId: UserId.create('user-1'),
communityName: '量子社区',
})
expect(auth.roleType).toBe(RoleType.COMMUNITY)
expect(auth.status).toBe(AuthorizationStatus.PENDING)
expect(auth.displayTitle).toBe('量子社区')
expect(auth.benefitActive).toBe(false)
expect(auth.getInitialTarget()).toBe(10)
expect(auth.domainEvents.length).toBe(1)
expect(auth.domainEvents[0].eventType).toBe('authorization.community.requested')
})
})
describe('createAuthProvinceCompany', () => {
it('should create auth province company authorization', () => {
const auth = AuthorizationRole.createAuthProvinceCompany({
userId: UserId.create('user-1'),
provinceCode: '430000',
provinceName: '湖南省',
})
expect(auth.roleType).toBe(RoleType.AUTH_PROVINCE_COMPANY)
expect(auth.status).toBe(AuthorizationStatus.PENDING)
expect(auth.displayTitle).toBe('授权湖南省')
expect(auth.benefitActive).toBe(false)
expect(auth.getInitialTarget()).toBe(500)
expect(auth.requireLocalPercentage).toBe(5.0)
expect(auth.needsLadderAssessment()).toBe(true)
})
})
describe('createAuthCityCompany', () => {
it('should create auth city company authorization', () => {
const auth = AuthorizationRole.createAuthCityCompany({
userId: UserId.create('user-1'),
cityCode: '430100',
cityName: '长沙市',
})
expect(auth.roleType).toBe(RoleType.AUTH_CITY_COMPANY)
expect(auth.status).toBe(AuthorizationStatus.PENDING)
expect(auth.displayTitle).toBe('授权长沙市')
expect(auth.benefitActive).toBe(false)
expect(auth.getInitialTarget()).toBe(100)
})
})
describe('createProvinceCompany', () => {
it('should create official province company with active benefits', () => {
const adminId = AdminUserId.create('admin-1')
const auth = AuthorizationRole.createProvinceCompany({
userId: UserId.create('user-1'),
provinceCode: '430000',
provinceName: '湖南省',
adminId,
})
expect(auth.roleType).toBe(RoleType.PROVINCE_COMPANY)
expect(auth.status).toBe(AuthorizationStatus.AUTHORIZED)
expect(auth.displayTitle).toBe('湖南省')
expect(auth.benefitActive).toBe(true)
expect(auth.getInitialTarget()).toBe(0) // No initial target for official company
})
})
describe('activateBenefit', () => {
it('should activate benefit and emit event', () => {
const auth = AuthorizationRole.createCommunityAuth({
userId: UserId.create('user-1'),
communityName: '量子社区',
})
auth.clearDomainEvents()
auth.activateBenefit()
expect(auth.benefitActive).toBe(true)
expect(auth.status).toBe(AuthorizationStatus.AUTHORIZED)
expect(auth.currentMonthIndex).toBe(1)
expect(auth.domainEvents.length).toBe(1)
expect(auth.domainEvents[0].eventType).toBe('authorization.benefit.activated')
})
it('should throw error if already active', () => {
const auth = AuthorizationRole.createProvinceCompany({
userId: UserId.create('user-1'),
provinceCode: '430000',
provinceName: '湖南省',
adminId: AdminUserId.create('admin-1'),
})
expect(() => auth.activateBenefit()).toThrow(DomainError)
})
})
describe('deactivateBenefit', () => {
it('should deactivate benefit and reset month index', () => {
const auth = AuthorizationRole.createProvinceCompany({
userId: UserId.create('user-1'),
provinceCode: '430000',
provinceName: '湖南省',
adminId: AdminUserId.create('admin-1'),
})
auth.clearDomainEvents()
auth.deactivateBenefit('考核不达标')
expect(auth.benefitActive).toBe(false)
expect(auth.currentMonthIndex).toBe(0)
expect(auth.domainEvents.length).toBe(1)
expect(auth.domainEvents[0].eventType).toBe('authorization.benefit.deactivated')
})
})
describe('revoke', () => {
it('should revoke authorization', () => {
const auth = AuthorizationRole.createProvinceCompany({
userId: UserId.create('user-1'),
provinceCode: '430000',
provinceName: '湖南省',
adminId: AdminUserId.create('admin-1'),
})
auth.clearDomainEvents()
auth.revoke(AdminUserId.create('admin-2'), '违规操作')
expect(auth.status).toBe(AuthorizationStatus.REVOKED)
expect(auth.benefitActive).toBe(false)
expect(auth.revokeReason).toBe('违规操作')
expect(auth.domainEvents.length).toBe(1)
expect(auth.domainEvents[0].eventType).toBe('authorization.role.revoked')
})
it('should throw error if already revoked', () => {
const auth = AuthorizationRole.createProvinceCompany({
userId: UserId.create('user-1'),
provinceCode: '430000',
provinceName: '湖南省',
adminId: AdminUserId.create('admin-1'),
})
auth.revoke(AdminUserId.create('admin-2'), '违规操作')
expect(() => auth.revoke(AdminUserId.create('admin-3'), '再次撤销')).toThrow(
DomainError,
)
})
})
describe('exemptLocalPercentageCheck', () => {
it('should exempt from percentage check', () => {
const auth = AuthorizationRole.createAuthProvinceCompany({
userId: UserId.create('user-1'),
provinceCode: '430000',
provinceName: '湖南省',
})
expect(auth.exemptFromPercentageCheck).toBe(false)
expect(auth.needsLocalPercentageCheck()).toBe(true)
auth.exemptLocalPercentageCheck(AdminUserId.create('admin-1'))
expect(auth.exemptFromPercentageCheck).toBe(true)
expect(auth.needsLocalPercentageCheck()).toBe(false)
})
})
describe('incrementMonthIndex', () => {
it('should increment month index', () => {
const auth = AuthorizationRole.createCommunityAuth({
userId: UserId.create('user-1'),
communityName: '量子社区',
})
auth.activateBenefit()
expect(auth.currentMonthIndex).toBe(1)
auth.incrementMonthIndex()
expect(auth.currentMonthIndex).toBe(2)
auth.incrementMonthIndex()
expect(auth.currentMonthIndex).toBe(3)
})
})
})

585
backend/services/authorization-service/src/domain/aggregates/authorization-role.aggregate.ts Normal file
View File

@ -0,0 +1,585 @@
import { AggregateRoot } from './aggregate-root.base'
import {
AuthorizationId,
UserId,
AdminUserId,
RegionCode,
AssessmentConfig,
} from '@/domain/value-objects'
import { RoleType, AuthorizationStatus, MonthlyTargetType } from '@/domain/enums'
import { DomainError } from '@/shared/exceptions'
import {
CommunityAuthRequestedEvent,
AuthProvinceCompanyRequestedEvent,
AuthCityCompanyRequestedEvent,
ProvinceCompanyAuthorizedEvent,
CityCompanyAuthorizedEvent,
BenefitActivatedEvent,
BenefitDeactivatedEvent,
RoleAuthorizedEvent,
RoleRevokedEvent,
PercentageCheckExemptedEvent,
} from '@/domain/events'
export interface AuthorizationRoleProps {
authorizationId: AuthorizationId
userId: UserId
roleType: RoleType
regionCode: RegionCode
regionName: string
status: AuthorizationStatus
displayTitle: string
authorizedAt: Date | null
authorizedBy: AdminUserId | null
revokedAt: Date | null
revokedBy: AdminUserId | null
revokeReason: string | null
assessmentConfig: AssessmentConfig
requireLocalPercentage: number
exemptFromPercentageCheck: boolean
benefitActive: boolean
benefitActivatedAt: Date | null
benefitDeactivatedAt: Date | null
currentMonthIndex: number
createdAt: Date
updatedAt: Date
}
export class AuthorizationRole extends AggregateRoot {
private _authorizationId: AuthorizationId
private _userId: UserId
private _roleType: RoleType
private _regionCode: RegionCode
private _regionName: string
private _status: AuthorizationStatus
private _displayTitle: string
// 授权信息
private _authorizedAt: Date | null
private _authorizedBy: AdminUserId | null
private _revokedAt: Date | null
private _revokedBy: AdminUserId | null
private _revokeReason: string | null
// 考核配置
private _assessmentConfig: AssessmentConfig
// 自有团队占比
private _requireLocalPercentage: number
private _exemptFromPercentageCheck: boolean
// 权益状态
private _benefitActive: boolean
private _benefitActivatedAt: Date | null
private _benefitDeactivatedAt: Date | null
// 当前考核月份索引
private _currentMonthIndex: number
private _createdAt: Date
private _updatedAt: Date
// Getters
get authorizationId(): AuthorizationId {
return this._authorizationId
}
get userId(): UserId {
return this._userId
}
get roleType(): RoleType {
return this._roleType
}
get regionCode(): RegionCode {
return this._regionCode
}
get regionName(): string {
return this._regionName
}
get status(): AuthorizationStatus {
return this._status
}
get displayTitle(): string {
return this._displayTitle
}
get authorizedAt(): Date | null {
return this._authorizedAt
}
get authorizedBy(): AdminUserId | null {
return this._authorizedBy
}
get revokedAt(): Date | null {
return this._revokedAt
}
get revokedBy(): AdminUserId | null {
return this._revokedBy
}
get revokeReason(): string | null {
return this._revokeReason
}
get assessmentConfig(): AssessmentConfig {
return this._assessmentConfig
}
get requireLocalPercentage(): number {
return this._requireLocalPercentage
}
get exemptFromPercentageCheck(): boolean {
return this._exemptFromPercentageCheck
}
get benefitActive(): boolean {
return this._benefitActive
}
get benefitActivatedAt(): Date | null {
return this._benefitActivatedAt
}
get benefitDeactivatedAt(): Date | null {
return this._benefitDeactivatedAt
}
get currentMonthIndex(): number {
return this._currentMonthIndex
}
get createdAt(): Date {
return this._createdAt
}
get updatedAt(): Date {
return this._updatedAt
}
get isActive(): boolean {
return this._status === AuthorizationStatus.AUTHORIZED
}
// 私有构造函数
private constructor(props: AuthorizationRoleProps) {
super()
this._authorizationId = props.authorizationId
this._userId = props.userId
this._roleType = props.roleType
this._regionCode = props.regionCode
this._regionName = props.regionName
this._status = props.status
this._displayTitle = props.displayTitle
this._authorizedAt = props.authorizedAt
this._authorizedBy = props.authorizedBy
this._revokedAt = props.revokedAt
this._revokedBy = props.revokedBy
this._revokeReason = props.revokeReason
this._assessmentConfig = props.assessmentConfig
this._requireLocalPercentage = props.requireLocalPercentage
this._exemptFromPercentageCheck = props.exemptFromPercentageCheck
this._benefitActive = props.benefitActive
this._benefitActivatedAt = props.benefitActivatedAt
this._benefitDeactivatedAt = props.benefitDeactivatedAt
this._currentMonthIndex = props.currentMonthIndex
this._createdAt = props.createdAt
this._updatedAt = props.updatedAt
}
// 工厂方法 - 从数据库重建
static fromPersistence(props: AuthorizationRoleProps): AuthorizationRole {
return new AuthorizationRole(props)
}
// 工厂方法 - 创建社区授权
static createCommunityAuth(params: { userId: UserId; communityName: string }): AuthorizationRole {
const auth = new AuthorizationRole({
authorizationId: AuthorizationId.generate(),
userId: params.userId,
roleType: RoleType.COMMUNITY,
regionCode: RegionCode.create(params.communityName),
regionName: params.communityName,
status: AuthorizationStatus.PENDING,
displayTitle: params.communityName,
authorizedAt: null,
authorizedBy: null,
revokedAt: null,
revokedBy: null,
revokeReason: null,
assessmentConfig: AssessmentConfig.forCommunity(),
requireLocalPercentage: 0,
exemptFromPercentageCheck: true,
benefitActive: false,
benefitActivatedAt: null,
benefitDeactivatedAt: null,
currentMonthIndex: 0,
createdAt: new Date(),
updatedAt: new Date(),
})
auth.addDomainEvent(
new CommunityAuthRequestedEvent({
authorizationId: auth.authorizationId.value,
userId: params.userId.value,
communityName: params.communityName,
}),
)
return auth
}
// 工厂方法 - 创建授权省公司
static createAuthProvinceCompany(params: {
userId: UserId
provinceCode: string
provinceName: string
}): AuthorizationRole {
const auth = new AuthorizationRole({
authorizationId: AuthorizationId.generate(),
userId: params.userId,
roleType: RoleType.AUTH_PROVINCE_COMPANY,
regionCode: RegionCode.create(params.provinceCode),
regionName: params.provinceName,
status: AuthorizationStatus.PENDING,
displayTitle: `授权${params.provinceName}`,
authorizedAt: null,
authorizedBy: null,
revokedAt: null,
revokedBy: null,
revokeReason: null,
assessmentConfig: AssessmentConfig.forAuthProvince(),
requireLocalPercentage: 5.0,
exemptFromPercentageCheck: false,
benefitActive: false,
benefitActivatedAt: null,
benefitDeactivatedAt: null,
currentMonthIndex: 0,
createdAt: new Date(),
updatedAt: new Date(),
})
auth.addDomainEvent(
new AuthProvinceCompanyRequestedEvent({
authorizationId: auth.authorizationId.value,
userId: params.userId.value,
provinceCode: params.provinceCode,
provinceName: params.provinceName,
}),
)
return auth
}
// 工厂方法 - 创建正式省公司
static createProvinceCompany(params: {
userId: UserId
provinceCode: string
provinceName: string
adminId: AdminUserId
}): AuthorizationRole {
const auth = new AuthorizationRole({
authorizationId: AuthorizationId.generate(),
userId: params.userId,
roleType: RoleType.PROVINCE_COMPANY,
regionCode: RegionCode.create(params.provinceCode),
regionName: params.provinceName,
status: AuthorizationStatus.AUTHORIZED,
displayTitle: params.provinceName,
authorizedAt: new Date(),
authorizedBy: params.adminId,
revokedAt: null,
revokedBy: null,
revokeReason: null,
assessmentConfig: AssessmentConfig.forProvince(),
requireLocalPercentage: 0,
exemptFromPercentageCheck: true,
benefitActive: true,
benefitActivatedAt: new Date(),
benefitDeactivatedAt: null,
currentMonthIndex: 0,
createdAt: new Date(),
updatedAt: new Date(),
})
auth.addDomainEvent(
new ProvinceCompanyAuthorizedEvent({
authorizationId: auth.authorizationId.value,
userId: params.userId.value,
provinceCode: params.provinceCode,
provinceName: params.provinceName,
authorizedBy: params.adminId.value,
}),
)
return auth
}
// 工厂方法 - 创建授权市公司
static createAuthCityCompany(params: {
userId: UserId
cityCode: string
cityName: string
}): AuthorizationRole {
const auth = new AuthorizationRole({
authorizationId: AuthorizationId.generate(),
userId: params.userId,
roleType: RoleType.AUTH_CITY_COMPANY,
regionCode: RegionCode.create(params.cityCode),
regionName: params.cityName,
status: AuthorizationStatus.PENDING,
displayTitle: `授权${params.cityName}`,
authorizedAt: null,
authorizedBy: null,
revokedAt: null,
revokedBy: null,
revokeReason: null,
assessmentConfig: AssessmentConfig.forAuthCity(),
requireLocalPercentage: 5.0,
exemptFromPercentageCheck: false,
benefitActive: false,
benefitActivatedAt: null,
benefitDeactivatedAt: null,
currentMonthIndex: 0,
createdAt: new Date(),
updatedAt: new Date(),
})
auth.addDomainEvent(
new AuthCityCompanyRequestedEvent({
authorizationId: auth.authorizationId.value,
userId: params.userId.value,
cityCode: params.cityCode,
cityName: params.cityName,
}),
)
return auth
}
// 工厂方法 - 创建正式市公司
static createCityCompany(params: {
userId: UserId
cityCode: string
cityName: string
adminId: AdminUserId
}): AuthorizationRole {
const auth = new AuthorizationRole({
authorizationId: AuthorizationId.generate(),
userId: params.userId,
roleType: RoleType.CITY_COMPANY,
regionCode: RegionCode.create(params.cityCode),
regionName: params.cityName,
status: AuthorizationStatus.AUTHORIZED,
displayTitle: params.cityName,
authorizedAt: new Date(),
authorizedBy: params.adminId,
revokedAt: null,
revokedBy: null,
revokeReason: null,
assessmentConfig: AssessmentConfig.forCity(),
requireLocalPercentage: 0,
exemptFromPercentageCheck: true,
benefitActive: true,
benefitActivatedAt: new Date(),
benefitDeactivatedAt: null,
currentMonthIndex: 0,
createdAt: new Date(),
updatedAt: new Date(),
})
auth.addDomainEvent(
new CityCompanyAuthorizedEvent({
authorizationId: auth.authorizationId.value,
userId: params.userId.value,
cityCode: params.cityCode,
cityName: params.cityName,
authorizedBy: params.adminId.value,
}),
)
return auth
}
// 核心领域行为
/**
*
*/
activateBenefit(): void {
if (this._benefitActive) {
throw new DomainError('权益已激活')
}
this._status = AuthorizationStatus.AUTHORIZED
this._benefitActive = true
this._benefitActivatedAt = new Date()
this._currentMonthIndex = 1
this._updatedAt = new Date()
this.addDomainEvent(
new BenefitActivatedEvent({
authorizationId: this._authorizationId.value,
userId: this._userId.value,
roleType: this._roleType,
regionCode: this._regionCode.value,
}),
)
}
/**
*
*/
deactivateBenefit(reason: string): void {
if (!this._benefitActive) {
return
}
this._benefitActive = false
this._benefitDeactivatedAt = new Date()
this._currentMonthIndex = 0 // 重置月份索引
this._updatedAt = new Date()
this.addDomainEvent(
new BenefitDeactivatedEvent({
authorizationId: this._authorizationId.value,
userId: this._userId.value,
roleType: this._roleType,
reason,
}),
)
}
/**
*
*/
authorize(adminId: AdminUserId): void {
if (this._status === AuthorizationStatus.AUTHORIZED) {
throw new DomainError('已授权,无需重复授权')
}
this._status = AuthorizationStatus.AUTHORIZED
this._authorizedAt = new Date()
this._authorizedBy = adminId
this._updatedAt = new Date()
this.addDomainEvent(
new RoleAuthorizedEvent({
authorizationId: this._authorizationId.value,
userId: this._userId.value,
roleType: this._roleType,
regionCode: this._regionCode.value,
authorizedBy: adminId.value,
}),
)
}
/**
*
*/
revoke(adminId: AdminUserId, reason: string): void {
if (this._status === AuthorizationStatus.REVOKED) {
throw new DomainError('已撤销')
}
this._status = AuthorizationStatus.REVOKED
this._revokedAt = new Date()
this._revokedBy = adminId
this._revokeReason = reason
this._benefitActive = false
this._benefitDeactivatedAt = new Date()
this._updatedAt = new Date()
this.addDomainEvent(
new RoleRevokedEvent({
authorizationId: this._authorizationId.value,
userId: this._userId.value,
roleType: this._roleType,
regionCode: this._regionCode.value,
reason,
revokedBy: adminId.value,
}),
)
}
/**
*
*/
exemptLocalPercentageCheck(adminId: AdminUserId): void {
this._exemptFromPercentageCheck = true
this._updatedAt = new Date()
this.addDomainEvent(
new PercentageCheckExemptedEvent({
authorizationId: this._authorizationId.value,
userId: this._userId.value,
exemptedBy: adminId.value,
}),
)
}
/**
*
*/
cancelExemptLocalPercentageCheck(): void {
this._exemptFromPercentageCheck = false
this._updatedAt = new Date()
}
/**
*
*/
incrementMonthIndex(): void {
this._currentMonthIndex += 1
this._updatedAt = new Date()
}
/**
*
*/
getInitialTarget(): number {
return this._assessmentConfig.initialTargetTreeCount
}
/**
*
*/
needsLocalPercentageCheck(): boolean {
return (
!this._exemptFromPercentageCheck &&
this._requireLocalPercentage > 0 &&
(this._roleType === RoleType.AUTH_PROVINCE_COMPANY ||
this._roleType === RoleType.AUTH_CITY_COMPANY)
)
}
/**
*
*/
needsLadderAssessment(): boolean {
return this._assessmentConfig.monthlyTargetType === MonthlyTargetType.LADDER
}
/**
*
*/
needsFixedAssessment(): boolean {
return this._assessmentConfig.monthlyTargetType === MonthlyTargetType.FIXED
}
/**
*
*/
toPersistence(): Record<string, any> {
return {
id: this._authorizationId.value,
userId: this._userId.value,
roleType: this._roleType,
regionCode: this._regionCode.value,
regionName: this._regionName,
status: this._status,
displayTitle: this._displayTitle,
authorizedAt: this._authorizedAt,
authorizedBy: this._authorizedBy?.value || null,
revokedAt: this._revokedAt,
revokedBy: this._revokedBy?.value || null,
revokeReason: this._revokeReason,
initialTargetTreeCount: this._assessmentConfig.initialTargetTreeCount,
monthlyTargetType: this._assessmentConfig.monthlyTargetType,
requireLocalPercentage: this._requireLocalPercentage,
exemptFromPercentageCheck: this._exemptFromPercentageCheck,
benefitActive: this._benefitActive,
benefitActivatedAt: this._benefitActivatedAt,
benefitDeactivatedAt: this._benefitDeactivatedAt,
currentMonthIndex: this._currentMonthIndex,
createdAt: this._createdAt,
updatedAt: this._updatedAt,
}
}
}

3
backend/services/authorization-service/src/domain/aggregates/index.ts Normal file
View File

@ -0,0 +1,3 @@
export * from './aggregate-root.base'
export * from './authorization-role.aggregate'
export * from './monthly-assessment.aggregate'

427
backend/services/authorization-service/src/domain/aggregates/monthly-assessment.aggregate.ts Normal file
View File

@ -0,0 +1,427 @@
import { AggregateRoot } from './aggregate-root.base'
import { AssessmentId, AuthorizationId, UserId, AdminUserId, RegionCode, Month } from '@/domain/value-objects'
import { RoleType, AssessmentResult } from '@/domain/enums'
import { DomainError } from '@/shared/exceptions'
import {
MonthlyAssessmentPassedEvent,
MonthlyAssessmentFailedEvent,
MonthlyBypassGrantedEvent,
FirstPlaceAchievedEvent,
} from '@/domain/events'
export interface MonthlyAssessmentProps {
assessmentId: AssessmentId
authorizationId: AuthorizationId
userId: UserId
roleType: RoleType
regionCode: RegionCode
assessmentMonth: Month
monthIndex: number
monthlyTarget: number
cumulativeTarget: number
monthlyCompleted: number
cumulativeCompleted: number
completedAt: Date | null
localTeamCount: number
totalTeamCount: number
localPercentage: number
localPercentagePass: boolean
exceedRatio: number
result: AssessmentResult
rankingInRegion: number | null
isFirstPlace: boolean
isBypassed: boolean
bypassedBy: AdminUserId | null
bypassedAt: Date | null
assessedAt: Date | null
createdAt: Date
updatedAt: Date
}
export class MonthlyAssessment extends AggregateRoot {
private _assessmentId: AssessmentId
private _authorizationId: AuthorizationId
private _userId: UserId
private _roleType: RoleType
private _regionCode: RegionCode
// 考核月份
private _assessmentMonth: Month
private _monthIndex: number
// 考核目标
private _monthlyTarget: number
private _cumulativeTarget: number
// 完成情况
private _monthlyCompleted: number
private _cumulativeCompleted: number
private _completedAt: Date | null
// 自有团队占比
private _localTeamCount: number
private _totalTeamCount: number
private _localPercentage: number
private _localPercentagePass: boolean
// 超越目标占比
private _exceedRatio: number
// 考核结果
private _result: AssessmentResult
// 排名
private _rankingInRegion: number | null
private _isFirstPlace: boolean
// 豁免
private _isBypassed: boolean
private _bypassedBy: AdminUserId | null
private _bypassedAt: Date | null
private _assessedAt: Date | null
private _createdAt: Date
private _updatedAt: Date
// Getters
get assessmentId(): AssessmentId {
return this._assessmentId
}
get authorizationId(): AuthorizationId {
return this._authorizationId
}
get userId(): UserId {
return this._userId
}
get roleType(): RoleType {
return this._roleType
}
get regionCode(): RegionCode {
return this._regionCode
}
get assessmentMonth(): Month {
return this._assessmentMonth
}
get monthIndex(): number {
return this._monthIndex
}
get monthlyTarget(): number {
return this._monthlyTarget
}
get cumulativeTarget(): number {
return this._cumulativeTarget
}
get monthlyCompleted(): number {
return this._monthlyCompleted
}
get cumulativeCompleted(): number {
return this._cumulativeCompleted
}
get completedAt(): Date | null {
return this._completedAt
}
get localTeamCount(): number {
return this._localTeamCount
}
get totalTeamCount(): number {
return this._totalTeamCount
}
get localPercentage(): number {
return this._localPercentage
}
get localPercentagePass(): boolean {
return this._localPercentagePass
}
get exceedRatio(): number {
return this._exceedRatio
}
get result(): AssessmentResult {
return this._result
}
get rankingInRegion(): number | null {
return this._rankingInRegion
}
get isFirstPlace(): boolean {
return this._isFirstPlace
}
get isBypassed(): boolean {
return this._isBypassed
}
get bypassedBy(): AdminUserId | null {
return this._bypassedBy
}
get bypassedAt(): Date | null {
return this._bypassedAt
}
get assessedAt(): Date | null {
return this._assessedAt
}
get createdAt(): Date {
return this._createdAt
}
get updatedAt(): Date {
return this._updatedAt
}
// 私有构造函数
private constructor(props: MonthlyAssessmentProps) {
super()
this._assessmentId = props.assessmentId
this._authorizationId = props.authorizationId
this._userId = props.userId
this._roleType = props.roleType
this._regionCode = props.regionCode
this._assessmentMonth = props.assessmentMonth
this._monthIndex = props.monthIndex
this._monthlyTarget = props.monthlyTarget
this._cumulativeTarget = props.cumulativeTarget
this._monthlyCompleted = props.monthlyCompleted
this._cumulativeCompleted = props.cumulativeCompleted
this._completedAt = props.completedAt
this._localTeamCount = props.localTeamCount
this._totalTeamCount = props.totalTeamCount
this._localPercentage = props.localPercentage
this._localPercentagePass = props.localPercentagePass
this._exceedRatio = props.exceedRatio
this._result = props.result
this._rankingInRegion = props.rankingInRegion
this._isFirstPlace = props.isFirstPlace
this._isBypassed = props.isBypassed
this._bypassedBy = props.bypassedBy
this._bypassedAt = props.bypassedAt
this._assessedAt = props.assessedAt
this._createdAt = props.createdAt
this._updatedAt = props.updatedAt
}
// 工厂方法 - 从数据库重建
static fromPersistence(props: MonthlyAssessmentProps): MonthlyAssessment {
return new MonthlyAssessment(props)
}
// 工厂方法 - 创建新考核
static create(params: {
authorizationId: AuthorizationId
userId: UserId
roleType: RoleType
regionCode: RegionCode
assessmentMonth: Month
monthIndex: number
monthlyTarget: number
cumulativeTarget: number
}): MonthlyAssessment {
return new MonthlyAssessment({
assessmentId: AssessmentId.generate(),
authorizationId: params.authorizationId,
userId: params.userId,
roleType: params.roleType,
regionCode: params.regionCode,
assessmentMonth: params.assessmentMonth,
monthIndex: params.monthIndex,
monthlyTarget: params.monthlyTarget,
cumulativeTarget: params.cumulativeTarget,
monthlyCompleted: 0,
cumulativeCompleted: 0,
completedAt: null,
localTeamCount: 0,
totalTeamCount: 0,
localPercentage: 0,
localPercentagePass: false,
exceedRatio: 0,
result: AssessmentResult.NOT_ASSESSED,
rankingInRegion: null,
isFirstPlace: false,
isBypassed: false,
bypassedBy: null,
bypassedAt: null,
assessedAt: null,
createdAt: new Date(),
updatedAt: new Date(),
})
}
/**
*
*/
assess(params: {
cumulativeCompleted: number
localTeamCount: number
totalTeamCount: number
requireLocalPercentage: number
exemptFromPercentageCheck: boolean
}): void {
this._cumulativeCompleted = params.cumulativeCompleted
this._localTeamCount = params.localTeamCount
this._totalTeamCount = params.totalTeamCount
// 计算本地占比
if (params.totalTeamCount > 0) {
this._localPercentage = (params.localTeamCount / params.totalTeamCount) * 100
} else {
this._localPercentage = 0
}
// 判断占比是否达标
this._localPercentagePass =
params.exemptFromPercentageCheck || this._localPercentage >= params.requireLocalPercentage
// 计算超越比例
if (this._cumulativeTarget > 0) {
this._exceedRatio = params.cumulativeCompleted / this._cumulativeTarget
} else {
this._exceedRatio = 0
}
// 记录达标时间(用于同比例时的排名)
const cumulativePass = params.cumulativeCompleted >= this._cumulativeTarget
if (cumulativePass && !this._completedAt) {
this._completedAt = new Date()
}
// 判断考核结果
if (this._isBypassed) {
this._result = AssessmentResult.BYPASSED
} else if (cumulativePass && this._localPercentagePass) {
this._result = AssessmentResult.PASS
this.addDomainEvent(
new MonthlyAssessmentPassedEvent({
assessmentId: this._assessmentId.value,
userId: this._userId.value,
roleType: this._roleType,
month: this._assessmentMonth.value,
cumulativeCompleted: params.cumulativeCompleted,
cumulativeTarget: this._cumulativeTarget,
}),
)
} else {
this._result = AssessmentResult.FAIL
this.addDomainEvent(
new MonthlyAssessmentFailedEvent({
assessmentId: this._assessmentId.value,
userId: this._userId.value,
roleType: this._roleType,
month: this._assessmentMonth.value,
cumulativeCompleted: params.cumulativeCompleted,
cumulativeTarget: this._cumulativeTarget,
reason: !cumulativePass ? '累计目标未达成' : '本地占比不足',
}),
)
}
this._assessedAt = new Date()
this._updatedAt = new Date()
}
/**
*
*/
grantBypass(adminId: AdminUserId): void {
if (this._isBypassed) {
throw new DomainError('已授予豁免')
}
this._isBypassed = true
this._bypassedBy = adminId
this._bypassedAt = new Date()
this._result = AssessmentResult.BYPASSED
this._updatedAt = new Date()
this.addDomainEvent(
new MonthlyBypassGrantedEvent({
assessmentId: this._assessmentId.value,
userId: this._userId.value,
roleType: this._roleType,
month: this._assessmentMonth.value,
grantedBy: adminId.value,
}),
)
}
/**
*
*/
setRanking(rank: number, isFirst: boolean): void {
this._rankingInRegion = rank
this._isFirstPlace = isFirst
this._updatedAt = new Date()
if (isFirst) {
this.addDomainEvent(
new FirstPlaceAchievedEvent({
assessmentId: this._assessmentId.value,
userId: this._userId.value,
roleType: this._roleType,
regionCode: this._regionCode.value,
month: this._assessmentMonth.value,
}),
)
}
}
/**
*
*/
updateProgress(monthlyCompleted: number, cumulativeCompleted: number): void {
this._monthlyCompleted = monthlyCompleted
this._cumulativeCompleted = cumulativeCompleted
this._updatedAt = new Date()
// 计算超越比例
if (this._cumulativeTarget > 0) {
this._exceedRatio = cumulativeCompleted / this._cumulativeTarget
}
// 记录达标时间
if (cumulativeCompleted >= this._cumulativeTarget && !this._completedAt) {
this._completedAt = new Date()
}
}
/**
*
*/
isPassed(): boolean {
return this._result === AssessmentResult.PASS || this._result === AssessmentResult.BYPASSED
}
/**
*
*/
isFailed(): boolean {
return this._result === AssessmentResult.FAIL
}
/**
*
*/
toPersistence(): Record<string, any> {
return {
id: this._assessmentId.value,
authorizationId: this._authorizationId.value,
userId: this._userId.value,
roleType: this._roleType,
regionCode: this._regionCode.value,
assessmentMonth: this._assessmentMonth.value,
monthIndex: this._monthIndex,
monthlyTarget: this._monthlyTarget,
cumulativeTarget: this._cumulativeTarget,
monthlyCompleted: this._monthlyCompleted,
cumulativeCompleted: this._cumulativeCompleted,
completedAt: this._completedAt,
localTeamCount: this._localTeamCount,
totalTeamCount: this._totalTeamCount,
localPercentage: this._localPercentage,
localPercentagePass: this._localPercentagePass,
exceedRatio: this._exceedRatio,
result: this._result,
rankingInRegion: this._rankingInRegion,
isFirstPlace: this._isFirstPlace,
isBypassed: this._isBypassed,
bypassedBy: this._bypassedBy?.value || null,
bypassedAt: this._bypassedAt,
assessedAt: this._assessedAt,
createdAt: this._createdAt,
updatedAt: this._updatedAt,
}
}
}

1
backend/services/authorization-service/src/domain/entities/index.ts Normal file
View File

@ -0,0 +1 @@
export * from './ladder-target-rule.entity'

90
backend/services/authorization-service/src/domain/entities/ladder-target-rule.entity.spec.ts Normal file
View File

@ -0,0 +1,90 @@
import { LadderTargetRule } from './ladder-target-rule.entity'
import { RoleType } from '@/domain/enums'
import { DomainError } from '@/shared/exceptions'
describe('LadderTargetRule', () => {
describe('Province Ladder', () => {
it('should have correct targets for province company', () => {
const rule1 = LadderTargetRule.getTarget(RoleType.AUTH_PROVINCE_COMPANY, 1)
expect(rule1.monthlyTarget).toBe(150)
expect(rule1.cumulativeTarget).toBe(150)
const rule2 = LadderTargetRule.getTarget(RoleType.AUTH_PROVINCE_COMPANY, 2)
expect(rule2.monthlyTarget).toBe(300)
expect(rule2.cumulativeTarget).toBe(450)
const rule9 = LadderTargetRule.getTarget(RoleType.AUTH_PROVINCE_COMPANY, 9)
expect(rule9.monthlyTarget).toBe(11750)
expect(rule9.cumulativeTarget).toBe(50000)
})
it('should use 9th month target for months > 9', () => {
const rule10 = LadderTargetRule.getTarget(RoleType.AUTH_PROVINCE_COMPANY, 10)
expect(rule10.cumulativeTarget).toBe(50000)
const rule12 = LadderTargetRule.getTarget(RoleType.AUTH_PROVINCE_COMPANY, 12)
expect(rule12.cumulativeTarget).toBe(50000)
})
it('should have correct final target for province', () => {
expect(LadderTargetRule.getFinalTarget(RoleType.AUTH_PROVINCE_COMPANY)).toBe(50000)
})
})
describe('City Ladder', () => {
it('should have correct targets for city company', () => {
const rule1 = LadderTargetRule.getTarget(RoleType.AUTH_CITY_COMPANY, 1)
expect(rule1.monthlyTarget).toBe(30)
expect(rule1.cumulativeTarget).toBe(30)
const rule2 = LadderTargetRule.getTarget(RoleType.AUTH_CITY_COMPANY, 2)
expect(rule2.monthlyTarget).toBe(60)
expect(rule2.cumulativeTarget).toBe(90)
const rule9 = LadderTargetRule.getTarget(RoleType.AUTH_CITY_COMPANY, 9)
expect(rule9.monthlyTarget).toBe(2350)
expect(rule9.cumulativeTarget).toBe(10000)
})
it('should have correct final target for city', () => {
expect(LadderTargetRule.getFinalTarget(RoleType.AUTH_CITY_COMPANY)).toBe(10000)
})
})
describe('Community Fixed', () => {
it('should have fixed target for community', () => {
const rule = LadderTargetRule.getTarget(RoleType.COMMUNITY, 1)
expect(rule.monthlyTarget).toBe(10)
expect(rule.cumulativeTarget).toBe(10)
})
it('should have correct final target for community', () => {
expect(LadderTargetRule.getFinalTarget(RoleType.COMMUNITY)).toBe(10)
})
})
describe('getAllTargets', () => {
it('should return all province targets', () => {
const targets = LadderTargetRule.getAllTargets(RoleType.AUTH_PROVINCE_COMPANY)
expect(targets.length).toBe(9)
})
it('should return all city targets', () => {
const targets = LadderTargetRule.getAllTargets(RoleType.AUTH_CITY_COMPANY)
expect(targets.length).toBe(9)
})
it('should return single community target', () => {
const targets = LadderTargetRule.getAllTargets(RoleType.COMMUNITY)
expect(targets.length).toBe(1)
})
})
describe('Error handling', () => {
it('should throw error for unsupported role type', () => {
expect(() => LadderTargetRule.getTarget(RoleType.PROVINCE_COMPANY, 1)).toThrow(
DomainError,
)
})
})
})

99
backend/services/authorization-service/src/domain/entities/ladder-target-rule.entity.ts Normal file
View File

@ -0,0 +1,99 @@
import { RoleType } from '@/domain/enums'
import { DomainError } from '@/shared/exceptions'
export class LadderTargetRule {
constructor(
public readonly roleType: RoleType,
public readonly monthIndex: number,
public readonly monthlyTarget: number,
public readonly cumulativeTarget: number,
) {}
// 省代阶梯目标表
static readonly PROVINCE_LADDER: LadderTargetRule[] = [
new LadderTargetRule(RoleType.AUTH_PROVINCE_COMPANY, 1, 150, 150),
new LadderTargetRule(RoleType.AUTH_PROVINCE_COMPANY, 2, 300, 450),
new LadderTargetRule(RoleType.AUTH_PROVINCE_COMPANY, 3, 600, 1050),
new LadderTargetRule(RoleType.AUTH_PROVINCE_COMPANY, 4, 1200, 2250),
new LadderTargetRule(RoleType.AUTH_PROVINCE_COMPANY, 5, 2400, 4650),
new LadderTargetRule(RoleType.AUTH_PROVINCE_COMPANY, 6, 4800, 9450),
new LadderTargetRule(RoleType.AUTH_PROVINCE_COMPANY, 7, 9600, 19050),
new LadderTargetRule(RoleType.AUTH_PROVINCE_COMPANY, 8, 19200, 38250),
new LadderTargetRule(RoleType.AUTH_PROVINCE_COMPANY, 9, 11750, 50000),
]
// 市代阶梯目标表
static readonly CITY_LADDER: LadderTargetRule[] = [
new LadderTargetRule(RoleType.AUTH_CITY_COMPANY, 1, 30, 30),
new LadderTargetRule(RoleType.AUTH_CITY_COMPANY, 2, 60, 90),
new LadderTargetRule(RoleType.AUTH_CITY_COMPANY, 3, 120, 210),
new LadderTargetRule(RoleType.AUTH_CITY_COMPANY, 4, 240, 450),
new LadderTargetRule(RoleType.AUTH_CITY_COMPANY, 5, 480, 930),
new LadderTargetRule(RoleType.AUTH_CITY_COMPANY, 6, 960, 1890),
new LadderTargetRule(RoleType.AUTH_CITY_COMPANY, 7, 1920, 3810),
new LadderTargetRule(RoleType.AUTH_CITY_COMPANY, 8, 3840, 7650),
new LadderTargetRule(RoleType.AUTH_CITY_COMPANY, 9, 2350, 10000),
]
// 社区固定目标
static readonly COMMUNITY_FIXED: LadderTargetRule = new LadderTargetRule(
RoleType.COMMUNITY,
1,
10,
10,
)
/**
*
*/
static getTarget(roleType: RoleType, monthIndex: number): LadderTargetRule {
switch (roleType) {
case RoleType.AUTH_PROVINCE_COMPANY:
// 超过9个月后使用第9个月的目标
const provinceIndex = Math.min(monthIndex, 9) - 1
return this.PROVINCE_LADDER[provinceIndex >= 0 ? provinceIndex : 0]
case RoleType.AUTH_CITY_COMPANY:
const cityIndex = Math.min(monthIndex, 9) - 1
return this.CITY_LADDER[cityIndex >= 0 ? cityIndex : 0]
case RoleType.COMMUNITY:
return this.COMMUNITY_FIXED
default:
throw new DomainError(`不支持的角色类型: ${roleType}`)
}
}
/**
*
*/
static getFinalTarget(roleType: RoleType): number {
switch (roleType) {
case RoleType.AUTH_PROVINCE_COMPANY:
return 50000
case RoleType.AUTH_CITY_COMPANY:
return 10000
case RoleType.COMMUNITY:
return 10
default:
return 0
}
}
/**
*
*/
static getAllTargets(roleType: RoleType): LadderTargetRule[] {
switch (roleType) {
case RoleType.AUTH_PROVINCE_COMPANY:
return this.PROVINCE_LADDER
case RoleType.AUTH_CITY_COMPANY:
return this.CITY_LADDER
case RoleType.COMMUNITY:
return [this.COMMUNITY_FIXED]
default:
return []
}
}
}

50
backend/services/authorization-service/src/domain/enums/index.ts Normal file
View File

@ -0,0 +1,50 @@
export enum RoleType {
COMMUNITY = 'COMMUNITY',
AUTH_PROVINCE_COMPANY = 'AUTH_PROVINCE_COMPANY',
PROVINCE_COMPANY = 'PROVINCE_COMPANY',
AUTH_CITY_COMPANY = 'AUTH_CITY_COMPANY',
CITY_COMPANY = 'CITY_COMPANY',
}
export enum AuthorizationStatus {
PENDING = 'PENDING',
AUTHORIZED = 'AUTHORIZED',
REVOKED = 'REVOKED',
}
export enum AssessmentResult {
NOT_ASSESSED = 'NOT_ASSESSED',
PASS = 'PASS',
FAIL = 'FAIL',
BYPASSED = 'BYPASSED',
}
export enum MonthlyTargetType {
NONE = 'NONE',
FIXED = 'FIXED',
LADDER = 'LADDER',
}
export enum RestrictionType {
ACCOUNT_LIMIT = 'ACCOUNT_LIMIT',
TOTAL_LIMIT = 'TOTAL_LIMIT',
}
export enum ApprovalStatus {
PENDING = 'PENDING',
APPROVED = 'APPROVED',
REJECTED = 'REJECTED',
}
export enum OperationType {
GRANT_AUTHORIZATION = 'GRANT_AUTHORIZATION',
REVOKE_AUTHORIZATION = 'REVOKE_AUTHORIZATION',
GRANT_BYPASS = 'GRANT_BYPASS',
EXEMPT_PERCENTAGE = 'EXEMPT_PERCENTAGE',
MODIFY_CONFIG = 'MODIFY_CONFIG',
}
export enum RegionType {
PROVINCE = 'PROVINCE',
CITY = 'CITY',
}

108
backend/services/authorization-service/src/domain/events/assessment-events.ts Normal file
View File

@ -0,0 +1,108 @@
import { DomainEvent } from './domain-event.base'
import { RoleType } from '@/domain/enums'
// 月度考核通过事件
export class MonthlyAssessmentPassedEvent extends DomainEvent {
readonly eventType = 'assessment.monthly.passed'
readonly aggregateId: string
readonly payload: {
assessmentId: string
userId: string
roleType: RoleType
month: string
cumulativeCompleted: number
cumulativeTarget: number
}
constructor(data: {
assessmentId: string
userId: string
roleType: RoleType
month: string
cumulativeCompleted: number
cumulativeTarget: number
}) {
super()
this.aggregateId = data.assessmentId
this.payload = data
}
}
// 月度考核未达标事件
export class MonthlyAssessmentFailedEvent extends DomainEvent {
readonly eventType = 'assessment.monthly.failed'
readonly aggregateId: string
readonly payload: {
assessmentId: string
userId: string
roleType: RoleType
month: string
cumulativeCompleted: number
cumulativeTarget: number
reason: string
}
constructor(data: {
assessmentId: string
userId: string
roleType: RoleType
month: string
cumulativeCompleted: number
cumulativeTarget: number
reason: string
}) {
super()
this.aggregateId = data.assessmentId
this.payload = data
}
}
// 单月豁免授予事件
export class MonthlyBypassGrantedEvent extends DomainEvent {
readonly eventType = 'assessment.monthly.bypass_granted'
readonly aggregateId: string
readonly payload: {
assessmentId: string
userId: string
roleType: RoleType
month: string
grantedBy: string
}
constructor(data: {
assessmentId: string
userId: string
roleType: RoleType
month: string
grantedBy: string
}) {
super()
this.aggregateId = data.assessmentId
this.payload = data
}
}
// 获得第一名事件
export class FirstPlaceAchievedEvent extends DomainEvent {
readonly eventType = 'assessment.ranking.first_place'
readonly aggregateId: string
readonly payload: {
assessmentId: string
userId: string
roleType: RoleType
regionCode: string
month: string
}
constructor(data: {
assessmentId: string
userId: string
roleType: RoleType
regionCode: string
month: string
}) {
super()
this.aggregateId = data.assessmentId
this.payload = data
}
}

230
backend/services/authorization-service/src/domain/events/authorization-events.ts Normal file
View File

@ -0,0 +1,230 @@
import { DomainEvent } from './domain-event.base'
import { RoleType } from '@/domain/enums'
// 社区授权申请事件
export class CommunityAuthRequestedEvent extends DomainEvent {
readonly eventType = 'authorization.community.requested'
readonly aggregateId: string
readonly payload: {
authorizationId: string
userId: string
communityName: string
}
constructor(data: { authorizationId: string; userId: string; communityName: string }) {
super()
this.aggregateId = data.authorizationId
this.payload = data
}
}
// 授权省公司申请事件
export class AuthProvinceCompanyRequestedEvent extends DomainEvent {
readonly eventType = 'authorization.auth_province.requested'
readonly aggregateId: string
readonly payload: {
authorizationId: string
userId: string
provinceCode: string
provinceName: string
}
constructor(data: {
authorizationId: string
userId: string
provinceCode: string
provinceName: string
}) {
super()
this.aggregateId = data.authorizationId
this.payload = data
}
}
// 授权市公司申请事件
export class AuthCityCompanyRequestedEvent extends DomainEvent {
readonly eventType = 'authorization.auth_city.requested'
readonly aggregateId: string
readonly payload: {
authorizationId: string
userId: string
cityCode: string
cityName: string
}
constructor(data: {
authorizationId: string
userId: string
cityCode: string
cityName: string
}) {
super()
this.aggregateId = data.authorizationId
this.payload = data
}
}
// 正式省公司授权事件
export class ProvinceCompanyAuthorizedEvent extends DomainEvent {
readonly eventType = 'authorization.province.authorized'
readonly aggregateId: string
readonly payload: {
authorizationId: string
userId: string
provinceCode: string
provinceName: string
authorizedBy: string
}
constructor(data: {
authorizationId: string
userId: string
provinceCode: string
provinceName: string
authorizedBy: string
}) {
super()
this.aggregateId = data.authorizationId
this.payload = data
}
}
// 正式市公司授权事件
export class CityCompanyAuthorizedEvent extends DomainEvent {
readonly eventType = 'authorization.city.authorized'
readonly aggregateId: string
readonly payload: {
authorizationId: string
userId: string
cityCode: string
cityName: string
authorizedBy: string
}
constructor(data: {
authorizationId: string
userId: string
cityCode: string
cityName: string
authorizedBy: string
}) {
super()
this.aggregateId = data.authorizationId
this.payload = data
}
}
// 权益激活事件
export class BenefitActivatedEvent extends DomainEvent {
readonly eventType = 'authorization.benefit.activated'
readonly aggregateId: string
readonly payload: {
authorizationId: string
userId: string
roleType: RoleType
regionCode: string
}
constructor(data: {
authorizationId: string
userId: string
roleType: RoleType
regionCode: string
}) {
super()
this.aggregateId = data.authorizationId
this.payload = data
}
}
// 权益失效事件
export class BenefitDeactivatedEvent extends DomainEvent {
readonly eventType = 'authorization.benefit.deactivated'
readonly aggregateId: string
readonly payload: {
authorizationId: string
userId: string
roleType: RoleType
reason: string
}
constructor(data: {
authorizationId: string
userId: string
roleType: RoleType
reason: string
}) {
super()
this.aggregateId = data.authorizationId
this.payload = data
}
}
// 角色授权事件
export class RoleAuthorizedEvent extends DomainEvent {
readonly eventType = 'authorization.role.authorized'
readonly aggregateId: string
readonly payload: {
authorizationId: string
userId: string
roleType: RoleType
regionCode: string
authorizedBy: string
}
constructor(data: {
authorizationId: string
userId: string
roleType: RoleType
regionCode: string
authorizedBy: string
}) {
super()
this.aggregateId = data.authorizationId
this.payload = data
}
}
// 角色撤销事件
export class RoleRevokedEvent extends DomainEvent {
readonly eventType = 'authorization.role.revoked'
readonly aggregateId: string
readonly payload: {
authorizationId: string
userId: string
roleType: RoleType
regionCode: string
reason: string
revokedBy: string
}
constructor(data: {
authorizationId: string
userId: string
roleType: RoleType
regionCode: string
reason: string
revokedBy: string
}) {
super()
this.aggregateId = data.authorizationId
this.payload = data
}
}
// 占比考核豁免事件
export class PercentageCheckExemptedEvent extends DomainEvent {
readonly eventType = 'authorization.percentage_check.exempted'
readonly aggregateId: string
readonly payload: {
authorizationId: string
userId: string
exemptedBy: string
}
constructor(data: { authorizationId: string; userId: string; exemptedBy: string }) {
super()
this.aggregateId = data.authorizationId
this.payload = data
}
}

22
backend/services/authorization-service/src/domain/events/domain-event.base.ts Normal file
View File

@ -0,0 +1,22 @@
import { v4 as uuidv4 } from 'uuid'
export interface IDomainEvent {
eventId: string
eventType: string
aggregateId: string
occurredAt: Date
payload: Record<string, any>
}
export abstract class DomainEvent implements IDomainEvent {
public readonly eventId: string
public readonly occurredAt: Date
public abstract readonly eventType: string
public abstract readonly aggregateId: string
public abstract readonly payload: Record<string, any>
constructor() {
this.eventId = uuidv4()
this.occurredAt = new Date()
}
}

3
backend/services/authorization-service/src/domain/events/index.ts Normal file
View File

@ -0,0 +1,3 @@
export * from './domain-event.base'
export * from './authorization-events'
export * from './assessment-events'

25
backend/services/authorization-service/src/domain/repositories/authorization-role.repository.ts Normal file
View File

@ -0,0 +1,25 @@
import { AuthorizationRole } from '@/domain/aggregates'
import { AuthorizationId, UserId, RegionCode } from '@/domain/value-objects'
import { RoleType, AuthorizationStatus } from '@/domain/enums'
export const AUTHORIZATION_ROLE_REPOSITORY = Symbol('IAuthorizationRoleRepository')
export interface IAuthorizationRoleRepository {
save(authorization: AuthorizationRole): Promise<void>
findById(authorizationId: AuthorizationId): Promise<AuthorizationRole | null>
findByUserIdAndRoleType(userId: UserId, roleType: RoleType): Promise<AuthorizationRole | null>
findByUserIdRoleTypeAndRegion(
userId: UserId,
roleType: RoleType,
regionCode: RegionCode,
): Promise<AuthorizationRole | null>
findByUserId(userId: UserId): Promise<AuthorizationRole[]>
findActiveByRoleTypeAndRegion(
roleType: RoleType,
regionCode: RegionCode,
): Promise<AuthorizationRole[]>
findAllActive(roleType?: RoleType): Promise<AuthorizationRole[]>
findPendingByUserId(userId: UserId): Promise<AuthorizationRole[]>
findByStatus(status: AuthorizationStatus): Promise<AuthorizationRole[]>
delete(authorizationId: AuthorizationId): Promise<void>
}

3
backend/services/authorization-service/src/domain/repositories/index.ts Normal file
View File

@ -0,0 +1,3 @@
export * from './authorization-role.repository'
export * from './monthly-assessment.repository'
export * from './planting-restriction.repository'

29
backend/services/authorization-service/src/domain/repositories/monthly-assessment.repository.ts Normal file
View File

@ -0,0 +1,29 @@
import { MonthlyAssessment } from '@/domain/aggregates'
import { AssessmentId, AuthorizationId, UserId, Month, RegionCode } from '@/domain/value-objects'
import { RoleType } from '@/domain/enums'
export const MONTHLY_ASSESSMENT_REPOSITORY = Symbol('IMonthlyAssessmentRepository')
export interface IMonthlyAssessmentRepository {
save(assessment: MonthlyAssessment): Promise<void>
saveAll(assessments: MonthlyAssessment[]): Promise<void>
findById(assessmentId: AssessmentId): Promise<MonthlyAssessment | null>
findByAuthorizationAndMonth(
authorizationId: AuthorizationId,
month: Month,
): Promise<MonthlyAssessment | null>
findByUserAndMonth(userId: UserId, month: Month): Promise<MonthlyAssessment[]>
findFirstByAuthorization(authorizationId: AuthorizationId): Promise<MonthlyAssessment | null>
findByMonthAndRegion(
month: Month,
roleType: RoleType,
regionCode: RegionCode,
): Promise<MonthlyAssessment[]>
findRankingsByMonthAndRegion(
month: Month,
roleType: RoleType,
regionCode: RegionCode,
): Promise<MonthlyAssessment[]>
findByAuthorization(authorizationId: AuthorizationId): Promise<MonthlyAssessment[]>
delete(assessmentId: AssessmentId): Promise<void>
}

27
backend/services/authorization-service/src/domain/repositories/planting-restriction.repository.ts Normal file
View File

@ -0,0 +1,27 @@
export const PLANTING_RESTRICTION_REPOSITORY = Symbol('IPlantingRestrictionRepository')
export interface PlantingRestrictionData {
id: string
restrictionType: string
accountLimitDays: number | null
accountLimitCount: number | null
totalLimitDays: number | null
totalLimitCount: number | null
currentTotalCount: number
startAt: Date
endAt: Date
isActive: boolean
createdBy: string
createdAt: Date
updatedAt: Date
}
export interface IPlantingRestrictionRepository {
save(restriction: PlantingRestrictionData): Promise<void>
findActiveAccountRestriction(): Promise<PlantingRestrictionData | null>
findActiveTotalRestriction(): Promise<PlantingRestrictionData | null>
incrementTotalCount(restrictionId: string, count: number): Promise<void>
findById(id: string): Promise<PlantingRestrictionData | null>
findAll(): Promise<PlantingRestrictionData[]>
delete(id: string): Promise<void>
}

147
backend/services/authorization-service/src/domain/services/assessment-calculator.service.ts Normal file
View File

@ -0,0 +1,147 @@
import { AuthorizationRole, MonthlyAssessment } from '@/domain/aggregates'
import { LadderTargetRule } from '@/domain/entities'
import { Month, RegionCode } from '@/domain/value-objects'
import { RoleType } from '@/domain/enums'
import { IMonthlyAssessmentRepository, IAuthorizationRoleRepository } from '@/domain/repositories'
export interface TeamStatistics {
userId: string
totalTeamPlantingCount: number
getProvinceTeamCount(provinceCode: string): number
getCityTeamCount(cityCode: string): number
}
export interface ITeamStatisticsRepository {
findByUserId(userId: string): Promise<TeamStatistics | null>
}
export class AssessmentCalculatorService {
/**
*
*/
async calculateMonthlyAssessment(
authorization: AuthorizationRole,
assessmentMonth: Month,
teamStats: TeamStatistics,
repository: IMonthlyAssessmentRepository,
): Promise<MonthlyAssessment> {
// 1. 查找或创建本月考核
let assessment = await repository.findByAuthorizationAndMonth(
authorization.authorizationId,
assessmentMonth,
)
if (!assessment) {
// 获取目标
const monthIndex = authorization.currentMonthIndex || 1
const target = LadderTargetRule.getTarget(authorization.roleType, monthIndex)
assessment = MonthlyAssessment.create({
authorizationId: authorization.authorizationId,
userId: authorization.userId,
roleType: authorization.roleType,
regionCode: authorization.regionCode,
assessmentMonth,
monthIndex,
monthlyTarget: target.monthlyTarget,
cumulativeTarget: target.cumulativeTarget,
})
}
// 2. 执行考核
const localTeamCount = this.getLocalTeamCount(
teamStats,
authorization.roleType,
authorization.regionCode,
)
assessment.assess({
cumulativeCompleted: teamStats.totalTeamPlantingCount,
localTeamCount,
totalTeamCount: teamStats.totalTeamPlantingCount,
requireLocalPercentage: authorization.requireLocalPercentage,
exemptFromPercentageCheck: authorization.exemptFromPercentageCheck,
})
return assessment
}
/**
*
*/
async assessAndRankRegion(
roleType: RoleType,
regionCode: RegionCode,
assessmentMonth: Month,
authorizationRepository: IAuthorizationRoleRepository,
statsRepository: ITeamStatisticsRepository,
assessmentRepository: IMonthlyAssessmentRepository,
): Promise<MonthlyAssessment[]> {
// 1. 查找该区域的所有激活授权
const authorizations = await authorizationRepository.findActiveByRoleTypeAndRegion(
roleType,
regionCode,
)
// 2. 计算所有考核
const assessments: MonthlyAssessment[] = []
for (const auth of authorizations) {
const teamStats = await statsRepository.findByUserId(auth.userId.value)
if (!teamStats) continue
const assessment = await this.calculateMonthlyAssessment(
auth,
assessmentMonth,
teamStats,
assessmentRepository,
)
assessments.push(assessment)
}
// 3. 排名规则:
// - 按超越比例降序排列
// - 比例相同时,按达标时间升序排列(先完成的排前面)
assessments.sort((a, b) => {
// 先按超越比例降序
if (b.exceedRatio !== a.exceedRatio) {
return b.exceedRatio - a.exceedRatio
}
// 比例相同时按达标时间升序
if (a.completedAt && b.completedAt) {
return a.completedAt.getTime() - b.completedAt.getTime()
}
// 有达标时间的排前面
if (a.completedAt) return -1
if (b.completedAt) return 1
return 0
})
// 4. 设置排名
assessments.forEach((assessment, index) => {
assessment.setRanking(index + 1, index === 0)
})
return assessments
}
private getLocalTeamCount(
teamStats: TeamStatistics,
roleType: RoleType,
regionCode: RegionCode,
): number {
if (
roleType === RoleType.AUTH_PROVINCE_COMPANY ||
roleType === RoleType.PROVINCE_COMPANY
) {
return teamStats.getProvinceTeamCount(regionCode.value)
} else if (
roleType === RoleType.AUTH_CITY_COMPANY ||
roleType === RoleType.CITY_COMPANY
) {
return teamStats.getCityTeamCount(regionCode.value)
}
return 0
}
}

99
backend/services/authorization-service/src/domain/services/authorization-validator.service.ts Normal file
View File

@ -0,0 +1,99 @@
import { UserId, RegionCode, ValidationResult } from '@/domain/value-objects'
import { RoleType, AuthorizationStatus } from '@/domain/enums'
import { IAuthorizationRoleRepository } from '@/domain/repositories'
export interface IReferralRepository {
findByUserId(userId: UserId): Promise<{ parentId: string | null } | null>
getAllAncestors(userId: UserId): Promise<UserId[]>
getAllDescendants(userId: UserId): Promise<UserId[]>
}
export class AuthorizationValidatorService {
/**
*
*/
async validateAuthorizationRequest(
userId: UserId,
roleType: RoleType,
regionCode: RegionCode,
referralRepository: IReferralRepository,
authorizationRepository: IAuthorizationRoleRepository,
): Promise<ValidationResult> {
// 1. 检查用户是否已有同类型授权(省或市只能选一个)
if (
roleType === RoleType.AUTH_PROVINCE_COMPANY ||
roleType === RoleType.AUTH_CITY_COMPANY
) {
// 检查是否已有省代授权
const existingProvince = await authorizationRepository.findByUserIdAndRoleType(
userId,
RoleType.AUTH_PROVINCE_COMPANY,
)
if (existingProvince && existingProvince.status !== AuthorizationStatus.REVOKED) {
return ValidationResult.failure('一个账号只能申请一个省代或市代授权')
}
// 检查是否已有市代授权
const existingCity = await authorizationRepository.findByUserIdAndRoleType(
userId,
RoleType.AUTH_CITY_COMPANY,
)
if (existingCity && existingCity.status !== AuthorizationStatus.REVOKED) {
return ValidationResult.failure('一个账号只能申请一个省代或市代授权')
}
}
// 2. 检查团队内唯一性(上下级不能重复)
const relationship = await referralRepository.findByUserId(userId)
if (!relationship) {
return ValidationResult.success()
}
// 检查所有上级
const ancestors = await referralRepository.getAllAncestors(userId)
for (const ancestorId of ancestors) {
const ancestorAuth = await authorizationRepository.findByUserIdRoleTypeAndRegion(
ancestorId,
roleType,
regionCode,
)
if (ancestorAuth && ancestorAuth.status !== AuthorizationStatus.REVOKED) {
return ValidationResult.failure(
`本团队已有人申请该${this.getRoleTypeName(roleType)}授权`,
)
}
}
// 检查所有下级
const descendants = await referralRepository.getAllDescendants(userId)
for (const descendantId of descendants) {
const descendantAuth = await authorizationRepository.findByUserIdRoleTypeAndRegion(
descendantId,
roleType,
regionCode,
)
if (descendantAuth && descendantAuth.status !== AuthorizationStatus.REVOKED) {
return ValidationResult.failure(
`本团队已有人申请该${this.getRoleTypeName(roleType)}授权`,
)
}
}
return ValidationResult.success()
}
private getRoleTypeName(roleType: RoleType): string {
switch (roleType) {
case RoleType.AUTH_PROVINCE_COMPANY:
return '省'
case RoleType.AUTH_CITY_COMPANY:
return '市'
case RoleType.COMMUNITY:
return '社区'
default:
return ''
}
}
}

3
backend/services/authorization-service/src/domain/services/index.ts Normal file
View File

@ -0,0 +1,3 @@
export * from './authorization-validator.service'
export * from './assessment-calculator.service'
export * from './planting-restriction.service'

48
backend/services/authorization-service/src/domain/services/planting-restriction.service.ts Normal file
View File

@ -0,0 +1,48 @@
import { UserId, RestrictionCheckResult } from '@/domain/value-objects'
import { IPlantingRestrictionRepository } from '@/domain/repositories'
export interface IUserPlantingRecordRepository {
countUserPlantingsInPeriod(userId: UserId, startAt: Date, endAt: Date): Promise<number>
}
export class PlantingRestrictionService {
/**
*
*/
async canUserPlant(
userId: UserId,
treeCount: number,
restrictionRepository: IPlantingRestrictionRepository,
userPlantingRepository: IUserPlantingRecordRepository,
): Promise<RestrictionCheckResult> {
// 1. 检查账户限时限量
const accountRestriction = await restrictionRepository.findActiveAccountRestriction()
if (accountRestriction) {
const userPlantingCount = await userPlantingRepository.countUserPlantingsInPeriod(
userId,
accountRestriction.startAt,
accountRestriction.endAt,
)
if (userPlantingCount + treeCount > accountRestriction.accountLimitCount!) {
return RestrictionCheckResult.blocked(
`限制期内每个账户只能认种${accountRestriction.accountLimitCount}棵,` +
`您已认种${userPlantingCount}`,
)
}
}
// 2. 检查总量限制
const totalRestriction = await restrictionRepository.findActiveTotalRestriction()
if (totalRestriction) {
if (totalRestriction.currentTotalCount + treeCount > totalRestriction.totalLimitCount!) {
return RestrictionCheckResult.blocked(
`系统限制期内总认种量为${totalRestriction.totalLimitCount}棵,` +
`当前已认种${totalRestriction.currentTotalCount}`,
)
}
}
return RestrictionCheckResult.allowed()
}
}

28
backend/services/authorization-service/src/domain/value-objects/assessment-config.vo.ts Normal file
View File

@ -0,0 +1,28 @@
import { MonthlyTargetType } from '@/domain/enums'
export class AssessmentConfig {
constructor(
public readonly initialTargetTreeCount: number,
public readonly monthlyTargetType: MonthlyTargetType,
) {}
static forCommunity(): AssessmentConfig {
return new AssessmentConfig(10, MonthlyTargetType.FIXED)
}
static forAuthProvince(): AssessmentConfig {
return new AssessmentConfig(500, MonthlyTargetType.LADDER)
}
static forProvince(): AssessmentConfig {
return new AssessmentConfig(0, MonthlyTargetType.NONE)
}
static forAuthCity(): AssessmentConfig {
return new AssessmentConfig(100, MonthlyTargetType.LADDER)
}
static forCity(): AssessmentConfig {
return new AssessmentConfig(0, MonthlyTargetType.NONE)
}
}

26
backend/services/authorization-service/src/domain/value-objects/assessment-id.vo.ts Normal file
View File

@ -0,0 +1,26 @@
import { v4 as uuidv4 } from 'uuid'
import { DomainError } from '@/shared/exceptions'
export class AssessmentId {
constructor(public readonly value: string) {
if (!value) {
throw new DomainError('考核ID不能为空')
}
}
static generate(): AssessmentId {
return new AssessmentId(uuidv4())
}
static create(value: string): AssessmentId {
return new AssessmentId(value)
}
equals(other: AssessmentId): boolean {
return this.value === other.value
}
toString(): string {
return this.value
}
}

26
backend/services/authorization-service/src/domain/value-objects/authorization-id.vo.ts Normal file
View File

@ -0,0 +1,26 @@
import { v4 as uuidv4 } from 'uuid'
import { DomainError } from '@/shared/exceptions'
export class AuthorizationId {
constructor(public readonly value: string) {
if (!value) {
throw new DomainError('授权ID不能为空')
}
}
static generate(): AuthorizationId {
return new AuthorizationId(uuidv4())
}
static create(value: string): AuthorizationId {
return new AuthorizationId(value)
}
equals(other: AuthorizationId): boolean {
return this.value === other.value
}
toString(): string {
return this.value
}
}

46
backend/services/authorization-service/src/domain/value-objects/benefit-amount.vo.ts Normal file
View File

@ -0,0 +1,46 @@
import { RoleType } from '@/domain/enums'
import { DomainError } from '@/shared/exceptions'
export class BenefitAmount {
constructor(
public readonly usdtPerTree: number,
public readonly computingPowerPercentage: number,
) {}
static forCommunity(): BenefitAmount {
return new BenefitAmount(80, 0)
}
static forAuthProvince(): BenefitAmount {
return new BenefitAmount(20, 0)
}
static forProvince(): BenefitAmount {
return new BenefitAmount(15, 1)
}
static forAuthCity(): BenefitAmount {
return new BenefitAmount(40, 0)
}
static forCity(): BenefitAmount {
return new BenefitAmount(35, 2)
}
static forRoleType(roleType: RoleType): BenefitAmount {
switch (roleType) {
case RoleType.COMMUNITY:
return this.forCommunity()
case RoleType.AUTH_PROVINCE_COMPANY:
return this.forAuthProvince()
case RoleType.PROVINCE_COMPANY:
return this.forProvince()
case RoleType.AUTH_CITY_COMPANY:
return this.forAuthCity()
case RoleType.CITY_COMPANY:
return this.forCity()
default:
throw new DomainError(`未知角色类型: ${roleType}`)
}
}
}

9
backend/services/authorization-service/src/domain/value-objects/index.ts Normal file
View File

@ -0,0 +1,9 @@
export * from './authorization-id.vo'
export * from './user-id.vo'
export * from './region-code.vo'
export * from './month.vo'
export * from './assessment-id.vo'
export * from './assessment-config.vo'
export * from './benefit-amount.vo'
export * from './validation-result.vo'
export * from './restriction-check-result.vo'

83
backend/services/authorization-service/src/domain/value-objects/month.vo.spec.ts Normal file
View File

@ -0,0 +1,83 @@
import { Month } from './month.vo'
import { DomainError } from '@/shared/exceptions'
describe('Month Value Object', () => {
describe('create', () => {
it('should create a valid month', () => {
const month = Month.create('2024-01')
expect(month.value).toBe('2024-01')
})
it('should throw error for invalid format', () => {
expect(() => Month.create('2024-1')).toThrow(DomainError)
expect(() => Month.create('2024/01')).toThrow(DomainError)
expect(() => Month.create('202401')).toThrow(DomainError)
expect(() => Month.create('invalid')).toThrow(DomainError)
})
})
describe('current', () => {
it('should return current month in YYYY-MM format', () => {
const month = Month.current()
expect(month.value).toMatch(/^\d{4}-\d{2}$/)
})
})
describe('next', () => {
it('should return next month', () => {
const month = Month.create('2024-01')
expect(month.next().value).toBe('2024-02')
})
it('should handle year transition', () => {
const month = Month.create('2024-12')
expect(month.next().value).toBe('2025-01')
})
})
describe('previous', () => {
it('should return previous month', () => {
const month = Month.create('2024-02')
expect(month.previous().value).toBe('2024-01')
})
it('should handle year transition', () => {
const month = Month.create('2024-01')
expect(month.previous().value).toBe('2023-12')
})
})
describe('equals', () => {
it('should return true for equal months', () => {
const month1 = Month.create('2024-01')
const month2 = Month.create('2024-01')
expect(month1.equals(month2)).toBe(true)
})
it('should return false for different months', () => {
const month1 = Month.create('2024-01')
const month2 = Month.create('2024-02')
expect(month1.equals(month2)).toBe(false)
})
})
describe('isAfter/isBefore', () => {
it('should compare months correctly', () => {
const jan = Month.create('2024-01')
const feb = Month.create('2024-02')
expect(feb.isAfter(jan)).toBe(true)
expect(jan.isBefore(feb)).toBe(true)
expect(jan.isAfter(feb)).toBe(false)
expect(feb.isBefore(jan)).toBe(false)
})
})
describe('getYear/getMonth', () => {
it('should extract year and month correctly', () => {
const month = Month.create('2024-06')
expect(month.getYear()).toBe(2024)
expect(month.getMonth()).toBe(6)
})
})
})

64
backend/services/authorization-service/src/domain/value-objects/month.vo.ts Normal file
View File

@ -0,0 +1,64 @@
import { DomainError } from '@/shared/exceptions'
export class Month {
constructor(public readonly value: string) {
if (!/^\d{4}-\d{2}$/.test(value)) {
throw new DomainError('月份格式错误应为YYYY-MM')
}
}
static current(): Month {
const now = new Date()
const year = now.getFullYear()
const month = String(now.getMonth() + 1).padStart(2, '0')
return new Month(`${year}-${month}`)
}
static create(value: string): Month {
return new Month(value)
}
static fromDate(date: Date): Month {
const year = date.getFullYear()
const month = String(date.getMonth() + 1).padStart(2, '0')
return new Month(`${year}-${month}`)
}
next(): Month {
const [year, month] = this.value.split('-').map(Number)
const nextMonth = month === 12 ? 1 : month + 1
const nextYear = month === 12 ? year + 1 : year
return new Month(`${nextYear}-${String(nextMonth).padStart(2, '0')}`)
}
previous(): Month {
const [year, month] = this.value.split('-').map(Number)
const prevMonth = month === 1 ? 12 : month - 1
const prevYear = month === 1 ? year - 1 : year
return new Month(`${prevYear}-${String(prevMonth).padStart(2, '0')}`)
}
equals(other: Month): boolean {
return this.value === other.value
}
isAfter(other: Month): boolean {
return this.value > other.value
}
isBefore(other: Month): boolean {
return this.value < other.value
}
toString(): string {
return this.value
}
getYear(): number {
return parseInt(this.value.split('-')[0])
}
getMonth(): number {
return parseInt(this.value.split('-')[1])
}
}

21
backend/services/authorization-service/src/domain/value-objects/region-code.vo.ts Normal file
View File

@ -0,0 +1,21 @@
import { DomainError } from '@/shared/exceptions'
export class RegionCode {
constructor(public readonly value: string) {
if (!value) {
throw new DomainError('区域代码不能为空')
}
}
static create(value: string): RegionCode {
return new RegionCode(value)
}
equals(other: RegionCode): boolean {
return this.value === other.value
}
toString(): string {
return this.value
}
}

22
backend/services/authorization-service/src/domain/value-objects/restriction-check-result.vo.ts Normal file
View File

@ -0,0 +1,22 @@
export class RestrictionCheckResult {
private constructor(
public readonly allowed: boolean,
public readonly message: string | null,
) {}
static allowed(): RestrictionCheckResult {
return new RestrictionCheckResult(true, null)
}
static blocked(message: string): RestrictionCheckResult {
return new RestrictionCheckResult(false, message)
}
isAllowed(): boolean {
return this.allowed
}
isBlocked(): boolean {
return !this.allowed
}
}

41
backend/services/authorization-service/src/domain/value-objects/user-id.vo.ts Normal file
View File

@ -0,0 +1,41 @@
import { DomainError } from '@/shared/exceptions'
export class UserId {
constructor(public readonly value: string) {
if (!value) {
throw new DomainError('用户ID不能为空')
}
}
static create(value: string): UserId {
return new UserId(value)
}
equals(other: UserId): boolean {
return this.value === other.value
}
toString(): string {
return this.value
}
}
export class AdminUserId {
constructor(public readonly value: string) {
if (!value) {
throw new DomainError('管理员ID不能为空')
}
}
static create(value: string): AdminUserId {
return new AdminUserId(value)
}
equals(other: AdminUserId): boolean {
return this.value === other.value
}
toString(): string {
return this.value
}
}

14
backend/services/authorization-service/src/domain/value-objects/validation-result.vo.ts Normal file
View File

@ -0,0 +1,14 @@
export class ValidationResult {
private constructor(
public readonly isValid: boolean,
public readonly errorMessage: string | null,
) {}
static success(): ValidationResult {
return new ValidationResult(true, null)
}
static failure(message: string): ValidationResult {
return new ValidationResult(false, message)
}
}

56
backend/services/authorization-service/src/infrastructure/kafka/event-consumer.controller.ts Normal file
View File

@ -0,0 +1,56 @@
import { Controller, Logger } from '@nestjs/common'
import { EventPattern, Payload, Ctx, KafkaContext } from '@nestjs/microservices'
@Controller()
export class EventConsumerController {
private readonly logger = new Logger(EventConsumerController.name)
// 监听认种事件 - 用于更新考核进度
@EventPattern('planting-events')
async handlePlantingEvent(
@Payload() message: any,
@Ctx() context: KafkaContext,
) {
try {
this.logger.log(`Received planting event: ${message.eventType}`)
switch (message.eventType) {
case 'planting.tree.planted':
await this.handleTreePlanted(message.payload)
break
default:
this.logger.debug(`Unhandled planting event type: ${message.eventType}`)
}
} catch (error) {
this.logger.error('Failed to handle planting event:', error)
}
}
// 监听推荐关系事件 - 用于验证团队内唯一性
@EventPattern('referral-events')
async handleReferralEvent(
@Payload() message: any,
@Ctx() context: KafkaContext,
) {
try {
this.logger.log(`Received referral event: ${message.eventType}`)
switch (message.eventType) {
case 'referral.relationship.created':
// 处理推荐关系创建事件
break
default:
this.logger.debug(`Unhandled referral event type: ${message.eventType}`)
}
} catch (error) {
this.logger.error('Failed to handle referral event:', error)
}
}
private async handleTreePlanted(payload: any) {
// TODO: 更新用户团队认种统计
// TODO: 检查是否达成初始考核目标
// TODO: 更新月度考核进度
this.logger.log(`Tree planted by user: ${payload.userId}, count: ${payload.treeCount}`)
}
}

77
backend/services/authorization-service/src/infrastructure/kafka/event-publisher.service.ts Normal file
View File

@ -0,0 +1,77 @@
import { Injectable, OnModuleInit, OnModuleDestroy, Logger } from '@nestjs/common'
import { ConfigService } from '@nestjs/config'
import { Kafka, Producer, logLevel } from 'kafkajs'
import { IDomainEvent } from '@/domain/events'
@Injectable()
export class EventPublisherService implements OnModuleInit, OnModuleDestroy {
private readonly logger = new Logger(EventPublisherService.name)
private kafka: Kafka
private producer: Producer
constructor(private readonly configService: ConfigService) {
const brokers = this.configService.get<string>('KAFKA_BROKERS', 'localhost:9092').split(',')
const clientId = this.configService.get<string>('KAFKA_CLIENT_ID', 'authorization-service')
this.kafka = new Kafka({
clientId,
brokers,
logLevel: logLevel.WARN,
})
this.producer = this.kafka.producer()
}
async onModuleInit() {
try {
await this.producer.connect()
this.logger.log('Kafka producer connected')
} catch (error) {
this.logger.error('Failed to connect Kafka producer:', error)
}
}
async onModuleDestroy() {
await this.producer.disconnect()
this.logger.log('Kafka producer disconnected')
}
async publish(event: IDomainEvent): Promise<void> {
try {
const topic = this.getTopicFromEventType(event.eventType)
await this.producer.send({
topic,
messages: [
{
key: event.aggregateId,
value: JSON.stringify({
eventId: event.eventId,
eventType: event.eventType,
aggregateId: event.aggregateId,
occurredAt: event.occurredAt.toISOString(),
payload: event.payload,
}),
timestamp: event.occurredAt.getTime().toString(),
},
],
})
this.logger.debug(`Event published: ${event.eventType}`)
} catch (error) {
this.logger.error(`Failed to publish event: ${event.eventType}`, error)
throw error
}
}
async publishAll(events: IDomainEvent[]): Promise<void> {
for (const event of events) {
await this.publish(event)
}
}
private getTopicFromEventType(eventType: string): string {
// eventType format: "authorization.role.authorized"
// topic: "authorization-events"
const parts = eventType.split('.')
return `${parts[0]}-events`
}
}

3
backend/services/authorization-service/src/infrastructure/kafka/index.ts Normal file
View File

@ -0,0 +1,3 @@
export * from './event-publisher.service'
export * from './event-consumer.controller'
export * from './kafka.module'

11
backend/services/authorization-service/src/infrastructure/kafka/kafka.module.ts Normal file
View File

@ -0,0 +1,11 @@
import { Module, Global } from '@nestjs/common'
import { EventPublisherService } from './event-publisher.service'
import { EventConsumerController } from './event-consumer.controller'
@Global()
@Module({
controllers: [EventConsumerController],
providers: [EventPublisherService],
exports: [EventPublisherService],
})
export class KafkaModule {}

51
backend/services/authorization-service/src/infrastructure/persistence/prisma/prisma.service.ts Normal file
View File

@ -0,0 +1,51 @@
import { Injectable, OnModuleInit, OnModuleDestroy, Logger } from '@nestjs/common'
import { PrismaClient } from '@prisma/client'
@Injectable()
export class PrismaService extends PrismaClient implements OnModuleInit, OnModuleDestroy {
private readonly logger = new Logger(PrismaService.name)
constructor() {
super({
log: [
{ level: 'query', emit: 'event' },
{ level: 'error', emit: 'stdout' },
{ level: 'warn', emit: 'stdout' },
],
})
}
async onModuleInit() {
await this.$connect()
this.logger.log('Prisma connected to database')
}
async onModuleDestroy() {
await this.$disconnect()
this.logger.log('Prisma disconnected from database')
}
async cleanDatabase() {
if (process.env.APP_ENV === 'test') {
const models = Reflect.ownKeys(this).filter((key) => {
return (
typeof key === 'string' &&
!key.startsWith('_') &&
!key.startsWith('$') &&
key !== 'onModuleInit' &&
key !== 'onModuleDestroy' &&
key !== 'cleanDatabase'
)
})
for (const model of models) {
try {
// @ts-ignore
await this[model]?.deleteMany?.()
} catch (error) {
// Ignore errors for models that don't exist
}
}
}
}
}

188
backend/services/authorization-service/src/infrastructure/persistence/repositories/authorization-role.repository.impl.ts Normal file
View File

@ -0,0 +1,188 @@
import { Injectable } from '@nestjs/common'
import { PrismaService } from '../prisma/prisma.service'
import {
IAuthorizationRoleRepository,
AUTHORIZATION_ROLE_REPOSITORY,
} from '@/domain/repositories'
import { AuthorizationRole, AuthorizationRoleProps } from '@/domain/aggregates'
import {
AuthorizationId,
UserId,
AdminUserId,
RegionCode,
AssessmentConfig,
} from '@/domain/value-objects'
import { RoleType, AuthorizationStatus, MonthlyTargetType } from '@/domain/enums'
@Injectable()
export class AuthorizationRoleRepositoryImpl implements IAuthorizationRoleRepository {
constructor(private readonly prisma: PrismaService) {}
async save(authorization: AuthorizationRole): Promise<void> {
const data = authorization.toPersistence()
await this.prisma.authorizationRole.upsert({
where: { id: data.id },
create: {
id: data.id,
userId: data.userId,
roleType: data.roleType,
regionCode: data.regionCode,
regionName: data.regionName,
status: data.status,
displayTitle: data.displayTitle,
authorizedAt: data.authorizedAt,
authorizedBy: data.authorizedBy,
revokedAt: data.revokedAt,
revokedBy: data.revokedBy,
revokeReason: data.revokeReason,
initialTargetTreeCount: data.initialTargetTreeCount,
monthlyTargetType: data.monthlyTargetType,
requireLocalPercentage: data.requireLocalPercentage,
exemptFromPercentageCheck: data.exemptFromPercentageCheck,
benefitActive: data.benefitActive,
benefitActivatedAt: data.benefitActivatedAt,
benefitDeactivatedAt: data.benefitDeactivatedAt,
currentMonthIndex: data.currentMonthIndex,
},
update: {
status: data.status,
displayTitle: data.displayTitle,
authorizedAt: data.authorizedAt,
authorizedBy: data.authorizedBy,
revokedAt: data.revokedAt,
revokedBy: data.revokedBy,
revokeReason: data.revokeReason,
requireLocalPercentage: data.requireLocalPercentage,
exemptFromPercentageCheck: data.exemptFromPercentageCheck,
benefitActive: data.benefitActive,
benefitActivatedAt: data.benefitActivatedAt,
benefitDeactivatedAt: data.benefitDeactivatedAt,
currentMonthIndex: data.currentMonthIndex,
},
})
}
async findById(authorizationId: AuthorizationId): Promise<AuthorizationRole | null> {
const record = await this.prisma.authorizationRole.findUnique({
where: { id: authorizationId.value },
})
return record ? this.toDomain(record) : null
}
async findByUserIdAndRoleType(
userId: UserId,
roleType: RoleType,
): Promise<AuthorizationRole | null> {
const record = await this.prisma.authorizationRole.findFirst({
where: {
userId: userId.value,
roleType: roleType,
},
})
return record ? this.toDomain(record) : null
}
async findByUserIdRoleTypeAndRegion(
userId: UserId,
roleType: RoleType,
regionCode: RegionCode,
): Promise<AuthorizationRole | null> {
const record = await this.prisma.authorizationRole.findFirst({
where: {
userId: userId.value,
roleType: roleType,
regionCode: regionCode.value,
},
})
return record ? this.toDomain(record) : null
}
async findByUserId(userId: UserId): Promise<AuthorizationRole[]> {
const records = await this.prisma.authorizationRole.findMany({
where: { userId: userId.value },
orderBy: { createdAt: 'desc' },
})
return records.map((record) => this.toDomain(record))
}
async findActiveByRoleTypeAndRegion(
roleType: RoleType,
regionCode: RegionCode,
): Promise<AuthorizationRole[]> {
const records = await this.prisma.authorizationRole.findMany({
where: {
roleType: roleType,
regionCode: regionCode.value,
status: AuthorizationStatus.AUTHORIZED,
benefitActive: true,
},
})
return records.map((record) => this.toDomain(record))
}
async findAllActive(roleType?: RoleType): Promise<AuthorizationRole[]> {
const records = await this.prisma.authorizationRole.findMany({
where: {
status: AuthorizationStatus.AUTHORIZED,
benefitActive: true,
...(roleType && { roleType }),
},
})
return records.map((record) => this.toDomain(record))
}
async findPendingByUserId(userId: UserId): Promise<AuthorizationRole[]> {
const records = await this.prisma.authorizationRole.findMany({
where: {
userId: userId.value,
status: AuthorizationStatus.PENDING,
},
})
return records.map((record) => this.toDomain(record))
}
async findByStatus(status: AuthorizationStatus): Promise<AuthorizationRole[]> {
const records = await this.prisma.authorizationRole.findMany({
where: { status },
})
return records.map((record) => this.toDomain(record))
}
async delete(authorizationId: AuthorizationId): Promise<void> {
await this.prisma.authorizationRole.delete({
where: { id: authorizationId.value },
})
}
private toDomain(record: any): AuthorizationRole {
const props: AuthorizationRoleProps = {
authorizationId: AuthorizationId.create(record.id),
userId: UserId.create(record.userId),
roleType: record.roleType as RoleType,
regionCode: RegionCode.create(record.regionCode),
regionName: record.regionName,
status: record.status as AuthorizationStatus,
displayTitle: record.displayTitle,
authorizedAt: record.authorizedAt,
authorizedBy: record.authorizedBy ? AdminUserId.create(record.authorizedBy) : null,
revokedAt: record.revokedAt,
revokedBy: record.revokedBy ? AdminUserId.create(record.revokedBy) : null,
revokeReason: record.revokeReason,
assessmentConfig: new AssessmentConfig(
record.initialTargetTreeCount,
record.monthlyTargetType as MonthlyTargetType,
),
requireLocalPercentage: Number(record.requireLocalPercentage),
exemptFromPercentageCheck: record.exemptFromPercentageCheck,
benefitActive: record.benefitActive,
benefitActivatedAt: record.benefitActivatedAt,
benefitDeactivatedAt: record.benefitDeactivatedAt,
currentMonthIndex: record.currentMonthIndex,
createdAt: record.createdAt,
updatedAt: record.updatedAt,
}
return AuthorizationRole.fromPersistence(props)
}
}
export { AUTHORIZATION_ROLE_REPOSITORY }

2
backend/services/authorization-service/src/infrastructure/persistence/repositories/index.ts Normal file
View File

@ -0,0 +1,2 @@
export * from './authorization-role.repository.impl'
export * from './monthly-assessment.repository.impl'

244
backend/services/authorization-service/src/infrastructure/persistence/repositories/monthly-assessment.repository.impl.ts Normal file
View File

@ -0,0 +1,244 @@
import { Injectable } from '@nestjs/common'
import { PrismaService } from '../prisma/prisma.service'
import {
IMonthlyAssessmentRepository,
MONTHLY_ASSESSMENT_REPOSITORY,
} from '@/domain/repositories'
import { MonthlyAssessment, MonthlyAssessmentProps } from '@/domain/aggregates'
import {
AssessmentId,
AuthorizationId,
UserId,
AdminUserId,
RegionCode,
Month,
} from '@/domain/value-objects'
import { RoleType, AssessmentResult } from '@/domain/enums'
@Injectable()
export class MonthlyAssessmentRepositoryImpl implements IMonthlyAssessmentRepository {
constructor(private readonly prisma: PrismaService) {}
async save(assessment: MonthlyAssessment): Promise<void> {
const data = assessment.toPersistence()
await this.prisma.monthlyAssessment.upsert({
where: { id: data.id },
create: {
id: data.id,
authorizationId: data.authorizationId,
userId: data.userId,
roleType: data.roleType,
regionCode: data.regionCode,
assessmentMonth: data.assessmentMonth,
monthIndex: data.monthIndex,
monthlyTarget: data.monthlyTarget,
cumulativeTarget: data.cumulativeTarget,
monthlyCompleted: data.monthlyCompleted,
cumulativeCompleted: data.cumulativeCompleted,
completedAt: data.completedAt,
localTeamCount: data.localTeamCount,
totalTeamCount: data.totalTeamCount,
localPercentage: data.localPercentage,
localPercentagePass: data.localPercentagePass,
exceedRatio: data.exceedRatio,
result: data.result,
rankingInRegion: data.rankingInRegion,
isFirstPlace: data.isFirstPlace,
isBypassed: data.isBypassed,
bypassedBy: data.bypassedBy,
bypassedAt: data.bypassedAt,
assessedAt: data.assessedAt,
},
update: {
monthlyCompleted: data.monthlyCompleted,
cumulativeCompleted: data.cumulativeCompleted,
completedAt: data.completedAt,
localTeamCount: data.localTeamCount,
totalTeamCount: data.totalTeamCount,
localPercentage: data.localPercentage,
localPercentagePass: data.localPercentagePass,
exceedRatio: data.exceedRatio,
result: data.result,
rankingInRegion: data.rankingInRegion,
isFirstPlace: data.isFirstPlace,
isBypassed: data.isBypassed,
bypassedBy: data.bypassedBy,
bypassedAt: data.bypassedAt,
assessedAt: data.assessedAt,
},
})
}
async saveAll(assessments: MonthlyAssessment[]): Promise<void> {
await this.prisma.$transaction(
assessments.map((assessment) => {
const data = assessment.toPersistence()
return this.prisma.monthlyAssessment.upsert({
where: { id: data.id },
create: {
id: data.id,
authorizationId: data.authorizationId,
userId: data.userId,
roleType: data.roleType,
regionCode: data.regionCode,
assessmentMonth: data.assessmentMonth,
monthIndex: data.monthIndex,
monthlyTarget: data.monthlyTarget,
cumulativeTarget: data.cumulativeTarget,
monthlyCompleted: data.monthlyCompleted,
cumulativeCompleted: data.cumulativeCompleted,
completedAt: data.completedAt,
localTeamCount: data.localTeamCount,
totalTeamCount: data.totalTeamCount,
localPercentage: data.localPercentage,
localPercentagePass: data.localPercentagePass,
exceedRatio: data.exceedRatio,
result: data.result,
rankingInRegion: data.rankingInRegion,
isFirstPlace: data.isFirstPlace,
isBypassed: data.isBypassed,
bypassedBy: data.bypassedBy,
bypassedAt: data.bypassedAt,
assessedAt: data.assessedAt,
},
update: {
monthlyCompleted: data.monthlyCompleted,
cumulativeCompleted: data.cumulativeCompleted,
completedAt: data.completedAt,
localTeamCount: data.localTeamCount,
totalTeamCount: data.totalTeamCount,
localPercentage: data.localPercentage,
localPercentagePass: data.localPercentagePass,
exceedRatio: data.exceedRatio,
result: data.result,
rankingInRegion: data.rankingInRegion,
isFirstPlace: data.isFirstPlace,
isBypassed: data.isBypassed,
bypassedBy: data.bypassedBy,
bypassedAt: data.bypassedAt,
assessedAt: data.assessedAt,
},
})
}),
)
}
async findById(assessmentId: AssessmentId): Promise<MonthlyAssessment | null> {
const record = await this.prisma.monthlyAssessment.findUnique({
where: { id: assessmentId.value },
})
return record ? this.toDomain(record) : null
}
async findByAuthorizationAndMonth(
authorizationId: AuthorizationId,
month: Month,
): Promise<MonthlyAssessment | null> {
const record = await this.prisma.monthlyAssessment.findFirst({
where: {
authorizationId: authorizationId.value,
assessmentMonth: month.value,
},
})
return record ? this.toDomain(record) : null
}
async findByUserAndMonth(userId: UserId, month: Month): Promise<MonthlyAssessment[]> {
const records = await this.prisma.monthlyAssessment.findMany({
where: {
userId: userId.value,
assessmentMonth: month.value,
},
})
return records.map((record) => this.toDomain(record))
}
async findFirstByAuthorization(
authorizationId: AuthorizationId,
): Promise<MonthlyAssessment | null> {
const record = await this.prisma.monthlyAssessment.findFirst({
where: { authorizationId: authorizationId.value },
orderBy: { monthIndex: 'asc' },
})
return record ? this.toDomain(record) : null
}
async findByMonthAndRegion(
month: Month,
roleType: RoleType,
regionCode: RegionCode,
): Promise<MonthlyAssessment[]> {
const records = await this.prisma.monthlyAssessment.findMany({
where: {
assessmentMonth: month.value,
roleType: roleType,
regionCode: regionCode.value,
},
})
return records.map((record) => this.toDomain(record))
}
async findRankingsByMonthAndRegion(
month: Month,
roleType: RoleType,
regionCode: RegionCode,
): Promise<MonthlyAssessment[]> {
const records = await this.prisma.monthlyAssessment.findMany({
where: {
assessmentMonth: month.value,
roleType: roleType,
regionCode: regionCode.value,
},
orderBy: [{ exceedRatio: 'desc' }, { completedAt: 'asc' }],
})
return records.map((record) => this.toDomain(record))
}
async findByAuthorization(authorizationId: AuthorizationId): Promise<MonthlyAssessment[]> {
const records = await this.prisma.monthlyAssessment.findMany({
where: { authorizationId: authorizationId.value },
orderBy: { monthIndex: 'asc' },
})
return records.map((record) => this.toDomain(record))
}
async delete(assessmentId: AssessmentId): Promise<void> {
await this.prisma.monthlyAssessment.delete({
where: { id: assessmentId.value },
})
}
private toDomain(record: any): MonthlyAssessment {
const props: MonthlyAssessmentProps = {
assessmentId: AssessmentId.create(record.id),
authorizationId: AuthorizationId.create(record.authorizationId),
userId: UserId.create(record.userId),
roleType: record.roleType as RoleType,
regionCode: RegionCode.create(record.regionCode),
assessmentMonth: Month.create(record.assessmentMonth),
monthIndex: record.monthIndex,
monthlyTarget: record.monthlyTarget,
cumulativeTarget: record.cumulativeTarget,
monthlyCompleted: record.monthlyCompleted,
cumulativeCompleted: record.cumulativeCompleted,
completedAt: record.completedAt,
localTeamCount: record.localTeamCount,
totalTeamCount: record.totalTeamCount,
localPercentage: Number(record.localPercentage),
localPercentagePass: record.localPercentagePass,
exceedRatio: Number(record.exceedRatio),
result: record.result as AssessmentResult,
rankingInRegion: record.rankingInRegion,
isFirstPlace: record.isFirstPlace,
isBypassed: record.isBypassed,
bypassedBy: record.bypassedBy ? AdminUserId.create(record.bypassedBy) : null,
bypassedAt: record.bypassedAt,
assessedAt: record.assessedAt,
createdAt: record.createdAt,
updatedAt: record.updatedAt,
}
return MonthlyAssessment.fromPersistence(props)
}
}
export { MONTHLY_ASSESSMENT_REPOSITORY }

9
backend/services/authorization-service/src/infrastructure/redis/redis.module.ts Normal file
View File

@ -0,0 +1,9 @@
import { Module, Global } from '@nestjs/common'
import { RedisService } from './redis.service'
@Global()
@Module({
providers: [RedisService],
exports: [RedisService],
})
export class RedisModule {}

94
backend/services/authorization-service/src/infrastructure/redis/redis.service.ts Normal file
View File

@ -0,0 +1,94 @@
import { Injectable, OnModuleInit, OnModuleDestroy, Logger } from '@nestjs/common'
import { ConfigService } from '@nestjs/config'
import Redis from 'ioredis'
@Injectable()
export class RedisService implements OnModuleInit, OnModuleDestroy {
private readonly logger = new Logger(RedisService.name)
private client: Redis
constructor(private readonly configService: ConfigService) {}
async onModuleInit() {
this.client = new Redis({
host: this.configService.get<string>('REDIS_HOST', 'localhost'),
port: this.configService.get<number>('REDIS_PORT', 6379),
password: this.configService.get<string>('REDIS_PASSWORD') || undefined,
})
this.client.on('connect', () => {
this.logger.log('Redis connected')
})
this.client.on('error', (error) => {
this.logger.error('Redis error:', error)
})
}
async onModuleDestroy() {
await this.client.quit()
this.logger.log('Redis disconnected')
}
getClient(): Redis {
return this.client
}
async get(key: string): Promise<string | null> {
return this.client.get(key)
}
async set(key: string, value: string, ttlSeconds?: number): Promise<void> {
if (ttlSeconds) {
await this.client.setex(key, ttlSeconds, value)
} else {
await this.client.set(key, value)
}
}
async del(key: string): Promise<void> {
await this.client.del(key)
}
async exists(key: string): Promise<boolean> {
const result = await this.client.exists(key)
return result === 1
}
async incr(key: string): Promise<number> {
return this.client.incr(key)
}
async expire(key: string, seconds: number): Promise<void> {
await this.client.expire(key, seconds)
}
async hget(key: string, field: string): Promise<string | null> {
return this.client.hget(key, field)
}
async hset(key: string, field: string, value: string): Promise<void> {
await this.client.hset(key, field, value)
}
async hgetall(key: string): Promise<Record<string, string>> {
return this.client.hgetall(key)
}
async hdel(key: string, field: string): Promise<void> {
await this.client.hdel(key, field)
}
async sadd(key: string, ...members: string[]): Promise<number> {
return this.client.sadd(key, ...members)
}
async smembers(key: string): Promise<string[]> {
return this.client.smembers(key)
}
async sismember(key: string, member: string): Promise<boolean> {
const result = await this.client.sismember(key, member)
return result === 1
}
}

57
backend/services/authorization-service/src/main.ts Normal file
View File

@ -0,0 +1,57 @@
import { NestFactory } from '@nestjs/core'
import { ValidationPipe, Logger } from '@nestjs/common'
import { SwaggerModule, DocumentBuilder } from '@nestjs/swagger'
import { AppModule } from './app.module'
import { GlobalExceptionFilter } from '@/shared/filters'
import { TransformInterceptor } from '@/shared/interceptors'
async function bootstrap() {
const logger = new Logger('Bootstrap')
const app = await NestFactory.create(AppModule)
// Global prefix
app.setGlobalPrefix('api/v1')
// Validation
app.useGlobalPipes(
new ValidationPipe({
whitelist: true,
forbidNonWhitelisted: true,
transform: true,
transformOptions: { enableImplicitConversion: true },
}),
)
// Global filters
app.useGlobalFilters(new GlobalExceptionFilter())
// Global interceptors
app.useGlobalInterceptors(new TransformInterceptor())
// CORS
app.enableCors({
origin: '*',
methods: 'GET,HEAD,PUT,PATCH,POST,DELETE',
credentials: true,
})
// Swagger
const config = new DocumentBuilder()
.setTitle('Authorization Service API')
.setDescription('RWA授权管理服务API - 社区/省市公司授权、阶梯考核、月度评估与排名')
.setVersion('1.0.0')
.addBearerAuth()
.addTag('Authorization', '授权管理')
.addTag('Admin Authorization', '管理员授权操作')
.build()
const document = SwaggerModule.createDocument(app, config)
SwaggerModule.setup('api/docs', app, document)
const port = process.env.APP_PORT || 3002
await app.listen(port)
logger.log(`Authorization Service is running on port ${port}`)
logger.log(`Swagger docs: http://localhost:${port}/api/docs`)
}
bootstrap()

14
backend/services/authorization-service/src/shared/decorators/current-user.decorator.ts Normal file
View File

@ -0,0 +1,14 @@
import { createParamDecorator, ExecutionContext } from '@nestjs/common'
export interface CurrentUserData {
userId: string
walletAddress?: string
roles?: string[]
}
export const CurrentUser = createParamDecorator(
(data: unknown, ctx: ExecutionContext): CurrentUserData => {
const request = ctx.switchToHttp().getRequest()
return request.user
},
)

2
backend/services/authorization-service/src/shared/decorators/index.ts Normal file
View File

@ -0,0 +1,2 @@
export * from './current-user.decorator'
export * from './public.decorator'

4
backend/services/authorization-service/src/shared/decorators/public.decorator.ts Normal file
View File

@ -0,0 +1,4 @@
import { SetMetadata } from '@nestjs/common'
export const IS_PUBLIC_KEY = 'isPublic'
export const Public = () => SetMetadata(IS_PUBLIC_KEY, true)

31
backend/services/authorization-service/src/shared/exceptions/application.exception.ts Normal file
View File

@ -0,0 +1,31 @@
import { HttpException, HttpStatus } from '@nestjs/common'
export class ApplicationException extends HttpException {
constructor(message: string, status: HttpStatus = HttpStatus.BAD_REQUEST) {
super(message, status)
}
}
export class ApplicationError extends ApplicationException {
constructor(message: string) {
super(message, HttpStatus.BAD_REQUEST)
}
}
export class NotFoundError extends ApplicationException {
constructor(message: string) {
super(message, HttpStatus.NOT_FOUND)
}
}
export class UnauthorizedError extends ApplicationException {
constructor(message: string) {
super(message, HttpStatus.UNAUTHORIZED)
}
}
export class ForbiddenError extends ApplicationException {
constructor(message: string) {
super(message, HttpStatus.FORBIDDEN)
}
}

Some files were not shown because too many files have changed in this diff Show More