wsh5485
65b0bb04f8
把 CarLog v2.8 全套源码 + 配置导入到 i 仓库作为 baseline: - server/src/ (13 个路由 + middleware + services + config) - server/migrations/ (0001~0018 共 18 个迁移 + mysql) - server/test/ (12 文件 101 测试) - client/src/ (20 个 view + components + stores + api + composables) - client/public/ + client/scripts/ - 全部配置文件 (.editorconfig, .eslintrc.json, .prettierrc.json, vitest.config.js, lighthouserc.json, .pa11yci.json, package.json, carlog-init.sql) - .husky/pre-commit (git hooks) - docs/install/ (宝塔部署文档) 不含: - node_modules/ (本地 npm install) - .env (敏感, 走 .env.example) - *.zip / *.log / *.sqlite / .DS_Store 新增文档 docs/DEV-PLAN.md: - Phase 1: 平台基座 (019 migration + 3 个 platform 路由 + 3 个 view) - Phase 2: CarLog 子系统化 (后端 routes/ → subsystems/carlog/ + 前端 views/ → views/subsystems/carlog/ + 元数据驱动菜单) - Phase 3: 验证 (测试 + E2E + DB 完整性) - 交付清单 + commit 模板 + 给 Mavis review 的材料 后续 Trae 实施, 提交后我 code review + 跑测试。
58 lines
3.0 KiB
SQL
58 lines
3.0 KiB
SQL
-- 0002_auth.sql - 用户认证 + 防撞库 (MySQL)
|
|
|
|
CREATE TABLE IF NOT EXISTS users (
|
|
id INT AUTO_INCREMENT PRIMARY KEY,
|
|
username VARCHAR(50) NOT NULL UNIQUE,
|
|
password_hash VARCHAR(255) NOT NULL,
|
|
role VARCHAR(20) NOT NULL DEFAULT 'user',
|
|
is_active TINYINT(1) NOT NULL DEFAULT 1,
|
|
last_login_at DATETIME DEFAULT NULL,
|
|
last_login_ip VARCHAR(45) DEFAULT NULL,
|
|
created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
|
|
updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
|
|
CONSTRAINT chk_role CHECK (role IN ('user','admin'))
|
|
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
|
|
|
|
CREATE INDEX idx_users_active ON users(is_active);
|
|
|
|
CREATE TABLE IF NOT EXISTS login_attempts (
|
|
id INT AUTO_INCREMENT PRIMARY KEY,
|
|
attempted_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
|
|
ip_address VARCHAR(45) NOT NULL,
|
|
username VARCHAR(50) NOT NULL,
|
|
success TINYINT(1) NOT NULL,
|
|
user_agent VARCHAR(500) DEFAULT NULL,
|
|
failure_reason VARCHAR(100) DEFAULT NULL,
|
|
CONSTRAINT chk_success CHECK (success IN (0, 1))
|
|
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
|
|
|
|
CREATE INDEX idx_attempts_ip_time ON login_attempts(ip_address, attempted_at);
|
|
CREATE INDEX idx_attempts_user_time ON login_attempts(username, attempted_at);
|
|
CREATE INDEX idx_attempts_time ON login_attempts(attempted_at);
|
|
|
|
CREATE TABLE IF NOT EXISTS auth_locks (
|
|
lock_key VARCHAR(100) PRIMARY KEY,
|
|
lock_type VARCHAR(10) NOT NULL,
|
|
target VARCHAR(50) NOT NULL,
|
|
locked_until DATETIME NOT NULL,
|
|
reason VARCHAR(255) DEFAULT NULL,
|
|
attempts INT NOT NULL DEFAULT 0,
|
|
created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
|
|
CONSTRAINT chk_lock_type CHECK (lock_type IN ('ip','user'))
|
|
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
|
|
|
|
CREATE INDEX idx_locks_until ON auth_locks(locked_until);
|
|
|
|
INSERT IGNORE INTO settings (`key`, value, is_secret, description) VALUES
|
|
('session_lifetime_days', '30', 0, '登录 session 有效期(天)'),
|
|
('session_cookie_secure', 'auto', 0, 'Cookie secure 标志:true/false/auto'),
|
|
('login_max_failures_ip', '5', 0, '每 IP 允许的最大连续失败次数'),
|
|
('login_max_failures_user', '5', 0, '每用户名允许的最大连续失败次数'),
|
|
('login_lock_minutes_ip', '15', 0, 'IP 级别锁定时长(分钟)'),
|
|
('login_lock_minutes_user', '30', 0, '用户名级别锁定时长(分钟)'),
|
|
('login_global_max_failures', '10', 0, '触发全局 IP 封锁的失败次数'),
|
|
('login_global_lock_hours', '1', 0, '全局 IP 封锁时长(小时)'),
|
|
('login_attempts_retention_days', '30', 0, 'login_attempts 保留天数'),
|
|
('csrf_token_lifetime_hours', '12', 0, 'CSRF token 有效期(小时)'),
|
|
('bcrypt_cost', '12', 0, 'bcrypt cost factor');
|