feat: rbac迁移完成，并已部署至dev服务器

2026-05-01 01:19:50 +08:00
parent f80a3dc064
commit 8b11068fef
250 changed files with 6314 additions and 13072 deletions
@@ -0,0 +1,18 @@
+# 纯运行镜像，不含 Go 编译环境
+# 二进制由本地 Mac 交叉编译后传入，构建更快
+FROM alpine:3.19
+
+ARG SERVICE_NAME
+
+RUN apk add --no-cache ca-certificates tzdata && \
+    cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \
+    echo "Asia/Shanghai" > /etc/timezone
+
+WORKDIR /app
+
+# 从构建上下文拷贝预编译的二进制（由 build.sh 编译好）
+COPY bin/${SERVICE_NAME} /app/service
+
+EXPOSE 8888 9001 9003 9103
+
+ENTRYPOINT ["/app/service", "-f", "/app/etc/config.yaml"]
@@ -0,0 +1,114 @@
+#!/bin/bash
+set -e
+
+# ============================================
+# 本地交叉编译 + 推送 Harbor
+# 用法: ./deploy/build.sh [服务名]
+#   ./deploy/build.sh           # 构建全部
+#   ./deploy/build.sh gateway   # 只构建 gateway
+# ============================================
+
+HARBOR="192.168.100.140"
+PROJECT="sundynix"
+TAG="${BUILD_TAG:-latest}"
+
+ROOT_DIR="$(cd "$(dirname "$0")/.." && pwd)"
+DOCKERFILE="${ROOT_DIR}/deploy/Dockerfile"
+BIN_DIR="${ROOT_DIR}/bin"
+
+GREEN='\033[0;32m'
+RED='\033[0;31m'
+NC='\033[0m'
+
+log() { echo -e "${GREEN}[BUILD]${NC} $1"; }
+err() { echo -e "${RED}[ERROR]${NC} $1"; exit 1; }
+
+# 登录 Harbor
+login_harbor() {
+  log "登录 Harbor: ${HARBOR}"
+  echo "sundynix" | docker login "${HARBOR}" -u admin --password-stdin 2>/dev/null \
+    || err "Harbor 登录失败，请检查网络连接"
+  log "Harbor 登录成功 ✅"
+}
+
+# 本地交叉编译（linux/amd64）
+compile_service() {
+  local name=$1
+  local path=$2
+
+  log "编译: ${name} (linux/amd64)"
+  mkdir -p "${BIN_DIR}"
+  CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build \
+    -ldflags="-s -w" \
+    -o "${BIN_DIR}/${name}" \
+    "${ROOT_DIR}/${path}"
+  log "编译完成: bin/${name}"
+}
+
+# 打包镜像并推送
+docker_push() {
+  local name=$1
+  local image="${HARBOR}/${PROJECT}/${name}:${TAG}"
+
+  log "打包镜像: ${image}"
+  docker build \
+    --platform linux/amd64 \
+    --build-arg SERVICE_NAME="${name}" \
+    -t "${image}" \
+    -f "${DOCKERFILE}" \
+    "${ROOT_DIR}"
+
+  log "推送: ${image}"
+  docker push "${image}"
+  log "${name} 推送完成 ✅"
+}
+
+# 编译 + 推送单个服务
+build_service() {
+  local name=$1
+  local path=$2
+
+  log "────────────────────────────────────"
+  log "服务: ${name}"
+  compile_service "$name" "$path"
+  docker_push "$name"
+}
+
+build_all() {
+  build_service "system-rpc" "app/system/rpc"
+  build_service "auth-api"   "app/auth/api"
+  build_service "system-api" "app/system/api"
+  build_service "gateway"    "app/gateway"
+}
+
+build_one() {
+  case "$1" in
+    system-rpc) build_service "system-rpc" "app/system/rpc" ;;
+    auth-api)   build_service "auth-api"   "app/auth/api"   ;;
+    system-api) build_service "system-api" "app/system/api" ;;
+    gateway)    build_service "gateway"    "app/gateway"    ;;
+    *)          err "未知服务: $1\n可选: system-rpc | auth-api | system-api | gateway" ;;
+  esac
+}
+
+main() {
+  cd "${ROOT_DIR}"
+  login_harbor
+
+  if [ -n "$1" ]; then
+    build_one "$1"
+  else
+    build_all
+  fi
+
+  # 清理编译产物
+  rm -rf "${BIN_DIR}"
+
+  echo ""
+  log "============================================"
+  log "构建推送完成 🎉"
+  log "镜像地址: ${HARBOR}/${PROJECT}/<服务名>:${TAG}"
+  log "============================================"
+}
+
+main "$@"
@@ -0,0 +1,106 @@
+#!/bin/bash
+set -e
+
+# ============================================
+# 本地交叉编译 → 打包镜像 → 通过 SSH 直传 dev 服务器
+# 不依赖 Harbor，绕过 HTTPS 问题
+# 用法: ./deploy/build.sh [服务名]
+#   ./deploy/build.sh           # 全部
+#   ./deploy/build.sh gateway   # 单个
+# ============================================
+
+DEV_HOST="192.168.100.128"
+DEV_USER="root"
+PROJECT="sundynix"
+TAG="${BUILD_TAG:-latest}"
+
+ROOT_DIR="$(cd "$(dirname "$0")/.." && pwd)"
+DOCKERFILE="${ROOT_DIR}/deploy/Dockerfile"
+BIN_DIR="${ROOT_DIR}/bin"
+
+GREEN='\033[0;32m'
+RED='\033[0;31m'
+YELLOW='\033[1;33m'
+NC='\033[0m'
+
+log()  { echo -e "${GREEN}[BUILD]${NC} $1"; }
+warn() { echo -e "${YELLOW}[WARN]${NC} $1"; }
+err()  { echo -e "${RED}[ERROR]${NC} $1"; exit 1; }
+
+# 本地交叉编译（linux/amd64）
+compile_service() {
+  local name=$1
+  local path=$2
+  log "编译: ${name} (linux/amd64)"
+  mkdir -p "${BIN_DIR}"
+  CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build \
+    -ldflags="-s -w" \
+    -o "${BIN_DIR}/${name}" \
+    "${ROOT_DIR}/${path}"
+  log "编译完成 ✅"
+}
+
+# 打包镜像并通过 SSH 直传 dev 服务器
+docker_deploy() {
+  local name=$1
+  local image="${PROJECT}/${name}:${TAG}"
+
+  log "打包镜像: ${image}"
+  DOCKER_BUILDKIT=0 docker build \
+    --build-arg SERVICE_NAME="${name}" \
+    -t "${image}" \
+    -f "${DOCKERFILE}" \
+    "${ROOT_DIR}"
+
+  log "传输镜像到 ${DEV_HOST}（通过 SSH 管道，无需 Harbor）..."
+  docker save "${image}" | ssh ${DEV_USER}@${DEV_HOST} "docker load"
+  log "${name} 部署完成 ✅"
+}
+
+# 编译 + 部署单个服务
+build_service() {
+  local name=$1
+  local path=$2
+  log "════════════════════════════════════"
+  log "服务: ${name}"
+  compile_service "$name" "$path"
+  docker_deploy "$name"
+}
+
+build_all() {
+  build_service "system-rpc" "app/system/rpc"
+  build_service "auth-api"   "app/auth/api"
+  build_service "system-api" "app/system/api"
+  build_service "gateway"    "app/gateway"
+}
+
+build_one() {
+  case "$1" in
+    system-rpc) build_service "system-rpc" "app/system/rpc" ;;
+    auth-api)   build_service "auth-api"   "app/auth/api"   ;;
+    system-api) build_service "system-api" "app/system/api" ;;
+    gateway)    build_service "gateway"    "app/gateway"    ;;
+    *)          err "未知服务: $1\n可选: system-rpc | auth-api | system-api | gateway" ;;
+  esac
+}
+
+main() {
+  cd "${ROOT_DIR}"
+
+  if [ -n "$1" ]; then
+    build_one "$1"
+  else
+    build_all
+  fi
+
+  # 清理本地编译产物
+  rm -rf "${BIN_DIR}"
+
+  echo ""
+  log "════════════════════════════════════"
+  log "全部完成 🎉  镜像已传至 ${DEV_HOST}"
+  log "在 dev 服务器上执行: cd /opt/sundynix && docker-compose up -d"
+  log "════════════════════════════════════"
+}
+
+main "$@"
@@ -0,0 +1,66 @@
+#!/bin/bash
+set -e
+
+# ============================================
+# 部署脚本 — 在 dev 服务器(192.168.100.128)上执行
+# 用法:
+#   本地执行: ./deploy/deploy-dev.sh
+#   会自动 SSH 到 dev 服务器完成部署
+# ============================================
+
+DEV_HOST="192.168.100.128"
+DEV_USER="root"
+DEPLOY_DIR="/opt/sundynix"
+
+HARBOR="192.168.100.140"
+
+# 本地项目根目录
+ROOT_DIR="$(cd "$(dirname "$0")/.." && pwd)"
+CONFIG_DIR="${ROOT_DIR}/deploy/dev"
+
+echo "=========================================="
+echo "  Sundynix Dev 环境部署"
+echo "  目标: ${DEV_USER}@${DEV_HOST}"
+echo "=========================================="
+
+# 1. 在 dev 服务器上创建目录结构
+echo "[1/4] 创建远程目录..."
+ssh ${DEV_USER}@${DEV_HOST} "mkdir -p ${DEPLOY_DIR}/config"
+
+# 2. 同步配置文件到 dev 服务器
+echo "[2/4] 同步配置文件..."
+scp ${CONFIG_DIR}/system-rpc.yaml ${DEV_USER}@${DEV_HOST}:${DEPLOY_DIR}/config/
+scp ${CONFIG_DIR}/auth-api.yaml   ${DEV_USER}@${DEV_HOST}:${DEPLOY_DIR}/config/
+scp ${CONFIG_DIR}/system-api.yaml ${DEV_USER}@${DEV_HOST}:${DEPLOY_DIR}/config/
+scp ${CONFIG_DIR}/gateway.yaml    ${DEV_USER}@${DEV_HOST}:${DEPLOY_DIR}/config/
+scp ${CONFIG_DIR}/docker-compose.yml ${DEV_USER}@${DEV_HOST}:${DEPLOY_DIR}/
+
+# 3. SSH 到 dev 服务器执行部署
+echo "[3/4] 拉取镜像并启动服务..."
+ssh ${DEV_USER}@${DEV_HOST} << 'REMOTE_SCRIPT'
+set -e
+cd /opt/sundynix
+
+# 停止旧容器并用已加载的镜像启动
+docker compose down --remove-orphans 2>/dev/null || true
+docker compose up -d
+
+# 等待 3 秒后检查状态
+sleep 3
+echo ""
+echo "========== 容器状态 =========="
+docker compose ps
+echo ""
+echo "========== 最近日志 =========="
+docker compose logs --tail=10
+REMOTE_SCRIPT
+
+echo ""
+echo "[4/4] 部署完成 ✅"
+echo ""
+echo "  网关地址: http://${DEV_HOST}:8888"
+echo "  auth-api: http://${DEV_HOST}:9001"
+echo "  system-api: http://${DEV_HOST}:9003"
+echo "  system-rpc: ${DEV_HOST}:9103"
+echo ""
+echo "  验证: curl http://${DEV_HOST}:8888/api/auth/captcha"
@@ -0,0 +1,23 @@
+Name: auth-api
+
+Log:
+  Encoding: plain
+Host: 0.0.0.0
+Port: 9001
+
+Auth:
+  AccessSecret: 9149f2eb-d517-4a50-a03a-231dbcf0d872
+  AccessExpire: 7200
+
+# system-rpc
+SystemRpc:
+  Etcd:
+    Hosts:
+      - 192.168.100.127:2379
+    Key: system.rpc
+
+# Redis（验证码存储，DB2）
+Redis:
+  Host: 192.168.100.127:6379
+  Pass: sundynix
+  DB: 2
@@ -0,0 +1,61 @@
+version: "3.8"
+
+# Sundynix Dev 环境
+# 部署到 192.168.100.128
+# 镜像从 Harbor 192.168.100.140 拉取
+
+services:
+  system-rpc:
+    image: sundynix/system-rpc:latest
+    container_name: system-rpc
+    restart: always
+    ports:
+      - "9103:9103"
+    volumes:
+      - ./config/system-rpc.yaml:/app/etc/config.yaml
+    networks:
+      - sundynix
+
+  auth-api:
+    image: sundynix/auth-api:latest
+    container_name: auth-api
+    restart: always
+    ports:
+      - "9001:9001"
+    volumes:
+      - ./config/auth-api.yaml:/app/etc/config.yaml
+    depends_on:
+      - system-rpc
+    networks:
+      - sundynix
+
+  system-api:
+    image: sundynix/system-api:latest
+    container_name: system-api
+    restart: always
+    ports:
+      - "9003:9003"
+    volumes:
+      - ./config/system-api.yaml:/app/etc/config.yaml
+    depends_on:
+      - system-rpc
+    networks:
+      - sundynix
+
+  gateway:
+    image: sundynix/gateway:latest
+    container_name: gateway
+    restart: always
+    ports:
+      - "8888:8888"
+    volumes:
+      - ./config/gateway.yaml:/app/etc/config.yaml
+    depends_on:
+      - auth-api
+      - system-api
+    networks:
+      - sundynix
+
+networks:
+  sundynix:
+    driver: bridge
@@ -0,0 +1,49 @@
+Name: gateway
+Host: 0.0.0.0
+Port: 8888
+
+Log:
+  Encoding: plain
+  Mode: console
+
+# 跨域配置
+Cors:
+  Enable: true
+  AllowOrigins:
+    - "*"
+  AllowMethods:
+    - GET
+    - POST
+    - PUT
+    - DELETE
+    - OPTIONS
+  AllowHeaders:
+    - Content-Type
+    - Authorization
+    - X-Requested-With
+    - X-Client-Id
+
+# system-rpc 连接（用于写入操作日志）
+SystemRpc:
+  Etcd:
+    Hosts:
+      - 192.168.100.127:2379
+    Key: system.rpc
+
+# JWT 密钥
+JwtSecret: "9149f2eb-d517-4a50-a03a-231dbcf0d872"
+
+# 鉴权白名单
+AuthWhitelist:
+  - /api/auth/login
+  - /api/auth/loginByPhone
+  - /api/auth/miniLogin
+  - /api/auth/captcha
+  - /api/plant/callback/wechatpay
+
+# 上游服务路由表（使用 docker-compose 服务名）
+Upstreams:
+  - Prefix: /api/auth
+    Target: http://auth-api:9001
+  - Prefix: /api/sys
+    Target: http://system-api:9003
@@ -0,0 +1,16 @@
+Name: system-api
+
+Log:
+  Encoding: plain
+Host: 0.0.0.0
+Port: 9003
+
+Auth:
+  AccessSecret: 9149f2eb-d517-4a50-a03a-231dbcf0d872
+  AccessExpire: 604800
+
+SystemRpc:
+  Etcd:
+    Hosts:
+      - 192.168.100.127:2379
+    Key: system.rpc
@@ -0,0 +1,13 @@
+Name: system.rpc
+
+Log:
+  Encoding: plain
+ListenOn: 0.0.0.0:9103
+Etcd:
+  Hosts:
+    - 192.168.100.127:2379
+  Key: system.rpc
+
+# MySQL
+DB:
+  DataSource: root:root@tcp(192.168.100.127:3307)/sundynix_micro_go?charset=utf8mb4&parseTime=True&loc=Local