Compare commits
2 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
23246ade6d | ||
|
|
524204d30a |
181
packages/shared-proto/proto/core_edu.proto
Normal file
181
packages/shared-proto/proto/core_edu.proto
Normal file
@@ -0,0 +1,181 @@
|
||||
syntax = "proto3";
|
||||
|
||||
package next_edu_cloud.core_edu.v1;
|
||||
|
||||
// CoreEdu service contracts - P3 core teaching domain.
|
||||
// Covers exam management, homework assignment, and grade recording.
|
||||
// Event contracts live in events.proto under next_edu_cloud.events.v1.
|
||||
|
||||
service ExamService {
|
||||
rpc CreateExam(CreateExamRequest) returns (CreateExamResponse);
|
||||
rpc GetExam(GetExamRequest) returns (Exam);
|
||||
rpc ListExamsByClass(ListExamsByClassRequest) returns (ListExamsResponse);
|
||||
rpc UpdateExam(UpdateExamRequest) returns (UpdateExamResponse);
|
||||
rpc DeleteExam(DeleteExamRequest) returns (DeleteExamResponse);
|
||||
}
|
||||
|
||||
service HomeworkService {
|
||||
rpc AssignHomework(AssignHomeworkRequest) returns (AssignHomeworkResponse);
|
||||
rpc GetHomework(GetHomeworkRequest) returns (Homework);
|
||||
rpc ListHomeworkByClass(ListHomeworkByClassRequest) returns (ListHomeworkResponse);
|
||||
rpc SubmitHomework(SubmitHomeworkRequest) returns (SubmitHomeworkResponse);
|
||||
}
|
||||
|
||||
service GradeService {
|
||||
rpc RecordGrade(RecordGradeRequest) returns (RecordGradeResponse);
|
||||
rpc GetGrade(GetGradeRequest) returns (Grade);
|
||||
rpc ListGradesByStudent(ListGradesByStudentRequest) returns (ListGradesResponse);
|
||||
rpc ListGradesByExam(ListGradesByExamRequest) returns (ListGradesResponse);
|
||||
rpc ListGradesByHomework(ListGradesByHomeworkRequest) returns (ListGradesResponse);
|
||||
}
|
||||
|
||||
message Exam {
|
||||
string id = 1;
|
||||
string class_id = 2;
|
||||
string title = 3;
|
||||
string description = 4;
|
||||
string exam_date = 5;
|
||||
string duration = 6;
|
||||
string total_score = 7;
|
||||
string status = 8;
|
||||
string created_by = 9;
|
||||
string created_at = 10;
|
||||
string updated_at = 11;
|
||||
}
|
||||
|
||||
message Homework {
|
||||
string id = 1;
|
||||
string class_id = 2;
|
||||
string title = 3;
|
||||
string description = 4;
|
||||
string due_date = 5;
|
||||
string status = 6;
|
||||
string created_by = 7;
|
||||
string created_at = 8;
|
||||
string updated_at = 9;
|
||||
}
|
||||
|
||||
message Grade {
|
||||
string id = 1;
|
||||
string student_id = 2;
|
||||
string exam_id = 3;
|
||||
string homework_id = 4;
|
||||
string score = 5;
|
||||
string feedback = 6;
|
||||
string graded_by = 7;
|
||||
string created_at = 8;
|
||||
string updated_at = 9;
|
||||
}
|
||||
|
||||
message CreateExamRequest {
|
||||
string class_id = 1;
|
||||
string title = 2;
|
||||
string description = 3;
|
||||
string exam_date = 4;
|
||||
string duration = 5;
|
||||
string total_score = 6;
|
||||
string created_by = 7;
|
||||
}
|
||||
|
||||
message CreateExamResponse {
|
||||
string id = 1;
|
||||
}
|
||||
|
||||
message GetExamRequest {
|
||||
string id = 1;
|
||||
}
|
||||
|
||||
message ListExamsByClassRequest {
|
||||
string class_id = 1;
|
||||
}
|
||||
|
||||
message ListExamsResponse {
|
||||
repeated Exam exams = 1;
|
||||
}
|
||||
|
||||
message UpdateExamRequest {
|
||||
string id = 1;
|
||||
string title = 2;
|
||||
string description = 3;
|
||||
string exam_date = 4;
|
||||
string duration = 5;
|
||||
string total_score = 6;
|
||||
string status = 7;
|
||||
}
|
||||
|
||||
message UpdateExamResponse {
|
||||
bool success = 1;
|
||||
}
|
||||
|
||||
message DeleteExamRequest {
|
||||
string id = 1;
|
||||
}
|
||||
|
||||
message DeleteExamResponse {
|
||||
bool success = 1;
|
||||
}
|
||||
|
||||
message AssignHomeworkRequest {
|
||||
string class_id = 1;
|
||||
string title = 2;
|
||||
string description = 3;
|
||||
string due_date = 4;
|
||||
string created_by = 5;
|
||||
}
|
||||
|
||||
message AssignHomeworkResponse {
|
||||
string id = 1;
|
||||
}
|
||||
|
||||
message GetHomeworkRequest {
|
||||
string id = 1;
|
||||
}
|
||||
|
||||
message ListHomeworkByClassRequest {
|
||||
string class_id = 1;
|
||||
}
|
||||
|
||||
message ListHomeworkResponse {
|
||||
repeated Homework homework = 1;
|
||||
}
|
||||
|
||||
message SubmitHomeworkRequest {
|
||||
string id = 1;
|
||||
}
|
||||
|
||||
message SubmitHomeworkResponse {
|
||||
bool success = 1;
|
||||
}
|
||||
|
||||
message RecordGradeRequest {
|
||||
string student_id = 1;
|
||||
string exam_id = 2;
|
||||
string homework_id = 3;
|
||||
string score = 4;
|
||||
string feedback = 5;
|
||||
string graded_by = 6;
|
||||
}
|
||||
|
||||
message RecordGradeResponse {
|
||||
string id = 1;
|
||||
}
|
||||
|
||||
message GetGradeRequest {
|
||||
string id = 1;
|
||||
}
|
||||
|
||||
message ListGradesByStudentRequest {
|
||||
string student_id = 1;
|
||||
}
|
||||
|
||||
message ListGradesByExamRequest {
|
||||
string exam_id = 1;
|
||||
}
|
||||
|
||||
message ListGradesByHomeworkRequest {
|
||||
string homework_id = 1;
|
||||
}
|
||||
|
||||
message ListGradesResponse {
|
||||
repeated Grade grades = 1;
|
||||
}
|
||||
60
packages/shared-proto/proto/events.proto
Normal file
60
packages/shared-proto/proto/events.proto
Normal file
@@ -0,0 +1,60 @@
|
||||
syntax = "proto3";
|
||||
|
||||
package next_edu_cloud.events.v1;
|
||||
|
||||
// Cross-service event contracts published by CoreEdu via the transactional
|
||||
// outbox pattern and consumed by downstream services (notifications, analytics,
|
||||
// audit, etc.). Topics follow the convention edu.{domain}.events.
|
||||
//
|
||||
// Event routing (TOPIC_MAP in outbox.publisher.ts):
|
||||
// edu.exam.events <- exam.created / exam.updated / exam.deleted
|
||||
// edu.homework.events <- homework.assigned / homework.submitted / homework.graded
|
||||
// edu.grade.events <- grade.recorded / grade.updated
|
||||
// edu.class.events <- class.transferred
|
||||
|
||||
message ClassEvent {
|
||||
string event_id = 1;
|
||||
string aggregate_id = 2;
|
||||
string event_type = 3;
|
||||
int64 occurred_at = 4;
|
||||
string class_id = 5;
|
||||
string name = 6;
|
||||
string action = 7;
|
||||
map<string, string> metadata = 8;
|
||||
}
|
||||
|
||||
message ExamEvent {
|
||||
string event_id = 1;
|
||||
string aggregate_id = 2;
|
||||
string event_type = 3;
|
||||
int64 occurred_at = 4;
|
||||
string exam_id = 5;
|
||||
string class_id = 6;
|
||||
string title = 7;
|
||||
string action = 8;
|
||||
map<string, string> metadata = 9;
|
||||
}
|
||||
|
||||
message HomeworkEvent {
|
||||
string event_id = 1;
|
||||
string aggregate_id = 2;
|
||||
string event_type = 3;
|
||||
int64 occurred_at = 4;
|
||||
string homework_id = 5;
|
||||
string class_id = 6;
|
||||
string title = 7;
|
||||
string action = 8;
|
||||
map<string, string> metadata = 9;
|
||||
}
|
||||
|
||||
message GradeEvent {
|
||||
string event_id = 1;
|
||||
string aggregate_id = 2;
|
||||
string event_type = 3;
|
||||
int64 occurred_at = 4;
|
||||
string grade_id = 5;
|
||||
string student_id = 6;
|
||||
string score = 7;
|
||||
string action = 8;
|
||||
map<string, string> metadata = 9;
|
||||
}
|
||||
50
packages/shared-proto/proto/iam.proto
Normal file
50
packages/shared-proto/proto/iam.proto
Normal file
@@ -0,0 +1,50 @@
|
||||
syntax = "proto3";
|
||||
|
||||
package next_edu_cloud.iam.v1;
|
||||
|
||||
// IamService 定义身份与访问管理契约
|
||||
// P2: REST 实现,P3 起转 gRPC
|
||||
service IamService {
|
||||
rpc Register(RegisterRequest) returns (AuthResponse);
|
||||
rpc Login(LoginRequest) returns (AuthResponse);
|
||||
rpc RefreshToken(RefreshTokenRequest) returns (TokenPair);
|
||||
rpc GetUserInfo(GetUserInfoRequest) returns (UserInfo);
|
||||
}
|
||||
|
||||
message RegisterRequest {
|
||||
string email = 1;
|
||||
string password = 2;
|
||||
string name = 3;
|
||||
}
|
||||
|
||||
message LoginRequest {
|
||||
string email = 1;
|
||||
string password = 2;
|
||||
}
|
||||
|
||||
message RefreshTokenRequest {
|
||||
string refresh_token = 1;
|
||||
}
|
||||
|
||||
message GetUserInfoRequest {
|
||||
string user_id = 1;
|
||||
}
|
||||
|
||||
message AuthResponse {
|
||||
UserInfo user = 1;
|
||||
TokenPair tokens = 2;
|
||||
}
|
||||
|
||||
message TokenPair {
|
||||
string access_token = 1;
|
||||
string refresh_token = 2;
|
||||
int32 expires_in = 3;
|
||||
}
|
||||
|
||||
message UserInfo {
|
||||
string id = 1;
|
||||
string email = 2;
|
||||
string name = 3;
|
||||
repeated string roles = 4;
|
||||
repeated string permissions = 5;
|
||||
}
|
||||
@@ -11,6 +11,8 @@ type Config struct {
|
||||
JWTIssuer string
|
||||
JWTAudience string
|
||||
ClassesServiceURL string
|
||||
IamServiceURL string
|
||||
TeacherBffURL string
|
||||
OTLPEndpoint string
|
||||
LogLevel string
|
||||
}
|
||||
@@ -22,6 +24,8 @@ func Load() *Config {
|
||||
JWTIssuer: getEnv("JWT_ISSUER", "next-edu-cloud"),
|
||||
JWTAudience: getEnv("JWT_AUDIENCE", "next-edu-cloud"),
|
||||
ClassesServiceURL: getEnv("CLASSES_SERVICE_URL", "http://localhost:3001"),
|
||||
IamServiceURL: getEnv("IAM_SERVICE_URL", "http://localhost:3002"),
|
||||
TeacherBffURL: getEnv("TEACHER_BFF_URL", "http://localhost:3003"),
|
||||
OTLPEndpoint: getEnv("OTEL_EXPORTER_OTLP_ENDPOINT", "http://localhost:4318"),
|
||||
LogLevel: getEnv("LOG_LEVEL", "info"),
|
||||
}
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
package routing
|
||||
package routing
|
||||
|
||||
import (
|
||||
"github.com/edu-cloud/api-gateway/internal/config"
|
||||
@@ -29,6 +29,20 @@ func Setup(cfg *config.Config) *gin.Engine {
|
||||
panic("failed to create classes proxy: " + err.Error())
|
||||
}
|
||||
api.Any("/classes/*path", proxy.ProxyHandler(classesProxy))
|
||||
|
||||
// IAM 服务路由(身份与访问管理)
|
||||
iamProxy, err := proxy.NewProxy(cfg.IamServiceURL)
|
||||
if err != nil {
|
||||
panic("failed to create iam proxy: " + err.Error())
|
||||
}
|
||||
api.Any("/iam/*path", proxy.ProxyHandler(iamProxy))
|
||||
|
||||
// Teacher BFF 路由(教师聚合层)
|
||||
bffProxy, err := proxy.NewProxy(cfg.TeacherBffURL)
|
||||
if err != nil {
|
||||
panic("failed to create teacher-bff proxy: " + err.Error())
|
||||
}
|
||||
api.Any("/teacher/*path", proxy.ProxyHandler(bffProxy))
|
||||
}
|
||||
|
||||
return r
|
||||
|
||||
19
services/core-edu/Dockerfile
Normal file
19
services/core-edu/Dockerfile
Normal file
@@ -0,0 +1,19 @@
|
||||
# Build stage
|
||||
FROM node:20-alpine AS builder
|
||||
WORKDIR /app
|
||||
RUN npm install -g pnpm
|
||||
COPY package.json pnpm-lock.yaml* ./
|
||||
RUN pnpm install --frozen-lockfile
|
||||
COPY tsconfig.json nest-cli.json ./
|
||||
COPY src ./src
|
||||
RUN pnpm build
|
||||
|
||||
# Runtime stage
|
||||
FROM node:20-alpine
|
||||
WORKDIR /app
|
||||
RUN npm install -g pnpm
|
||||
COPY package.json pnpm-lock.yaml* ./
|
||||
RUN pnpm install --prod --frozen-lockfile
|
||||
COPY --from=builder /app/dist ./dist
|
||||
EXPOSE 3004
|
||||
CMD ["node", "dist/main.js"]
|
||||
52
services/core-edu/README.md
Normal file
52
services/core-edu/README.md
Normal file
@@ -0,0 +1,52 @@
|
||||
# core-edu 教学核心服务
|
||||
|
||||
> P3 核心教学阶段骨架 | 端口 3004
|
||||
|
||||
## 职责
|
||||
|
||||
core-edu 是教学核心限界上下文,合并 P1 的 classes 域,管理考试 / 作业 / 成绩聚合。
|
||||
覆盖教学全链路:考试发布、作业提交、成绩录入与查询。
|
||||
|
||||
## 模块结构
|
||||
|
||||
```
|
||||
src/
|
||||
├─ config/ # env / database / kafka
|
||||
├─ shared/
|
||||
│ ├─ outbox/ # 事务性发件箱(schema + repository + publisher)
|
||||
│ ├─ errors/ # 应用错误 + 全局错误过滤器
|
||||
│ └─ observability/ # logger / metrics / tracer
|
||||
├─ middleware/ # auth.middleware / permission.guard
|
||||
├─ classes/ # P3 待合并(骨架)
|
||||
├─ exams/ # 考试域
|
||||
├─ homework/ # 作业域
|
||||
├─ grades/ # 成绩域
|
||||
├─ app.module.ts
|
||||
└─ main.ts
|
||||
```
|
||||
|
||||
## 关键机制
|
||||
|
||||
- **Outbox 模式**:写业务数据同事务写 `core_edu_outbox`,OutboxPublisher 定时扫描并发送到 Kafka,保证事件可靠投递。
|
||||
- **Kafka 集成**:idempotent + transactional producer,按 eventType 路由到 `edu.{domain}.events` 主题。
|
||||
- **事件契约**:见 `packages/shared-proto/proto/events.proto`。
|
||||
|
||||
## 开发
|
||||
|
||||
```bash
|
||||
pnpm install
|
||||
pnpm dev # 端口 3004
|
||||
pnpm typecheck
|
||||
pnpm lint
|
||||
pnpm test
|
||||
```
|
||||
|
||||
## 环境变量
|
||||
|
||||
| 变量 | 说明 | 默认 |
|
||||
|------|------|------|
|
||||
| `PORT` | 服务端口 | 3004 |
|
||||
| `DATABASE_URL` | MySQL 连接串 | - |
|
||||
| `KAFKA_BROKERS` | Kafka broker 列表(逗号分隔) | localhost:9092 |
|
||||
| `JWT_SECRET` | JWT 密钥 | - |
|
||||
| `OTEL_EXPORTER_OTLP_ENDPOINT` | OTLP 上报地址(可选) | - |
|
||||
8
services/core-edu/nest-cli.json
Normal file
8
services/core-edu/nest-cli.json
Normal file
@@ -0,0 +1,8 @@
|
||||
{
|
||||
"$schema": "https://json.schemastore.org/nest-cli",
|
||||
"collection": "@nestjs/schematics",
|
||||
"sourceRoot": "src",
|
||||
"compilerOptions": {
|
||||
"deleteOutDir": true
|
||||
}
|
||||
}
|
||||
42
services/core-edu/package.json
Normal file
42
services/core-edu/package.json
Normal file
@@ -0,0 +1,42 @@
|
||||
{
|
||||
"name": "@edu/core-edu-service",
|
||||
"version": "0.1.0",
|
||||
"private": true,
|
||||
"type": "module",
|
||||
"scripts": {
|
||||
"dev": "nest start --watch",
|
||||
"build": "nest build",
|
||||
"start": "node dist/main.js",
|
||||
"test": "vitest run",
|
||||
"lint": "eslint src --ext .ts",
|
||||
"typecheck": "tsc --noEmit"
|
||||
},
|
||||
"dependencies": {
|
||||
"@nestjs/common": "^10.4.0",
|
||||
"@nestjs/core": "^10.4.0",
|
||||
"@nestjs/platform-express": "^10.4.0",
|
||||
"drizzle-orm": "^0.31.0",
|
||||
"mysql2": "^3.11.0",
|
||||
"kafkajs": "^2.2.0",
|
||||
"pino": "^9.4.0",
|
||||
"prom-client": "^15.1.0",
|
||||
"@opentelemetry/api": "^1.9.0",
|
||||
"@opentelemetry/sdk-node": "^0.53.0",
|
||||
"@opentelemetry/exporter-trace-otlp-http": "^0.53.0",
|
||||
"zod": "^3.23.0",
|
||||
"uuid": "^10.0.0",
|
||||
"reflect-metadata": "^0.2.2",
|
||||
"rxjs": "^7.8.0"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@nestjs/cli": "^10.4.0",
|
||||
"@nestjs/schematics": "^10.2.0",
|
||||
"@types/express": "^4.17.0",
|
||||
"@types/node": "^22.0.0",
|
||||
"@types/uuid": "^10.0.0",
|
||||
"eslint": "^9.10.0",
|
||||
"pino-pretty": "^11.2.0",
|
||||
"typescript": "^5.6.0",
|
||||
"vitest": "^2.1.0"
|
||||
}
|
||||
}
|
||||
15
services/core-edu/src/app.module.ts
Normal file
15
services/core-edu/src/app.module.ts
Normal file
@@ -0,0 +1,15 @@
|
||||
import { MiddlewareConsumer, Module, NestModule } from '@nestjs/common';
|
||||
import { ExamsModule } from './exams/exams.module.js';
|
||||
import { HomeworkModule } from './homework/homework.module.js';
|
||||
import { GradesModule } from './grades/grades.module.js';
|
||||
import { ClassesModule } from './classes/classes.module.js';
|
||||
import { AuthMiddleware } from './middleware/auth.middleware.js';
|
||||
|
||||
@Module({
|
||||
imports: [ExamsModule, HomeworkModule, GradesModule, ClassesModule],
|
||||
})
|
||||
export class AppModule implements NestModule {
|
||||
configure(consumer: MiddlewareConsumer): void {
|
||||
consumer.apply(AuthMiddleware).forRoutes('/api/*');
|
||||
}
|
||||
}
|
||||
15
services/core-edu/src/classes/classes.module.ts
Normal file
15
services/core-edu/src/classes/classes.module.ts
Normal file
@@ -0,0 +1,15 @@
|
||||
import { Module } from '@nestjs/common';
|
||||
|
||||
/**
|
||||
* Classes module - P3 skeleton placeholder.
|
||||
*
|
||||
* The classes domain was merged into CoreEdu in P3. This empty module
|
||||
* exists so that future class-transfer features and event handlers can
|
||||
* be registered without restructuring the AppModule imports.
|
||||
*/
|
||||
@Module({
|
||||
controllers: [],
|
||||
providers: [],
|
||||
exports: [],
|
||||
})
|
||||
export class ClassesModule {}
|
||||
24
services/core-edu/src/config/database.ts
Normal file
24
services/core-edu/src/config/database.ts
Normal file
@@ -0,0 +1,24 @@
|
||||
import { drizzle } from 'drizzle-orm/mysql2';
|
||||
import mysql from 'mysql2/promise';
|
||||
import { env } from './env.js';
|
||||
|
||||
let pool: mysql.Pool | null = null;
|
||||
|
||||
export function getDb() {
|
||||
if (!pool) {
|
||||
pool = mysql.createPool({
|
||||
uri: env.DATABASE_URL,
|
||||
waitForConnections: true,
|
||||
connectionLimit: 10,
|
||||
queueLimit: 0,
|
||||
});
|
||||
}
|
||||
return drizzle(pool);
|
||||
}
|
||||
|
||||
export async function closeDb(): Promise<void> {
|
||||
if (pool) {
|
||||
await pool.end();
|
||||
pool = null;
|
||||
}
|
||||
}
|
||||
26
services/core-edu/src/config/env.ts
Normal file
26
services/core-edu/src/config/env.ts
Normal file
@@ -0,0 +1,26 @@
|
||||
import { z } from 'zod';
|
||||
|
||||
const envSchema = z.object({
|
||||
PORT: z.string().default('3004'),
|
||||
DATABASE_URL: z.string().url(),
|
||||
REDIS_URL: z.string().url().optional(),
|
||||
JWT_SECRET: z.string(),
|
||||
JWT_ISSUER: z.string().default('next-edu-cloud'),
|
||||
KAFKA_BROKERS: z.string().default('localhost:9092'),
|
||||
OTEL_EXPORTER_OTLP_ENDPOINT: z.string().url().optional(),
|
||||
LOG_LEVEL: z.enum(['fatal', 'error', 'warn', 'info', 'debug', 'trace']).default('info'),
|
||||
NODE_ENV: z.enum(['development', 'production', 'test']).default('development'),
|
||||
});
|
||||
|
||||
export type Env = z.infer<typeof envSchema>;
|
||||
|
||||
export function loadEnv(): Env {
|
||||
const result = envSchema.safeParse(process.env);
|
||||
if (!result.success) {
|
||||
console.error('❌ Invalid environment variables:', result.error.flatten().fieldErrors);
|
||||
throw new Error('Invalid environment configuration');
|
||||
}
|
||||
return result.data;
|
||||
}
|
||||
|
||||
export const env = loadEnv();
|
||||
25
services/core-edu/src/config/kafka.ts
Normal file
25
services/core-edu/src/config/kafka.ts
Normal file
@@ -0,0 +1,25 @@
|
||||
import { Kafka } from 'kafkajs';
|
||||
import { env } from './env.js';
|
||||
|
||||
export const kafka = new Kafka({
|
||||
brokers: env.KAFKA_BROKERS.split(','),
|
||||
clientId: 'core-edu-service',
|
||||
});
|
||||
|
||||
export const producer = kafka.producer({
|
||||
idempotent: true,
|
||||
transactionalId: 'core-edu-tx',
|
||||
});
|
||||
|
||||
export const consumer = kafka.consumer({ groupId: 'core-edu-group' });
|
||||
|
||||
export async function connectKafka(): Promise<void> {
|
||||
await producer.connect();
|
||||
await consumer.connect();
|
||||
console.log('Kafka connected');
|
||||
}
|
||||
|
||||
export async function disconnectKafka(): Promise<void> {
|
||||
await producer.disconnect();
|
||||
await consumer.disconnect();
|
||||
}
|
||||
57
services/core-edu/src/exams/exams.controller.ts
Normal file
57
services/core-edu/src/exams/exams.controller.ts
Normal file
@@ -0,0 +1,57 @@
|
||||
import {
|
||||
Body,
|
||||
Controller,
|
||||
Delete,
|
||||
Get,
|
||||
Param,
|
||||
Post,
|
||||
Put,
|
||||
UseGuards,
|
||||
} from '@nestjs/common';
|
||||
import { ExamsService, type CreateExamInput, type UpdateExamInput } from './exams.service.js';
|
||||
import { PermissionGuard, Permissions } from '../../middleware/permission.guard.js';
|
||||
|
||||
interface SuccessResponse<T> {
|
||||
data: T;
|
||||
timestamp: string;
|
||||
}
|
||||
|
||||
@Controller('api/v1/exams')
|
||||
export class ExamsController {
|
||||
constructor(private readonly examsService: ExamsService) {}
|
||||
|
||||
@Post()
|
||||
@UseGuards(new PermissionGuard(Permissions.EXAM_CREATE))
|
||||
async create(@Body() body: CreateExamInput): Promise<SuccessResponse<{ id: string }>> {
|
||||
const result = await this.examsService.createExam(body);
|
||||
return { data: result, timestamp: new Date().toISOString() };
|
||||
}
|
||||
|
||||
@Get(':id')
|
||||
@UseGuards(new PermissionGuard(Permissions.EXAM_READ))
|
||||
async findOne(@Param('id') id: string): Promise<SuccessResponse<Awaited<ReturnType<ExamsService['getExam']>>>> {
|
||||
const data = await this.examsService.getExam(id);
|
||||
return { data, timestamp: new Date().toISOString() };
|
||||
}
|
||||
|
||||
@Get('class/:classId')
|
||||
@UseGuards(new PermissionGuard(Permissions.EXAM_READ))
|
||||
async listByClass(@Param('classId') classId: string): Promise<SuccessResponse<Awaited<ReturnType<ExamsService['listExamsByClass']>>>> {
|
||||
const data = await this.examsService.listExamsByClass(classId);
|
||||
return { data, timestamp: new Date().toISOString() };
|
||||
}
|
||||
|
||||
@Put(':id')
|
||||
@UseGuards(new PermissionGuard(Permissions.EXAM_UPDATE))
|
||||
async update(@Param('id') id: string, @Body() body: UpdateExamInput): Promise<SuccessResponse<{ success: true }>> {
|
||||
await this.examsService.updateExam(id, body);
|
||||
return { data: { success: true }, timestamp: new Date().toISOString() };
|
||||
}
|
||||
|
||||
@Delete(':id')
|
||||
@UseGuards(new PermissionGuard(Permissions.EXAM_DELETE))
|
||||
async remove(@Param('id') id: string): Promise<SuccessResponse<{ success: true }>> {
|
||||
await this.examsService.deleteExam(id);
|
||||
return { data: { success: true }, timestamp: new Date().toISOString() };
|
||||
}
|
||||
}
|
||||
10
services/core-edu/src/exams/exams.module.ts
Normal file
10
services/core-edu/src/exams/exams.module.ts
Normal file
@@ -0,0 +1,10 @@
|
||||
import { Module } from '@nestjs/common';
|
||||
import { ExamsController } from './exams.controller.js';
|
||||
import { ExamsService } from './exams.service.js';
|
||||
|
||||
@Module({
|
||||
controllers: [ExamsController],
|
||||
providers: [ExamsService],
|
||||
exports: [ExamsService],
|
||||
})
|
||||
export class ExamsModule {}
|
||||
28
services/core-edu/src/exams/exams.repository.ts
Normal file
28
services/core-edu/src/exams/exams.repository.ts
Normal file
@@ -0,0 +1,28 @@
|
||||
import { eq } from 'drizzle-orm';
|
||||
import { db } from '../../config/database.js';
|
||||
import { exams, type Exam, type NewExam } from './exams.schema.js';
|
||||
|
||||
export class ExamsRepository {
|
||||
async findById(id: string): Promise<Exam | undefined> {
|
||||
const [result] = await db
|
||||
.select()
|
||||
.from(exams)
|
||||
.where(eq(exams.id, id))
|
||||
.limit(1);
|
||||
return result;
|
||||
}
|
||||
|
||||
async findByClassId(classId: string): Promise<Exam[]> {
|
||||
return db.select().from(exams).where(eq(exams.classId, classId));
|
||||
}
|
||||
|
||||
async update(id: string, data: Partial<NewExam>): Promise<void> {
|
||||
await db.update(exams).set(data).where(eq(exams.id, id));
|
||||
}
|
||||
|
||||
async delete(id: string): Promise<void> {
|
||||
await db.delete(exams).where(eq(exams.id, id));
|
||||
}
|
||||
}
|
||||
|
||||
export const examsRepository = new ExamsRepository();
|
||||
25
services/core-edu/src/exams/exams.schema.ts
Normal file
25
services/core-edu/src/exams/exams.schema.ts
Normal file
@@ -0,0 +1,25 @@
|
||||
import {
|
||||
mysqlTable,
|
||||
varchar,
|
||||
text,
|
||||
timestamp,
|
||||
char,
|
||||
datetime,
|
||||
} from 'drizzle-orm/mysql-core';
|
||||
|
||||
export const exams = mysqlTable('core_edu_exams', {
|
||||
id: char('id', { length: 36 }).notNull().primaryKey(),
|
||||
classId: char('class_id', { length: 36 }).notNull(),
|
||||
title: varchar('title', { length: 200 }).notNull(),
|
||||
description: text('description'),
|
||||
examDate: datetime('exam_date').notNull(),
|
||||
duration: varchar('duration', { length: 50 }).notNull(),
|
||||
totalScore: varchar('total_score', { length: 10 }).notNull(),
|
||||
status: varchar('status', { length: 20 }).notNull().default('draft'),
|
||||
createdBy: char('created_by', { length: 36 }).notNull(),
|
||||
createdAt: timestamp('created_at').notNull().defaultNow(),
|
||||
updatedAt: timestamp('updated_at').notNull().defaultNow().onUpdateNow(),
|
||||
});
|
||||
|
||||
export type Exam = typeof exams.$inferSelect;
|
||||
export type NewExam = typeof exams.$inferInsert;
|
||||
127
services/core-edu/src/exams/exams.service.ts
Normal file
127
services/core-edu/src/exams/exams.service.ts
Normal file
@@ -0,0 +1,127 @@
|
||||
import { randomUUID } from 'node:crypto';
|
||||
import { eq } from 'drizzle-orm';
|
||||
import { Injectable } from '@nestjs/common';
|
||||
import { db } from '../../config/database.js';
|
||||
import { exams } from './exams.schema.js';
|
||||
import { examsRepository } from './exams.repository.js';
|
||||
import { outboxRepository } from '../../shared/outbox/outbox.repository.js';
|
||||
import type { Exam, NewExam } from './exams.schema.js';
|
||||
import { NotFoundError, ValidationError } from '../../shared/errors/application-error.js';
|
||||
|
||||
export interface CreateExamInput {
|
||||
classId: string;
|
||||
title: string;
|
||||
description?: string;
|
||||
examDate: Date;
|
||||
duration: string;
|
||||
totalScore: string;
|
||||
createdBy: string;
|
||||
}
|
||||
|
||||
export interface UpdateExamInput {
|
||||
title?: string;
|
||||
description?: string;
|
||||
examDate?: Date;
|
||||
duration?: string;
|
||||
totalScore?: string;
|
||||
status?: string;
|
||||
}
|
||||
|
||||
@Injectable()
|
||||
export class ExamsService {
|
||||
async createExam(input: CreateExamInput): Promise<{ id: string }> {
|
||||
if (!input.classId || !input.title || !input.createdBy) {
|
||||
throw new ValidationError('classId, title, createdBy are required');
|
||||
}
|
||||
|
||||
const id = randomUUID();
|
||||
const exam: NewExam = {
|
||||
id,
|
||||
classId: input.classId,
|
||||
title: input.title,
|
||||
description: input.description,
|
||||
examDate: input.examDate,
|
||||
duration: input.duration,
|
||||
totalScore: input.totalScore,
|
||||
status: 'draft',
|
||||
createdBy: input.createdBy,
|
||||
};
|
||||
|
||||
await db.transaction(async (tx) => {
|
||||
await tx.insert(exams).values(exam);
|
||||
await outboxRepository.create(
|
||||
{
|
||||
id: randomUUID(),
|
||||
aggregateId: id,
|
||||
aggregateType: 'exam',
|
||||
eventType: 'exam.created',
|
||||
payload: JSON.stringify({
|
||||
id,
|
||||
classId: input.classId,
|
||||
title: input.title,
|
||||
}),
|
||||
status: 'pending',
|
||||
},
|
||||
tx,
|
||||
);
|
||||
});
|
||||
|
||||
return { id };
|
||||
}
|
||||
|
||||
async getExam(id: string): Promise<Exam> {
|
||||
const exam = await examsRepository.findById(id);
|
||||
if (!exam) {
|
||||
throw new NotFoundError(`Exam ${id} not found`);
|
||||
}
|
||||
return exam;
|
||||
}
|
||||
|
||||
async listExamsByClass(classId: string): Promise<Exam[]> {
|
||||
return examsRepository.findByClassId(classId);
|
||||
}
|
||||
|
||||
async updateExam(id: string, data: UpdateExamInput): Promise<void> {
|
||||
const existing = await examsRepository.findById(id);
|
||||
if (!existing) {
|
||||
throw new NotFoundError(`Exam ${id} not found`);
|
||||
}
|
||||
|
||||
await db.transaction(async (tx) => {
|
||||
await tx.update(exams).set(data).where(eq(exams.id, id));
|
||||
await outboxRepository.create(
|
||||
{
|
||||
id: randomUUID(),
|
||||
aggregateId: id,
|
||||
aggregateType: 'exam',
|
||||
eventType: 'exam.updated',
|
||||
payload: JSON.stringify({ id, changes: data }),
|
||||
status: 'pending',
|
||||
},
|
||||
tx,
|
||||
);
|
||||
});
|
||||
}
|
||||
|
||||
async deleteExam(id: string): Promise<void> {
|
||||
const existing = await examsRepository.findById(id);
|
||||
if (!existing) {
|
||||
throw new NotFoundError(`Exam ${id} not found`);
|
||||
}
|
||||
|
||||
await db.transaction(async (tx) => {
|
||||
await tx.delete(exams).where(eq(exams.id, id));
|
||||
await outboxRepository.create(
|
||||
{
|
||||
id: randomUUID(),
|
||||
aggregateId: id,
|
||||
aggregateType: 'exam',
|
||||
eventType: 'exam.deleted',
|
||||
payload: JSON.stringify({ id }),
|
||||
status: 'pending',
|
||||
},
|
||||
tx,
|
||||
);
|
||||
});
|
||||
}
|
||||
}
|
||||
55
services/core-edu/src/grades/grades.controller.ts
Normal file
55
services/core-edu/src/grades/grades.controller.ts
Normal file
@@ -0,0 +1,55 @@
|
||||
import {
|
||||
Body,
|
||||
Controller,
|
||||
Get,
|
||||
Param,
|
||||
Post,
|
||||
UseGuards,
|
||||
} from '@nestjs/common';
|
||||
import { GradesService, type RecordGradeInput } from './grades.service.js';
|
||||
import { PermissionGuard, Permissions } from '../../middleware/permission.guard.js';
|
||||
|
||||
interface SuccessResponse<T> {
|
||||
data: T;
|
||||
timestamp: string;
|
||||
}
|
||||
|
||||
@Controller('api/v1/grades')
|
||||
export class GradesController {
|
||||
constructor(private readonly gradesService: GradesService) {}
|
||||
|
||||
@Post()
|
||||
@UseGuards(new PermissionGuard(Permissions.GRADE_CREATE))
|
||||
async record(@Body() body: RecordGradeInput): Promise<SuccessResponse<{ id: string }>> {
|
||||
const result = await this.gradesService.recordGrade(body);
|
||||
return { data: result, timestamp: new Date().toISOString() };
|
||||
}
|
||||
|
||||
@Get(':id')
|
||||
@UseGuards(new PermissionGuard(Permissions.GRADE_READ))
|
||||
async findOne(@Param('id') id: string): Promise<SuccessResponse<Awaited<ReturnType<GradesService['getGrade']>>>> {
|
||||
const data = await this.gradesService.getGrade(id);
|
||||
return { data, timestamp: new Date().toISOString() };
|
||||
}
|
||||
|
||||
@Get('student/:studentId')
|
||||
@UseGuards(new PermissionGuard(Permissions.GRADE_READ))
|
||||
async listByStudent(@Param('studentId') studentId: string): Promise<SuccessResponse<Awaited<ReturnType<GradesService['listByStudent']>>>> {
|
||||
const data = await this.gradesService.listByStudent(studentId);
|
||||
return { data, timestamp: new Date().toISOString() };
|
||||
}
|
||||
|
||||
@Get('exam/:examId')
|
||||
@UseGuards(new PermissionGuard(Permissions.GRADE_READ))
|
||||
async listByExam(@Param('examId') examId: string): Promise<SuccessResponse<Awaited<ReturnType<GradesService['listByExam']>>>> {
|
||||
const data = await this.gradesService.listByExam(examId);
|
||||
return { data, timestamp: new Date().toISOString() };
|
||||
}
|
||||
|
||||
@Get('homework/:homeworkId')
|
||||
@UseGuards(new PermissionGuard(Permissions.GRADE_READ))
|
||||
async listByHomework(@Param('homeworkId') homeworkId: string): Promise<SuccessResponse<Awaited<ReturnType<GradesService['listByHomework']>>>> {
|
||||
const data = await this.gradesService.listByHomework(homeworkId);
|
||||
return { data, timestamp: new Date().toISOString() };
|
||||
}
|
||||
}
|
||||
10
services/core-edu/src/grades/grades.module.ts
Normal file
10
services/core-edu/src/grades/grades.module.ts
Normal file
@@ -0,0 +1,10 @@
|
||||
import { Module } from '@nestjs/common';
|
||||
import { GradesController } from './grades.controller.js';
|
||||
import { GradesService } from './grades.service.js';
|
||||
|
||||
@Module({
|
||||
controllers: [GradesController],
|
||||
providers: [GradesService],
|
||||
exports: [GradesService],
|
||||
})
|
||||
export class GradesModule {}
|
||||
22
services/core-edu/src/grades/grades.schema.ts
Normal file
22
services/core-edu/src/grades/grades.schema.ts
Normal file
@@ -0,0 +1,22 @@
|
||||
import {
|
||||
mysqlTable,
|
||||
varchar,
|
||||
text,
|
||||
timestamp,
|
||||
char,
|
||||
} from 'drizzle-orm/mysql-core';
|
||||
|
||||
export const grades = mysqlTable('core_edu_grades', {
|
||||
id: char('id', { length: 36 }).notNull().primaryKey(),
|
||||
studentId: char('student_id', { length: 36 }).notNull(),
|
||||
examId: char('exam_id', { length: 36 }),
|
||||
homeworkId: char('homework_id', { length: 36 }),
|
||||
score: varchar('score', { length: 10 }).notNull(),
|
||||
feedback: text('feedback'),
|
||||
gradedBy: char('graded_by', { length: 36 }).notNull(),
|
||||
createdAt: timestamp('created_at').notNull().defaultNow(),
|
||||
updatedAt: timestamp('updated_at').notNull().defaultNow().onUpdateNow(),
|
||||
});
|
||||
|
||||
export type Grade = typeof grades.$inferSelect;
|
||||
export type NewGrade = typeof grades.$inferInsert;
|
||||
87
services/core-edu/src/grades/grades.service.ts
Normal file
87
services/core-edu/src/grades/grades.service.ts
Normal file
@@ -0,0 +1,87 @@
|
||||
import { randomUUID } from 'node:crypto';
|
||||
import { eq } from 'drizzle-orm';
|
||||
import { Injectable } from '@nestjs/common';
|
||||
import { db } from '../../config/database.js';
|
||||
import { grades } from './grades.schema.js';
|
||||
import { outboxRepository } from '../../shared/outbox/outbox.repository.js';
|
||||
import type { Grade, NewGrade } from './grades.schema.js';
|
||||
import { NotFoundError, ValidationError } from '../../shared/errors/application-error.js';
|
||||
|
||||
export interface RecordGradeInput {
|
||||
studentId: string;
|
||||
examId?: string;
|
||||
homeworkId?: string;
|
||||
score: string;
|
||||
feedback?: string;
|
||||
gradedBy: string;
|
||||
}
|
||||
|
||||
@Injectable()
|
||||
export class GradesService {
|
||||
async recordGrade(input: RecordGradeInput): Promise<{ id: string }> {
|
||||
if (!input.studentId || !input.score || !input.gradedBy) {
|
||||
throw new ValidationError('studentId, score, gradedBy are required');
|
||||
}
|
||||
if (!input.examId && !input.homeworkId) {
|
||||
throw new ValidationError('Either examId or homeworkId must be provided');
|
||||
}
|
||||
|
||||
const id = randomUUID();
|
||||
const record: NewGrade = {
|
||||
id,
|
||||
studentId: input.studentId,
|
||||
examId: input.examId,
|
||||
homeworkId: input.homeworkId,
|
||||
score: input.score,
|
||||
feedback: input.feedback,
|
||||
gradedBy: input.gradedBy,
|
||||
};
|
||||
|
||||
await db.transaction(async (tx) => {
|
||||
await tx.insert(grades).values(record);
|
||||
await outboxRepository.create(
|
||||
{
|
||||
id: randomUUID(),
|
||||
aggregateId: id,
|
||||
aggregateType: 'grade',
|
||||
eventType: 'grade.recorded',
|
||||
payload: JSON.stringify({
|
||||
id,
|
||||
studentId: input.studentId,
|
||||
score: input.score,
|
||||
examId: input.examId,
|
||||
homeworkId: input.homeworkId,
|
||||
}),
|
||||
status: 'pending',
|
||||
},
|
||||
tx,
|
||||
);
|
||||
});
|
||||
|
||||
return { id };
|
||||
}
|
||||
|
||||
async getGrade(id: string): Promise<Grade> {
|
||||
const [record] = await db
|
||||
.select()
|
||||
.from(grades)
|
||||
.where(eq(grades.id, id))
|
||||
.limit(1);
|
||||
if (!record) {
|
||||
throw new NotFoundError(`Grade ${id} not found`);
|
||||
}
|
||||
return record;
|
||||
}
|
||||
|
||||
async listByStudent(studentId: string): Promise<Grade[]> {
|
||||
return db.select().from(grades).where(eq(grades.studentId, studentId));
|
||||
}
|
||||
|
||||
async listByExam(examId: string): Promise<Grade[]> {
|
||||
return db.select().from(grades).where(eq(grades.examId, examId));
|
||||
}
|
||||
|
||||
async listByHomework(homeworkId: string): Promise<Grade[]> {
|
||||
return db.select().from(grades).where(eq(grades.homeworkId, homeworkId));
|
||||
}
|
||||
}
|
||||
48
services/core-edu/src/homework/homework.controller.ts
Normal file
48
services/core-edu/src/homework/homework.controller.ts
Normal file
@@ -0,0 +1,48 @@
|
||||
import {
|
||||
Body,
|
||||
Controller,
|
||||
Get,
|
||||
Param,
|
||||
Post,
|
||||
UseGuards,
|
||||
} from '@nestjs/common';
|
||||
import { HomeworkService, type AssignHomeworkInput } from './homework.service.js';
|
||||
import { PermissionGuard, Permissions } from '../../middleware/permission.guard.js';
|
||||
|
||||
interface SuccessResponse<T> {
|
||||
data: T;
|
||||
timestamp: string;
|
||||
}
|
||||
|
||||
@Controller('api/v1/homework')
|
||||
export class HomeworkController {
|
||||
constructor(private readonly homeworkService: HomeworkService) {}
|
||||
|
||||
@Post()
|
||||
@UseGuards(new PermissionGuard(Permissions.HOMEWORK_CREATE))
|
||||
async assign(@Body() body: AssignHomeworkInput): Promise<SuccessResponse<{ id: string }>> {
|
||||
const result = await this.homeworkService.assignHomework(body);
|
||||
return { data: result, timestamp: new Date().toISOString() };
|
||||
}
|
||||
|
||||
@Get(':id')
|
||||
@UseGuards(new PermissionGuard(Permissions.HOMEWORK_READ))
|
||||
async findOne(@Param('id') id: string): Promise<SuccessResponse<Awaited<ReturnType<HomeworkService['getHomework']>>>> {
|
||||
const data = await this.homeworkService.getHomework(id);
|
||||
return { data, timestamp: new Date().toISOString() };
|
||||
}
|
||||
|
||||
@Get('class/:classId')
|
||||
@UseGuards(new PermissionGuard(Permissions.HOMEWORK_READ))
|
||||
async listByClass(@Param('classId') classId: string): Promise<SuccessResponse<Awaited<ReturnType<HomeworkService['listByClass']>>>> {
|
||||
const data = await this.homeworkService.listByClass(classId);
|
||||
return { data, timestamp: new Date().toISOString() };
|
||||
}
|
||||
|
||||
@Post(':id/submit')
|
||||
@UseGuards(new PermissionGuard(Permissions.HOMEWORK_SUBMIT))
|
||||
async submit(@Param('id') id: string): Promise<SuccessResponse<{ success: true }>> {
|
||||
await this.homeworkService.submitHomework(id);
|
||||
return { data: { success: true }, timestamp: new Date().toISOString() };
|
||||
}
|
||||
}
|
||||
10
services/core-edu/src/homework/homework.module.ts
Normal file
10
services/core-edu/src/homework/homework.module.ts
Normal file
@@ -0,0 +1,10 @@
|
||||
import { Module } from '@nestjs/common';
|
||||
import { HomeworkController } from './homework.controller.js';
|
||||
import { HomeworkService } from './homework.service.js';
|
||||
|
||||
@Module({
|
||||
controllers: [HomeworkController],
|
||||
providers: [HomeworkService],
|
||||
exports: [HomeworkService],
|
||||
})
|
||||
export class HomeworkModule {}
|
||||
23
services/core-edu/src/homework/homework.schema.ts
Normal file
23
services/core-edu/src/homework/homework.schema.ts
Normal file
@@ -0,0 +1,23 @@
|
||||
import {
|
||||
mysqlTable,
|
||||
varchar,
|
||||
text,
|
||||
timestamp,
|
||||
char,
|
||||
datetime,
|
||||
} from 'drizzle-orm/mysql-core';
|
||||
|
||||
export const homework = mysqlTable('core_edu_homework', {
|
||||
id: char('id', { length: 36 }).notNull().primaryKey(),
|
||||
classId: char('class_id', { length: 36 }).notNull(),
|
||||
title: varchar('title', { length: 200 }).notNull(),
|
||||
description: text('description'),
|
||||
dueDate: datetime('due_date').notNull(),
|
||||
status: varchar('status', { length: 20 }).notNull().default('assigned'),
|
||||
createdBy: char('created_by', { length: 36 }).notNull(),
|
||||
createdAt: timestamp('created_at').notNull().defaultNow(),
|
||||
updatedAt: timestamp('updated_at').notNull().defaultNow().onUpdateNow(),
|
||||
});
|
||||
|
||||
export type Homework = typeof homework.$inferSelect;
|
||||
export type NewHomework = typeof homework.$inferInsert;
|
||||
98
services/core-edu/src/homework/homework.service.ts
Normal file
98
services/core-edu/src/homework/homework.service.ts
Normal file
@@ -0,0 +1,98 @@
|
||||
import { randomUUID } from 'node:crypto';
|
||||
import { eq } from 'drizzle-orm';
|
||||
import { Injectable } from '@nestjs/common';
|
||||
import { db } from '../../config/database.js';
|
||||
import { homework } from './homework.schema.js';
|
||||
import { outboxRepository } from '../../shared/outbox/outbox.repository.js';
|
||||
import type { Homework, NewHomework } from './homework.schema.js';
|
||||
import { NotFoundError, ValidationError } from '../../shared/errors/application-error.js';
|
||||
|
||||
export interface AssignHomeworkInput {
|
||||
classId: string;
|
||||
title: string;
|
||||
description?: string;
|
||||
dueDate: Date;
|
||||
createdBy: string;
|
||||
}
|
||||
|
||||
@Injectable()
|
||||
export class HomeworkService {
|
||||
async assignHomework(input: AssignHomeworkInput): Promise<{ id: string }> {
|
||||
if (!input.classId || !input.title || !input.createdBy) {
|
||||
throw new ValidationError('classId, title, createdBy are required');
|
||||
}
|
||||
|
||||
const id = randomUUID();
|
||||
const record: NewHomework = {
|
||||
id,
|
||||
classId: input.classId,
|
||||
title: input.title,
|
||||
description: input.description,
|
||||
dueDate: input.dueDate,
|
||||
status: 'assigned',
|
||||
createdBy: input.createdBy,
|
||||
};
|
||||
|
||||
await db.transaction(async (tx) => {
|
||||
await tx.insert(homework).values(record);
|
||||
await outboxRepository.create(
|
||||
{
|
||||
id: randomUUID(),
|
||||
aggregateId: id,
|
||||
aggregateType: 'homework',
|
||||
eventType: 'homework.assigned',
|
||||
payload: JSON.stringify({
|
||||
id,
|
||||
classId: input.classId,
|
||||
title: input.title,
|
||||
}),
|
||||
status: 'pending',
|
||||
},
|
||||
tx,
|
||||
);
|
||||
});
|
||||
|
||||
return { id };
|
||||
}
|
||||
|
||||
async getHomework(id: string): Promise<Homework> {
|
||||
const [record] = await db
|
||||
.select()
|
||||
.from(homework)
|
||||
.where(eq(homework.id, id))
|
||||
.limit(1);
|
||||
if (!record) {
|
||||
throw new NotFoundError(`Homework ${id} not found`);
|
||||
}
|
||||
return record;
|
||||
}
|
||||
|
||||
async listByClass(classId: string): Promise<Homework[]> {
|
||||
return db.select().from(homework).where(eq(homework.classId, classId));
|
||||
}
|
||||
|
||||
async submitHomework(id: string): Promise<void> {
|
||||
const existing = await this.getHomework(id);
|
||||
if (existing.status === 'submitted') {
|
||||
throw new ValidationError(`Homework ${id} already submitted`);
|
||||
}
|
||||
|
||||
await db.transaction(async (tx) => {
|
||||
await tx
|
||||
.update(homework)
|
||||
.set({ status: 'submitted' })
|
||||
.where(eq(homework.id, id));
|
||||
await outboxRepository.create(
|
||||
{
|
||||
id: randomUUID(),
|
||||
aggregateId: id,
|
||||
aggregateType: 'homework',
|
||||
eventType: 'homework.submitted',
|
||||
payload: JSON.stringify({ id }),
|
||||
status: 'pending',
|
||||
},
|
||||
tx,
|
||||
);
|
||||
});
|
||||
}
|
||||
}
|
||||
50
services/core-edu/src/main.ts
Normal file
50
services/core-edu/src/main.ts
Normal file
@@ -0,0 +1,50 @@
|
||||
import { NestFactory } from '@nestjs/core';
|
||||
import { AppModule } from './app.module.js';
|
||||
import { env } from './config/env.js';
|
||||
import { connectKafka, disconnectKafka } from './config/kafka.js';
|
||||
import { outboxPublisher } from './shared/outbox/outbox.publisher.js';
|
||||
import { GlobalErrorFilter } from './shared/errors/global-error.filter.js';
|
||||
import { initTracer, shutdownTracer } from './shared/observability/tracer.js';
|
||||
import { logger } from './shared/observability/logger.js';
|
||||
|
||||
async function bootstrap(): Promise<void> {
|
||||
initTracer();
|
||||
|
||||
const app = await NestFactory.create(AppModule, { bufferLogs: true });
|
||||
app.setGlobalPrefix('api');
|
||||
app.useGlobalFilters(new GlobalErrorFilter());
|
||||
app.enableShutdownHooks();
|
||||
|
||||
// Connect Kafka producer/consumer before starting the outbox publisher
|
||||
await connectKafka();
|
||||
|
||||
// Start the transactional outbox publisher - polls pending messages
|
||||
// and publishes them to Kafka topics defined in TOPIC_MAP.
|
||||
await outboxPublisher.start();
|
||||
|
||||
await app.listen(env.PORT);
|
||||
logger.info(
|
||||
{ port: env.PORT, service: 'core-edu' },
|
||||
'CoreEdu service is listening',
|
||||
);
|
||||
|
||||
process.on('SIGTERM', async () => {
|
||||
logger.info('SIGTERM received, shutting down gracefully...');
|
||||
await outboxPublisher.stop();
|
||||
await disconnectKafka();
|
||||
await shutdownTracer();
|
||||
await app.close();
|
||||
process.exit(0);
|
||||
});
|
||||
|
||||
process.on('SIGINT', async () => {
|
||||
logger.info('SIGINT received, shutting down gracefully...');
|
||||
await outboxPublisher.stop();
|
||||
await disconnectKafka();
|
||||
await shutdownTracer();
|
||||
await app.close();
|
||||
process.exit(0);
|
||||
});
|
||||
}
|
||||
|
||||
void bootstrap();
|
||||
40
services/core-edu/src/middleware/auth.middleware.ts
Normal file
40
services/core-edu/src/middleware/auth.middleware.ts
Normal file
@@ -0,0 +1,40 @@
|
||||
import {
|
||||
Injectable,
|
||||
NestMiddleware,
|
||||
UnauthorizedException,
|
||||
} from '@nestjs/common';
|
||||
import type { Request, Response, NextFunction } from 'express';
|
||||
|
||||
export interface AuthenticatedUser {
|
||||
id: string;
|
||||
role: string;
|
||||
permissions: string[];
|
||||
}
|
||||
|
||||
export interface AuthenticatedRequest extends Request {
|
||||
user?: AuthenticatedUser;
|
||||
}
|
||||
|
||||
@Injectable()
|
||||
export class AuthMiddleware implements NestMiddleware {
|
||||
use(req: AuthenticatedRequest, _res: Response, next: NextFunction): void {
|
||||
const userId = req.headers['x-user-id'] as string | undefined;
|
||||
const role = req.headers['x-user-role'] as string | undefined;
|
||||
const permissionsHeader = req.headers['x-user-permissions'] as
|
||||
| string
|
||||
| undefined;
|
||||
|
||||
if (!userId || !role) {
|
||||
throw new UnauthorizedException(
|
||||
'Missing authentication headers (x-user-id, x-user-role)',
|
||||
);
|
||||
}
|
||||
|
||||
req.user = {
|
||||
id: userId,
|
||||
role,
|
||||
permissions: permissionsHeader ? permissionsHeader.split(',') : [],
|
||||
};
|
||||
next();
|
||||
}
|
||||
}
|
||||
48
services/core-edu/src/middleware/permission.guard.ts
Normal file
48
services/core-edu/src/middleware/permission.guard.ts
Normal file
@@ -0,0 +1,48 @@
|
||||
import {
|
||||
CanActivate,
|
||||
ExecutionContext,
|
||||
Injectable,
|
||||
ForbiddenException,
|
||||
} from '@nestjs/common';
|
||||
import type { AuthenticatedRequest } from './auth.middleware.js';
|
||||
|
||||
export const Permissions = {
|
||||
EXAM_CREATE: 'exam:create',
|
||||
EXAM_READ: 'exam:read',
|
||||
EXAM_UPDATE: 'exam:update',
|
||||
EXAM_DELETE: 'exam:delete',
|
||||
HOMEWORK_CREATE: 'homework:create',
|
||||
HOMEWORK_READ: 'homework:read',
|
||||
HOMEWORK_UPDATE: 'homework:update',
|
||||
HOMEWORK_DELETE: 'homework:delete',
|
||||
HOMEWORK_GRADE: 'homework:grade',
|
||||
HOMEWORK_SUBMIT: 'homework:submit',
|
||||
GRADE_CREATE: 'grade:create',
|
||||
GRADE_READ: 'grade:read',
|
||||
GRADE_UPDATE: 'grade:update',
|
||||
GRADE_DELETE: 'grade:delete',
|
||||
CLASS_MANAGE: 'class:manage',
|
||||
CLASS_READ: 'class:read',
|
||||
CLASS_TRANSFER: 'class:transfer',
|
||||
} as const;
|
||||
|
||||
export type Permission = (typeof Permissions)[keyof typeof Permissions];
|
||||
|
||||
@Injectable()
|
||||
export class PermissionGuard implements CanActivate {
|
||||
constructor(private readonly requiredPermission: Permission) {}
|
||||
|
||||
canActivate(context: ExecutionContext): boolean {
|
||||
const request = context.switchToHttp().getRequest<AuthenticatedRequest>();
|
||||
const user = request.user;
|
||||
if (!user) {
|
||||
throw new ForbiddenException('User not authenticated');
|
||||
}
|
||||
if (!user.permissions.includes(this.requiredPermission)) {
|
||||
throw new ForbiddenException(
|
||||
`Missing permission: ${this.requiredPermission}`,
|
||||
);
|
||||
}
|
||||
return true;
|
||||
}
|
||||
}
|
||||
60
services/core-edu/src/shared/errors/application-error.ts
Normal file
60
services/core-edu/src/shared/errors/application-error.ts
Normal file
@@ -0,0 +1,60 @@
|
||||
export enum CoreEduErrorCode {
|
||||
VALIDATION_ERROR = 'CORE_EDU_VALIDATION_ERROR',
|
||||
NOT_FOUND = 'CORE_EDU_NOT_FOUND',
|
||||
UNAUTHORIZED = 'CORE_EDU_UNAUTHORIZED',
|
||||
FORBIDDEN = 'CORE_EDU_FORBIDDEN',
|
||||
CONFLICT = 'CORE_EDU_CONFLICT',
|
||||
INTERNAL_ERROR = 'CORE_EDU_INTERNAL_ERROR',
|
||||
EXAM_NOT_FOUND = 'CORE_EDU_EXAM_NOT_FOUND',
|
||||
HOMEWORK_NOT_FOUND = 'CORE_EDU_HOMEWORK_NOT_FOUND',
|
||||
GRADE_NOT_FOUND = 'CORE_EDU_GRADE_NOT_FOUND',
|
||||
OUTBOX_PUBLISH_FAILED = 'CORE_EDU_OUTBOX_PUBLISH_FAILED',
|
||||
}
|
||||
|
||||
export class ApplicationError extends Error {
|
||||
constructor(
|
||||
public readonly code: CoreEduErrorCode,
|
||||
message: string,
|
||||
public readonly statusCode: number = 500,
|
||||
public readonly details?: unknown,
|
||||
) {
|
||||
super(message);
|
||||
this.name = 'ApplicationError';
|
||||
}
|
||||
}
|
||||
|
||||
export class ValidationError extends ApplicationError {
|
||||
constructor(message: string, details?: unknown) {
|
||||
super(CoreEduErrorCode.VALIDATION_ERROR, message, 400, details);
|
||||
}
|
||||
}
|
||||
|
||||
export class NotFoundError extends ApplicationError {
|
||||
constructor(message: string, details?: unknown) {
|
||||
super(CoreEduErrorCode.NOT_FOUND, message, 404, details);
|
||||
}
|
||||
}
|
||||
|
||||
export class UnauthorizedError extends ApplicationError {
|
||||
constructor(message: string = 'Unauthorized') {
|
||||
super(CoreEduErrorCode.UNAUTHORIZED, message, 401);
|
||||
}
|
||||
}
|
||||
|
||||
export class ForbiddenError extends ApplicationError {
|
||||
constructor(message: string = 'Forbidden') {
|
||||
super(CoreEduErrorCode.FORBIDDEN, message, 403);
|
||||
}
|
||||
}
|
||||
|
||||
export class ConflictError extends ApplicationError {
|
||||
constructor(message: string, details?: unknown) {
|
||||
super(CoreEduErrorCode.CONFLICT, message, 409, details);
|
||||
}
|
||||
}
|
||||
|
||||
export class InternalError extends ApplicationError {
|
||||
constructor(message: string = 'Internal server error', details?: unknown) {
|
||||
super(CoreEduErrorCode.INTERNAL_ERROR, message, 500, details);
|
||||
}
|
||||
}
|
||||
63
services/core-edu/src/shared/errors/global-error.filter.ts
Normal file
63
services/core-edu/src/shared/errors/global-error.filter.ts
Normal file
@@ -0,0 +1,63 @@
|
||||
import {
|
||||
ExceptionFilter,
|
||||
Catch,
|
||||
ArgumentsHost,
|
||||
HttpException,
|
||||
HttpStatus,
|
||||
} from '@nestjs/common';
|
||||
import { ZodError } from 'zod';
|
||||
import { ApplicationError, CoreEduErrorCode } from './application-error.js';
|
||||
import { logger } from '../observability/logger.js';
|
||||
|
||||
@Catch()
|
||||
export class GlobalErrorFilter implements ExceptionFilter {
|
||||
catch(exception: unknown, host: ArgumentsHost): void {
|
||||
const ctx = host.switchToHttp();
|
||||
const response = ctx.getResponse();
|
||||
const request = ctx.getRequest();
|
||||
|
||||
let statusCode = HttpStatus.INTERNAL_SERVER_ERROR;
|
||||
let code = CoreEduErrorCode.INTERNAL_ERROR;
|
||||
let message = 'Internal server error';
|
||||
let details: unknown;
|
||||
|
||||
if (exception instanceof ApplicationError) {
|
||||
statusCode = exception.statusCode;
|
||||
code = exception.code;
|
||||
message = exception.message;
|
||||
details = exception.details;
|
||||
} else if (exception instanceof ZodError) {
|
||||
statusCode = HttpStatus.BAD_REQUEST;
|
||||
code = CoreEduErrorCode.VALIDATION_ERROR;
|
||||
message = 'Validation failed';
|
||||
details = exception.flatten().fieldErrors;
|
||||
} else if (exception instanceof HttpException) {
|
||||
statusCode = exception.getStatus();
|
||||
const resp = exception.getResponse();
|
||||
message =
|
||||
typeof resp === 'string'
|
||||
? resp
|
||||
: (resp as { message?: string }).message ?? exception.message;
|
||||
} else if (exception instanceof Error) {
|
||||
message = exception.message;
|
||||
}
|
||||
|
||||
logger.error(
|
||||
{
|
||||
err: exception,
|
||||
path: request.url,
|
||||
method: request.method,
|
||||
code,
|
||||
},
|
||||
`Request failed: ${message}`,
|
||||
);
|
||||
|
||||
response.status(statusCode).json({
|
||||
code,
|
||||
message,
|
||||
details,
|
||||
timestamp: new Date().toISOString(),
|
||||
path: request.url,
|
||||
});
|
||||
}
|
||||
}
|
||||
16
services/core-edu/src/shared/observability/logger.ts
Normal file
16
services/core-edu/src/shared/observability/logger.ts
Normal file
@@ -0,0 +1,16 @@
|
||||
import pino from 'pino';
|
||||
import { env } from '../../config/env.js';
|
||||
|
||||
export const logger = pino({
|
||||
name: 'core-edu',
|
||||
level: env.LOG_LEVEL,
|
||||
base: { service: 'core-edu' },
|
||||
...(env.NODE_ENV === 'development'
|
||||
? {
|
||||
transport: {
|
||||
target: 'pino-pretty',
|
||||
options: { colorize: true, translateTime: 'SYS:standard' },
|
||||
},
|
||||
}
|
||||
: {}),
|
||||
});
|
||||
38
services/core-edu/src/shared/observability/metrics.ts
Normal file
38
services/core-edu/src/shared/observability/metrics.ts
Normal file
@@ -0,0 +1,38 @@
|
||||
import {
|
||||
Registry,
|
||||
Counter,
|
||||
Histogram,
|
||||
Gauge,
|
||||
collectDefaultMetrics,
|
||||
} from 'prom-client';
|
||||
|
||||
export const registry = new Registry();
|
||||
collectDefaultMetrics({ register: registry });
|
||||
|
||||
export const httpRequestCounter = new Counter({
|
||||
name: 'core_edu_requests_total',
|
||||
help: 'Total HTTP requests',
|
||||
labelNames: ['method', 'route', 'status'] as const,
|
||||
});
|
||||
registry.registerMetric(httpRequestCounter);
|
||||
|
||||
export const httpRequestDuration = new Histogram({
|
||||
name: 'core_edu_request_duration_seconds',
|
||||
help: 'HTTP request duration in seconds',
|
||||
labelNames: ['method', 'route', 'status'] as const,
|
||||
buckets: [0.005, 0.01, 0.05, 0.1, 0.5, 1, 5],
|
||||
});
|
||||
registry.registerMetric(httpRequestDuration);
|
||||
|
||||
export const outboxPendingGauge = new Gauge({
|
||||
name: 'core_edu_outbox_pending',
|
||||
help: 'Number of pending outbox messages',
|
||||
});
|
||||
registry.registerMetric(outboxPendingGauge);
|
||||
|
||||
export const outboxPublishedCounter = new Counter({
|
||||
name: 'core_edu_outbox_published_total',
|
||||
help: 'Total outbox messages published to Kafka',
|
||||
labelNames: ['eventType', 'topic'] as const,
|
||||
});
|
||||
registry.registerMetric(outboxPublishedCounter);
|
||||
29
services/core-edu/src/shared/observability/tracer.ts
Normal file
29
services/core-edu/src/shared/observability/tracer.ts
Normal file
@@ -0,0 +1,29 @@
|
||||
import { NodeSDK } from '@opentelemetry/sdk-node';
|
||||
import { OTLPTraceExporter } from '@opentelemetry/exporter-trace-otlp-http';
|
||||
import { env } from '../../config/env.js';
|
||||
import { logger } from './logger.js';
|
||||
|
||||
let sdk: NodeSDK | undefined;
|
||||
|
||||
export function initTracer(): void {
|
||||
if (!env.OTEL_EXPORTER_OTLP_ENDPOINT) {
|
||||
logger.warn('OTEL_EXPORTER_OTLP_ENDPOINT not set, tracing disabled');
|
||||
return;
|
||||
}
|
||||
sdk = new NodeSDK({
|
||||
serviceName: 'core-edu',
|
||||
traceExporter: new OTLPTraceExporter({
|
||||
url: `${env.OTEL_EXPORTER_OTLP_ENDPOINT}/v1/traces`,
|
||||
}),
|
||||
});
|
||||
sdk.start();
|
||||
logger.info('OpenTelemetry tracer initialized');
|
||||
}
|
||||
|
||||
export async function shutdownTracer(): Promise<void> {
|
||||
if (sdk) {
|
||||
await sdk.shutdown();
|
||||
sdk = undefined;
|
||||
logger.info('OpenTelemetry tracer shutdown');
|
||||
}
|
||||
}
|
||||
88
services/core-edu/src/shared/outbox/outbox.publisher.ts
Normal file
88
services/core-edu/src/shared/outbox/outbox.publisher.ts
Normal file
@@ -0,0 +1,88 @@
|
||||
import { logger } from '../observability/logger.js';
|
||||
import { producer } from '../../config/kafka.js';
|
||||
import { outboxRepository } from './outbox.repository.js';
|
||||
import type { OutboxMessage } from './outbox.schema.js';
|
||||
|
||||
const TOPIC_MAP: Record<string, string> = {
|
||||
'exam.created': 'edu.exam.events',
|
||||
'exam.updated': 'edu.exam.events',
|
||||
'exam.deleted': 'edu.exam.events',
|
||||
'homework.assigned': 'edu.homework.events',
|
||||
'homework.submitted': 'edu.homework.events',
|
||||
'homework.graded': 'edu.homework.events',
|
||||
'grade.recorded': 'edu.grade.events',
|
||||
'grade.updated': 'edu.grade.events',
|
||||
'class.transferred': 'edu.class.events',
|
||||
};
|
||||
|
||||
const POLL_INTERVAL_MS = 5000;
|
||||
const BATCH_SIZE = 100;
|
||||
const MAX_RETRY = 5;
|
||||
|
||||
export class OutboxPublisher {
|
||||
private intervalId: NodeJS.Timeout | null = null;
|
||||
private isPolling = false;
|
||||
|
||||
async start(): Promise<void> {
|
||||
logger.info('OutboxPublisher started');
|
||||
this.intervalId = setInterval(() => {
|
||||
void this.poll();
|
||||
}, POLL_INTERVAL_MS);
|
||||
}
|
||||
|
||||
async stop(): Promise<void> {
|
||||
if (this.intervalId) {
|
||||
clearInterval(this.intervalId);
|
||||
this.intervalId = null;
|
||||
}
|
||||
logger.info('OutboxPublisher stopped');
|
||||
}
|
||||
|
||||
private async poll(): Promise<void> {
|
||||
if (this.isPolling) return;
|
||||
this.isPolling = true;
|
||||
try {
|
||||
const messages = await outboxRepository.findPending(BATCH_SIZE);
|
||||
for (const message of messages) {
|
||||
await this.publish(message);
|
||||
}
|
||||
} catch (error) {
|
||||
logger.error({ error }, 'Outbox poll failed');
|
||||
} finally {
|
||||
this.isPolling = false;
|
||||
}
|
||||
}
|
||||
|
||||
private async publish(message: OutboxMessage): Promise<void> {
|
||||
const topic = TOPIC_MAP[message.eventType] ?? 'edu.fallback.events';
|
||||
try {
|
||||
await producer.send({
|
||||
topic,
|
||||
messages: [
|
||||
{
|
||||
key: message.aggregateId,
|
||||
value: message.payload,
|
||||
headers: {
|
||||
eventType: message.eventType,
|
||||
aggregateType: message.aggregateType,
|
||||
},
|
||||
},
|
||||
],
|
||||
});
|
||||
await outboxRepository.markProcessed(message.id);
|
||||
logger.info(
|
||||
{ id: message.id, eventType: message.eventType, topic },
|
||||
'Outbox message published',
|
||||
);
|
||||
} catch (error) {
|
||||
logger.error({ error, id: message.id }, 'Outbox publish failed');
|
||||
if (message.retryCount + 1 >= MAX_RETRY) {
|
||||
await outboxRepository.markFailed(message.id);
|
||||
} else {
|
||||
await outboxRepository.incrementRetry(message.id);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
export const outboxPublisher = new OutboxPublisher();
|
||||
42
services/core-edu/src/shared/outbox/outbox.repository.ts
Normal file
42
services/core-edu/src/shared/outbox/outbox.repository.ts
Normal file
@@ -0,0 +1,42 @@
|
||||
import { eq, sql } from 'drizzle-orm';
|
||||
import { db } from '../../config/database.js';
|
||||
import { outbox, type OutboxMessage, type NewOutboxMessage } from './outbox.schema.js';
|
||||
|
||||
type DbClient = typeof db;
|
||||
|
||||
export class OutboxRepository {
|
||||
async create(message: NewOutboxMessage, tx: DbClient = db): Promise<void> {
|
||||
await tx.insert(outbox).values(message);
|
||||
}
|
||||
|
||||
async findPending(limit: number = 100): Promise<OutboxMessage[]> {
|
||||
return db
|
||||
.select()
|
||||
.from(outbox)
|
||||
.where(eq(outbox.status, 'pending'))
|
||||
.limit(limit);
|
||||
}
|
||||
|
||||
async markProcessed(id: string): Promise<void> {
|
||||
await db
|
||||
.update(outbox)
|
||||
.set({ status: 'processed', processedAt: new Date() })
|
||||
.where(eq(outbox.id, id));
|
||||
}
|
||||
|
||||
async incrementRetry(id: string): Promise<void> {
|
||||
await db
|
||||
.update(outbox)
|
||||
.set({ retryCount: sql`${outbox.retryCount} + 1` })
|
||||
.where(eq(outbox.id, id));
|
||||
}
|
||||
|
||||
async markFailed(id: string): Promise<void> {
|
||||
await db
|
||||
.update(outbox)
|
||||
.set({ status: 'failed' })
|
||||
.where(eq(outbox.id, id));
|
||||
}
|
||||
}
|
||||
|
||||
export const outboxRepository = new OutboxRepository();
|
||||
16
services/core-edu/src/shared/outbox/outbox.schema.ts
Normal file
16
services/core-edu/src/shared/outbox/outbox.schema.ts
Normal file
@@ -0,0 +1,16 @@
|
||||
import { mysqlTable, varchar, text, timestamp, char, bigint } from 'drizzle-orm/mysql-core';
|
||||
|
||||
export const outbox = mysqlTable('core_edu_outbox', {
|
||||
id: char('id', { length: 36 }).notNull().primaryKey(),
|
||||
aggregateId: char('aggregate_id', { length: 36 }).notNull(),
|
||||
aggregateType: varchar('aggregate_type', { length: 50 }).notNull(),
|
||||
eventType: varchar('event_type', { length: 100 }).notNull(),
|
||||
payload: text('payload').notNull(),
|
||||
status: varchar('status', { length: 20 }).notNull().default('pending'),
|
||||
retryCount: bigint('retry_count', { mode: 'number' }).notNull().default(0),
|
||||
createdAt: timestamp('created_at').notNull().defaultNow(),
|
||||
processedAt: timestamp('processed_at'),
|
||||
});
|
||||
|
||||
export type OutboxMessage = typeof outbox.$inferSelect;
|
||||
export type NewOutboxMessage = typeof outbox.$inferInsert;
|
||||
15
services/core-edu/tsconfig.json
Normal file
15
services/core-edu/tsconfig.json
Normal file
@@ -0,0 +1,15 @@
|
||||
{
|
||||
"extends": "../../tsconfig.base.json",
|
||||
"compilerOptions": {
|
||||
"module": "NodeNext",
|
||||
"moduleResolution": "NodeNext",
|
||||
"target": "ES2022",
|
||||
"experimentalDecorators": true,
|
||||
"emitDecoratorMetadata": true,
|
||||
"outDir": "./dist",
|
||||
"rootDir": "./src",
|
||||
"types": ["node"]
|
||||
},
|
||||
"include": ["src/**/*"],
|
||||
"exclude": ["node_modules", "dist", "test"]
|
||||
}
|
||||
20
services/core-edu/vitest.config.ts
Normal file
20
services/core-edu/vitest.config.ts
Normal file
@@ -0,0 +1,20 @@
|
||||
import { defineConfig } from 'vitest/config';
|
||||
|
||||
export default defineConfig({
|
||||
test: {
|
||||
globals: true,
|
||||
environment: 'node',
|
||||
include: ['test/unit/**/*.test.ts'],
|
||||
coverage: {
|
||||
provider: 'v8',
|
||||
reporter: ['text', 'json', 'html'],
|
||||
exclude: ['node_modules/', 'dist/', 'test/', '**/*.d.ts'],
|
||||
thresholds: {
|
||||
statements: 60,
|
||||
branches: 60,
|
||||
functions: 60,
|
||||
lines: 60,
|
||||
},
|
||||
},
|
||||
},
|
||||
});
|
||||
19
services/iam/Dockerfile
Normal file
19
services/iam/Dockerfile
Normal file
@@ -0,0 +1,19 @@
|
||||
# Build stage
|
||||
FROM node:20-alpine AS builder
|
||||
WORKDIR /app
|
||||
RUN npm install -g pnpm
|
||||
COPY package.json pnpm-lock.yaml* ./
|
||||
RUN pnpm install --frozen-lockfile
|
||||
COPY tsconfig.json nest-cli.json ./
|
||||
COPY src ./src
|
||||
RUN pnpm build
|
||||
|
||||
# Runtime stage
|
||||
FROM node:20-alpine
|
||||
WORKDIR /app
|
||||
RUN npm install -g pnpm
|
||||
COPY package.json pnpm-lock.yaml* ./
|
||||
RUN pnpm install --prod --frozen-lockfile
|
||||
COPY --from=builder /app/dist ./dist
|
||||
EXPOSE 3002
|
||||
CMD ["node", "dist/main.js"]
|
||||
35
services/iam/README.md
Normal file
35
services/iam/README.md
Normal file
@@ -0,0 +1,35 @@
|
||||
# IAM Service
|
||||
|
||||
身份与访问管理服务(Identity and Access Management),P2 身份阶段交付。
|
||||
|
||||
## 职责
|
||||
|
||||
- 用户注册 / 登录 / 刷新令牌
|
||||
- 角色(Role)与权限(Permission)管理
|
||||
- Access / Refresh Token 签发与校验
|
||||
- 用户信息查询(供 BFF / Gateway 聚合)
|
||||
|
||||
## 技术栈
|
||||
|
||||
- NestJS 10 + TypeScript(ESM)
|
||||
- Drizzle ORM + MySQL
|
||||
- bcrypt 密码哈希
|
||||
- jsonwebtoken(P2 骨架使用 HS256,后续切 RS256)
|
||||
- pino 日志 / prom-client 指标 / OpenTelemetry 链路
|
||||
|
||||
## 端口
|
||||
|
||||
默认 `3002`,通过 `PORT` 环境变量覆盖。
|
||||
|
||||
## API
|
||||
|
||||
| Method | Path | 说明 |
|
||||
|--------|------|------|
|
||||
| POST | `/iam/register` | 注册 |
|
||||
| POST | `/iam/login` | 登录 |
|
||||
| POST | `/iam/refresh` | 刷新令牌 |
|
||||
| GET | `/iam/me` | 当前用户信息(需 `x-user-id` 头) |
|
||||
|
||||
## 数据表
|
||||
|
||||
`iam_users` / `iam_roles` / `iam_user_roles` / `iam_permissions` / `iam_role_permissions` / `iam_refresh_tokens`
|
||||
8
services/iam/nest-cli.json
Normal file
8
services/iam/nest-cli.json
Normal file
@@ -0,0 +1,8 @@
|
||||
{
|
||||
"$schema": "https://json.schemastore.org/nest-cli",
|
||||
"collection": "@nestjs/schematics",
|
||||
"sourceRoot": "src",
|
||||
"compilerOptions": {
|
||||
"deleteOutDir": true
|
||||
}
|
||||
}
|
||||
42
services/iam/package.json
Normal file
42
services/iam/package.json
Normal file
@@ -0,0 +1,42 @@
|
||||
{
|
||||
"name": "@edu/iam-service",
|
||||
"version": "0.1.0",
|
||||
"private": true,
|
||||
"type": "module",
|
||||
"scripts": {
|
||||
"dev": "nest start --watch",
|
||||
"build": "nest build",
|
||||
"start": "node dist/main.js",
|
||||
"test": "vitest run",
|
||||
"lint": "eslint src --ext .ts",
|
||||
"typecheck": "tsc --noEmit"
|
||||
},
|
||||
"dependencies": {
|
||||
"@nestjs/common": "^10.4.0",
|
||||
"@nestjs/core": "^10.4.0",
|
||||
"@nestjs/platform-express": "^10.4.0",
|
||||
"drizzle-orm": "^0.31.0",
|
||||
"mysql2": "^3.11.0",
|
||||
"pino": "^9.4.0",
|
||||
"prom-client": "^15.1.0",
|
||||
"@opentelemetry/api": "^1.9.0",
|
||||
"@opentelemetry/sdk-node": "^0.53.0",
|
||||
"@opentelemetry/exporter-trace-otlp-http": "^0.53.0",
|
||||
"zod": "^3.23.0",
|
||||
"uuid": "^10.0.0",
|
||||
"bcrypt": "^5.1.0",
|
||||
"jsonwebtoken": "^9.0.0",
|
||||
"reflect-metadata": "^0.2.2",
|
||||
"rxjs": "^7.8.0"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@nestjs/cli": "^10.4.0",
|
||||
"@types/bcrypt": "^5.0.0",
|
||||
"@types/jsonwebtoken": "^9.0.0",
|
||||
"@types/node": "^22.0.0",
|
||||
"@types/uuid": "^10.0.0",
|
||||
"eslint": "^9.10.0",
|
||||
"typescript": "^5.6.0",
|
||||
"vitest": "^2.1.0"
|
||||
}
|
||||
}
|
||||
7
services/iam/src/app.module.ts
Normal file
7
services/iam/src/app.module.ts
Normal file
@@ -0,0 +1,7 @@
|
||||
import { Module } from '@nestjs/common';
|
||||
import { IamModule } from './iam/iam.module.js';
|
||||
|
||||
@Module({
|
||||
imports: [IamModule],
|
||||
})
|
||||
export class AppModule {}
|
||||
24
services/iam/src/config/database.ts
Normal file
24
services/iam/src/config/database.ts
Normal file
@@ -0,0 +1,24 @@
|
||||
import { drizzle } from 'drizzle-orm/mysql2';
|
||||
import mysql from 'mysql2/promise';
|
||||
import { env } from './env.js';
|
||||
|
||||
let pool: mysql.Pool | null = null;
|
||||
|
||||
export function getDb() {
|
||||
if (!pool) {
|
||||
pool = mysql.createPool({
|
||||
uri: env.DATABASE_URL,
|
||||
waitForConnections: true,
|
||||
connectionLimit: 10,
|
||||
queueLimit: 0,
|
||||
});
|
||||
}
|
||||
return drizzle(pool);
|
||||
}
|
||||
|
||||
export async function closeDb(): Promise<void> {
|
||||
if (pool) {
|
||||
await pool.end();
|
||||
pool = null;
|
||||
}
|
||||
}
|
||||
26
services/iam/src/config/env.ts
Normal file
26
services/iam/src/config/env.ts
Normal file
@@ -0,0 +1,26 @@
|
||||
import { z } from 'zod';
|
||||
|
||||
const envSchema = z.object({
|
||||
PORT: z.string().default('3002'),
|
||||
DATABASE_URL: z.string().url(),
|
||||
REDIS_URL: z.string().url().optional(),
|
||||
JWT_SECRET: z.string(),
|
||||
JWT_ISSUER: z.string().default('next-edu-cloud'),
|
||||
JWT_AUDIENCE: z.string().default('next-edu-cloud'),
|
||||
OTEL_EXPORTER_OTLP_ENDPOINT: z.string().url().optional(),
|
||||
LOG_LEVEL: z.enum(['fatal', 'error', 'warn', 'info', 'debug', 'trace']).default('info'),
|
||||
NODE_ENV: z.enum(['development', 'production', 'test']).default('development'),
|
||||
});
|
||||
|
||||
export type Env = z.infer<typeof envSchema>;
|
||||
|
||||
export function loadEnv(): Env {
|
||||
const result = envSchema.safeParse(process.env);
|
||||
if (!result.success) {
|
||||
console.error('❌ Invalid environment variables:', result.error.flatten().fieldErrors);
|
||||
throw new Error('Invalid environment configuration');
|
||||
}
|
||||
return result.data;
|
||||
}
|
||||
|
||||
export const env = loadEnv();
|
||||
38
services/iam/src/iam/iam.controller.ts
Normal file
38
services/iam/src/iam/iam.controller.ts
Normal file
@@ -0,0 +1,38 @@
|
||||
import { Body, Controller, Get, Post, Req } from '@nestjs/common';
|
||||
import type { Request } from 'express';
|
||||
import { IamService } from './iam.service.js';
|
||||
import { registerSchema, loginSchema, refreshTokenSchema } from './iam.dto.js';
|
||||
import type { AuthenticatedRequest } from '../middleware/auth.middleware.js';
|
||||
|
||||
@Controller('iam')
|
||||
export class IamController {
|
||||
constructor(private readonly service: IamService) {}
|
||||
|
||||
@Post('register')
|
||||
async register(@Body() body: unknown) {
|
||||
const dto = registerSchema.parse(body);
|
||||
const result = await this.service.register(dto);
|
||||
return { success: true as const, data: result };
|
||||
}
|
||||
|
||||
@Post('login')
|
||||
async login(@Body() body: unknown) {
|
||||
const dto = loginSchema.parse(body);
|
||||
const result = await this.service.login(dto);
|
||||
return { success: true as const, data: result };
|
||||
}
|
||||
|
||||
@Post('refresh')
|
||||
async refresh(@Body() body: unknown) {
|
||||
const dto = refreshTokenSchema.parse(body);
|
||||
const tokens = await this.service.refresh(dto.refreshToken);
|
||||
return { success: true as const, data: tokens };
|
||||
}
|
||||
|
||||
@Get('me')
|
||||
async me(@Req() req: Request) {
|
||||
const authReq = req as AuthenticatedRequest;
|
||||
const user = await this.service.getUserInfo(authReq.userId as string);
|
||||
return { success: true as const, data: user };
|
||||
}
|
||||
}
|
||||
19
services/iam/src/iam/iam.dto.ts
Normal file
19
services/iam/src/iam/iam.dto.ts
Normal file
@@ -0,0 +1,19 @@
|
||||
import { z } from 'zod';
|
||||
|
||||
export const registerSchema = z.object({
|
||||
email: z.string().email(),
|
||||
password: z.string().min(8).max(72),
|
||||
name: z.string().min(1).max(100),
|
||||
});
|
||||
|
||||
export const loginSchema = z.object({
|
||||
email: z.string().email(),
|
||||
password: z.string(),
|
||||
});
|
||||
|
||||
export const refreshTokenSchema = z.object({
|
||||
refreshToken: z.string(),
|
||||
});
|
||||
|
||||
export type RegisterDto = z.infer<typeof registerSchema>;
|
||||
export type LoginDto = z.infer<typeof loginSchema>;
|
||||
13
services/iam/src/iam/iam.module.ts
Normal file
13
services/iam/src/iam/iam.module.ts
Normal file
@@ -0,0 +1,13 @@
|
||||
import { Module } from '@nestjs/common';
|
||||
import { IamController } from './iam.controller.js';
|
||||
import { IamService } from './iam.service.js';
|
||||
import { IamRepository } from './iam.repository.js';
|
||||
|
||||
@Module({
|
||||
controllers: [IamController],
|
||||
providers: [
|
||||
IamService,
|
||||
{ provide: IamRepository, useFactory: () => new IamRepository() },
|
||||
],
|
||||
})
|
||||
export class IamModule {}
|
||||
63
services/iam/src/iam/iam.repository.ts
Normal file
63
services/iam/src/iam/iam.repository.ts
Normal file
@@ -0,0 +1,63 @@
|
||||
import { eq } from 'drizzle-orm';
|
||||
import { getDb } from '../config/database.js';
|
||||
import { users, roles, userRoles, permissions, rolePermissions, refreshTokens } from './iam.schema.js';
|
||||
import type { User, Role, Permission } from './iam.schema.js';
|
||||
|
||||
export class IamRepository {
|
||||
async createUser(data: { id: string; email: string; passwordHash: string; name: string }): Promise<User> {
|
||||
const db = getDb();
|
||||
await db.insert(users).values(data);
|
||||
const [result] = await db.select().from(users).where(eq(users.id, data.id));
|
||||
return result;
|
||||
}
|
||||
|
||||
async findUserByEmail(email: string): Promise<User | undefined> {
|
||||
const db = getDb();
|
||||
const [result] = await db.select().from(users).where(eq(users.email, email));
|
||||
return result;
|
||||
}
|
||||
|
||||
async findUserById(id: string): Promise<User | undefined> {
|
||||
const db = getDb();
|
||||
const [result] = await db.select().from(users).where(eq(users.id, id));
|
||||
return result;
|
||||
}
|
||||
|
||||
async getUserRoles(userId: string): Promise<Role[]> {
|
||||
const db = getDb();
|
||||
const result = await db
|
||||
.select()
|
||||
.from(roles)
|
||||
.innerJoin(userRoles, eq(roles.id, userRoles.roleId))
|
||||
.where(eq(userRoles.userId, userId));
|
||||
return result.map((r) => r.roles);
|
||||
}
|
||||
|
||||
async getUserPermissions(userId: string): Promise<Permission[]> {
|
||||
const db = getDb();
|
||||
const userRoleRows = await db.select().from(userRoles).where(eq(userRoles.userId, userId));
|
||||
const roleIds = userRoleRows.map((r) => r.roleId);
|
||||
if (roleIds.length === 0) return [];
|
||||
const result = await db
|
||||
.select()
|
||||
.from(permissions)
|
||||
.innerJoin(rolePermissions, eq(permissions.id, rolePermissions.permissionId))
|
||||
.where(rolePermissions.roleId.in(roleIds));
|
||||
return result.map((r) => r.permissions);
|
||||
}
|
||||
|
||||
async assignRole(userId: string, roleId: string): Promise<void> {
|
||||
const db = getDb();
|
||||
await db.insert(userRoles).values({ userId, roleId });
|
||||
}
|
||||
|
||||
async createRefreshToken(data: { id: string; userId: string; tokenHash: string; expiresAt: Date }): Promise<void> {
|
||||
const db = getDb();
|
||||
await db.insert(refreshTokens).values(data);
|
||||
}
|
||||
|
||||
async revokeRefreshToken(id: string): Promise<void> {
|
||||
const db = getDb();
|
||||
await db.update(refreshTokens).set({ revokedAt: new Date() }).where(eq(refreshTokens.id, id));
|
||||
}
|
||||
}
|
||||
48
services/iam/src/iam/iam.schema.ts
Normal file
48
services/iam/src/iam/iam.schema.ts
Normal file
@@ -0,0 +1,48 @@
|
||||
import { mysqlTable, varchar, char, timestamp } from 'drizzle-orm/mysql-core';
|
||||
|
||||
export const users = mysqlTable('iam_users', {
|
||||
id: char('id', { length: 36 }).notNull().primaryKey(),
|
||||
email: varchar('email', { length: 255 }).notNull().unique(),
|
||||
passwordHash: varchar('password_hash', { length: 255 }).notNull(),
|
||||
name: varchar('name', { length: 100 }).notNull(),
|
||||
status: varchar('status', { length: 20 }).notNull().default('active'),
|
||||
createdAt: timestamp('created_at').notNull().defaultNow(),
|
||||
updatedAt: timestamp('updated_at').notNull().defaultNow().onUpdateNow(),
|
||||
});
|
||||
|
||||
export const roles = mysqlTable('iam_roles', {
|
||||
id: char('id', { length: 36 }).notNull().primaryKey(),
|
||||
name: varchar('name', { length: 50 }).notNull().unique(),
|
||||
description: varchar('description', { length: 255 }),
|
||||
});
|
||||
|
||||
export const userRoles = mysqlTable('iam_user_roles', {
|
||||
userId: char('user_id', { length: 36 }).notNull(),
|
||||
roleId: char('role_id', { length: 36 }).notNull(),
|
||||
createdAt: timestamp('created_at').notNull().defaultNow(),
|
||||
});
|
||||
|
||||
export const permissions = mysqlTable('iam_permissions', {
|
||||
id: char('id', { length: 36 }).notNull().primaryKey(),
|
||||
name: varchar('name', { length: 100 }).notNull().unique(),
|
||||
resource: varchar('resource', { length: 50 }).notNull(),
|
||||
action: varchar('action', { length: 50 }).notNull(),
|
||||
});
|
||||
|
||||
export const rolePermissions = mysqlTable('iam_role_permissions', {
|
||||
roleId: char('role_id', { length: 36 }).notNull(),
|
||||
permissionId: char('permission_id', { length: 36 }).notNull(),
|
||||
});
|
||||
|
||||
export const refreshTokens = mysqlTable('iam_refresh_tokens', {
|
||||
id: char('id', { length: 36 }).notNull().primaryKey(),
|
||||
userId: char('user_id', { length: 36 }).notNull(),
|
||||
tokenHash: varchar('token_hash', { length: 255 }).notNull(),
|
||||
expiresAt: timestamp('expires_at').notNull(),
|
||||
revokedAt: timestamp('revoked_at'),
|
||||
createdAt: timestamp('created_at').notNull().defaultNow(),
|
||||
});
|
||||
|
||||
export type User = typeof users.$inferSelect;
|
||||
export type Role = typeof roles.$inferSelect;
|
||||
export type Permission = typeof permissions.$inferSelect;
|
||||
143
services/iam/src/iam/iam.service.ts
Normal file
143
services/iam/src/iam/iam.service.ts
Normal file
@@ -0,0 +1,143 @@
|
||||
import { v4 as uuidv4 } from 'uuid';
|
||||
import bcrypt from 'bcrypt';
|
||||
import jwt from 'jsonwebtoken';
|
||||
import { IamRepository } from './iam.repository.js';
|
||||
import { ConflictError, UnauthorizedError, NotFoundError } from '../shared/errors/application-error.js';
|
||||
import { env } from '../config/env.js';
|
||||
import type { RegisterDto, LoginDto } from './iam.dto.js';
|
||||
import type { User } from './iam.schema.js';
|
||||
|
||||
export interface TokenPair {
|
||||
accessToken: string;
|
||||
refreshToken: string;
|
||||
expiresIn: number;
|
||||
}
|
||||
|
||||
export interface UserInfo {
|
||||
id: string;
|
||||
email: string;
|
||||
name: string;
|
||||
roles: string[];
|
||||
permissions: string[];
|
||||
}
|
||||
|
||||
export class IamService {
|
||||
constructor(private readonly repository: IamRepository) {}
|
||||
|
||||
async register(dto: RegisterDto): Promise<{ user: UserInfo; tokens: TokenPair }> {
|
||||
const existing = await this.repository.findUserByEmail(dto.email);
|
||||
if (existing) {
|
||||
throw new ConflictError('Email already registered');
|
||||
}
|
||||
|
||||
const userId = uuidv4();
|
||||
const passwordHash = await bcrypt.hash(dto.password, 12);
|
||||
const user = await this.repository.createUser({
|
||||
id: userId,
|
||||
email: dto.email,
|
||||
passwordHash,
|
||||
name: dto.name,
|
||||
});
|
||||
|
||||
// P2 骨架:默认分配 teacher 角色(实际应通过邀请码注册)
|
||||
// await this.repository.assignRole(userId, defaultRoleId);
|
||||
|
||||
const { tokens } = await this.issueTokens(user);
|
||||
const info = await this.buildUserInfo(user);
|
||||
return { user: info, tokens };
|
||||
}
|
||||
|
||||
async login(dto: LoginDto): Promise<{ user: UserInfo; tokens: TokenPair }> {
|
||||
const user = await this.repository.findUserByEmail(dto.email);
|
||||
if (!user) {
|
||||
throw new UnauthorizedError('Invalid credentials');
|
||||
}
|
||||
|
||||
const valid = await bcrypt.compare(dto.password, user.passwordHash);
|
||||
if (!valid) {
|
||||
throw new UnauthorizedError('Invalid credentials');
|
||||
}
|
||||
|
||||
if (user.status !== 'active') {
|
||||
throw new UnauthorizedError('Account is not active');
|
||||
}
|
||||
|
||||
const { tokens } = await this.issueTokens(user);
|
||||
const info = await this.buildUserInfo(user);
|
||||
return { user: info, tokens };
|
||||
}
|
||||
|
||||
async refresh(refreshToken: string): Promise<TokenPair> {
|
||||
let payload: jwt.JwtPayload;
|
||||
try {
|
||||
payload = jwt.verify(refreshToken, env.JWT_SECRET) as jwt.JwtPayload;
|
||||
} catch {
|
||||
throw new UnauthorizedError('Invalid refresh token');
|
||||
}
|
||||
|
||||
if (payload.type !== 'refresh') {
|
||||
throw new UnauthorizedError('Invalid token type');
|
||||
}
|
||||
|
||||
const user = await this.repository.findUserById(payload.sub as string);
|
||||
if (!user) {
|
||||
throw new NotFoundError('User', payload.sub as string);
|
||||
}
|
||||
|
||||
return this.issueTokens(user).then((r) => r.tokens);
|
||||
}
|
||||
|
||||
async getUserInfo(userId: string): Promise<UserInfo> {
|
||||
const user = await this.repository.findUserById(userId);
|
||||
if (!user) {
|
||||
throw new NotFoundError('User', userId);
|
||||
}
|
||||
return this.buildUserInfo(user);
|
||||
}
|
||||
|
||||
private async issueTokens(user: User): Promise<{ tokens: TokenPair }> {
|
||||
const roles = await this.repository.getUserRoles(user.id);
|
||||
const roleNames = roles.map((r) => r.name);
|
||||
|
||||
const accessToken = jwt.sign(
|
||||
{ sub: user.id, email: user.email, roles: roleNames, type: 'access' },
|
||||
env.JWT_SECRET,
|
||||
{ issuer: env.JWT_ISSUER, audience: env.JWT_AUDIENCE, expiresIn: '15m' }
|
||||
);
|
||||
|
||||
const refreshToken = jwt.sign(
|
||||
{ sub: user.id, type: 'refresh' },
|
||||
env.JWT_SECRET,
|
||||
{ issuer: env.JWT_ISSUER, audience: env.JWT_AUDIENCE, expiresIn: '7d' }
|
||||
);
|
||||
|
||||
// 存储 refresh token hash
|
||||
const tokenHash = await bcrypt.hash(refreshToken, 10);
|
||||
await this.repository.createRefreshToken({
|
||||
id: uuidv4(),
|
||||
userId: user.id,
|
||||
tokenHash,
|
||||
expiresAt: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000),
|
||||
});
|
||||
|
||||
return {
|
||||
tokens: {
|
||||
accessToken,
|
||||
refreshToken,
|
||||
expiresIn: 15 * 60,
|
||||
},
|
||||
};
|
||||
}
|
||||
|
||||
private async buildUserInfo(user: User): Promise<UserInfo> {
|
||||
const roles = await this.repository.getUserRoles(user.id);
|
||||
const permissions = await this.repository.getUserPermissions(user.id);
|
||||
return {
|
||||
id: user.id,
|
||||
email: user.email,
|
||||
name: user.name,
|
||||
roles: roles.map((r) => r.name),
|
||||
permissions: permissions.map((p) => p.name),
|
||||
};
|
||||
}
|
||||
}
|
||||
31
services/iam/src/main.ts
Normal file
31
services/iam/src/main.ts
Normal file
@@ -0,0 +1,31 @@
|
||||
import 'reflect-metadata';
|
||||
import { NestFactory } from '@nestjs/core';
|
||||
import { AppModule } from './app.module.js';
|
||||
import { GlobalErrorFilter } from './shared/errors/global-error.filter.js';
|
||||
import { initTracer, shutdownTracer } from './shared/observability/tracer.js';
|
||||
import { env } from './config/env.js';
|
||||
import { logger } from './shared/observability/logger.js';
|
||||
|
||||
async function bootstrap(): Promise<void> {
|
||||
initTracer();
|
||||
|
||||
const app = await NestFactory.create(AppModule, {
|
||||
logger: ['log', 'error', 'warn'],
|
||||
});
|
||||
|
||||
app.useGlobalFilters(new GlobalErrorFilter());
|
||||
app.enableShutdownHooks();
|
||||
|
||||
await app.listen(env.PORT);
|
||||
logger.info({ port: env.PORT }, 'IAM service started');
|
||||
|
||||
process.on('SIGTERM', async () => {
|
||||
await app.close();
|
||||
await shutdownTracer();
|
||||
});
|
||||
}
|
||||
|
||||
bootstrap().catch((err: unknown) => {
|
||||
logger.error({ err }, 'Failed to start IAM service');
|
||||
process.exit(1);
|
||||
});
|
||||
24
services/iam/src/middleware/auth.middleware.ts
Normal file
24
services/iam/src/middleware/auth.middleware.ts
Normal file
@@ -0,0 +1,24 @@
|
||||
import { Injectable, NestMiddleware, UnauthorizedException } from '@nestjs/common';
|
||||
import { Request, Response, NextFunction } from 'express';
|
||||
|
||||
export interface AuthenticatedRequest extends Request {
|
||||
userId?: string;
|
||||
userRoles?: string[];
|
||||
}
|
||||
|
||||
@Injectable()
|
||||
export class AuthMiddleware implements NestMiddleware {
|
||||
use(req: AuthenticatedRequest, res: Response, next: NextFunction): void {
|
||||
// 从 Gateway 注入的头部读取用户信息
|
||||
const userId = req.headers['x-user-id'] as string | undefined;
|
||||
const rolesHeader = req.headers['x-user-roles'] as string | undefined;
|
||||
|
||||
if (!userId) {
|
||||
throw new UnauthorizedException('Missing x-user-id header');
|
||||
}
|
||||
|
||||
req.userId = userId;
|
||||
req.userRoles = rolesHeader ? rolesHeader.split(',') : [];
|
||||
next();
|
||||
}
|
||||
}
|
||||
56
services/iam/src/middleware/permission.guard.ts
Normal file
56
services/iam/src/middleware/permission.guard.ts
Normal file
@@ -0,0 +1,56 @@
|
||||
import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common';
|
||||
import type { Reflector } from '@nestjs/core';
|
||||
import { PermissionDeniedError } from '../shared/errors/application-error.js';
|
||||
import type { AuthenticatedRequest } from './auth.middleware.js';
|
||||
|
||||
export type Permission =
|
||||
| 'IAM_USER_CREATE'
|
||||
| 'IAM_USER_READ'
|
||||
| 'IAM_USER_UPDATE'
|
||||
| 'IAM_USER_DELETE'
|
||||
| 'IAM_ROLE_MANAGE';
|
||||
|
||||
export const Permissions = {
|
||||
IAM_USER_CREATE: 'IAM_USER_CREATE' as const,
|
||||
IAM_USER_READ: 'IAM_USER_READ' as const,
|
||||
IAM_USER_UPDATE: 'IAM_USER_UPDATE' as const,
|
||||
IAM_USER_DELETE: 'IAM_USER_DELETE' as const,
|
||||
IAM_ROLE_MANAGE: 'IAM_ROLE_MANAGE' as const,
|
||||
};
|
||||
|
||||
const ROLE_PERMISSIONS: Record<string, Permission[]> = {
|
||||
admin: [
|
||||
Permissions.IAM_USER_CREATE,
|
||||
Permissions.IAM_USER_READ,
|
||||
Permissions.IAM_USER_UPDATE,
|
||||
Permissions.IAM_USER_DELETE,
|
||||
Permissions.IAM_ROLE_MANAGE,
|
||||
],
|
||||
teacher: [Permissions.IAM_USER_READ],
|
||||
};
|
||||
|
||||
@Injectable()
|
||||
export class PermissionGuard implements CanActivate {
|
||||
constructor(private readonly requiredPermission: Permission) {}
|
||||
|
||||
canActivate(context: ExecutionContext): boolean {
|
||||
const request = context.switchToHttp().getRequest<AuthenticatedRequest>();
|
||||
const roles = request.userRoles ?? [];
|
||||
|
||||
for (const role of roles) {
|
||||
const perms = ROLE_PERMISSIONS[role];
|
||||
if (perms && perms.includes(this.requiredPermission)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
throw new PermissionDeniedError(this.requiredPermission);
|
||||
}
|
||||
}
|
||||
|
||||
// 工厂函数,用于装饰器
|
||||
export function createPermissionGuardFactory(_reflector: Reflector) {
|
||||
return {
|
||||
create: (permission: Permission) => new PermissionGuard(permission),
|
||||
};
|
||||
}
|
||||
105
services/iam/src/shared/errors/application-error.ts
Normal file
105
services/iam/src/shared/errors/application-error.ts
Normal file
@@ -0,0 +1,105 @@
|
||||
export type ErrorType =
|
||||
| 'validation'
|
||||
| 'not_found'
|
||||
| 'permission_denied'
|
||||
| 'unauthorized'
|
||||
| 'conflict'
|
||||
| 'business'
|
||||
| 'database'
|
||||
| 'internal';
|
||||
|
||||
export interface ErrorDetails {
|
||||
[key: string]: unknown;
|
||||
}
|
||||
|
||||
export abstract class ApplicationError extends Error {
|
||||
abstract readonly type: ErrorType;
|
||||
abstract readonly statusCode: number;
|
||||
readonly code: string;
|
||||
readonly details?: ErrorDetails;
|
||||
// traceId 改为可写,以便 GlobalErrorFilter 注入请求级 traceId
|
||||
traceId?: string;
|
||||
|
||||
constructor(message: string, code: string, details?: ErrorDetails) {
|
||||
super(message);
|
||||
this.name = this.constructor.name;
|
||||
this.code = code;
|
||||
this.details = details;
|
||||
}
|
||||
|
||||
toJSON(): Record<string, unknown> {
|
||||
return {
|
||||
success: false,
|
||||
error: {
|
||||
code: this.code,
|
||||
message: this.message,
|
||||
details: this.details,
|
||||
traceId: this.traceId,
|
||||
},
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
export class ValidationError extends ApplicationError {
|
||||
readonly type = 'validation' as const;
|
||||
readonly statusCode = 400;
|
||||
constructor(message: string, details?: ErrorDetails) {
|
||||
super(message, 'IAM_VALIDATION_ERROR', details);
|
||||
}
|
||||
}
|
||||
|
||||
export class NotFoundError extends ApplicationError {
|
||||
readonly type = 'not_found' as const;
|
||||
readonly statusCode = 404;
|
||||
constructor(resource: string, id: string) {
|
||||
super(`${resource} not found: ${id}`, 'IAM_NOT_FOUND', { resource, id });
|
||||
}
|
||||
}
|
||||
|
||||
export class PermissionDeniedError extends ApplicationError {
|
||||
readonly type = 'permission_denied' as const;
|
||||
readonly statusCode = 403;
|
||||
constructor(permission: string) {
|
||||
super(`Permission denied: ${permission}`, 'IAM_PERMISSION_DENIED', { permission });
|
||||
}
|
||||
}
|
||||
|
||||
export class UnauthorizedError extends ApplicationError {
|
||||
readonly type = 'unauthorized' as const;
|
||||
readonly statusCode = 401;
|
||||
constructor(message: string, details?: ErrorDetails) {
|
||||
super(message, 'IAM_UNAUTHORIZED', details);
|
||||
}
|
||||
}
|
||||
|
||||
export class ConflictError extends ApplicationError {
|
||||
readonly type = 'conflict' as const;
|
||||
readonly statusCode = 409;
|
||||
constructor(message: string, details?: ErrorDetails) {
|
||||
super(message, 'IAM_CONFLICT', details);
|
||||
}
|
||||
}
|
||||
|
||||
export class BusinessError extends ApplicationError {
|
||||
readonly type = 'business' as const;
|
||||
readonly statusCode = 422;
|
||||
constructor(message: string, details?: ErrorDetails) {
|
||||
super(message, 'IAM_BUSINESS_ERROR', details);
|
||||
}
|
||||
}
|
||||
|
||||
export class DatabaseError extends ApplicationError {
|
||||
readonly type = 'database' as const;
|
||||
readonly statusCode = 500;
|
||||
constructor(message: string, details?: ErrorDetails) {
|
||||
super(message, 'IAM_DATABASE_ERROR', details);
|
||||
}
|
||||
}
|
||||
|
||||
export class InternalError extends ApplicationError {
|
||||
readonly type = 'internal' as const;
|
||||
readonly statusCode = 500;
|
||||
constructor(message: string, details?: ErrorDetails) {
|
||||
super(message, 'IAM_INTERNAL_ERROR', details);
|
||||
}
|
||||
}
|
||||
77
services/iam/src/shared/errors/global-error.filter.ts
Normal file
77
services/iam/src/shared/errors/global-error.filter.ts
Normal file
@@ -0,0 +1,77 @@
|
||||
import { Catch, ExceptionFilter, ArgumentsHost, HttpException, Logger } from '@nestjs/common';
|
||||
import { Request, Response } from 'express';
|
||||
import { ZodError } from 'zod';
|
||||
import { ApplicationError } from './application-error.js';
|
||||
|
||||
@Catch()
|
||||
export class GlobalErrorFilter implements ExceptionFilter {
|
||||
private readonly logger = new Logger(GlobalErrorFilter.name);
|
||||
|
||||
catch(exception: unknown, host: ArgumentsHost): void {
|
||||
const ctx = host.switchToHttp();
|
||||
const response = ctx.getResponse<Response>();
|
||||
const request = ctx.getRequest<Request>();
|
||||
|
||||
const traceId = (request.headers['x-request-id'] as string | undefined) ?? 'unknown';
|
||||
|
||||
let statusCode = 500;
|
||||
let body: Record<string, unknown>;
|
||||
|
||||
if (exception instanceof ApplicationError) {
|
||||
exception.traceId = traceId;
|
||||
statusCode = exception.statusCode;
|
||||
body = exception.toJSON();
|
||||
} else if (exception instanceof ZodError) {
|
||||
// 捕获 Zod 解析错误,转换为结构化 ValidationError 响应
|
||||
statusCode = 400;
|
||||
body = {
|
||||
success: false,
|
||||
error: {
|
||||
code: 'IAM_VALIDATION_ERROR',
|
||||
message: 'Validation failed',
|
||||
details: exception.flatten(),
|
||||
traceId,
|
||||
},
|
||||
};
|
||||
} else if (exception instanceof HttpException) {
|
||||
statusCode = exception.getStatus();
|
||||
const res = exception.getResponse();
|
||||
const message = this.extractHttpMessage(res, exception);
|
||||
body = {
|
||||
success: false,
|
||||
error: {
|
||||
code: 'HTTP_ERROR',
|
||||
message,
|
||||
traceId,
|
||||
},
|
||||
};
|
||||
} else {
|
||||
this.logger.error(
|
||||
`Unhandled exception: ${exception}`,
|
||||
exception instanceof Error ? exception.stack : undefined,
|
||||
);
|
||||
body = {
|
||||
success: false,
|
||||
error: {
|
||||
code: 'INTERNAL_ERROR',
|
||||
message: 'An unexpected error occurred',
|
||||
traceId,
|
||||
},
|
||||
};
|
||||
}
|
||||
|
||||
response.status(statusCode).json(body);
|
||||
}
|
||||
|
||||
private extractHttpMessage(res: string | object, exception: HttpException): string {
|
||||
if (typeof res === 'string') {
|
||||
return res;
|
||||
}
|
||||
if (res && typeof res === 'object' && 'message' in res) {
|
||||
// 从 HttpException 响应体收窄类型(NestJS 约定包含 message 字段)
|
||||
const msg = (res as { message: unknown }).message;
|
||||
return typeof msg === 'string' ? msg : exception.message;
|
||||
}
|
||||
return exception.message;
|
||||
}
|
||||
}
|
||||
19
services/iam/src/shared/observability/logger.ts
Normal file
19
services/iam/src/shared/observability/logger.ts
Normal file
@@ -0,0 +1,19 @@
|
||||
import pino from 'pino';
|
||||
import { env } from '../../config/env.js';
|
||||
|
||||
export const logger = pino({
|
||||
level: env.LOG_LEVEL,
|
||||
base: {
|
||||
service: 'iam',
|
||||
version: '0.1.0',
|
||||
},
|
||||
transport:
|
||||
env.NODE_ENV === 'development'
|
||||
? {
|
||||
target: 'pino-pretty',
|
||||
options: { colorize: true },
|
||||
}
|
||||
: undefined,
|
||||
});
|
||||
|
||||
export type Logger = typeof logger;
|
||||
23
services/iam/src/shared/observability/metrics.ts
Normal file
23
services/iam/src/shared/observability/metrics.ts
Normal file
@@ -0,0 +1,23 @@
|
||||
import promClient from 'prom-client';
|
||||
|
||||
const registry = new promClient.Registry();
|
||||
registry.setDefaultLabels({ service: 'iam' });
|
||||
|
||||
registry.registerMetric(
|
||||
new promClient.Counter({
|
||||
name: 'iam_requests_total',
|
||||
help: 'Total number of iam requests',
|
||||
labelNames: ['method', 'endpoint', 'status'],
|
||||
}),
|
||||
);
|
||||
|
||||
registry.registerMetric(
|
||||
new promClient.Histogram({
|
||||
name: 'iam_request_duration_seconds',
|
||||
help: 'Iam request duration in seconds',
|
||||
labelNames: ['method', 'endpoint'],
|
||||
buckets: [0.01, 0.05, 0.1, 0.3, 0.5, 1, 3, 5],
|
||||
}),
|
||||
);
|
||||
|
||||
export { registry as metricsRegistry };
|
||||
25
services/iam/src/shared/observability/tracer.ts
Normal file
25
services/iam/src/shared/observability/tracer.ts
Normal file
@@ -0,0 +1,25 @@
|
||||
import { NodeSDK } from '@opentelemetry/sdk-node';
|
||||
import { OTLPTraceExporter } from '@opentelemetry/exporter-trace-otlp-http';
|
||||
import { env } from '../../config/env.js';
|
||||
|
||||
let sdk: NodeSDK | null = null;
|
||||
|
||||
export function initTracer(): void {
|
||||
if (!env.OTEL_EXPORTER_OTLP_ENDPOINT) return;
|
||||
|
||||
sdk = new NodeSDK({
|
||||
serviceName: 'iam',
|
||||
traceExporter: new OTLPTraceExporter({
|
||||
url: `${env.OTEL_EXPORTER_OTLP_ENDPOINT}/v1/traces`,
|
||||
}),
|
||||
});
|
||||
|
||||
sdk.start();
|
||||
console.log('Tracer initialized');
|
||||
}
|
||||
|
||||
export async function shutdownTracer(): Promise<void> {
|
||||
if (sdk) {
|
||||
await sdk.shutdown();
|
||||
}
|
||||
}
|
||||
15
services/iam/tsconfig.json
Normal file
15
services/iam/tsconfig.json
Normal file
@@ -0,0 +1,15 @@
|
||||
{
|
||||
"extends": "../../tsconfig.base.json",
|
||||
"compilerOptions": {
|
||||
"module": "NodeNext",
|
||||
"moduleResolution": "NodeNext",
|
||||
"target": "ES2022",
|
||||
"experimentalDecorators": true,
|
||||
"emitDecoratorMetadata": true,
|
||||
"outDir": "./dist",
|
||||
"rootDir": "./src",
|
||||
"types": ["node"]
|
||||
},
|
||||
"include": ["src/**/*"],
|
||||
"exclude": ["node_modules", "dist", "test"]
|
||||
}
|
||||
19
services/teacher-bff/Dockerfile
Normal file
19
services/teacher-bff/Dockerfile
Normal file
@@ -0,0 +1,19 @@
|
||||
# Build stage
|
||||
FROM node:20-alpine AS builder
|
||||
WORKDIR /app
|
||||
RUN npm install -g pnpm
|
||||
COPY package.json pnpm-lock.yaml* ./
|
||||
RUN pnpm install --frozen-lockfile
|
||||
COPY tsconfig.json nest-cli.json ./
|
||||
COPY src ./src
|
||||
RUN pnpm build
|
||||
|
||||
# Runtime stage
|
||||
FROM node:20-alpine
|
||||
WORKDIR /app
|
||||
RUN npm install -g pnpm
|
||||
COPY package.json pnpm-lock.yaml* ./
|
||||
RUN pnpm install --prod --frozen-lockfile
|
||||
COPY --from=builder /app/dist ./dist
|
||||
EXPOSE 3003
|
||||
CMD ["node", "dist/main.js"]
|
||||
8
services/teacher-bff/nest-cli.json
Normal file
8
services/teacher-bff/nest-cli.json
Normal file
@@ -0,0 +1,8 @@
|
||||
{
|
||||
"$schema": "https://json.schemastore.org/nest-cli",
|
||||
"collection": "@nestjs/schematics",
|
||||
"sourceRoot": "src",
|
||||
"compilerOptions": {
|
||||
"deleteOutDir": true
|
||||
}
|
||||
}
|
||||
31
services/teacher-bff/package.json
Normal file
31
services/teacher-bff/package.json
Normal file
@@ -0,0 +1,31 @@
|
||||
{
|
||||
"name": "@edu/teacher-bff",
|
||||
"version": "0.1.0",
|
||||
"private": true,
|
||||
"type": "module",
|
||||
"scripts": {
|
||||
"dev": "nest start --watch",
|
||||
"build": "nest build",
|
||||
"start": "node dist/main.js",
|
||||
"test": "vitest run",
|
||||
"lint": "eslint src --ext .ts",
|
||||
"typecheck": "tsc --noEmit"
|
||||
},
|
||||
"dependencies": {
|
||||
"@nestjs/common": "^10.4.0",
|
||||
"@nestjs/core": "^10.4.0",
|
||||
"@nestjs/platform-express": "^10.4.0",
|
||||
"pino": "^9.4.0",
|
||||
"prom-client": "^15.1.0",
|
||||
"@opentelemetry/api": "^1.9.0",
|
||||
"reflect-metadata": "^0.2.2",
|
||||
"rxjs": "^7.8.0"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@nestjs/cli": "^10.4.0",
|
||||
"@types/node": "^22.0.0",
|
||||
"eslint": "^9.10.0",
|
||||
"typescript": "^5.6.0",
|
||||
"vitest": "^2.1.0"
|
||||
}
|
||||
}
|
||||
7
services/teacher-bff/src/app.module.ts
Normal file
7
services/teacher-bff/src/app.module.ts
Normal file
@@ -0,0 +1,7 @@
|
||||
import { Module } from '@nestjs/common';
|
||||
import { TeacherModule } from './teacher/teacher.module.js';
|
||||
|
||||
@Module({
|
||||
imports: [TeacherModule],
|
||||
})
|
||||
export class AppModule {}
|
||||
25
services/teacher-bff/src/config/env.ts
Normal file
25
services/teacher-bff/src/config/env.ts
Normal file
@@ -0,0 +1,25 @@
|
||||
import { z } from 'zod';
|
||||
|
||||
const envSchema = z.object({
|
||||
PORT: z.string().default('3003'),
|
||||
IamServiceUrl: z.string().url().default('http://localhost:3002'),
|
||||
ClassesServiceUrl: z.string().url().default('http://localhost:3001'),
|
||||
LOG_LEVEL: z.string().default('info'),
|
||||
NODE_ENV: z.string().default('development'),
|
||||
});
|
||||
|
||||
export type Env = z.infer<typeof envSchema>;
|
||||
|
||||
export function loadEnv(): Env {
|
||||
const result = envSchema.safeParse({
|
||||
...process.env,
|
||||
IamServiceUrl: process.env.IAM_SERVICE_URL || 'http://localhost:3002',
|
||||
ClassesServiceUrl: process.env.CLASSES_SERVICE_URL || 'http://localhost:3001',
|
||||
});
|
||||
if (!result.success) {
|
||||
throw new Error('Invalid env: ' + JSON.stringify(result.error.flatten()));
|
||||
}
|
||||
return result.data;
|
||||
}
|
||||
|
||||
export const env = loadEnv();
|
||||
24
services/teacher-bff/src/main.ts
Normal file
24
services/teacher-bff/src/main.ts
Normal file
@@ -0,0 +1,24 @@
|
||||
import 'reflect-metadata';
|
||||
import { NestFactory } from '@nestjs/core';
|
||||
import { AppModule } from './app.module.js';
|
||||
import { env } from './config/env.js';
|
||||
|
||||
async function bootstrap(): Promise<void> {
|
||||
const app = await NestFactory.create(AppModule, {
|
||||
logger: ['log', 'error', 'warn'],
|
||||
});
|
||||
|
||||
app.enableShutdownHooks();
|
||||
|
||||
await app.listen(env.PORT);
|
||||
console.log(`Teacher BFF started on port ${env.PORT}`);
|
||||
|
||||
process.on('SIGTERM', async () => {
|
||||
await app.close();
|
||||
});
|
||||
}
|
||||
|
||||
bootstrap().catch((err: unknown) => {
|
||||
console.error('Failed to start Teacher BFF', err);
|
||||
process.exit(1);
|
||||
});
|
||||
19
services/teacher-bff/src/teacher/teacher.controller.ts
Normal file
19
services/teacher-bff/src/teacher/teacher.controller.ts
Normal file
@@ -0,0 +1,19 @@
|
||||
import { Controller, Get, Req } from '@nestjs/common';
|
||||
import type { Request } from 'express';
|
||||
import { TeacherService } from './teacher.service.js';
|
||||
|
||||
interface AuthenticatedRequest extends Request {
|
||||
userId?: string;
|
||||
}
|
||||
|
||||
@Controller('teacher')
|
||||
export class TeacherController {
|
||||
constructor(private readonly service: TeacherService) {}
|
||||
|
||||
@Get('dashboard')
|
||||
async dashboard(@Req() req: Request) {
|
||||
const authReq = req as AuthenticatedRequest;
|
||||
const data = await this.service.getDashboard(authReq.userId as string);
|
||||
return { success: true, data };
|
||||
}
|
||||
}
|
||||
9
services/teacher-bff/src/teacher/teacher.module.ts
Normal file
9
services/teacher-bff/src/teacher/teacher.module.ts
Normal file
@@ -0,0 +1,9 @@
|
||||
import { Module } from '@nestjs/common';
|
||||
import { TeacherController } from './teacher.controller.js';
|
||||
import { TeacherService } from './teacher.service.js';
|
||||
|
||||
@Module({
|
||||
controllers: [TeacherController],
|
||||
providers: [TeacherService],
|
||||
})
|
||||
export class TeacherModule {}
|
||||
22
services/teacher-bff/src/teacher/teacher.service.ts
Normal file
22
services/teacher-bff/src/teacher/teacher.service.ts
Normal file
@@ -0,0 +1,22 @@
|
||||
import { Injectable } from '@nestjs/common';
|
||||
import { env } from '../config/env.js';
|
||||
|
||||
@Injectable()
|
||||
export class TeacherService {
|
||||
// 聚合 IAM + classes 服务的数据
|
||||
async getDashboard(userId: string): Promise<unknown> {
|
||||
const [iamRes, classesRes] = await Promise.allSettled([
|
||||
fetch(`${env.IamServiceUrl}/iam/me`, {
|
||||
headers: { 'x-user-id': userId },
|
||||
}),
|
||||
fetch(`${env.ClassesServiceUrl}/classes`, {
|
||||
headers: { 'x-user-id': userId },
|
||||
}),
|
||||
]);
|
||||
|
||||
return {
|
||||
user: iamRes.status === 'fulfilled' ? await iamRes.value.json() : null,
|
||||
classes: classesRes.status === 'fulfilled' ? await classesRes.value.json() : null,
|
||||
};
|
||||
}
|
||||
}
|
||||
15
services/teacher-bff/tsconfig.json
Normal file
15
services/teacher-bff/tsconfig.json
Normal file
@@ -0,0 +1,15 @@
|
||||
{
|
||||
"extends": "../../tsconfig.base.json",
|
||||
"compilerOptions": {
|
||||
"module": "NodeNext",
|
||||
"moduleResolution": "NodeNext",
|
||||
"target": "ES2022",
|
||||
"experimentalDecorators": true,
|
||||
"emitDecoratorMetadata": true,
|
||||
"outDir": "./dist",
|
||||
"rootDir": "./src",
|
||||
"types": ["node"]
|
||||
},
|
||||
"include": ["src/**/*"],
|
||||
"exclude": ["node_modules", "dist", "test"]
|
||||
}
|
||||
Reference in New Issue
Block a user