@ai-partner-x/aiko-boot-cli 0.1.4

package/templates/scaffold-default/packages/api/examples/security/complete/entity/user.entity.ts

@@ -0,0 +1,46 @@
+import { Entity, TableId, TableField, Column } from '@ai-partner-x/aiko-boot-starter-orm';
+
+@Entity({ tableName: 'users' })
+export class User {
+  @TableId()
+  id!: number;
+
+  @TableField()
+  @Column()
+  username!: string;
+
+  @TableField()
+  @Column()
+  email!: string;
+
+  @TableField()
+  @Column()
+  password!: string;
+
+  @TableField()
+  @Column()
+  enabled!: boolean;
+
+  @TableField()
+  @Column()
+  provider!: string;
+
+  @TableField()
+  @Column()
+  providerId!: string;
+
+  @TableField()
+  @Column()
+  avatar!: string;
+
+  @TableField()
+  @Column()
+  createdAt!: Date;
+
+  @TableField()
+  @Column()
+  updatedAt!: Date;
+
+  roles?: Role[];
+  permissions?: Permission[];
+}

package/templates/scaffold-default/packages/api/examples/security/complete/init.sql

@@ -0,0 +1,81 @@
+-- 创建用户表
+CREATE TABLE IF NOT EXISTS users (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  username TEXT NOT NULL UNIQUE,
+  email TEXT NOT NULL UNIQUE,
+  password TEXT NOT NULL,
+  enabled INTEGER DEFAULT 1,
+  provider TEXT DEFAULT 'local',
+  providerId TEXT DEFAULT '',
+  avatar TEXT DEFAULT '',
+  createdAt DATETIME DEFAULT CURRENT_TIMESTAMP,
+  updatedAt DATETIME DEFAULT CURRENT_TIMESTAMP
+);
+
+-- 创建角色表
+CREATE TABLE IF NOT EXISTS roles (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  name TEXT NOT NULL UNIQUE,
+  description TEXT,
+  createdAt DATETIME DEFAULT CURRENT_TIMESTAMP,
+  updatedAt DATETIME DEFAULT CURRENT_TIMESTAMP
+);
+
+-- 创建权限表
+CREATE TABLE IF NOT EXISTS permissions (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  name TEXT NOT NULL UNIQUE,
+  description TEXT,
+  resource TEXT NOT NULL,
+  action TEXT NOT NULL,
+  createdAt DATETIME DEFAULT CURRENT_TIMESTAMP,
+  updatedAt DATETIME DEFAULT CURRENT_TIMESTAMP
+);
+
+-- 创建用户角色关联表
+CREATE TABLE IF NOT EXISTS user_roles (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  userId INTEGER NOT NULL,
+  roleId INTEGER NOT NULL,
+  createdAt DATETIME DEFAULT CURRENT_TIMESTAMP,
+  FOREIGN KEY (userId) REFERENCES users(id) ON DELETE CASCADE,
+  FOREIGN KEY (roleId) REFERENCES roles(id) ON DELETE CASCADE,
+  UNIQUE(userId, roleId)
+);
+
+-- 创建角色权限关联表
+CREATE TABLE IF NOT EXISTS role_permissions (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  roleId INTEGER NOT NULL,
+  permissionId INTEGER NOT NULL,
+  createdAt DATETIME DEFAULT CURRENT_TIMESTAMP,
+  FOREIGN KEY (roleId) REFERENCES roles(id) ON DELETE CASCADE,
+  FOREIGN KEY (permissionId) REFERENCES permissions(id) ON DELETE CASCADE,
+  UNIQUE(roleId, permissionId)
+);
+
+-- 创建 OAuth 账户表
+CREATE TABLE IF NOT EXISTS oauth_accounts (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  userId INTEGER NOT NULL,
+  provider TEXT NOT NULL,
+  providerId TEXT NOT NULL,
+  accessToken TEXT NOT NULL,
+  refreshToken TEXT DEFAULT '',
+  expiresAt DATETIME,
+  createdAt DATETIME DEFAULT CURRENT_TIMESTAMP,
+  updatedAt DATETIME DEFAULT CURRENT_TIMESTAMP,
+  FOREIGN KEY (userId) REFERENCES users(id) ON DELETE CASCADE,
+  UNIQUE(provider, providerId)
+);
+
+-- 创建索引
+CREATE INDEX IF NOT EXISTS idx_users_username ON users(username);
+CREATE INDEX IF NOT EXISTS idx_users_email ON users(email);
+CREATE INDEX IF NOT EXISTS idx_users_provider ON users(provider, providerId);
+CREATE INDEX IF NOT EXISTS idx_user_roles_userId ON user_roles(userId);
+CREATE INDEX IF NOT EXISTS idx_user_roles_roleId ON user_roles(roleId);
+CREATE INDEX IF NOT EXISTS idx_role_permissions_roleId ON role_permissions(roleId);
+CREATE INDEX IF NOT EXISTS idx_role_permissions_permissionId ON role_permissions(permissionId);
+CREATE INDEX IF NOT EXISTS idx_oauth_accounts_userId ON oauth_accounts(userId);
+CREATE INDEX IF NOT EXISTS idx_oauth_accounts_provider ON oauth_accounts(provider, providerId);

package/templates/scaffold-default/packages/api/examples/security/complete/middleware/auth.interceptor.ts

@@ -0,0 +1,39 @@
+import { Injectable, Singleton, Autowired } from '@ai-partner-x/aiko-boot';
+import { SecurityContext } from '@ai-partner-x/aiko-boot-starter-security';
+import { JwtStrategy } from '@ai-partner-x/aiko-boot-starter-security';
+import { SessionStrategy } from '@ai-partner-x/aiko-boot-starter-security';
+import type { Request, Response, NextFunction } from 'express';
+
+@Injectable()
+@Singleton()
+export class AuthInterceptor {
+  @Autowired()
+  private jwtStrategy!: JwtStrategy;
+
+  @Autowired()
+  private sessionStrategy!: SessionStrategy;
+
+  async intercept(req: Request, res: Response, next: NextFunction): Promise<void> {
+    const securityContext = SecurityContext.getInstance();
+
+    try {
+      let user = null;
+
+      if (req.headers.authorization && req.headers.authorization.startsWith('Bearer ')) {
+        const token = req.headers.authorization.substring(7);
+        user = await this.jwtStrategy.validate(token);
+      } else if (req.session && req.session.userId) {
+        user = await this.sessionStrategy.authenticate(req);
+      }
+
+      if (user) {
+        securityContext.setCurrentUser(user);
+      }
+
+      next();
+    } catch (error) {
+      console.error('Auth error:', error);
+      res.status(401).json({ error: '未授权' });
+    }
+  }
+}

package/templates/scaffold-default/packages/api/examples/security/complete/middleware/index.ts

@@ -0,0 +1,2 @@
+export { AuthInterceptor } from './auth.interceptor.js';
+export { PermissionInterceptor } from './permission.interceptor.js';

package/templates/scaffold-default/packages/api/examples/security/complete/middleware/permission.interceptor.ts

@@ -0,0 +1,61 @@
+import { Injectable, Singleton, Autowired } from '@ai-partner-x/aiko-boot';
+import { SecurityContext } from '@ai-partner-x/aiko-boot-starter-security';
+import { PermissionService } from '../service/permission.service.js';
+import { PermissionExpressionParser } from '@ai-partner-x/aiko-boot-starter-security';
+import type { Request, Response, NextFunction } from 'express';
+
+@Injectable()
+@Singleton()
+export class PermissionInterceptor {
+  @Autowired()
+  private permissionService!: PermissionService;
+
+  private parser = new PermissionExpressionParser();
+
+  async intercept(req: Request, res: Response, next: NextFunction): Promise<void> {
+    const securityContext = SecurityContext.getInstance();
+    const currentUser = securityContext.getCurrentUser();
+
+    if (!currentUser) {
+      return res.status(401).json({ error: '未授权' });
+    }
+
+    const permissionExpression = this.getPermissionExpression(req);
+    
+    if (permissionExpression) {
+      const hasPermission = await this.parser.evaluate(
+        permissionExpression,
+        currentUser,
+        this.permissionService
+      );
+
+      if (!hasPermission) {
+        return res.status(403).json({ error: '禁止访问' });
+      }
+    }
+
+    next();
+  }
+
+  private getPermissionExpression(req: Request): string | null {
+    const route = req.route;
+    if (!route) {
+      return null;
+    }
+
+    const metadata = Reflect.getMetadata('aiko-boot:preAuthorize', route);
+    if (metadata) {
+      return metadata as string;
+    }
+
+    const rolesMetadata = Reflect.getMetadata('aiko-boot:roles', route);
+    if (rolesMetadata && Array.isArray(rolesMetadata)) {
+      const roles = rolesMetadata as string[];
+      if (roles.length > 0) {
+        return `hasAnyRole('${roles.join("','")}')`;
+      }
+    }
+
+    return null;
+  }
+}

package/templates/scaffold-default/packages/api/examples/security/complete/package.json

@@ -0,0 +1,54 @@
+{
+    "name": "security-complete-example",
+    "version": "1.0.0",
+    "description": "Aiko Boot Starter Security 完整配置和集成示例",
+    "main": "app.ts",
+    "scripts": {
+        "start": "node --loader ts-node/esm app.ts",
+        "dev": "nodemon --exec node --loader ts-node/esm app.ts",
+        "build": "tsc",
+        "test": "pnpm jest",
+        "test:unit": "pnpm jest --config=tests/jest.config.js --testPathPattern=unit",
+        "test:integration": "pnpm jest --config=tests/jest.config.js --testPathPattern=integration",
+        "test:coverage": "pnpm jest --config=tests/jest.config.js --coverage",
+        "test:all": "node tests/run-all-tests.js",
+        "test:report": "node tests/generate-report.js",
+        "lint": "eslint . --ext .ts",
+        "format": "prettier --write \"**/*.ts\""
+    },
+    "dependencies": {
+        "@ai-partner-x/aiko-boot": "workspace:*",
+        "@ai-partner-x/aiko-boot-starter-security": "workspace:*",
+        "@ai-partner-x/aiko-boot-starter-orm": "workspace:*",
+        "@ai-partner-x/aiko-boot-starter-validation": "workspace:*",
+        "@ai-partner-x/aiko-boot-starter-web": "workspace:*",
+        "bcrypt": "^5.1.0",
+        "axios": "^1.6.0",
+        "express": "^4.18.2",
+        "express-session": "^1.17.3",
+        "better-sqlite3": "^9.2.0"
+    },
+    "devDependencies": {
+        "@types/bcrypt": "^5.0.0",
+        "@types/express": "^4.17.21",
+        "@types/express-session": "^1.17.10",
+        "@types/better-sqlite3": "^7.6.8",
+        "@types/node": "^20.10.0",
+        "@types/supertest": "^6.0.2",
+        "typescript": "^5.3.0",
+        "ts-node": "^10.9.2",
+        "nodemon": "^3.0.2",
+        "jest": "^29.7.0",
+        "@types/jest": "^29.5.11",
+        "ts-jest": "^29.1.1",
+        "supertest": "^6.3.3",
+        "eslint": "^8.55.0",
+        "@typescript-eslint/eslint-plugin": "^6.15.0",
+        "@typescript-eslint/parser": "^6.15.0",
+        "prettier": "^3.1.1"
+    },
+    "type": "module",
+    "engines": {
+        "node": ">=18.0.0"
+    }
+}

package/templates/scaffold-default/packages/api/examples/security/complete/seed.sql

@@ -0,0 +1,42 @@
+-- 插入基础权限
+INSERT INTO permissions (name, description, resource, action) VALUES
+('user:create', '创建用户', 'user', 'create'),
+('user:update', '更新用户', 'user', 'update'),
+('user:delete', '删除用户', 'user', 'delete'),
+('user:view', '查看用户', 'user', 'view'),
+('role:create', '创建角色', 'role', 'create'),
+('role:update', '更新角色', 'role', 'update'),
+('role:delete', '删除角色', 'role', 'delete'),
+('role:view', '查看角色', 'role', 'view'),
+('permission:create', '创建权限', 'permission', 'create'),
+('permission:update', '更新权限', 'permission', 'update'),
+('permission:delete', '删除权限', 'permission', 'delete'),
+('permission:view', '查看权限', 'permission', 'view');
+
+-- 插入基础角色
+INSERT INTO roles (name, description) VALUES
+('ADMIN', '管理员角色，拥有所有权限'),
+('USER', '普通用户角色'),
+('GUEST', '访客角色');
+
+-- 为管理员角色分配所有权限
+INSERT INTO role_permissions (roleId, permissionId)
+SELECT 1, id FROM permissions;
+
+-- 为普通用户角色分配部分权限
+INSERT INTO role_permissions (roleId, permissionId)
+SELECT 2, id FROM permissions WHERE name IN ('user:view', 'role:view', 'permission:view');
+
+-- 创建管理员用户 (密码: Admin123!)
+INSERT INTO users (username, email, password, enabled, provider, providerId, avatar)
+VALUES ('admin', 'admin@example.com', '$2b$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy', 1, 'local', '', '');
+
+-- 为管理员分配角色
+INSERT INTO user_roles (userId, roleId) VALUES (1, 1);
+
+-- 创建测试用户 (密码: User123!)
+INSERT INTO users (username, email, password, enabled, provider, providerId, avatar)
+VALUES ('user', 'user@example.com', '$2b$10$X7WfWfWfWfWfWfWfWfWfWeIjZAgcfl7p92ldGxad68LJZdL17lhWy', 1, 'local', '', '');
+
+-- 为测试用户分配角色
+INSERT INTO user_roles (userId, roleId) VALUES (2, 2);

package/templates/scaffold-default/packages/api/examples/security/complete/service/auth.service.ts

@@ -0,0 +1,41 @@
+import { Service, Autowired } from '@ai-partner-x/aiko-boot';
+import { AuthService as SecurityAuthService } from '@ai-partner-x/aiko-boot-starter-security';
+import { UserService } from './user.service.js';
+import { OAuthService } from './oauth.service.js';
+import type { RegisterDto } from '../dto/register.dto.js';
+
+@Service()
+export class AuthService {
+    @Autowired()
+    private securityAuthService!: SecurityAuthService;
+
+    @Autowired()
+    private userService!: UserService;
+
+    @Autowired()
+    private oauthService!: OAuthService;
+
+    async login(username: string, password: string) {
+        return this.securityAuthService.login({ username, password });
+    }
+
+    async register(userData: RegisterDto) {
+        return this.securityAuthService.register(userData);
+    }
+
+    async refreshToken(refreshToken: string) {
+        return this.securityAuthService.refreshToken(refreshToken);
+    }
+
+    async logout(token: string) {
+        return this.securityAuthService.logout(token);
+    }
+
+    async changePassword(userId: number, oldPassword: string, newPassword: string) {
+        return this.securityAuthService.changePassword(userId, oldPassword, newPassword);
+    }
+
+    async handleOAuthCallback(profile: any, tokens: any): Promise<any> {
+        return this.oauthService.handleOAuthCallback(profile, tokens);
+    }
+}

package/templates/scaffold-default/packages/api/examples/security/complete/service/index.ts

@@ -0,0 +1,5 @@
+export { AuthService } from './auth.service.js';
+export { UserService } from './user.service.js';
+export { RoleService } from './role.service.js';
+export { PermissionService } from './permission.service.js';
+export { OAuthService } from './oauth.service.js';

package/templates/scaffold-default/packages/api/examples/security/complete/service/oauth.service.ts

@@ -0,0 +1,82 @@
+import { Service, Autowired } from '@ai-partner-x/aiko-boot';
+import { Mapper, BaseMapper } from '@ai-partner-x/aiko-boot-starter-orm';
+import { User } from '../entity/user.entity.js';
+import { OAuthAccount } from '../entity/oauth-account.entity.js';
+import type { OAuthProfileDto } from '../dto/oauth-profile.dto.js';
+
+@Service()
+export class OAuthService {
+  @Autowired()
+  private userMapper!: BaseMapper<User>;
+
+  @Autowired()
+  private oauthAccountMapper!: BaseMapper<OAuthAccount>;
+
+  async findOrCreateUser(profile: OAuthProfileDto): Promise<User> {
+    let user = await this.findByProvider(profile.provider, profile.providerId);
+
+    if (!user) {
+      user = await this.createUser(profile);
+    }
+
+    return user;
+  }
+
+  async findByProvider(provider: string, providerId: string): Promise<User | null> {
+    const accounts = await this.oauthAccountMapper.selectList({
+      where: { provider, providerId }
+    });
+
+    if (accounts.length === 0) {
+      return null;
+    }
+
+    const account = accounts[0];
+    return this.userMapper.selectById(account.userId);
+  }
+
+  async createUser(profile: OAuthProfileDto): Promise<User> {
+    const user = {
+      username: profile.username,
+      email: profile.email,
+      provider: profile.provider,
+      providerId: profile.providerId,
+      avatar: profile.avatar || '',
+      enabled: true,
+      createdAt: new Date(),
+      updatedAt: new Date(),
+    };
+
+    const userId = await this.userMapper.insert(user);
+    return this.userMapper.selectById(userId) as Promise<User>;
+  }
+
+  async saveOAuthAccount(userId: number, profile: OAuthProfileDto, tokens: any): Promise<void> {
+    const account = {
+      userId,
+      provider: profile.provider,
+      providerId: profile.providerId,
+      accessToken: tokens.access_token,
+      refreshToken: tokens.refresh_token || '',
+      expiresAt: tokens.expires_at ? new Date(tokens.expires_at * 1000) : new Date(Date.now() + 3600000),
+      createdAt: new Date(),
+    };
+
+    await this.oauthAccountMapper.insert(account);
+  }
+
+  async updateOAuthTokens(userId: number, provider: string, tokens: any): Promise<void> {
+    const accounts = await this.oauthAccountMapper.selectList({
+      where: { userId, provider }
+    });
+
+    if (accounts.length > 0) {
+      const account = accounts[0];
+      await this.oauthAccountMapper.updateById(account.id, {
+        accessToken: tokens.access_token,
+        refreshToken: tokens.refresh_token || account.refreshToken,
+        expiresAt: tokens.expires_at ? new Date(tokens.expires_at * 1000) : account.expiresAt,
+      });
+    }
+  }
+}

package/templates/scaffold-default/packages/api/examples/security/complete/service/permission.service.ts

@@ -0,0 +1,113 @@
+import { Service, Autowired } from '@ai-partner-x/aiko-boot';
+import { Mapper, BaseMapper } from '@ai-partner-x/aiko-boot-starter-orm';
+import { Permission } from '../entity/permission.entity.js';
+import { Role } from '../entity/role.entity.js';
+import { User } from '../entity/user.entity.js';
+import { RolePermission } from '../entity/role-permission.entity.js';
+import { UserRole } from '../entity/user-role.entity.js';
+
+@Service()
+export class PermissionService {
+  @Autowired()
+  private permissionMapper!: BaseMapper<Permission>;
+
+  @Autowired()
+  private roleMapper!: BaseMapper<Role>;
+
+  @Autowired()
+  private userMapper!: BaseMapper<User>;
+
+  @Autowired()
+  private rolePermissionMapper!: BaseMapper<RolePermission>;
+
+  @Autowired()
+  private userRoleMapper!: BaseMapper<UserRole>;
+
+  async getUserPermissions(userId: number): Promise<Permission[]> {
+    const user = await this.userMapper.selectById(userId);
+    if (!user) {
+      return [];
+    }
+
+    const userRoles = await this.userRoleMapper.selectList({
+      where: { userId }
+    });
+
+    const permissions: Permission[] = [];
+    for (const userRole of userRoles) {
+      const rolePermissions = await this.rolePermissionMapper.selectList({
+        where: { roleId: userRole.roleId }
+      });
+
+      for (const rp of rolePermissions) {
+        const permission = await this.permissionMapper.selectById(rp.permissionId);
+        if (permission && !permissions.find(p => p.id === permission.id)) {
+          permissions.push(permission);
+        }
+      }
+    }
+
+    return permissions;
+  }
+
+  async getRolePermissions(roleId: number): Promise<Permission[]> {
+    const rolePermissions = await this.rolePermissionMapper.selectList({
+      where: { roleId }
+    });
+
+    const permissions: Permission[] = [];
+    for (const rp of rolePermissions) {
+      const permission = await this.permissionMapper.selectById(rp.permissionId);
+      if (permission) {
+        permissions.push(permission);
+      }
+    }
+
+    return permissions;
+  }
+
+  async hasPermission(userId: number, permissionName: string): Promise<boolean> {
+    const permissions = await this.getUserPermissions(userId);
+    return permissions.some(p => p.name === permissionName);
+  }
+
+  async hasAnyPermission(userId: number, permissionNames: string[]): Promise<boolean> {
+    const permissions = await this.getUserPermissions(userId);
+    return permissionNames.some(name => permissions.some(p => p.name === name));
+  }
+
+  async hasAllPermissions(userId: number, permissionNames: string[]): Promise<boolean> {
+    const permissions = await this.getUserPermissions(userId);
+    return permissionNames.every(name => permissions.some(p => p.name === name));
+  }
+
+  async findById(id: number): Promise<Permission | null> {
+    return this.permissionMapper.selectById(id);
+  }
+
+  async findAll(): Promise<Permission[]> {
+    return this.permissionMapper.selectList({});
+  }
+
+  async create(permissionData: Partial<Permission>): Promise<Permission> {
+    const permission = {
+      ...permissionData,
+      createdAt: new Date(),
+      updatedAt: new Date(),
+    };
+    const id = await this.permissionMapper.insert(permission);
+    return this.permissionMapper.selectById(id) as Promise<Permission>;
+  }
+
+  async update(id: number, permissionData: Partial<Permission>): Promise<Permission> {
+    await this.permissionMapper.updateById(id, {
+      ...permissionData,
+      updatedAt: new Date(),
+    });
+    return this.permissionMapper.selectById(id) as Promise<Permission>;
+  }
+
+  async delete(id: number): Promise<boolean> {
+    return this.permissionMapper.deleteById(id) > 0;
+  }
+}

package/templates/scaffold-default/packages/api/examples/security/complete/service/role.service.ts

@@ -0,0 +1,85 @@
+import { Service, Autowired } from '@ai-partner-x/aiko-boot';
+import { Mapper, BaseMapper } from '@ai-partner-x/aiko-boot-starter-orm';
+import { Role } from '../entity/role.entity.js';
+import { Permission } from '../entity/permission.entity.js';
+import { RolePermission } from '../entity/role-permission.entity.js';
+import { PermissionService } from './permission.service.js';
+
+@Service()
+export class RoleService {
+  @Autowired()
+  private roleMapper!: BaseMapper<Role>;
+
+  @Autowired()
+  private rolePermissionMapper!: BaseMapper<RolePermission>;
+
+  @Autowired()
+  private permissionService!: PermissionService;
+
+  async findById(id: number): Promise<Role | null> {
+    const role = await this.roleMapper.selectById(id);
+    if (!role) {
+      return null;
+    }
+
+    role.permissions = await this.permissionService.getRolePermissions(id);
+    return role;
+  }
+
+  async findAll(): Promise<Role[]> {
+    const roles = await this.roleMapper.selectList({});
+    for (const role of roles) {
+      role.permissions = await this.permissionService.getRolePermissions(role.id);
+    }
+    return roles;
+  }
+
+  async create(roleData: Partial<Role>): Promise<Role> {
+    const role = {
+      ...roleData,
+      createdAt: new Date(),
+      updatedAt: new Date(),
+    };
+    const id = await this.roleMapper.insert(role);
+    return this.roleMapper.selectById(id) as Promise<Role>;
+  }
+
+  async update(id: number, roleData: Partial<Role>): Promise<Role> {
+    await this.roleMapper.updateById(id, {
+      ...roleData,
+      updatedAt: new Date(),
+    });
+    return this.roleMapper.selectById(id) as Promise<Role>;
+  }
+
+  async delete(id: number): Promise<boolean> {
+    await this.rolePermissionMapper.selectList({
+      where: { roleId: id }
+    }).then(rolePermissions => {
+      for (const rp of rolePermissions) {
+        this.rolePermissionMapper.deleteById(rp.id);
+      }
+    });
+
+    return this.roleMapper.deleteById(id) > 0;
+  }
+
+  async assignPermissionToRole(roleId: number, permissionId: number): Promise<void> {
+    const rolePermission = {
+      roleId,
+      permissionId,
+      createdAt: new Date(),
+    };
+    await this.rolePermissionMapper.insert(rolePermission);
+  }
+
+  async removePermissionFromRole(roleId: number, permissionId: number): Promise<void> {
+    const rolePermissions = await this.rolePermissionMapper.selectList({
+      where: { roleId, permissionId }
+    });
+
+    for (const rp of rolePermissions) {
+      await this.rolePermissionMapper.deleteById(rp.id);
+    }
+  }
+}