@ruiapp/rapid-core 0.9.1 → 0.9.3

package/dist/core/pluginManager.d.ts

@@ -1,4 +1,4 @@
-import { CreateEntityOptions, RpdApplicationConfig, RpdDataModel, UpdateEntityByIdOptions } from "../types";
+import { CreateEntityOptions, RpdApplicationConfig, RpdDataModel, RpdRouteActionConfig, UpdateEntityByIdOptions } from "../types";
 import { IRpdServer, RapidPlugin } from "./server";
 import { RouteContext } from "./routeContext";
 import { ActionHandlerContext } from "./actionHandler";
@@ -38,6 +38,8 @@ declare class PluginManager {
     onPrepareRouteContext(routeContext: RouteContext): Promise<void>;
     /** 在接收到HTTP请求，执行 actions 前调用。 */
     beforeRunRouteActions(handlerContext: ActionHandlerContext): Promise<void>;
+    /** 在执行 action hanlder 前调用。 */
+    beforeRunActionHandler(handlerContext: ActionHandlerContext, actionConfig: RpdRouteActionConfig): Promise<void>;
     /** 在创建实体前调用。 */
     beforeCreateEntity(model: RpdDataModel, options: CreateEntityOptions): Promise<void>;
     /** 在更新实体前调用。 */

package/dist/core/routeContext.d.ts

@@ -2,7 +2,7 @@ import { RapidRequest } from "./request";
 import { RapidResponse } from "./response";
 import { HttpStatus } from "./http-types";
 import { IRpdServer } from "./server";
-import { IDatabaseAccessor, IDatabaseClient } from "../types";
+import { IDatabaseAccessor, IDatabaseClient, RpdRoute } from "../types";
 export type Next = () => Promise<void>;
 export type TransactionState = "uninited" | "inited" | "started";
 export declare class RouteContext {
@@ -14,7 +14,7 @@ export declare class RouteContext {
     method: string;
     path: string;
     params: Record<string, string>;
-    routeConfig: any;
+    routeConfig: RpdRoute;
     static newSystemOperationContext(server: IRpdServer): RouteContext;
     constructor(server: IRpdServer, request?: RapidRequest);
     clone(): RouteContext;

package/dist/core/server.d.ts

@@ -1,4 +1,4 @@
-import { CreateEntityOptions, EmitServerEventOptions, EntityWatcherType, GetDataAccessorOptions, GetModelOptions, IDatabaseAccessor, IDatabaseClient, IDatabaseConfig, IQueryBuilder, IRpdDataAccessor, RapidServerConfig, RpdApplicationConfig, RpdDataModel, RpdDataModelProperty, RpdServerEventTypes, UpdateEntityByIdOptions } from "../types";
+import { CreateEntityOptions, EmitServerEventOptions, EntityWatcherType, GetDataAccessorOptions, GetModelOptions, IDatabaseAccessor, IDatabaseClient, IDatabaseConfig, IQueryBuilder, IRpdDataAccessor, RapidServerConfig, RpdApplicationConfig, RpdDataModel, RpdDataModelProperty, RpdRouteActionConfig, RpdServerEventTypes, UpdateEntityByIdOptions } from "../types";
 import { IPluginActionHandler, ActionHandler, ActionHandlerContext } from "./actionHandler";
 import { Next, RouteContext } from "./routeContext";
 import EntityManager from "../dataAccess/entityManager";
@@ -32,6 +32,7 @@ export interface IRpdServer {
     emitEvent<TEventName extends keyof RpdServerEventTypes>(event: EmitServerEventOptions<TEventName>): void;
     handleRequest(request: RapidRequest, next: Next): Promise<Response>;
     beforeRunRouteActions(handlerContext: ActionHandlerContext): Promise<void>;
+    beforeRunActionHandler(handlerContext: ActionHandlerContext, actionConfig: RpdRouteActionConfig): Promise<void>;
     beforeCreateEntity(model: RpdDataModel, options: CreateEntityOptions): Promise<void>;
     beforeUpdateEntity(model: RpdDataModel, options: UpdateEntityByIdOptions, currentEntity: any): Promise<void>;
     registerCronJob(job: CronJobConfiguration): void;
@@ -108,6 +109,8 @@ export interface RapidPlugin {
     onPrepareRouteContext?: (server: IRpdServer, routeContext: RouteContext) => Promise<any>;
     /** 在接收到HTTP请求，执行 actions 前调用。 */
     beforeRunRouteActions?: (server: IRpdServer, handlerContext: ActionHandlerContext) => Promise<any>;
+    /** 在执行 action hanlder 前调用。 */
+    beforeRunActionHandler?: (server: IRpdServer, handlerContext: ActionHandlerContext, actionConfig: RpdRouteActionConfig) => Promise<any>;
     /** 在创建实体前调用。 */
     beforeCreateEntity?: (server: IRpdServer, model: RpdDataModel, options: CreateEntityOptions) => Promise<any>;
     /** 在更新实体前调用。 */

package/dist/index.d.ts

@@ -15,6 +15,7 @@ export * from "./utilities/accessControlUtility";
 export * from "./utilities/entityUtility";
 export * from "./utilities/jwtUtility";
 export * from "./utilities/timeUtility";
+export * from "./utilities/passwordUtility";
 export * from "./helpers/entityHelpers";
 export * from "./helpers/licenseHelper";
 export * from "./deno-std/http/cookie";
@@ -29,6 +30,7 @@ export { default as SequencePlugin } from "./plugins/sequence/SequencePlugin";
 export * from "./plugins/sequence/SequencePluginTypes";
 export { default as WebhooksPlugin } from "./plugins/webhooks/WebhooksPlugin";
 export { default as AuthPlugin } from "./plugins/auth/AuthPlugin";
+export * from "./plugins/auth/AuthPluginTypes";
 export { default as FileManagePlugin } from "./plugins/fileManage/FileManagePlugin";
 export { default as LicensePlugin } from "./plugins/license/LicensePlugin";
 export * from "./plugins/license/LicensePluginTypes";

package/dist/index.js

@@ -9,7 +9,7 @@ var qs = require('qs');
 var dayjs = require('dayjs');
 var jsonwebtoken = require('jsonwebtoken');
 var crypto = require('crypto');
-var bcrypt = require('bcrypt');
+var bcrypt = require('bcryptjs');
 var path = require('path');
 var fs = require('fs');
 var uuid = require('uuid');
@@ -928,6 +928,14 @@ class PluginManager {
             }
         }
     }
+    /** 在执行 action hanlder 前调用。 */
+    async beforeRunActionHandler(handlerContext, actionConfig) {
+        for (const plugin of this.#plugins) {
+            if (plugin.beforeRunActionHandler) {
+                await plugin.beforeRunActionHandler(this.#server, handlerContext, actionConfig);
+            }
+        }
+    }
     /** 在创建实体前调用。 */
     async beforeCreateEntity(model, options) {
         for (const plugin of this.#plugins) {
@@ -1030,6 +1038,7 @@ async function buildRoutes(server, applicationConfig) {
                 if (!handler) {
                     throw new Error("Unknown handler: " + actionCode);
                 }
+                await server.beforeRunActionHandler(handlerContext, actionConfig);
                 const result = handler(handlerContext, actionConfig.config);
                 if (result instanceof Promise) {
                     await result;
@@ -4301,6 +4310,9 @@ class RapidServer {
     async beforeRunRouteActions(handlerContext) {
         await this.#pluginManager.beforeRunRouteActions(handlerContext);
     }
+    async beforeRunActionHandler(handlerContext, actionConfig) {
+        await this.#pluginManager.beforeRunActionHandler(handlerContext, actionConfig);
+    }
     async beforeCreateEntity(model, options) {
         await this.#pluginManager.beforeCreateEntity(model, options);
     }
@@ -5015,6 +5027,30 @@ async function generateJwtSecretKey() {
     return encode(exportedKey);
 }
 
+/**
+ * Generates password hash.
+ * @param password
+ * @param salt
+ * @returns
+ */
+async function generatePasswordHash(password, salt) {
+    if (!salt) {
+        salt = 10;
+    }
+    const passwordHash = await bcrypt__default["default"].hash(password, salt);
+    return passwordHash;
+}
+/**
+ * Validates the password against the hash.
+ * @param password
+ * @param passwordHash
+ * @returns
+ */
+async function validatePassword(password, passwordHash) {
+    const isMatch = await bcrypt__default["default"].compare(password, passwordHash);
+    return isMatch;
+}
+
 function validateLicense(server) {
     const licenseService = server.getService("licenseService");
     const license = licenseService.getLicense();
@@ -6010,66 +6046,66 @@ var queryDatabase = /*#__PURE__*/Object.freeze({
  * This plugin provide:
  * - routes for manage data in database.
  */
-const routeConfigs = [
+const entityOperationConfigs = [
     {
-        code: "createBatch",
-        method: "POST",
-        endpoint: "/operations/create_batch",
-        handlerCode: "createCollectionEntitiesBatch",
+        operationCode: "createBatch",
+        httpMethod: "POST",
+        requestEndpoint: "/operations/create_batch",
+        actionHandlerCode: "createCollectionEntitiesBatch",
     },
     {
-        code: "find",
-        method: "POST",
-        endpoint: "/operations/find",
-        handlerCode: "findCollectionEntities",
+        operationCode: "find",
+        httpMethod: "POST",
+        requestEndpoint: "/operations/find",
+        actionHandlerCode: "findCollectionEntities",
     },
     {
-        code: "count",
-        method: "POST",
-        endpoint: "/operations/count",
-        handlerCode: "countCollectionEntities",
+        operationCode: "count",
+        httpMethod: "POST",
+        requestEndpoint: "/operations/count",
+        actionHandlerCode: "countCollectionEntities",
     },
     {
-        code: "delete",
-        method: "POST",
-        endpoint: "/operations/delete",
-        handlerCode: "deleteCollectionEntities",
+        operationCode: "delete",
+        httpMethod: "POST",
+        requestEndpoint: "/operations/delete",
+        actionHandlerCode: "deleteCollectionEntities",
     },
     {
-        code: "addRelations",
-        method: "POST",
-        endpoint: "/operations/add_relations",
-        handlerCode: "addEntityRelations",
+        operationCode: "addRelations",
+        httpMethod: "POST",
+        requestEndpoint: "/operations/add_relations",
+        actionHandlerCode: "addEntityRelations",
     },
     {
-        code: "removeRelations",
-        method: "POST",
-        endpoint: "/operations/remove_relations",
-        handlerCode: "removeEntityRelations",
+        operationCode: "removeRelations",
+        httpMethod: "POST",
+        requestEndpoint: "/operations/remove_relations",
+        actionHandlerCode: "removeEntityRelations",
     },
     {
-        code: "getById",
-        method: "GET",
-        endpoint: "/:id",
-        handlerCode: "findCollectionEntityById",
+        operationCode: "getById",
+        httpMethod: "GET",
+        requestEndpoint: "/:id",
+        actionHandlerCode: "findCollectionEntityById",
     },
     {
-        code: "create",
-        method: "POST",
-        endpoint: "",
-        handlerCode: "createCollectionEntity",
+        operationCode: "create",
+        httpMethod: "POST",
+        requestEndpoint: "",
+        actionHandlerCode: "createCollectionEntity",
     },
     {
-        code: "updateById",
-        method: "PATCH",
-        endpoint: "/:id",
-        handlerCode: "updateCollectionEntityById",
+        operationCode: "updateById",
+        httpMethod: "PATCH",
+        requestEndpoint: "/:id",
+        actionHandlerCode: "updateCollectionEntityById",
     },
     {
-        code: "deleteById",
-        method: "DELETE",
-        endpoint: "/:id",
-        handlerCode: "deleteCollectionEntityById",
+        operationCode: "deleteById",
+        httpMethod: "DELETE",
+        requestEndpoint: "/:id",
+        actionHandlerCode: "deleteCollectionEntityById",
     },
 ];
 class DataManager {
@@ -6106,17 +6142,17 @@ class DataManager {
         const routes = [];
         models.forEach((model) => {
             const { namespace, singularCode, pluralCode } = model;
-            routeConfigs.forEach((routeConfig) => {
+            entityOperationConfigs.forEach((entityOperationConfig) => {
                 routes.push({
                     namespace,
-                    name: `${namespace}.${singularCode}.${routeConfig.code}`,
-                    code: `${namespace}.${singularCode}.${routeConfig.code}`,
+                    name: `${namespace}.${singularCode}.${entityOperationConfig.operationCode}`,
+                    code: `${namespace}.${singularCode}.${entityOperationConfig.operationCode}`,
                     type: "RESTful",
-                    method: routeConfig.method,
-                    endpoint: `/${namespace}/${pluralCode}${routeConfig.endpoint}`,
+                    method: entityOperationConfig.httpMethod,
+                    endpoint: `/${namespace}/${pluralCode}${entityOperationConfig.requestEndpoint}`,
                     actions: [
                         {
-                            code: routeConfig.handlerCode,
+                            code: entityOperationConfig.actionHandlerCode,
                             config: {
                                 namespace,
                                 singularCode,
@@ -6876,8 +6912,9 @@ async function handler$e(plugin, ctx, options) {
         };
         return;
     }
+    const userEntitySingularCode = plugin.options?.userEntitySingularCode || "oc_user";
     const userDataAccessor = server.getDataAccessor({
-        singularCode: "oc_user",
+        singularCode: userEntitySingularCode,
     });
     const user = await userDataAccessor.findOne({
         filters: [
@@ -6891,12 +6928,11 @@ async function handler$e(plugin, ctx, options) {
     if (!user) {
         throw new Error("User not found.");
     }
-    const isMatch = await bcrypt__default["default"].compare(oldPassword, user.password);
+    const isMatch = await validatePassword(oldPassword, user.password);
     if (!isMatch) {
         throw new Error("旧密码错误。");
     }
-    const saltRounds = 10;
-    const passwordHash = await bcrypt__default["default"].hash(newPassword, saltRounds);
+    const passwordHash = await generatePasswordHash(newPassword);
     await userDataAccessor.updateById(user.id, {
         password: passwordHash,
     }, routeContext?.getDbTransactionClient());
@@ -6915,8 +6951,9 @@ async function handler$d(plugin, ctx, options) {
     const { response } = routeContext;
     const { account, password } = input;
     validateLicense(server);
+    const userEntitySingularCode = plugin.options?.userEntitySingularCode || "oc_user";
     const userDataAccessor = server.getDataAccessor({
-        singularCode: "oc_user",
+        singularCode: userEntitySingularCode,
     });
     const user = await userDataAccessor.findOne({
         filters: [
@@ -6937,7 +6974,7 @@ async function handler$d(plugin, ctx, options) {
     if (user.state !== "enabled") {
         throw new Error("用户已被禁用，不允许登录。");
     }
-    const isMatch = await bcrypt__default["default"].compare(password, user.password);
+    const isMatch = await validatePassword(password, user.password);
     if (!isMatch) {
         throw new Error("用户名或密码错误。");
     }
@@ -6994,7 +7031,9 @@ async function handler$b(plugin, ctx, options) {
         };
         return;
     }
-    const entityManager = server.getEntityManager("oc_user");
+    const userEntitySingularCode = plugin.options?.userEntitySingularCode || "oc_user";
+    const profilePropertyCodes = plugin.options?.profilePropertyCodes || ["id", "name", "login", "email", "department", "roles", "state", "createdAt"];
+    const entityManager = server.getEntityManager(userEntitySingularCode);
     const user = await entityManager.findEntity({
         filters: [
             {
@@ -7003,7 +7042,7 @@ async function handler$b(plugin, ctx, options) {
                 value: userId,
             },
         ],
-        properties: ["id", "name", "login", "email", "department", "roles", "state", "createdAt"],
+        properties: profilePropertyCodes,
     });
     ctx.output = {
         user,
@@ -7020,8 +7059,9 @@ const code$a = "resetPassword";
 async function handler$a(plugin, ctx, options) {
     const { server, input, routerContext: routeContext } = ctx;
     const { userId, password } = input;
+    const userEntitySingularCode = plugin.options?.userEntitySingularCode || "oc_user";
     const userDataAccessor = server.getDataAccessor({
-        singularCode: "oc_user",
+        singularCode: userEntitySingularCode,
     });
     const user = await userDataAccessor.findOne({
         filters: [
@@ -7035,8 +7075,7 @@ async function handler$a(plugin, ctx, options) {
     if (!user) {
         throw new Error("User not found.");
     }
-    const saltRounds = 10;
-    const passwordHash = await bcrypt__default["default"].hash(password, saltRounds);
+    const passwordHash = await generatePasswordHash(password);
     await userDataAccessor.updateById(user.id, {
         password: passwordHash,
     }, routeContext?.getDbTransactionClient());
@@ -7204,7 +7243,14 @@ class AuthService {
  * Auth manager plugin
  */
 class AuthPlugin {
+    #options;
     #authService;
+    constructor(options) {
+        this.#options = Object.freeze(options);
+    }
+    get options() {
+        return this.#options;
+    }
     get code() {
         return "authManager";
     }
@@ -9558,6 +9604,7 @@ exports.deleteCookie = deleteCookie;
 exports.detectChangedFieldsOfEntity = detectChangedFieldsOfEntity;
 exports.formatDateTimeWithTimezone = formatDateTimeWithTimezone;
 exports.generateJwtSecretKey = generateJwtSecretKey;
+exports.generatePasswordHash = generatePasswordHash;
 exports.getCookies = getCookies;
 exports.getDateString = getDateString;
 exports.getEntityRelationTargetId = getEntityRelationTargetId;
@@ -9569,4 +9616,5 @@ exports.mapDbRowToEntity = mapDbRowToEntity;
 exports.setCookie = setCookie;
 exports.tryValidateLicense = tryValidateLicense;
 exports.validateLicense = validateLicense;
+exports.validatePassword = validatePassword;
 exports.verifyJwt = verifyJwt;

package/dist/plugins/auth/AuthPlugin.d.ts

@@ -4,8 +4,11 @@
 import { RpdApplicationConfig } from "../../types";
 import { IRpdServer, RapidPlugin, RpdConfigurationItemOptions, RpdServerPluginConfigurableTargetOptions, RpdServerPluginExtendingAbilities } from "../../core/server";
 import { RouteContext } from "../../core/routeContext";
+import { AuthPluginInitOptions } from "./AuthPluginTypes";
 declare class AuthPlugin implements RapidPlugin {
     #private;
+    constructor(options: AuthPluginInitOptions);
+    get options(): AuthPluginInitOptions;
     get code(): string;
     get description(): string;
     get extendingAbilities(): RpdServerPluginExtendingAbilities[];

package/dist/plugins/auth/AuthPluginTypes.d.ts

@@ -0,0 +1,10 @@
+export type AuthPluginInitOptions = {
+    /**
+     * 用户实体代号。默认为`oc_user`
+     */
+    userEntitySingularCode?: string;
+    /**
+     * 个人资料属性。默认为`["id", "name", "login", "email", "department", "roles", "state", "createdAt"]`
+     */
+    profilePropertyCodes?: string[];
+};

package/dist/plugins/auth/actionHandlers/changePassword.d.ts

@@ -1,4 +1,4 @@
 import { ActionHandlerContext } from "../../../core/actionHandler";
-import { RapidPlugin } from "../../../core/server";
+import AuthPlugin from "../AuthPlugin";
 export declare const code = "changePassword";
-export declare function handler(plugin: RapidPlugin, ctx: ActionHandlerContext, options: any): Promise<void>;
+export declare function handler(plugin: AuthPlugin, ctx: ActionHandlerContext, options: any): Promise<void>;

package/dist/plugins/auth/actionHandlers/createSession.d.ts

@@ -1,4 +1,4 @@
 import { ActionHandlerContext } from "../../../core/actionHandler";
-import { RapidPlugin } from "../../../core/server";
+import AuthPlugin from "../AuthPlugin";
 export declare const code = "createSession";
-export declare function handler(plugin: RapidPlugin, ctx: ActionHandlerContext, options: any): Promise<void>;
+export declare function handler(plugin: AuthPlugin, ctx: ActionHandlerContext, options: any): Promise<void>;

package/dist/plugins/auth/actionHandlers/getMyProfile.d.ts

@@ -1,4 +1,4 @@
 import { ActionHandlerContext } from "../../../core/actionHandler";
-import { RapidPlugin } from "../../../core/server";
+import AuthPlugin from "../AuthPlugin";
 export declare const code = "getMyProfile";
-export declare function handler(plugin: RapidPlugin, ctx: ActionHandlerContext, options: any): Promise<void>;
+export declare function handler(plugin: AuthPlugin, ctx: ActionHandlerContext, options: any): Promise<void>;

package/dist/plugins/auth/actionHandlers/resetPassword.d.ts

@@ -1,4 +1,4 @@
 import { ActionHandlerContext } from "../../../core/actionHandler";
-import { RapidPlugin } from "../../../core/server";
+import AuthPlugin from "../AuthPlugin";
 export declare const code = "resetPassword";
-export declare function handler(plugin: RapidPlugin, ctx: ActionHandlerContext, options: any): Promise<void>;
+export declare function handler(plugin: AuthPlugin, ctx: ActionHandlerContext, options: any): Promise<void>;

package/dist/server.d.ts

@@ -1,4 +1,4 @@
-import { GetDataAccessorOptions, GetModelOptions, IDatabaseAccessor, IDatabaseConfig, IQueryBuilder, IRpdDataAccessor, RpdApplicationConfig, RpdDataModel, RpdServerEventTypes, RapidServerConfig, RpdDataModelProperty, CreateEntityOptions, UpdateEntityByIdOptions, EntityWatcherType, EmitServerEventOptions, IDatabaseClient } from "./types";
+import { GetDataAccessorOptions, GetModelOptions, IDatabaseAccessor, IDatabaseConfig, IQueryBuilder, IRpdDataAccessor, RpdApplicationConfig, RpdDataModel, RpdServerEventTypes, RapidServerConfig, RpdDataModelProperty, CreateEntityOptions, UpdateEntityByIdOptions, EntityWatcherType, EmitServerEventOptions, IDatabaseClient, RpdRouteActionConfig } from "./types";
 import { ActionHandler, ActionHandlerContext, IPluginActionHandler } from "./core/actionHandler";
 import { IRpdServer, RapidPlugin } from "./core/server";
 import { Next } from "./core/routeContext";
@@ -58,6 +58,7 @@ export declare class RapidServer implements IRpdServer {
     get middlewares(): any[];
     handleRequest(rapidRequest: RapidRequest, next: Next): Promise<Response>;
     beforeRunRouteActions(handlerContext: ActionHandlerContext): Promise<void>;
+    beforeRunActionHandler(handlerContext: ActionHandlerContext, actionConfig: RpdRouteActionConfig): Promise<void>;
     beforeCreateEntity(model: RpdDataModel, options: CreateEntityOptions): Promise<void>;
     beforeUpdateEntity(model: RpdDataModel, options: UpdateEntityByIdOptions, currentEntity: any): Promise<void>;
 }

package/dist/utilities/passwordUtility.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Generates password hash.
+ * @param password
+ * @param salt
+ * @returns
+ */
+export declare function generatePasswordHash(password: string, salt?: number | string): Promise<string>;
+/**
+ * Validates the password against the hash.
+ * @param password
+ * @param passwordHash
+ * @returns
+ */
+export declare function validatePassword(password: string, passwordHash: string): Promise<boolean>;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ruiapp/rapid-core",
-  "version": "0.9.1",
+  "version": "0.9.3",
   "description": "",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -19,7 +19,7 @@
     "typescript": "^4.8.4"
   },
   "dependencies": {
-    "bcrypt": "^5.1.1",
+    "bcryptjs": "^3.0.2",
     "cron": "^3.1.7",
     "dayjs": "^1.11.7",
     "jsonwebtoken": "^9.0.2",

package/src/core/pluginManager.ts

@@ -1,4 +1,4 @@
-import { CreateEntityOptions, RpdApplicationConfig, RpdDataModel, UpdateEntityByIdOptions } from "~/types";
+import { CreateEntityOptions, RpdApplicationConfig, RpdDataModel, RpdRouteActionConfig, UpdateEntityByIdOptions } from "~/types";
 import { IRpdServer, RapidPlugin } from "./server";
 import { RouteContext } from "./routeContext";
 import { ActionHandlerContext } from "./actionHandler";
@@ -162,6 +162,15 @@ class PluginManager {
     }
   }
 
+  /** 在执行 action hanlder 前调用。 */
+  async beforeRunActionHandler(handlerContext: ActionHandlerContext, actionConfig: RpdRouteActionConfig) {
+    for (const plugin of this.#plugins) {
+      if (plugin.beforeRunActionHandler) {
+        await plugin.beforeRunActionHandler(this.#server, handlerContext, actionConfig);
+      }
+    }
+  }
+
   /** 在创建实体前调用。 */
   async beforeCreateEntity(model: RpdDataModel, options: CreateEntityOptions) {
     for (const plugin of this.#plugins) {

package/src/core/routeContext.ts

@@ -2,7 +2,7 @@ import { RapidRequest } from "./request";
 import { RapidResponse } from "./response";
 import { HttpStatus } from "./http-types";
 import { IRpdServer } from "./server";
-import { IDatabaseAccessor, IDatabaseClient } from "~/types";
+import { IDatabaseAccessor, IDatabaseClient, RpdRoute } from "~/types";
 
 export type Next = () => Promise<void>;
 
@@ -18,7 +18,7 @@ export class RouteContext {
   method: string;
   path: string;
   params: Record<string, string>;
-  routeConfig: any;
+  routeConfig: RpdRoute;
   #server: IRpdServer;
   #dbTransactionClient: IDatabaseClient | undefined;
   #dbTransactionState: TransactionState;

package/src/core/routesBuilder.ts

@@ -74,6 +74,8 @@ export async function buildRoutes(server: IRpdServer, applicationConfig: RpdAppl
           throw new Error("Unknown handler: " + actionCode);
         }
 
+        await server.beforeRunActionHandler(handlerContext, actionConfig);
+
         const result = handler(handlerContext, actionConfig.config);
         if (result instanceof Promise) {
           await result;

package/src/core/server.ts

@@ -13,6 +13,7 @@ import {
   RpdApplicationConfig,
   RpdDataModel,
   RpdDataModelProperty,
+  RpdRouteActionConfig,
   RpdServerEventTypes,
   UpdateEntityByIdOptions,
 } from "~/types";
@@ -53,6 +54,7 @@ export interface IRpdServer {
   emitEvent<TEventName extends keyof RpdServerEventTypes>(event: EmitServerEventOptions<TEventName>): void;
   handleRequest(request: RapidRequest, next: Next): Promise<Response>;
   beforeRunRouteActions(handlerContext: ActionHandlerContext): Promise<void>;
+  beforeRunActionHandler(handlerContext: ActionHandlerContext, actionConfig: RpdRouteActionConfig): Promise<void>;
   beforeCreateEntity(model: RpdDataModel, options: CreateEntityOptions): Promise<void>;
   beforeUpdateEntity(model: RpdDataModel, options: UpdateEntityByIdOptions, currentEntity: any): Promise<void>;
 
@@ -145,6 +147,8 @@ export interface RapidPlugin {
   onPrepareRouteContext?: (server: IRpdServer, routeContext: RouteContext) => Promise<any>;
   /** 在接收到HTTP请求，执行 actions 前调用。 */
   beforeRunRouteActions?: (server: IRpdServer, handlerContext: ActionHandlerContext) => Promise<any>;
+  /** 在执行 action hanlder 前调用。 */
+  beforeRunActionHandler?: (server: IRpdServer, handlerContext: ActionHandlerContext, actionConfig: RpdRouteActionConfig) => Promise<any>;
   /** 在创建实体前调用。 */
   beforeCreateEntity?: (server: IRpdServer, model: RpdDataModel, options: CreateEntityOptions) => Promise<any>;
   /** 在更新实体前调用。 */

package/src/index.ts

@@ -22,6 +22,7 @@ export * from "./utilities/accessControlUtility";
 export * from "./utilities/entityUtility";
 export * from "./utilities/jwtUtility";
 export * from "./utilities/timeUtility";
+export * from "./utilities/passwordUtility";
 
 export * from "./helpers/entityHelpers";
 export * from "./helpers/licenseHelper";
@@ -47,6 +48,7 @@ export * from "./plugins/sequence/SequencePluginTypes";
 export { default as WebhooksPlugin } from "./plugins/webhooks/WebhooksPlugin";
 
 export { default as AuthPlugin } from "./plugins/auth/AuthPlugin";
+export * from "./plugins/auth/AuthPluginTypes";
 
 export { default as FileManagePlugin } from "./plugins/fileManage/FileManagePlugin";
 

package/src/plugins/auth/AuthPlugin.ts

@@ -17,10 +17,20 @@ import pluginRoutes from "./routes";
 import { RouteContext } from "~/core/routeContext";
 import { verifyJwt } from "~/utilities/jwtUtility";
 import AuthService from "./services/AuthService";
+import { AuthPluginInitOptions } from "./AuthPluginTypes";
 
 class AuthPlugin implements RapidPlugin {
+  #options: AuthPluginInitOptions;
   #authService!: AuthService;
 
+  constructor(options: AuthPluginInitOptions) {
+    this.#options = Object.freeze(options);
+  }
+
+  get options(): AuthPluginInitOptions {
+    return this.#options;
+  }
+
   get code(): string {
     return "authManager";
   }

package/src/plugins/auth/AuthPluginTypes.ts

@@ -0,0 +1,11 @@
+export type AuthPluginInitOptions = {
+  /**
+   * 用户实体代号。默认为`oc_user`
+   */
+  userEntitySingularCode?: string;
+
+  /**
+   * 个人资料属性。默认为`["id", "name", "login", "email", "department", "roles", "state", "createdAt"]`
+   */
+  profilePropertyCodes?: string[];
+};

package/src/plugins/auth/actionHandlers/changePassword.ts

@@ -1,10 +1,10 @@
-import bcrypt from "bcrypt";
 import { ActionHandlerContext } from "~/core/actionHandler";
-import { RapidPlugin } from "~/core/server";
+import AuthPlugin from "../AuthPlugin";
+import { generatePasswordHash, validatePassword } from "~/utilities/passwordUtility";
 
 export const code = "changePassword";
 
-export async function handler(plugin: RapidPlugin, ctx: ActionHandlerContext, options: any) {
+export async function handler(plugin: AuthPlugin, ctx: ActionHandlerContext, options: any) {
   const { server, input, routerContext: routeContext } = ctx;
   const { response } = routeContext;
   const { id, oldPassword, newPassword } = input;
@@ -20,8 +20,9 @@ export async function handler(plugin: RapidPlugin, ctx: ActionHandlerContext, op
     return;
   }
 
+  const userEntitySingularCode = plugin.options?.userEntitySingularCode || "oc_user";
   const userDataAccessor = server.getDataAccessor({
-    singularCode: "oc_user",
+    singularCode: userEntitySingularCode,
   });
 
   const user = await userDataAccessor.findOne(
@@ -41,13 +42,12 @@ export async function handler(plugin: RapidPlugin, ctx: ActionHandlerContext, op
     throw new Error("User not found.");
   }
 
-  const isMatch = await bcrypt.compare(oldPassword, user.password);
+  const isMatch = await validatePassword(oldPassword, user.password);
   if (!isMatch) {
     throw new Error("旧密码错误。");
   }
 
-  const saltRounds = 10;
-  const passwordHash = await bcrypt.hash(newPassword, saltRounds);
+  const passwordHash = await generatePasswordHash(newPassword);
 
   await userDataAccessor.updateById(
     user.id,

package/src/plugins/auth/actionHandlers/createSession.ts

@@ -1,21 +1,22 @@
-import bcrypt from "bcrypt";
 import { setCookie } from "~/deno-std/http/cookie";
 import { ActionHandlerContext } from "~/core/actionHandler";
-import { RapidPlugin } from "~/core/server";
 import AuthService from "../services/AuthService";
 import { validateLicense } from "~/helpers/licenseHelper";
+import AuthPlugin from "../AuthPlugin";
+import { validatePassword } from "~/utilities/passwordUtility";
 
 export const code = "createSession";
 
-export async function handler(plugin: RapidPlugin, ctx: ActionHandlerContext, options: any) {
+export async function handler(plugin: AuthPlugin, ctx: ActionHandlerContext, options: any) {
   const { server, input, routerContext: routeContext, logger } = ctx;
   const { response } = routeContext;
   const { account, password } = input;
 
   validateLicense(server);
 
+  const userEntitySingularCode = plugin.options?.userEntitySingularCode || "oc_user";
   const userDataAccessor = server.getDataAccessor({
-    singularCode: "oc_user",
+    singularCode: userEntitySingularCode,
   });
 
   const user = await userDataAccessor.findOne(
@@ -43,7 +44,7 @@ export async function handler(plugin: RapidPlugin, ctx: ActionHandlerContext, op
     throw new Error("用户已被禁用，不允许登录。");
   }
 
-  const isMatch = await bcrypt.compare(password, user.password);
+  const isMatch = await validatePassword(password, user.password);
   if (!isMatch) {
     throw new Error("用户名或密码错误。");
   }

package/src/plugins/auth/actionHandlers/getMyProfile.ts

@@ -1,9 +1,10 @@
 import { ActionHandlerContext } from "~/core/actionHandler";
 import { RapidPlugin } from "~/core/server";
+import AuthPlugin from "../AuthPlugin";
 
 export const code = "getMyProfile";
 
-export async function handler(plugin: RapidPlugin, ctx: ActionHandlerContext, options: any) {
+export async function handler(plugin: AuthPlugin, ctx: ActionHandlerContext, options: any) {
   const { server, input, routerContext } = ctx;
 
   const userId = routerContext.state.userId;
@@ -17,7 +18,9 @@ export async function handler(plugin: RapidPlugin, ctx: ActionHandlerContext, op
     return;
   }
 
-  const entityManager = server.getEntityManager("oc_user");
+  const userEntitySingularCode = plugin.options?.userEntitySingularCode || "oc_user";
+  const profilePropertyCodes = plugin.options?.profilePropertyCodes || ["id", "name", "login", "email", "department", "roles", "state", "createdAt"];
+  const entityManager = server.getEntityManager(userEntitySingularCode);
   const user = await entityManager.findEntity({
     filters: [
       {
@@ -26,7 +29,7 @@ export async function handler(plugin: RapidPlugin, ctx: ActionHandlerContext, op
         value: userId,
       },
     ],
-    properties: ["id", "name", "login", "email", "department", "roles", "state", "createdAt"],
+    properties: profilePropertyCodes,
   });
 
   ctx.output = {

package/src/plugins/auth/actionHandlers/resetPassword.ts

@@ -1,16 +1,17 @@
-import bcrypt from "bcrypt";
 import { ActionHandlerContext } from "~/core/actionHandler";
-import { RapidPlugin } from "~/core/server";
+import AuthPlugin from "../AuthPlugin";
+import { generatePasswordHash } from "~/utilities/passwordUtility";
 
 export const code = "resetPassword";
 
-export async function handler(plugin: RapidPlugin, ctx: ActionHandlerContext, options: any) {
+export async function handler(plugin: AuthPlugin, ctx: ActionHandlerContext, options: any) {
   const { server, input, routerContext: routeContext } = ctx;
   const { response } = routeContext;
   const { userId, password } = input;
 
+  const userEntitySingularCode = plugin.options?.userEntitySingularCode || "oc_user";
   const userDataAccessor = server.getDataAccessor({
-    singularCode: "oc_user",
+    singularCode: userEntitySingularCode,
   });
 
   const user = await userDataAccessor.findOne(
@@ -30,8 +31,7 @@ export async function handler(plugin: RapidPlugin, ctx: ActionHandlerContext, op
     throw new Error("User not found.");
   }
 
-  const saltRounds = 10;
-  const passwordHash = await bcrypt.hash(password, saltRounds);
+  const passwordHash = await generatePasswordHash(password);
 
   await userDataAccessor.updateById(
     user.id,

package/src/plugins/dataManage/DataManagePlugin.ts

@@ -25,71 +25,71 @@ import {
   RapidPlugin,
 } from "~/core/server";
 
-const routeConfigs: {
-  code: string;
-  method: RpdHttpMethod;
-  endpoint: string;
-  handlerCode: string;
+const entityOperationConfigs: {
+  operationCode: string;
+  httpMethod: RpdHttpMethod;
+  requestEndpoint: string;
+  actionHandlerCode: string;
 }[] = [
   {
-    code: "createBatch",
-    method: "POST",
-    endpoint: "/operations/create_batch",
-    handlerCode: "createCollectionEntitiesBatch",
+    operationCode: "createBatch",
+    httpMethod: "POST",
+    requestEndpoint: "/operations/create_batch",
+    actionHandlerCode: "createCollectionEntitiesBatch",
   },
   {
-    code: "find",
-    method: "POST",
-    endpoint: "/operations/find",
-    handlerCode: "findCollectionEntities",
+    operationCode: "find",
+    httpMethod: "POST",
+    requestEndpoint: "/operations/find",
+    actionHandlerCode: "findCollectionEntities",
   },
   {
-    code: "count",
-    method: "POST",
-    endpoint: "/operations/count",
-    handlerCode: "countCollectionEntities",
+    operationCode: "count",
+    httpMethod: "POST",
+    requestEndpoint: "/operations/count",
+    actionHandlerCode: "countCollectionEntities",
   },
   {
-    code: "delete",
-    method: "POST",
-    endpoint: "/operations/delete",
-    handlerCode: "deleteCollectionEntities",
+    operationCode: "delete",
+    httpMethod: "POST",
+    requestEndpoint: "/operations/delete",
+    actionHandlerCode: "deleteCollectionEntities",
   },
   {
-    code: "addRelations",
-    method: "POST",
-    endpoint: "/operations/add_relations",
-    handlerCode: "addEntityRelations",
+    operationCode: "addRelations",
+    httpMethod: "POST",
+    requestEndpoint: "/operations/add_relations",
+    actionHandlerCode: "addEntityRelations",
   },
   {
-    code: "removeRelations",
-    method: "POST",
-    endpoint: "/operations/remove_relations",
-    handlerCode: "removeEntityRelations",
+    operationCode: "removeRelations",
+    httpMethod: "POST",
+    requestEndpoint: "/operations/remove_relations",
+    actionHandlerCode: "removeEntityRelations",
   },
   {
-    code: "getById",
-    method: "GET",
-    endpoint: "/:id",
-    handlerCode: "findCollectionEntityById",
+    operationCode: "getById",
+    httpMethod: "GET",
+    requestEndpoint: "/:id",
+    actionHandlerCode: "findCollectionEntityById",
   },
   {
-    code: "create",
-    method: "POST",
-    endpoint: "",
-    handlerCode: "createCollectionEntity",
+    operationCode: "create",
+    httpMethod: "POST",
+    requestEndpoint: "",
+    actionHandlerCode: "createCollectionEntity",
   },
   {
-    code: "updateById",
-    method: "PATCH",
-    endpoint: "/:id",
-    handlerCode: "updateCollectionEntityById",
+    operationCode: "updateById",
+    httpMethod: "PATCH",
+    requestEndpoint: "/:id",
+    actionHandlerCode: "updateCollectionEntityById",
   },
   {
-    code: "deleteById",
-    method: "DELETE",
-    endpoint: "/:id",
-    handlerCode: "deleteCollectionEntityById",
+    operationCode: "deleteById",
+    httpMethod: "DELETE",
+    requestEndpoint: "/:id",
+    actionHandlerCode: "deleteCollectionEntityById",
   },
 ];
 
@@ -135,17 +135,17 @@ class DataManager implements RapidPlugin {
     models.forEach((model) => {
       const { namespace, singularCode, pluralCode } = model;
 
-      routeConfigs.forEach((routeConfig) => {
+      entityOperationConfigs.forEach((entityOperationConfig) => {
         routes.push({
           namespace,
-          name: `${namespace}.${singularCode}.${routeConfig.code}`,
-          code: `${namespace}.${singularCode}.${routeConfig.code}`,
+          name: `${namespace}.${singularCode}.${entityOperationConfig.operationCode}`,
+          code: `${namespace}.${singularCode}.${entityOperationConfig.operationCode}`,
           type: "RESTful",
-          method: routeConfig.method,
-          endpoint: `/${namespace}/${pluralCode}${routeConfig.endpoint}`,
+          method: entityOperationConfig.httpMethod,
+          endpoint: `/${namespace}/${pluralCode}${entityOperationConfig.requestEndpoint}`,
           actions: [
             {
-              code: routeConfig.handlerCode,
+              code: entityOperationConfig.actionHandlerCode,
               config: {
                 namespace,
                 singularCode,

package/src/server.ts

@@ -18,6 +18,7 @@ import {
   RpdEntityCreateEventPayload,
   EmitServerEventOptions,
   IDatabaseClient,
+  RpdRouteActionConfig,
 } from "./types";
 
 import QueryBuilder from "./queryBuilder/queryBuilder";
@@ -475,6 +476,10 @@ export class RapidServer implements IRpdServer {
     await this.#pluginManager.beforeRunRouteActions(handlerContext);
   }
 
+  async beforeRunActionHandler(handlerContext: ActionHandlerContext, actionConfig: RpdRouteActionConfig) {
+    await this.#pluginManager.beforeRunActionHandler(handlerContext, actionConfig);
+  }
+
   async beforeCreateEntity(model: RpdDataModel, options: CreateEntityOptions) {
     await this.#pluginManager.beforeCreateEntity(model, options);
   }

package/src/utilities/passwordUtility.ts

@@ -0,0 +1,26 @@
+import bcrypt from "bcryptjs";
+
+/**
+ * Generates password hash.
+ * @param password
+ * @param salt
+ * @returns
+ */
+export async function generatePasswordHash(password: string, salt?: number | string): Promise<string> {
+  if (!salt) {
+    salt = 10;
+  }
+  const passwordHash = await bcrypt.hash(password, salt);
+  return passwordHash;
+}
+
+/**
+ * Validates the password against the hash.
+ * @param password
+ * @param passwordHash
+ * @returns
+ */
+export async function validatePassword(password: string, passwordHash: string): Promise<boolean> {
+  const isMatch = await bcrypt.compare(password, passwordHash);
+  return isMatch;
+}