@pengzi/kms 1.0.0

package/dist/services/audit.service.js

@@ -0,0 +1,113 @@
+"use strict";
+/**
+ * 审计服务
+ * 负责记录和查询审计日志
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuditService = void 0;
+const types_1 = require("../types");
+const audit_model_1 = require("../models/audit.model");
+class AuditService {
+    auditRepo;
+    constructor(auditRepo) {
+        this.auditRepo = auditRepo;
+    }
+    /**
+     * 记录审计日志
+     */
+    async log(data) {
+        const log = (0, audit_model_1.createAuditLog)(data);
+        await this.auditRepo.insertOne(log);
+    }
+    /**
+     * 查询审计日志
+     */
+    async getAuditLogs(projectId, query) {
+        const result = await this.auditRepo.findAuditLogs(projectId, query);
+        return {
+            logs: result.logs,
+            total: result.total,
+            page: query.page || 1,
+            limit: query.limit || 50,
+        };
+    }
+    /**
+     * 获取最近的审计日志
+     */
+    async getRecentLogs(projectId, limit = 100) {
+        return await this.auditRepo.findRecentLogs(projectId, limit);
+    }
+    /**
+     * 统计失败登录次数
+     */
+    async countFailedLogins(projectId, userId, since) {
+        return await this.auditRepo.countFailedLogins(projectId, userId, since);
+    }
+    /**
+     * 记录项目创建
+     */
+    async logProjectCreated(projectId, userId, projectName, success) {
+        await this.log({
+            projectId,
+            userId,
+            action: types_1.AuditAction.CREATE_PROJECT,
+            resourceType: types_1.ResourceType.PROJECT,
+            resourceId: projectId,
+            details: {
+                keyName: projectName,
+                success,
+            },
+        });
+    }
+    /**
+     * 记录密钥创建
+     */
+    async logKeyCreated(projectId, userId, keyId, keyName, keyType, success) {
+        await this.log({
+            projectId,
+            userId,
+            action: types_1.AuditAction.CREATE_KEY,
+            resourceType: types_1.ResourceType.KEY,
+            resourceId: keyId,
+            details: {
+                keyName,
+                keyType,
+                success,
+            },
+        });
+    }
+    /**
+     * 记录密钥读取
+     */
+    async logKeyRead(projectId, userId, keyId, keyName, success) {
+        await this.log({
+            projectId,
+            userId,
+            action: types_1.AuditAction.READ_KEY,
+            resourceType: types_1.ResourceType.KEY,
+            resourceId: keyId,
+            details: {
+                keyName,
+                success,
+            },
+        });
+    }
+    /**
+     * 记录密钥删除
+     */
+    async logKeyDeleted(projectId, userId, keyId, keyName, success) {
+        await this.log({
+            projectId,
+            userId,
+            action: types_1.AuditAction.DELETE_KEY,
+            resourceType: types_1.ResourceType.KEY,
+            resourceId: keyId,
+            details: {
+                keyName,
+                success,
+            },
+        });
+    }
+}
+exports.AuditService = AuditService;
+//# sourceMappingURL=audit.service.js.map

package/dist/services/audit.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.service.js","sourceRoot":"","sources":["../../src/services/audit.service.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAGH,oCAA2E;AAC3E,uDAAuD;AAEvD,MAAa,YAAY;IACH;IAApB,YAAoB,SAA0B;QAA1B,cAAS,GAAT,SAAS,CAAiB;IAAG,CAAC;IAElD;;OAEG;IACH,KAAK,CAAC,GAAG,CAAC,IAeT;QACC,MAAM,GAAG,GAAG,IAAA,4BAAc,EAAC,IAAI,CAAC,CAAC;QACjC,MAAM,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,GAAU,CAAC,CAAC;IAC7C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,SAAiB,EAAE,KAAiB;QAMrD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QACpE,OAAO;YACL,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,IAAI,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC;YACrB,KAAK,EAAE,KAAK,CAAC,KAAK,IAAI,EAAE;SACzB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,SAAiB,EAAE,QAAgB,GAAG;QACxD,OAAO,MAAM,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;IAC/D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,iBAAiB,CAAC,SAAiB,EAAE,MAAe,EAAE,KAAY;QACtE,OAAO,MAAM,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IAC1E,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,iBAAiB,CACrB,SAAiB,EACjB,MAAc,EACd,WAAmB,EACnB,OAAgB;QAEhB,MAAM,IAAI,CAAC,GAAG,CAAC;YACb,SAAS;YACT,MAAM;YACN,MAAM,EAAE,mBAAW,CAAC,cAAc;YAClC,YAAY,EAAE,oBAAY,CAAC,OAAO;YAClC,UAAU,EAAE,SAAS;YACrB,OAAO,EAAE;gBACP,OAAO,EAAE,WAAW;gBACpB,OAAO;aACR;SACF,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CACjB,SAAiB,EACjB,MAAc,EACd,KAAa,EACb,OAAe,EACf,OAAe,EACf,OAAgB;QAEhB,MAAM,IAAI,CAAC,GAAG,CAAC;YACb,SAAS;YACT,MAAM;YACN,MAAM,EAAE,mBAAW,CAAC,UAAU;YAC9B,YAAY,EAAE,oBAAY,CAAC,GAAG;YAC9B,UAAU,EAAE,KAAK;YACjB,OAAO,EAAE;gBACP,OAAO;gBACP,OAAO;gBACP,OAAO;aACR;SACF,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU,CACd,SAAiB,EACjB,MAAc,EACd,KAAa,EACb,OAAe,EACf,OAAgB;QAEhB,MAAM,IAAI,CAAC,GAAG,CAAC;YACb,SAAS;YACT,MAAM;YACN,MAAM,EAAE,mBAAW,CAAC,QAAQ;YAC5B,YAAY,EAAE,oBAAY,CAAC,GAAG;YAC9B,UAAU,EAAE,KAAK;YACjB,OAAO,EAAE;gBACP,OAAO;gBACP,OAAO;aACR;SACF,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CACjB,SAAiB,EACjB,MAAc,EACd,KAAa,EACb,OAAe,EACf,OAAgB;QAEhB,MAAM,IAAI,CAAC,GAAG,CAAC;YACb,SAAS;YACT,MAAM;YACN,MAAM,EAAE,mBAAW,CAAC,UAAU;YAC9B,YAAY,EAAE,oBAAY,CAAC,GAAG;YAC9B,UAAU,EAAE,KAAK;YACjB,OAAO,EAAE;gBACP,OAAO;gBACP,OAAO;aACR;SACF,CAAC,CAAC;IACL,CAAC;CACF;AAtJD,oCAsJC"}

package/dist/services/auth.service.d.ts

@@ -0,0 +1,39 @@
+/**
+ * 认证服务
+ * 负责用户认证和授权
+ */
+import { UserRepository } from '../repositories/user.repository';
+import { AuditService } from './audit.service';
+import { User, CreateUserData, AuthCredentials, AuthResult } from '../types';
+export declare class AuthService {
+    private userRepo;
+    private auditService;
+    constructor(userRepo: UserRepository, auditService: AuditService);
+    /**
+     * 创建用户
+     */
+    createUser(projectId: string, creatorId: string, userData: CreateUserData): Promise<Omit<User, 'passwordHash' | 'apiKeyHash'> & {
+        apiKey?: string;
+    }>;
+    /**
+     * 用户登录
+     */
+    login(projectId: string, credentials: AuthCredentials): Promise<AuthResult>;
+    /**
+     * 使用API密钥认证
+     */
+    authenticateWithApiKey(projectId: string, apiKey: string): Promise<User | null>;
+    /**
+     * 验证用户凭证
+     */
+    verifyCredentials(projectId: string, username: string, password: string): Promise<boolean>;
+    /**
+     * 生成API密钥
+     */
+    private generateApiKey;
+    /**
+     * 轮换API密钥
+     */
+    rotateApiKey(projectId: string, userId: string, targetUserId: string): Promise<string>;
+}
+//# sourceMappingURL=auth.service.d.ts.map

package/dist/services/auth.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.service.d.ts","sourceRoot":"","sources":["../../src/services/auth.service.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,iCAAiC,CAAC;AACjE,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,eAAe,EAAE,UAAU,EAAQ,MAAM,UAAU,CAAC;AAQnF,qBAAa,WAAW;IAEpB,OAAO,CAAC,QAAQ;IAChB,OAAO,CAAC,YAAY;gBADZ,QAAQ,EAAE,cAAc,EACxB,YAAY,EAAE,YAAY;IAGpC;;OAEG;IACG,UAAU,CACd,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,cAAc,GACvB,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,cAAc,GAAG,YAAY,CAAC,GAAG;QAAE,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IA8C3E;;OAEG;IACG,KAAK,CACT,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,eAAe,GAC3B,OAAO,CAAC,UAAU,CAAC;IAqFtB;;OAEG;IACG,sBAAsB,CAC1B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;IAevB;;OAEG;IACG,iBAAiB,CACrB,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,OAAO,CAAC;IAKnB;;OAEG;IACH,OAAO,CAAC,cAAc;IAOtB;;OAEG;IACG,YAAY,CAChB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,MAAM,CAAC;CAenB"}

package/dist/services/auth.service.js

@@ -0,0 +1,179 @@
+"use strict";
+/**
+ * 认证服务
+ * 负责用户认证和授权
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthService = void 0;
+const user_model_1 = require("../models/user.model");
+const bcrypt_1 = require("bcrypt");
+const crypto_1 = require("crypto");
+const types_1 = require("../types");
+const types_2 = require("../types");
+class AuthService {
+    userRepo;
+    auditService;
+    constructor(userRepo, auditService) {
+        this.userRepo = userRepo;
+        this.auditService = auditService;
+    }
+    /**
+     * 创建用户
+     */
+    async createUser(projectId, creatorId, userData) {
+        // 验证用户数据
+        const validation = (0, user_model_1.validateUser)(userData);
+        if (!validation.valid) {
+            throw new types_1.ValidationError(validation.errors.join(', '));
+        }
+        // 检查用户名是否已存在
+        const existingUser = await this.userRepo.findByProjectAndUsername(projectId, userData.username);
+        if (existingUser) {
+            throw new types_1.ValidationError('Username already exists');
+        }
+        // 哈希密码
+        const passwordHash = await (0, bcrypt_1.hash)(userData.password, 10);
+        // 生成API密钥
+        const apiKey = this.generateApiKey();
+        const apiKeyHash = await (0, bcrypt_1.hash)(apiKey, 10);
+        const user = (0, user_model_1.createUser)(projectId, userData, passwordHash, apiKeyHash);
+        await this.userRepo.insertOne(user);
+        // 记录审计日志
+        await this.auditService.log({
+            projectId,
+            userId: creatorId,
+            action: types_2.AuditAction.CREATE_USER,
+            resourceType: types_2.ResourceType.USER,
+            resourceId: user.userId,
+            details: {
+                success: true,
+            },
+        });
+        // 返回用户信息（不包含敏感信息）和API密钥
+        return {
+            ...(0, user_model_1.toSafeUser)(user),
+            apiKey, // 仅在创建时返回一次
+        };
+    }
+    /**
+     * 用户登录
+     */
+    async login(projectId, credentials) {
+        const user = await this.userRepo.findByProjectAndUsername(projectId, credentials.username);
+        if (!user) {
+            await this.auditService.log({
+                projectId,
+                action: types_2.AuditAction.LOGIN_FAILED,
+                resourceType: types_2.ResourceType.USER,
+                resourceId: credentials.username,
+                details: {
+                    success: false,
+                    errorMessage: 'User not found',
+                },
+            });
+            return {
+                success: false,
+                error: 'Invalid username or password',
+            };
+        }
+        if (user.status !== 'active') {
+            await this.auditService.log({
+                projectId,
+                userId: user.userId,
+                action: types_2.AuditAction.LOGIN_FAILED,
+                resourceType: types_2.ResourceType.USER,
+                resourceId: user.userId,
+                details: {
+                    success: false,
+                    errorMessage: 'User account is not active',
+                },
+            });
+            return {
+                success: false,
+                error: 'User account is not active',
+            };
+        }
+        const passwordMatch = await (0, bcrypt_1.compare)(credentials.password, user.passwordHash);
+        if (!passwordMatch) {
+            await this.auditService.log({
+                projectId,
+                userId: user.userId,
+                action: types_2.AuditAction.LOGIN_FAILED,
+                resourceType: types_2.ResourceType.USER,
+                resourceId: user.userId,
+                details: {
+                    success: false,
+                    errorMessage: 'Invalid password',
+                },
+            });
+            return {
+                success: false,
+                error: 'Invalid username or password',
+            };
+        }
+        // 更新最后登录时间
+        await this.userRepo.updateLastLogin(user.userId);
+        // 记录审计日志
+        await this.auditService.log({
+            projectId,
+            userId: user.userId,
+            action: types_2.AuditAction.LOGIN,
+            resourceType: types_2.ResourceType.USER,
+            resourceId: user.userId,
+            details: {
+                success: true,
+            },
+        });
+        return {
+            success: true,
+            user: (0, user_model_1.toSafeUser)(user),
+        };
+    }
+    /**
+     * 使用API密钥认证
+     */
+    async authenticateWithApiKey(projectId, apiKey) {
+        // 查找所有用户并检查API密钥
+        const users = await this.userRepo.findByProjectId(projectId);
+        for (const user of users) {
+            if (user.apiKeyHash && await (0, bcrypt_1.compare)(apiKey, user.apiKeyHash)) {
+                if (user.status === 'active') {
+                    return user;
+                }
+            }
+        }
+        return null;
+    }
+    /**
+     * 验证用户凭证
+     */
+    async verifyCredentials(projectId, username, password) {
+        const result = await this.login(projectId, { username, password });
+        return result.success;
+    }
+    /**
+     * 生成API密钥
+     */
+    generateApiKey() {
+        const apiKeyPrefix = 'kms_';
+        const randomBytesBuffer = (0, crypto_1.randomBytes)(32);
+        const randomString = randomBytesBuffer.toString('hex');
+        return `${apiKeyPrefix}${randomString}`;
+    }
+    /**
+     * 轮换API密钥
+     */
+    async rotateApiKey(projectId, userId, targetUserId) {
+        const user = await this.userRepo.getByUserId(targetUserId);
+        if (user.projectId !== projectId) {
+            throw new types_1.ValidationError('User does not belong to this project');
+        }
+        // 生成新API密钥
+        const newApiKey = this.generateApiKey();
+        const newApiKeyHash = await (0, bcrypt_1.hash)(newApiKey, 10);
+        await this.userRepo.updateUser(targetUserId, { apiKeyHash: newApiKeyHash });
+        return newApiKey;
+    }
+}
+exports.AuthService = AuthService;
+//# sourceMappingURL=auth.service.js.map

package/dist/services/auth.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.service.js","sourceRoot":"","sources":["../../src/services/auth.service.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAKH,qDAA4E;AAC5E,mCAAuC;AACvC,mCAAqC;AACrC,oCAAmF;AACnF,oCAAqD;AAGrD,MAAa,WAAW;IAEZ;IACA;IAFV,YACU,QAAwB,EACxB,YAA0B;QAD1B,aAAQ,GAAR,QAAQ,CAAgB;QACxB,iBAAY,GAAZ,YAAY,CAAc;IACjC,CAAC;IAEJ;;OAEG;IACH,KAAK,CAAC,UAAU,CACd,SAAiB,EACjB,SAAiB,EACjB,QAAwB;QAExB,SAAS;QACT,MAAM,UAAU,GAAG,IAAA,yBAAY,EAAC,QAAQ,CAAC,CAAC;QAC1C,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;YACtB,MAAM,IAAI,uBAAe,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QAC1D,CAAC;QAED,aAAa;QACb,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CAC/D,SAAS,EACT,QAAQ,CAAC,QAAQ,CAClB,CAAC;QACF,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,IAAI,uBAAe,CAAC,yBAAyB,CAAC,CAAC;QACvD,CAAC;QAED,OAAO;QACP,MAAM,YAAY,GAAG,MAAM,IAAA,aAAI,EAAC,QAAQ,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QAEvD,UAAU;QACV,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;QACrC,MAAM,UAAU,GAAG,MAAM,IAAA,aAAI,EAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAE1C,MAAM,IAAI,GAAG,IAAA,uBAAU,EAAC,SAAS,EAAE,QAAQ,EAAE,YAAY,EAAE,UAAU,CAAC,CAAC;QAEvE,MAAM,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAW,CAAC,CAAC;QAE3C,SAAS;QACT,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC;YAC1B,SAAS;YACT,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,mBAAW,CAAC,WAAW;YAC/B,YAAY,EAAE,oBAAY,CAAC,IAAI;YAC/B,UAAU,EAAE,IAAI,CAAC,MAAO;YACxB,OAAO,EAAE;gBACP,OAAO,EAAE,IAAI;aACd;SACF,CAAC,CAAC;QAEH,wBAAwB;QACxB,OAAO;YACL,GAAG,IAAA,uBAAU,EAAC,IAAI,CAAC;YACnB,MAAM,EAAE,YAAY;SACrB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,KAAK,CACT,SAAiB,EACjB,WAA4B;QAE5B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CACvD,SAAS,EACT,WAAW,CAAC,QAAQ,CACrB,CAAC;QAEF,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC;gBAC1B,SAAS;gBACT,MAAM,EAAE,mBAAW,CAAC,YAAY;gBAChC,YAAY,EAAE,oBAAY,CAAC,IAAI;gBAC/B,UAAU,EAAE,WAAW,CAAC,QAAQ;gBAChC,OAAO,EAAE;oBACP,OAAO,EAAE,KAAK;oBACd,YAAY,EAAE,gBAAgB;iBAC/B;aACF,CAAC,CAAC;YAEH,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,8BAA8B;aACtC,CAAC;QACJ,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC7B,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC;gBAC1B,SAAS;gBACT,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,MAAM,EAAE,mBAAW,CAAC,YAAY;gBAChC,YAAY,EAAE,oBAAY,CAAC,IAAI;gBAC/B,UAAU,EAAE,IAAI,CAAC,MAAO;gBACxB,OAAO,EAAE;oBACP,OAAO,EAAE,KAAK;oBACd,YAAY,EAAE,4BAA4B;iBAC3C;aACF,CAAC,CAAC;YAEH,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,4BAA4B;aACpC,CAAC;QACJ,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,IAAA,gBAAO,EAAC,WAAW,CAAC,QAAQ,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;QAE7E,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC;gBAC1B,SAAS;gBACT,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,MAAM,EAAE,mBAAW,CAAC,YAAY;gBAChC,YAAY,EAAE,oBAAY,CAAC,IAAI;gBAC/B,UAAU,EAAE,IAAI,CAAC,MAAO;gBACxB,OAAO,EAAE;oBACP,OAAO,EAAE,KAAK;oBACd,YAAY,EAAE,kBAAkB;iBACjC;aACF,CAAC,CAAC;YAEH,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,8BAA8B;aACtC,CAAC;QACJ,CAAC;QAED,WAAW;QACX,MAAM,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,IAAI,CAAC,MAAO,CAAC,CAAC;QAElD,SAAS;QACT,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC;YAC1B,SAAS;YACT,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,MAAM,EAAE,mBAAW,CAAC,KAAK;YACzB,YAAY,EAAE,oBAAY,CAAC,IAAI;YAC/B,UAAU,EAAE,IAAI,CAAC,MAAO;YACxB,OAAO,EAAE;gBACP,OAAO,EAAE,IAAI;aACd;SACF,CAAC,CAAC;QAEH,OAAO;YACL,OAAO,EAAE,IAAI;YACb,IAAI,EAAE,IAAA,uBAAU,EAAC,IAAI,CAAQ;SAC9B,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,sBAAsB,CAC1B,SAAiB,EACjB,MAAc;QAEd,iBAAiB;QACjB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;QAE7D,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,IAAI,CAAC,UAAU,IAAI,MAAM,IAAA,gBAAO,EAAC,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC9D,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;oBAC7B,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,iBAAiB,CACrB,SAAiB,EACjB,QAAgB,EAChB,QAAgB;QAEhB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;QACnE,OAAO,MAAM,CAAC,OAAO,CAAC;IACxB,CAAC;IAED;;OAEG;IACK,cAAc;QACpB,MAAM,YAAY,GAAG,MAAM,CAAC;QAC5B,MAAM,iBAAiB,GAAG,IAAA,oBAAW,EAAC,EAAE,CAAC,CAAC;QAC1C,MAAM,YAAY,GAAG,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QACvD,OAAO,GAAG,YAAY,GAAG,YAAY,EAAE,CAAC;IAC1C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAChB,SAAiB,EACjB,MAAc,EACd,YAAoB;QAEpB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;QAE3D,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;YACjC,MAAM,IAAI,uBAAe,CAAC,sCAAsC,CAAC,CAAC;QACpE,CAAC;QAED,WAAW;QACX,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;QACxC,MAAM,aAAa,GAAG,MAAM,IAAA,aAAI,EAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QAEhD,MAAM,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,YAAY,EAAE,EAAE,UAAU,EAAE,aAAa,EAAE,CAAC,CAAC;QAE5E,OAAO,SAAS,CAAC;IACnB,CAAC;CACF;AAvND,kCAuNC"}

package/dist/services/key.service.d.ts

@@ -0,0 +1,47 @@
+/**
+ * 密钥服务
+ * 负责密钥的业务逻辑
+ */
+import { KeyRepository } from '../repositories/key.repository';
+import { AuditService } from './audit.service';
+import { PermissionService } from './permission.service';
+import { CryptoService } from '../core/crypto.service';
+import { Key, KeyValue, CreateKeyData, UpdateKeyData, KeyFilters } from '../types';
+export declare class KeyService {
+    private keyRepo;
+    private auditService;
+    private permissionService;
+    private cryptoService;
+    constructor(keyRepo: KeyRepository, auditService: AuditService, permissionService: PermissionService, cryptoService: CryptoService);
+    /**
+     * 创建密钥
+     */
+    createKey(projectId: string, userId: string, masterPassword: string, keyData: CreateKeyData): Promise<Key>;
+    /**
+     * 获取密钥（解密）
+     */
+    getKey(projectId: string, userId: string, masterPassword: string, keyId: string): Promise<KeyValue>;
+    /**
+     * 列出密钥
+     */
+    listKeys(projectId: string, userId: string, filters?: KeyFilters, options?: {
+        page?: number;
+        limit?: number;
+    }): Promise<{
+        keys: Key[];
+        total: number;
+    }>;
+    /**
+     * 更新密钥
+     */
+    updateKey(projectId: string, userId: string, masterPassword: string, keyId: string, updates: UpdateKeyData): Promise<Key>;
+    /**
+     * 删除密钥
+     */
+    deleteKey(projectId: string, userId: string, keyId: string): Promise<void>;
+    /**
+     * 获取项目主密钥（需要从项目服务获取）
+     */
+    private getMasterKey;
+}
+//# sourceMappingURL=key.service.d.ts.map

package/dist/services/key.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"key.service.d.ts","sourceRoot":"","sources":["../../src/services/key.service.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,gCAAgC,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AACzD,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACvD,OAAO,EACL,GAAG,EACH,QAAQ,EACR,aAAa,EACb,aAAa,EACb,UAAU,EAEX,MAAM,UAAU,CAAC;AAMlB,qBAAa,UAAU;IAEnB,OAAO,CAAC,OAAO;IACf,OAAO,CAAC,YAAY;IACpB,OAAO,CAAC,iBAAiB;IACzB,OAAO,CAAC,aAAa;gBAHb,OAAO,EAAE,aAAa,EACtB,YAAY,EAAE,YAAY,EAC1B,iBAAiB,EAAE,iBAAiB,EACpC,aAAa,EAAE,aAAa;IAGtC;;OAEG;IACG,SAAS,CACb,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,cAAc,EAAE,MAAM,EACtB,OAAO,EAAE,aAAa,GACrB,OAAO,CAAC,GAAG,CAAC;IA0Cf;;OAEG;IACG,MAAM,CACV,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,cAAc,EAAE,MAAM,EACtB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,QAAQ,CAAC;IAuCpB;;OAEG;IACG,QAAQ,CACZ,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE,UAAU,EACpB,OAAO,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,GAC1C,OAAO,CAAC;QAAE,IAAI,EAAE,GAAG,EAAE,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;IAO1C;;OAEG;IACG,SAAS,CACb,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,cAAc,EAAE,MAAM,EACtB,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,aAAa,GACrB,OAAO,CAAC,GAAG,CAAC;IA2Bf;;OAEG;IACG,SAAS,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAiBhF;;OAEG;YACW,YAAY;CAM3B"}

package/dist/services/key.service.js

@@ -0,0 +1,135 @@
+"use strict";
+/**
+ * 密钥服务
+ * 负责密钥的业务逻辑
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KeyService = void 0;
+const key_model_1 = require("../models/key.model");
+const types_1 = require("../types");
+const types_2 = require("../types");
+const crypto_1 = require("../core/crypto");
+class KeyService {
+    keyRepo;
+    auditService;
+    permissionService;
+    cryptoService;
+    constructor(keyRepo, auditService, permissionService, cryptoService) {
+        this.keyRepo = keyRepo;
+        this.auditService = auditService;
+        this.permissionService = permissionService;
+        this.cryptoService = cryptoService;
+    }
+    /**
+     * 创建密钥
+     */
+    async createKey(projectId, userId, masterPassword, keyData) {
+        // 验证权限
+        await this.permissionService.requirePermission(projectId, userId, types_2.Permission.KEY_CREATE);
+        // 验证密钥数据
+        const validation = (0, key_model_1.validateKey)(keyData);
+        if (!validation.valid) {
+            throw new types_1.ValidationError(validation.errors.join(', '));
+        }
+        // 检查密钥名称是否已存在
+        const existingKey = await this.keyRepo.findByProjectAndName(projectId, keyData.keyName);
+        if (existingKey) {
+            throw new types_1.ValidationError('Key with this name already exists');
+        }
+        // 加密密钥值
+        const masterKeyHex = await this.getMasterKey(projectId, masterPassword);
+        const masterKey = (0, crypto_1.hexToBuffer)(masterKeyHex);
+        const encryptedData = await this.cryptoService.encryptKey(keyData.value, masterKey);
+        // 创建密钥
+        const key = (0, key_model_1.createKey)(projectId, keyData, encryptedData, userId);
+        await this.keyRepo.insertOne(key);
+        // 记录审计日志
+        await this.auditService.logKeyCreated(projectId, userId, key.keyId, key.keyName, key.keyType, true);
+        return key;
+    }
+    /**
+     * 获取密钥（解密）
+     */
+    async getKey(projectId, userId, masterPassword, keyId) {
+        // 验证权限
+        await this.permissionService.requirePermission(projectId, userId, types_2.Permission.KEY_READ);
+        // 获取密钥
+        const key = await this.keyRepo.findByKeyId(keyId);
+        if (!key) {
+            throw new types_1.KeyNotFoundError(keyId);
+        }
+        // 验证项目
+        if (key.projectId !== projectId) {
+            throw new types_1.ValidationError('Key does not belong to this project');
+        }
+        // 检查密钥是否可访问
+        if (!(0, key_model_1.isKeyAccessible)(key)) {
+            throw new types_1.ValidationError('Key is not accessible');
+        }
+        // 解密密钥值
+        const masterKeyHex = await this.getMasterKey(projectId, masterPassword);
+        const masterKey = (0, crypto_1.hexToBuffer)(masterKeyHex);
+        const decryptedValue = await this.cryptoService.decryptKey(key.encryptedValue, key.iv, key.authTag, masterKey);
+        // 更新最后访问时间
+        await this.keyRepo.updateLastAccessed(keyId);
+        // 记录审计日志
+        await this.auditService.logKeyRead(projectId, userId, keyId, key.keyName, true);
+        return (0, key_model_1.toKeyValue)(key, decryptedValue);
+    }
+    /**
+     * 列出密钥
+     */
+    async listKeys(projectId, userId, filters, options) {
+        // 验证权限
+        await this.permissionService.requirePermission(projectId, userId, types_2.Permission.KEY_LIST);
+        return await this.keyRepo.findByProjectId(projectId, filters, options);
+    }
+    /**
+     * 更新密钥
+     */
+    async updateKey(projectId, userId, masterPassword, keyId, updates) {
+        // 验证权限
+        await this.permissionService.requirePermission(projectId, userId, types_2.Permission.KEY_UPDATE);
+        const key = await this.keyRepo.getByKeyId(keyId);
+        // 验证项目
+        if (key.projectId !== projectId) {
+            throw new types_1.ValidationError('Key does not belong to this project');
+        }
+        let newEncryptedData;
+        // 如果更新密钥值，需要重新加密
+        if (updates.value) {
+            const masterKeyHex = await this.getMasterKey(projectId, masterPassword);
+            const masterKey = (0, crypto_1.hexToBuffer)(masterKeyHex);
+            newEncryptedData = await this.cryptoService.encryptKey(updates.value, masterKey);
+        }
+        const updatedKey = (0, key_model_1.updateKey)(key, updates, newEncryptedData);
+        await this.keyRepo.updateKey(keyId, updatedKey);
+        return updatedKey;
+    }
+    /**
+     * 删除密钥
+     */
+    async deleteKey(projectId, userId, keyId) {
+        // 验证权限
+        await this.permissionService.requirePermission(projectId, userId, types_2.Permission.KEY_DELETE);
+        const key = await this.keyRepo.getByKeyId(keyId);
+        // 验证项目
+        if (key.projectId !== projectId) {
+            throw new types_1.ValidationError('Key does not belong to this project');
+        }
+        await this.keyRepo.softDeleteKey(keyId);
+        // 记录审计日志
+        await this.auditService.logKeyDeleted(projectId, userId, keyId, key.keyName, true);
+    }
+    /**
+     * 获取项目主密钥（需要从项目服务获取）
+     */
+    async getMasterKey(projectId, masterPassword) {
+        // 这里需要调用ProjectService来获取主密钥
+        // 为了避免循环依赖，我们将这个方法标记为private，实际使用时需要注入ProjectService
+        // 或者将密钥派生逻辑提取到独立的模块
+        throw new Error('Master key retrieval not implemented - use ProjectService');
+    }
+}
+exports.KeyService = KeyService;
+//# sourceMappingURL=key.service.js.map

package/dist/services/key.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"key.service.js","sourceRoot":"","sources":["../../src/services/key.service.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAcH,mDAAqG;AACrG,oCAA6D;AAC7D,oCAAiE;AACjE,2CAA0D;AAE1D,MAAa,UAAU;IAEX;IACA;IACA;IACA;IAJV,YACU,OAAsB,EACtB,YAA0B,EAC1B,iBAAoC,EACpC,aAA4B;QAH5B,YAAO,GAAP,OAAO,CAAe;QACtB,iBAAY,GAAZ,YAAY,CAAc;QAC1B,sBAAiB,GAAjB,iBAAiB,CAAmB;QACpC,kBAAa,GAAb,aAAa,CAAe;IACnC,CAAC;IAEJ;;OAEG;IACH,KAAK,CAAC,SAAS,CACb,SAAiB,EACjB,MAAc,EACd,cAAsB,EACtB,OAAsB;QAEtB,OAAO;QACP,MAAM,IAAI,CAAC,iBAAiB,CAAC,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,kBAAU,CAAC,UAAU,CAAC,CAAC;QAEzF,SAAS;QACT,MAAM,UAAU,GAAG,IAAA,uBAAW,EAAC,OAAO,CAAC,CAAC;QACxC,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;YACtB,MAAM,IAAI,uBAAe,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QAC1D,CAAC;QAED,cAAc;QACd,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,oBAAoB,CACzD,SAAS,EACT,OAAO,CAAC,OAAO,CAChB,CAAC;QACF,IAAI,WAAW,EAAE,CAAC;YAChB,MAAM,IAAI,uBAAe,CAAC,mCAAmC,CAAC,CAAC;QACjE,CAAC;QAED,QAAQ;QACR,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;QACxE,MAAM,SAAS,GAAG,IAAA,oBAAW,EAAC,YAAY,CAAC,CAAC;QAC5C,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;QAEpF,OAAO;QACP,MAAM,GAAG,GAAG,IAAA,qBAAS,EAAC,SAAS,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjE,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,GAAU,CAAC,CAAC;QAEzC,SAAS;QACT,MAAM,IAAI,CAAC,YAAY,CAAC,aAAa,CACnC,SAAS,EACT,MAAM,EACN,GAAG,CAAC,KAAK,EACT,GAAG,CAAC,OAAO,EACX,GAAG,CAAC,OAAO,EACX,IAAI,CACL,CAAC;QAEF,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CACV,SAAiB,EACjB,MAAc,EACd,cAAsB,EACtB,KAAa;QAEb,OAAO;QACP,MAAM,IAAI,CAAC,iBAAiB,CAAC,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,kBAAU,CAAC,QAAQ,CAAC,CAAC;QAEvF,OAAO;QACP,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAClD,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,IAAI,wBAAgB,CAAC,KAAK,CAAC,CAAC;QACpC,CAAC;QAED,OAAO;QACP,IAAI,GAAG,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;YAChC,MAAM,IAAI,uBAAe,CAAC,qCAAqC,CAAC,CAAC;QACnE,CAAC;QAED,YAAY;QACZ,IAAI,CAAC,IAAA,2BAAe,EAAC,GAAG,CAAC,EAAE,CAAC;YAC1B,MAAM,IAAI,uBAAe,CAAC,uBAAuB,CAAC,CAAC;QACrD,CAAC;QAED,QAAQ;QACR,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;QACxE,MAAM,SAAS,GAAG,IAAA,oBAAW,EAAC,YAAY,CAAC,CAAC;QAC5C,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CACxD,GAAG,CAAC,cAAc,EAClB,GAAG,CAAC,EAAE,EACN,GAAG,CAAC,OAAO,EACX,SAAS,CACV,CAAC;QAEF,WAAW;QACX,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAE7C,SAAS;QACT,MAAM,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QAEhF,OAAO,IAAA,sBAAU,EAAC,GAAG,EAAE,cAAc,CAAC,CAAC;IACzC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ,CACZ,SAAiB,EACjB,MAAc,EACd,OAAoB,EACpB,OAA2C;QAE3C,OAAO;QACP,MAAM,IAAI,CAAC,iBAAiB,CAAC,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,kBAAU,CAAC,QAAQ,CAAC,CAAC;QAEvF,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,SAAS,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IACzE,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CACb,SAAiB,EACjB,MAAc,EACd,cAAsB,EACtB,KAAa,EACb,OAAsB;QAEtB,OAAO;QACP,MAAM,IAAI,CAAC,iBAAiB,CAAC,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,kBAAU,CAAC,UAAU,CAAC,CAAC;QAEzF,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;QAEjD,OAAO;QACP,IAAI,GAAG,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;YAChC,MAAM,IAAI,uBAAe,CAAC,qCAAqC,CAAC,CAAC;QACnE,CAAC;QAED,IAAI,gBAAgB,CAAC;QAErB,iBAAiB;QACjB,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;YACxE,MAAM,SAAS,GAAG,IAAA,oBAAW,EAAC,YAAY,CAAC,CAAC;YAC5C,gBAAgB,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;QACnF,CAAC;QAED,MAAM,UAAU,GAAG,IAAA,qBAAS,EAAC,GAAG,EAAE,OAAO,EAAE,gBAAgB,CAAC,CAAC;QAE7D,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;QAEhD,OAAO,UAAU,CAAC;IACpB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CAAC,SAAiB,EAAE,MAAc,EAAE,KAAa;QAC9D,OAAO;QACP,MAAM,IAAI,CAAC,iBAAiB,CAAC,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,kBAAU,CAAC,UAAU,CAAC,CAAC;QAEzF,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;QAEjD,OAAO;QACP,IAAI,GAAG,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;YAChC,MAAM,IAAI,uBAAe,CAAC,qCAAqC,CAAC,CAAC;QACnE,CAAC;QAED,MAAM,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;QAExC,SAAS;QACT,MAAM,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;IACrF,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,YAAY,CAAC,SAAiB,EAAE,cAAsB;QAClE,6BAA6B;QAC7B,qDAAqD;QACrD,oBAAoB;QACpB,MAAM,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;IAC/E,CAAC;CACF;AAzLD,gCAyLC"}

package/dist/services/permission.service.d.ts

@@ -0,0 +1,37 @@
+/**
+ * 权限服务
+ * 负责权限验证和访问控制
+ */
+import { UserRepository } from '../repositories/user.repository';
+import { AuditService } from './audit.service';
+import { Role, Permission } from '../types';
+export declare class PermissionService {
+    private userRepo;
+    private auditService;
+    constructor(userRepo: UserRepository, auditService: AuditService);
+    /**
+     * 检查用户是否拥有指定权限
+     */
+    checkPermission(projectId: string, userId: string, requiredPermission: Permission): Promise<boolean>;
+    /**
+     * 要求用户必须拥有指定权限，否则抛出异常
+     */
+    requirePermission(projectId: string, userId: string, requiredPermission: Permission): Promise<void>;
+    /**
+     * 检查用户是否拥有指定角色
+     */
+    hasRole(projectId: string, userId: string, role: Role): Promise<boolean>;
+    /**
+     * 授予角色
+     */
+    grantRole(projectId: string, adminUserId: string, targetUserId: string, role: Role): Promise<void>;
+    /**
+     * 撤销角色
+     */
+    revokeRole(projectId: string, adminUserId: string, targetUserId: string, role: Role): Promise<void>;
+    /**
+     * 获取用户的所有权限（包括角色权限）
+     */
+    getUserPermissions(projectId: string, userId: string): Promise<Permission[]>;
+}
+//# sourceMappingURL=permission.service.d.ts.map

package/dist/services/permission.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"permission.service.d.ts","sourceRoot":"","sources":["../../src/services/permission.service.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,iCAAiC,CAAC;AACjE,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,IAAI,EAAE,UAAU,EAA6C,MAAM,UAAU,CAAC;AAGvF,qBAAa,iBAAiB;IAE1B,OAAO,CAAC,QAAQ;IAChB,OAAO,CAAC,YAAY;gBADZ,QAAQ,EAAE,cAAc,EACxB,YAAY,EAAE,YAAY;IAGpC;;OAEG;IACG,eAAe,CACnB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,kBAAkB,EAAE,UAAU,GAC7B,OAAO,CAAC,OAAO,CAAC;IA2BnB;;OAEG;IACG,iBAAiB,CACrB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,kBAAkB,EAAE,UAAU,GAC7B,OAAO,CAAC,IAAI,CAAC;IAwBhB;;OAEG;IACG,OAAO,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC;IAU9E;;OAEG;IACG,SAAS,CACb,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,MAAM,EACnB,YAAY,EAAE,MAAM,EACpB,IAAI,EAAE,IAAI,GACT,OAAO,CAAC,IAAI,CAAC;IA8BhB;;OAEG;IACG,UAAU,CACd,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,MAAM,EACnB,YAAY,EAAE,MAAM,EACpB,IAAI,EAAE,IAAI,GACT,OAAO,CAAC,IAAI,CAAC;IA0BhB;;OAEG;IACG,kBAAkB,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;CAiBnF"}