add rbac impl

add login-lock

README.md

@@ -34,7 +34,7 @@ between process cache and Redis.
 > Kotlin DSL
 
 ``` kotlin
-    val coskyVersion = "1.1.12";
+    val coskyVersion = "1.2.0";
     implementation("me.ahoo.cosky:spring-cloud-starter-cosky-config:${coskyVersion}")
     implementation("me.ahoo.cosky:spring-cloud-starter-cosky-discovery:${coskyVersion}")
     implementation("org.springframework.cloud:spring-cloud-starter-loadbalancer:3.0.3")
@@ -52,7 +52,7 @@ between process cache and Redis.
     <modelVersion>4.0.0</modelVersion>
     <artifactId>demo</artifactId>
     <properties>
-        <cosky.version>1.1.12</cosky.version>
+        <cosky.version>1.2.0</cosky.version>
     </properties>
 
     <dependencies>
@@ -101,30 +101,21 @@ logging:
 
 #### Option 1：Download the executable file
 
-> Download [cosky-rest-api-server](https://github.com/Ahoo-Wang/cosky/releases/download/1.1.12/cosky-rest-api-1.1.12.tar)
+> Download [cosky-rest-api-server](https://github.com/Ahoo-Wang/cosky/releases/download/1.2.0/cosky-rest-api-1.2.0.tar)
 
-> tar *cosky-rest-api-1.1.12.tar*
+> tar *cosky-rest-api-1.2.0.tar*
 
 ```shell
-cd cosky-rest-api-1.1.12
-# Working directory: cosky-rest-api-1.1.12
+cd cosky-rest-api-1.2.0
+# Working directory: cosky-rest-api-1.2.0
 bin/cosky-rest-api --server.port=8080 --cosky.redis.uri=redis://localhost:6379
 ```
 
 #### Option 2：Run On Docker
 
 ```shell
-docker pull ahoowang/cosky-rest-api:1.1.12
-docker run --name cosky-rest-api -d -p 8080:8080 --link redis -e COSKY_REDIS_URI=redis://redis:6379  ahoowang/cosky-rest-api:1.1.12
-```
-
-##### MacBook Pro (M1)
-
-> Please use *ahoowang/cosky-rest-api:1.1.12-armv7*
-
-```shell
-docker pull ahoowang/cosky-rest-api:1.1.12-armv7
-docker run --name cosky-rest-api -d -p 8080:8080 --link redis -e COSKY_REDIS_URI=redis://redis:6379  ahoowang/cosky-rest-api:1.1.12-armv7
+docker pull ahoowang/cosky-rest-api:1.2.0
+docker run --name cosky-rest-api -d -p 8080:8080 --link redis -e COSKY_REDIS_URI=redis://redis:6379  ahoowang/cosky-rest-api:1.2.0
 ```
 
 #### Option 3：Run On Kubernetes
@@ -152,7 +143,7 @@ spec:
               value: standalone
             - name: COSKY_REDIS_URI
               value: redis://redis-uri:6379
-          image: ahoowang/cosky-rest-api:1.1.12
+          image: ahoowang/cosky-rest-api:1.2.0
           name: cosky-rest-api
           ports:
             - containerPort: 8080
@@ -196,6 +187,34 @@ spec:
 
 ![dashboard-dashboard](./docs/dashboard-dashboard.png)
 
+### Role-based access control(RBAC)
+
+- cosky: Reserved username, super user, with the highest authority. When the application is launched for the first time, the super user (cosky) password will be initialized and printed on the console. Don't worry if you forget your password, you can configure `enforce-init-super-user: true`, *CoSky* will help you reinitialize the password and print it on the console.
+
+```log
+---------------- ****** CoSky -  init super user:[cosky] password:[6TrmOux4Oj] ****** ----------------
+```
+
+- admin: Reserved roles, super administrator roles, have all permissions, a user can be bound to multiple roles, and a role can be bound to multiple resource operation permissions.
+- Permission control granularity is namespace, read and write operations
+
+#### Role Permissions
+
+![dashboard-role](./docs/dashboard-role.png)
+
+##### Add Role
+
+![dashboard-role-add](./docs/dashboard-role-add.png)
+
+#### User Management
+
+![dashboard-user](./docs/dashboard-user.png)
+
+##### Add User
+
+![dashboard-user-add](./docs/dashboard-user-add.png)
+
+
 #### Namespace
 
 ![dashboard-namespace](./docs/dashboard-namespace.png)
@@ -286,12 +305,12 @@ spec:
 ``` shell
 gradle cosky-config:jmh
 # or
-java -jar cosky-config/build/libs/cosky-config-1.1.12-jmh.jar -bm thrpt -t 25 -wi 1 -rf json -f 1
+java -jar cosky-config/build/libs/cosky-config-1.2.0-jmh.jar -bm thrpt -t 25 -wi 1 -rf json -f 1
 ```
 
 ```
 # JMH version: 1.29
-# VM version: JDK 11.1.121, OpenJDK 64-Bit Server VM, 11.1.121+9-LTS
+# VM version: JDK 11.2.01, OpenJDK 64-Bit Server VM, 11.2.01+9-LTS
 # VM invoker: /Library/Java/JavaVirtualMachines/zulu-11.jdk/Contents/Home/bin/java
 # VM options: -Dfile.encoding=UTF-8 -Djava.io.tmpdir=/Users/ahoo/cosky/cosky-config/build/tmp/jmh -Duser.country=CN -Duser.language=zh -Duser.variant
 # Blackhole mode: full + dont-inline hint
@@ -312,12 +331,12 @@ RedisConfigServiceBenchmark.setConfig             thrpt          140461.112
 ``` shell
 gradle cosky-discovery:jmh
 # or
-java -jar cosky-discovery/build/libs/cosky-discovery-1.1.12-jmh.jar -bm thrpt -t 25 -wi 1 -rf json -f 1
+java -jar cosky-discovery/build/libs/cosky-discovery-1.2.0-jmh.jar -bm thrpt -t 25 -wi 1 -rf json -f 1
 ```
 
 ```
 # JMH version: 1.29
-# VM version: JDK 11.1.121, OpenJDK 64-Bit Server VM, 11.1.121+9-LTS
+# VM version: JDK 11.2.01, OpenJDK 64-Bit Server VM, 11.2.01+9-LTS
 # VM invoker: /Library/Java/JavaVirtualMachines/zulu-11.jdk/Contents/Home/bin/java
 # VM options: -Dfile.encoding=UTF-8 -Djava.io.tmpdir=/Users/ahoo/cosky/cosky-discovery/build/tmp/jmh -Duser.country=CN -Duser.language=zh -Duser.variant
 # Blackhole mode: full + dont-inline hint

README.zh-CN.md

@@ -33,7 +33,7 @@
 > Kotlin DSL
 
 ``` kotlin
-    val coskyVersion = "1.1.12";
+    val coskyVersion = "1.2.0";
     implementation("me.ahoo.cosky:spring-cloud-starter-cosky-config:${coskyVersion}")
     implementation("me.ahoo.cosky:spring-cloud-starter-cosky-discovery:${coskyVersion}")
     implementation("org.springframework.cloud:spring-cloud-starter-loadbalancer:3.0.3")
@@ -51,7 +51,7 @@
   <modelVersion>4.0.0</modelVersion>
   <artifactId>demo</artifactId>
   <properties>
-    <cosky.version>1.1.12</cosky.version>
+    <cosky.version>1.2.0</cosky.version>
   </properties>
 
   <dependencies>
@@ -100,30 +100,21 @@ logging:
 
 #### 方式一：下载可执行文件
 
-> 下载 [rest-api-server](https://github.com/Ahoo-Wang/cosky/releases/download/1.1.12/cosky-rest-api-1.1.12.tar)
+> 下载 [rest-api-server](https://github.com/Ahoo-Wang/cosky/releases/download/1.2.0/cosky-rest-api-1.2.0.tar)
 
-> 解压 *cosky-rest-api-1.1.12.tar*
+> 解压 *cosky-rest-api-1.2.0.tar*
 
 ```shell
-cd cosky-rest-api-1.1.12
-# 工作目录: cosky-rest-api-1.1.12
+cd cosky-rest-api-1.2.0
+# 工作目录: cosky-rest-api-1.2.0
 bin/cosky-rest-api --server.port=8080 --cosky.redis.uri=redis://localhost:6379
 ```
 
 #### 方式二：在 Docker 中运行
 
 ```shell
-docker pull ahoowang/cosky-rest-api:1.1.12
-docker run --name cosky-rest-api -d -p 8080:8080 --link redis -e COSKY_REDIS_URI=redis://redis:6379  ahoowang/cosky-rest-api:1.1.12
-```
-
-##### MacBook Pro (M1)
-
-> 请使用 *ahoowang/cosky-rest-api:1.1.12-armv7*
-
-```shell
-docker pull ahoowang/cosky-rest-api:1.1.12-armv7
-docker run --name cosky-rest-api -d -p 8080:8080 --link redis -e COSKY_REDIS_URI=redis://redis:6379  ahoowang/cosky-rest-api:1.1.12-armv7
+docker pull ahoowang/cosky-rest-api:1.2.0
+docker run --name cosky-rest-api -d -p 8080:8080 --link redis -e COSKY_REDIS_URI=redis://redis:6379  ahoowang/cosky-rest-api:1.2.0
 ```
 
 #### 方式三：在 Kubernetes 中运行
@@ -151,7 +142,7 @@ spec:
               value: standalone
             - name: COSKY_REDIS_URI
               value: redis://redis-uri:6379
-          image: ahoowang/cosky-rest-api:1.1.12
+          image: ahoowang/cosky-rest-api:1.2.0
           name: cosky-rest-api
           ports:
             - containerPort: 8080
@@ -195,6 +186,33 @@ spec:
 
 ![dashboard-dashboard](./docs/dashboard-dashboard.png)
 
+### 基于角色的访问控制(RBAC)
+
+- cosky: 保留用户名，超级用户，拥有最高权限。应用首次启动时会初始化超级用户(*cosky*)的密码，并打印在控制台。忘记密码也不用担心，可以通过配置 `enforce-init-super-user: true`，*CoSky* 会帮助你重新初始化密码并打印在控制台。
+
+```log
+---------------- ****** CoSky -  init super user:[cosky] password:[6TrmOux4Oj] ****** ----------------
+```
+
+- admin: 保留角色，超级管理员角色，拥有所有权限，一个用户可以绑定多个角色，一个角色可以绑定多个资源操作权限。
+- 权限控制粒度为命名空间，读写操作
+
+#### 角色权限
+
+![dashboard-role](./docs/dashboard-role.png)
+
+##### 添加角色
+
+![dashboard-role-add](./docs/dashboard-role-add.png)
+
+#### 用户管理
+
+![dashboard-user](./docs/dashboard-user.png)
+
+##### 添加用户
+
+![dashboard-user-add](./docs/dashboard-user-add.png)
+
 #### 命名空间管理
 
 ![dashboard-namespace](./docs/dashboard-namespace.png)
@@ -285,12 +303,12 @@ spec:
 ``` shell
 gradle cosky-config:jmh
 # or
-java -jar cosky-config/build/libs/cosky-config-1.1.12-jmh.jar -bm thrpt -t 25 -wi 1 -rf json -f 1
+java -jar cosky-config/build/libs/cosky-config-1.2.0-jmh.jar -bm thrpt -t 25 -wi 1 -rf json -f 1
 ```
 
 ```
 # JMH version: 1.29
-# VM version: JDK 11.1.121, OpenJDK 64-Bit Server VM, 11.1.121+9-LTS
+# VM version: JDK 11.2.01, OpenJDK 64-Bit Server VM, 11.2.01+9-LTS
 # VM invoker: /Library/Java/JavaVirtualMachines/zulu-11.jdk/Contents/Home/bin/java
 # VM options: -Dfile.encoding=UTF-8 -Djava.io.tmpdir=/Users/ahoo/cosky/config/build/tmp/jmh -Duser.country=CN -Duser.language=zh -Duser.variant
 # Blackhole mode: full + dont-inline hint
@@ -311,12 +329,12 @@ RedisConfigServiceBenchmark.setConfig             thrpt          140461.112
 ``` shell
 gradle cosky-discovery:jmh
 # or
-java -jar cosky-discovery/build/libs/cosky-discovery-1.1.12-jmh.jar -bm thrpt -t 25 -wi 1 -rf json -f 1
+java -jar cosky-discovery/build/libs/cosky-discovery-1.2.0-jmh.jar -bm thrpt -t 25 -wi 1 -rf json -f 1
 ```
 
 ```
 # JMH version: 1.29
-# VM version: JDK 11.1.121, OpenJDK 64-Bit Server VM, 11.1.121+9-LTS
+# VM version: JDK 11.2.01, OpenJDK 64-Bit Server VM, 11.2.01+9-LTS
 # VM invoker: /Library/Java/JavaVirtualMachines/zulu-11.jdk/Contents/Home/bin/java
 # VM options: -Dfile.encoding=UTF-8 -Djava.io.tmpdir=/Users/ahoo/cosky/discovery/build/tmp/jmh -Duser.country=CN -Duser.language=zh -Duser.variant
 # Blackhole mode: full + dont-inline hint

cosky-dashboard/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cosky-dashboard",
-  "version": "1.1.12",
+  "version": "1.2.0",
   "scripts": {
     "ng": "ng",
     "start": "ng serve",

cosky-dashboard/src/app/api/role/RoleClient.ts

@@ -15,6 +15,7 @@ import {environment} from "../../../environments/environment";
 import {Observable} from "rxjs";
 import {HttpClient} from "@angular/common/http";
 import {ResourceActionDto} from "./ResourceActionDto";
+import {RoleDto} from "./RoleDto";
 
 @Injectable({providedIn: 'root'})
 export class RoleClient {
@@ -24,13 +25,18 @@ export class RoleClient {
 
   }
 
-  getAllRole(): Observable<string[]> {
-    return this.httpClient.get<string[]>(this.apiPrefix);
+  getAllRole(): Observable<RoleDto[]> {
+    return this.httpClient.get<RoleDto[]>(this.apiPrefix);
   }
 
-  saveRole(roleName: string, resourceActionBind: ResourceActionDto[]): Observable<boolean> {
-    const apiUrl = `${this.apiPrefix}/${roleName}`;
-    return this.httpClient.patch<boolean>(apiUrl, {roleName, resourceActionBind});
+  getResourceBind(roleName: string):Observable<ResourceActionDto[]>{
+    const apiUrl = `${this.apiPrefix}/${roleName}/bind`;
+    return this.httpClient.get<ResourceActionDto[]>(apiUrl);
+  }
+
+  saveRole(roleName: string, desc: string, resourceActionBind: ResourceActionDto[]): Observable<boolean> {
+    const apiUrl = `${this.apiPrefix}`;
+    return this.httpClient.put<boolean>(apiUrl, {name: roleName, desc: desc, resourceActionBind});
   }
 
   removeRole(roleName: string): Observable<boolean> {

cosky-dashboard/src/app/api/role/RoleDto.ts

@@ -0,0 +1,17 @@
+/*
+ * Copyright [2021-2021] [ahoo wang <[email protected]> (https://github.com/Ahoo-Wang)].
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+export interface RoleDto {
+  name: string;
+  desc: string;
+}

cosky-dashboard/src/app/api/user/UserClient.ts

@@ -28,9 +28,9 @@ export class UserClient {
     return this.httpClient.get<UserDto[]>(this.apiPrefix);
   }
 
-  changePwd(username: string, oldPassword: string, newPassword: string): Observable<boolean> {
+  changePwd(username: string, oldPassword: string, newPassword: string): Observable<void> {
     const apiUrl = `${this.apiPrefix}/${username}/password`;
-    return this.httpClient.patch<boolean>(apiUrl, {username, oldPassword, newPassword});
+    return this.httpClient.patch<void>(apiUrl, {username, oldPassword, newPassword});
   }
 
   addUser(username: string, password: string): Observable<boolean> {
@@ -47,4 +47,8 @@ export class UserClient {
     return this.httpClient.patch<boolean>(apiUrl, roleBind);
   }
 
+  unlock(username: string): Observable<void> {
+    const apiUrl = `${this.apiPrefix}/${username}/lock`;
+    return this.httpClient.delete<void>(apiUrl);
+  }
 }

cosky-dashboard/src/app/app-routing.module.ts

@@ -21,17 +21,22 @@ import {UserComponent} from "./components/user/user.component";
 import {AuthGuard} from "./security/AuthGuard";
 import {RoleComponent} from "./components/role/role.component";
 import {LoginComponent} from "./components/login/login.component";
+import {AuthenticatedComponent} from "./components/authenticated/authenticated.component";
 
 const routes: Routes = [
-
-  {path: '', pathMatch: 'full', redirectTo: '/dashboard'},
   {path: 'login', component: LoginComponent},
-  {path: 'dashboard', canActivate: [AuthGuard],component: DashboardComponent},
-  {path: 'namespace', canActivate: [AuthGuard],component: NamespaceComponent},
-  {path: 'config', canActivate: [AuthGuard], component: ConfigComponent},
-  {path: 'service', canActivate: [AuthGuard], component: ServiceComponent},
-  {path: 'user', canActivate: [AuthGuard], component: UserComponent},
-  {path: 'role', canActivate: [AuthGuard], component: RoleComponent}
+  {
+    path: '', canActivate: [AuthGuard], component: AuthenticatedComponent,
+    children: [
+      {path: '', pathMatch: 'full', redirectTo: '/home'},
+      {path: 'home', canActivate: [AuthGuard], component: DashboardComponent},
+      {path: 'namespace', canActivate: [AuthGuard], component: NamespaceComponent},
+      {path: 'config', canActivate: [AuthGuard], component: ConfigComponent},
+      {path: 'service', canActivate: [AuthGuard], component: ServiceComponent},
+      {path: 'user', canActivate: [AuthGuard], component: UserComponent},
+      {path: 'role', canActivate: [AuthGuard], component: RoleComponent}
+    ]
+  }
 ];
 
 @NgModule({