feat(auth,prompt-rule): add password change with session revocation and scope prompt rules by brand
Add self-service password change that re-hashes the credential and bumps a per-user session version so all existing access/refresh tokens are rejected. Session version is tracked in Redis with an in-memory fallback and enforced in middleware and refresh. Scope prompt rules and rule groups to a brand: new brand_id column (migrated to a "未归属" fallback brand for existing rows), brand-filtered queries/indexes, and brand-aware admin-web tabs. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -139,7 +139,7 @@ func (s *ScheduleTaskService) Create(ctx context.Context, req ScheduleTaskReques
|
||||
if err := validateScheduleCronExpr(req.CronExpr); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if err := s.ensurePromptRuleExists(ctx, actor.TenantID, req.PromptRuleID); err != nil {
|
||||
if err := s.ensurePromptRuleExists(ctx, actor.TenantID, brandID, req.PromptRuleID); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
generateCount, err := normalizeScheduleGenerateCount(req.GenerateCount)
|
||||
@@ -242,7 +242,7 @@ func (s *ScheduleTaskService) Update(ctx context.Context, id int64, req Schedule
|
||||
if err := validateScheduleCronExpr(req.CronExpr); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := s.ensurePromptRuleExists(ctx, actor.TenantID, req.PromptRuleID); err != nil {
|
||||
if err := s.ensurePromptRuleExists(ctx, actor.TenantID, brandID, req.PromptRuleID); err != nil {
|
||||
return err
|
||||
}
|
||||
generateCount, err := normalizeScheduleGenerateCount(req.GenerateCount)
|
||||
@@ -637,11 +637,11 @@ func scanScheduleTaskResponse(scanner interface {
|
||||
return item, nil
|
||||
}
|
||||
|
||||
func (s *ScheduleTaskService) ensurePromptRuleExists(ctx context.Context, tenantID, promptRuleID int64) error {
|
||||
func (s *ScheduleTaskService) ensurePromptRuleExists(ctx context.Context, tenantID, brandID, promptRuleID int64) error {
|
||||
var exists bool
|
||||
_ = s.pool.QueryRow(ctx, `
|
||||
SELECT EXISTS(SELECT 1 FROM prompt_rules WHERE id = $1 AND tenant_id = $2 AND deleted_at IS NULL)
|
||||
`, promptRuleID, tenantID).Scan(&exists)
|
||||
SELECT EXISTS(SELECT 1 FROM prompt_rules WHERE id = $1 AND tenant_id = $2 AND brand_id = $3 AND deleted_at IS NULL)
|
||||
`, promptRuleID, tenantID, brandID).Scan(&exists)
|
||||
if !exists {
|
||||
return response.ErrBadRequest(40001, "invalid_rule", "prompt rule not found or not active")
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user