2 Commits

Author SHA1 Message Date
SpecialX
23246ade6d feat(p3): core teaching service with Outbox + Kafka event bus
P3 阶段交付物:
- services/core-edu: 教学核心服务(DDD 限界上下文:exams/grades/homework/classes)
  - exams: 考试 CRUD + 事务内写 exam + outbox
  - grades: 成绩 CRUD
  - homework: 作业 CRUD
  - classes.module: 复用 P1 classes 模块(聚合到 core-edu 服务)
- Outbox 模式实现:
  - outbox.schema.ts: core_edu_outbox 表(id/aggregate_id/event_type/payload/status/retry_count)
  - outbox.repository.ts: 支持事务参数 tx,确保业务+事件原子性
  - outbox.publisher.ts: Kafka idempotent producer + transactionalId,TOPIC_MAP 路由 9 种事件,MAX_RETRY=5
- config/kafka.ts: idempotent producer + transactionalId 配置
- main.ts: 启动顺序 initTracer → connectKafka → outboxPublisher.start → app.listen
- packages/shared-proto/proto/core_edu.proto: ExamService/HomeworkService/GradeService 契约
- packages/shared-proto/proto/events.proto: ClassEvent/ExamEvent/HomeworkEvent/GradeEvent 领域事件契约
2026-07-08 01:38:07 +08:00
SpecialX
524204d30a feat(p2): identity layer with IAM service and Teacher BFF
P2 阶段交付物:
- services/iam: 完整身份认证服务(users/roles/permissions/refresh_tokens 6 表 schema)
  - register/login/refresh/getUserInfo 4 个核心 API
  - bcrypt 密码哈希 + JWT 双 Token(access + refresh)
  - 复用 classes 黄金模板(errors/observability/middleware 三件套)
- services/teacher-bff: 教师聚合 BFF
  - Promise.allSettled 并行聚合 IAM + classes 数据
  - /teacher/dashboard 单一聚合端点
- packages/shared-proto/proto/iam.proto: IamService 契约(Register/Login/RefreshToken/GetUserInfo)
- api-gateway: 新增 IamServiceURL/TeacherBffURL 配置 + /iam/* + /teacher/* 路由
2026-07-08 01:37:29 +08:00
72 changed files with 2700 additions and 1 deletions

View File

@@ -0,0 +1,181 @@
syntax = "proto3";
package next_edu_cloud.core_edu.v1;
// CoreEdu service contracts - P3 core teaching domain.
// Covers exam management, homework assignment, and grade recording.
// Event contracts live in events.proto under next_edu_cloud.events.v1.
service ExamService {
rpc CreateExam(CreateExamRequest) returns (CreateExamResponse);
rpc GetExam(GetExamRequest) returns (Exam);
rpc ListExamsByClass(ListExamsByClassRequest) returns (ListExamsResponse);
rpc UpdateExam(UpdateExamRequest) returns (UpdateExamResponse);
rpc DeleteExam(DeleteExamRequest) returns (DeleteExamResponse);
}
service HomeworkService {
rpc AssignHomework(AssignHomeworkRequest) returns (AssignHomeworkResponse);
rpc GetHomework(GetHomeworkRequest) returns (Homework);
rpc ListHomeworkByClass(ListHomeworkByClassRequest) returns (ListHomeworkResponse);
rpc SubmitHomework(SubmitHomeworkRequest) returns (SubmitHomeworkResponse);
}
service GradeService {
rpc RecordGrade(RecordGradeRequest) returns (RecordGradeResponse);
rpc GetGrade(GetGradeRequest) returns (Grade);
rpc ListGradesByStudent(ListGradesByStudentRequest) returns (ListGradesResponse);
rpc ListGradesByExam(ListGradesByExamRequest) returns (ListGradesResponse);
rpc ListGradesByHomework(ListGradesByHomeworkRequest) returns (ListGradesResponse);
}
message Exam {
string id = 1;
string class_id = 2;
string title = 3;
string description = 4;
string exam_date = 5;
string duration = 6;
string total_score = 7;
string status = 8;
string created_by = 9;
string created_at = 10;
string updated_at = 11;
}
message Homework {
string id = 1;
string class_id = 2;
string title = 3;
string description = 4;
string due_date = 5;
string status = 6;
string created_by = 7;
string created_at = 8;
string updated_at = 9;
}
message Grade {
string id = 1;
string student_id = 2;
string exam_id = 3;
string homework_id = 4;
string score = 5;
string feedback = 6;
string graded_by = 7;
string created_at = 8;
string updated_at = 9;
}
message CreateExamRequest {
string class_id = 1;
string title = 2;
string description = 3;
string exam_date = 4;
string duration = 5;
string total_score = 6;
string created_by = 7;
}
message CreateExamResponse {
string id = 1;
}
message GetExamRequest {
string id = 1;
}
message ListExamsByClassRequest {
string class_id = 1;
}
message ListExamsResponse {
repeated Exam exams = 1;
}
message UpdateExamRequest {
string id = 1;
string title = 2;
string description = 3;
string exam_date = 4;
string duration = 5;
string total_score = 6;
string status = 7;
}
message UpdateExamResponse {
bool success = 1;
}
message DeleteExamRequest {
string id = 1;
}
message DeleteExamResponse {
bool success = 1;
}
message AssignHomeworkRequest {
string class_id = 1;
string title = 2;
string description = 3;
string due_date = 4;
string created_by = 5;
}
message AssignHomeworkResponse {
string id = 1;
}
message GetHomeworkRequest {
string id = 1;
}
message ListHomeworkByClassRequest {
string class_id = 1;
}
message ListHomeworkResponse {
repeated Homework homework = 1;
}
message SubmitHomeworkRequest {
string id = 1;
}
message SubmitHomeworkResponse {
bool success = 1;
}
message RecordGradeRequest {
string student_id = 1;
string exam_id = 2;
string homework_id = 3;
string score = 4;
string feedback = 5;
string graded_by = 6;
}
message RecordGradeResponse {
string id = 1;
}
message GetGradeRequest {
string id = 1;
}
message ListGradesByStudentRequest {
string student_id = 1;
}
message ListGradesByExamRequest {
string exam_id = 1;
}
message ListGradesByHomeworkRequest {
string homework_id = 1;
}
message ListGradesResponse {
repeated Grade grades = 1;
}

View File

@@ -0,0 +1,60 @@
syntax = "proto3";
package next_edu_cloud.events.v1;
// Cross-service event contracts published by CoreEdu via the transactional
// outbox pattern and consumed by downstream services (notifications, analytics,
// audit, etc.). Topics follow the convention edu.{domain}.events.
//
// Event routing (TOPIC_MAP in outbox.publisher.ts):
// edu.exam.events <- exam.created / exam.updated / exam.deleted
// edu.homework.events <- homework.assigned / homework.submitted / homework.graded
// edu.grade.events <- grade.recorded / grade.updated
// edu.class.events <- class.transferred
message ClassEvent {
string event_id = 1;
string aggregate_id = 2;
string event_type = 3;
int64 occurred_at = 4;
string class_id = 5;
string name = 6;
string action = 7;
map<string, string> metadata = 8;
}
message ExamEvent {
string event_id = 1;
string aggregate_id = 2;
string event_type = 3;
int64 occurred_at = 4;
string exam_id = 5;
string class_id = 6;
string title = 7;
string action = 8;
map<string, string> metadata = 9;
}
message HomeworkEvent {
string event_id = 1;
string aggregate_id = 2;
string event_type = 3;
int64 occurred_at = 4;
string homework_id = 5;
string class_id = 6;
string title = 7;
string action = 8;
map<string, string> metadata = 9;
}
message GradeEvent {
string event_id = 1;
string aggregate_id = 2;
string event_type = 3;
int64 occurred_at = 4;
string grade_id = 5;
string student_id = 6;
string score = 7;
string action = 8;
map<string, string> metadata = 9;
}

View File

@@ -0,0 +1,50 @@
syntax = "proto3";
package next_edu_cloud.iam.v1;
// IamService 定义身份与访问管理契约
// P2: REST 实现P3 起转 gRPC
service IamService {
rpc Register(RegisterRequest) returns (AuthResponse);
rpc Login(LoginRequest) returns (AuthResponse);
rpc RefreshToken(RefreshTokenRequest) returns (TokenPair);
rpc GetUserInfo(GetUserInfoRequest) returns (UserInfo);
}
message RegisterRequest {
string email = 1;
string password = 2;
string name = 3;
}
message LoginRequest {
string email = 1;
string password = 2;
}
message RefreshTokenRequest {
string refresh_token = 1;
}
message GetUserInfoRequest {
string user_id = 1;
}
message AuthResponse {
UserInfo user = 1;
TokenPair tokens = 2;
}
message TokenPair {
string access_token = 1;
string refresh_token = 2;
int32 expires_in = 3;
}
message UserInfo {
string id = 1;
string email = 2;
string name = 3;
repeated string roles = 4;
repeated string permissions = 5;
}

View File

@@ -11,6 +11,8 @@ type Config struct {
JWTIssuer string
JWTAudience string
ClassesServiceURL string
IamServiceURL string
TeacherBffURL string
OTLPEndpoint string
LogLevel string
}
@@ -22,6 +24,8 @@ func Load() *Config {
JWTIssuer: getEnv("JWT_ISSUER", "next-edu-cloud"),
JWTAudience: getEnv("JWT_AUDIENCE", "next-edu-cloud"),
ClassesServiceURL: getEnv("CLASSES_SERVICE_URL", "http://localhost:3001"),
IamServiceURL: getEnv("IAM_SERVICE_URL", "http://localhost:3002"),
TeacherBffURL: getEnv("TEACHER_BFF_URL", "http://localhost:3003"),
OTLPEndpoint: getEnv("OTEL_EXPORTER_OTLP_ENDPOINT", "http://localhost:4318"),
LogLevel: getEnv("LOG_LEVEL", "info"),
}

View File

@@ -1,4 +1,4 @@
package routing
package routing
import (
"github.com/edu-cloud/api-gateway/internal/config"
@@ -29,6 +29,20 @@ func Setup(cfg *config.Config) *gin.Engine {
panic("failed to create classes proxy: " + err.Error())
}
api.Any("/classes/*path", proxy.ProxyHandler(classesProxy))
// IAM 服务路由(身份与访问管理)
iamProxy, err := proxy.NewProxy(cfg.IamServiceURL)
if err != nil {
panic("failed to create iam proxy: " + err.Error())
}
api.Any("/iam/*path", proxy.ProxyHandler(iamProxy))
// Teacher BFF 路由(教师聚合层)
bffProxy, err := proxy.NewProxy(cfg.TeacherBffURL)
if err != nil {
panic("failed to create teacher-bff proxy: " + err.Error())
}
api.Any("/teacher/*path", proxy.ProxyHandler(bffProxy))
}
return r

View File

@@ -0,0 +1,19 @@
# Build stage
FROM node:20-alpine AS builder
WORKDIR /app
RUN npm install -g pnpm
COPY package.json pnpm-lock.yaml* ./
RUN pnpm install --frozen-lockfile
COPY tsconfig.json nest-cli.json ./
COPY src ./src
RUN pnpm build
# Runtime stage
FROM node:20-alpine
WORKDIR /app
RUN npm install -g pnpm
COPY package.json pnpm-lock.yaml* ./
RUN pnpm install --prod --frozen-lockfile
COPY --from=builder /app/dist ./dist
EXPOSE 3004
CMD ["node", "dist/main.js"]

View File

@@ -0,0 +1,52 @@
# core-edu 教学核心服务
> P3 核心教学阶段骨架 | 端口 3004
## 职责
core-edu 是教学核心限界上下文,合并 P1 的 classes 域,管理考试 / 作业 / 成绩聚合。
覆盖教学全链路:考试发布、作业提交、成绩录入与查询。
## 模块结构
```
src/
├─ config/ # env / database / kafka
├─ shared/
│ ├─ outbox/ # 事务性发件箱schema + repository + publisher
│ ├─ errors/ # 应用错误 + 全局错误过滤器
│ └─ observability/ # logger / metrics / tracer
├─ middleware/ # auth.middleware / permission.guard
├─ classes/ # P3 待合并(骨架)
├─ exams/ # 考试域
├─ homework/ # 作业域
├─ grades/ # 成绩域
├─ app.module.ts
└─ main.ts
```
## 关键机制
- **Outbox 模式**:写业务数据同事务写 `core_edu_outbox`OutboxPublisher 定时扫描并发送到 Kafka保证事件可靠投递。
- **Kafka 集成**idempotent + transactional producer按 eventType 路由到 `edu.{domain}.events` 主题。
- **事件契约**:见 `packages/shared-proto/proto/events.proto`
## 开发
```bash
pnpm install
pnpm dev # 端口 3004
pnpm typecheck
pnpm lint
pnpm test
```
## 环境变量
| 变量 | 说明 | 默认 |
|------|------|------|
| `PORT` | 服务端口 | 3004 |
| `DATABASE_URL` | MySQL 连接串 | - |
| `KAFKA_BROKERS` | Kafka broker 列表(逗号分隔) | localhost:9092 |
| `JWT_SECRET` | JWT 密钥 | - |
| `OTEL_EXPORTER_OTLP_ENDPOINT` | OTLP 上报地址(可选) | - |

View File

@@ -0,0 +1,8 @@
{
"$schema": "https://json.schemastore.org/nest-cli",
"collection": "@nestjs/schematics",
"sourceRoot": "src",
"compilerOptions": {
"deleteOutDir": true
}
}

View File

@@ -0,0 +1,42 @@
{
"name": "@edu/core-edu-service",
"version": "0.1.0",
"private": true,
"type": "module",
"scripts": {
"dev": "nest start --watch",
"build": "nest build",
"start": "node dist/main.js",
"test": "vitest run",
"lint": "eslint src --ext .ts",
"typecheck": "tsc --noEmit"
},
"dependencies": {
"@nestjs/common": "^10.4.0",
"@nestjs/core": "^10.4.0",
"@nestjs/platform-express": "^10.4.0",
"drizzle-orm": "^0.31.0",
"mysql2": "^3.11.0",
"kafkajs": "^2.2.0",
"pino": "^9.4.0",
"prom-client": "^15.1.0",
"@opentelemetry/api": "^1.9.0",
"@opentelemetry/sdk-node": "^0.53.0",
"@opentelemetry/exporter-trace-otlp-http": "^0.53.0",
"zod": "^3.23.0",
"uuid": "^10.0.0",
"reflect-metadata": "^0.2.2",
"rxjs": "^7.8.0"
},
"devDependencies": {
"@nestjs/cli": "^10.4.0",
"@nestjs/schematics": "^10.2.0",
"@types/express": "^4.17.0",
"@types/node": "^22.0.0",
"@types/uuid": "^10.0.0",
"eslint": "^9.10.0",
"pino-pretty": "^11.2.0",
"typescript": "^5.6.0",
"vitest": "^2.1.0"
}
}

View File

@@ -0,0 +1,15 @@
import { MiddlewareConsumer, Module, NestModule } from '@nestjs/common';
import { ExamsModule } from './exams/exams.module.js';
import { HomeworkModule } from './homework/homework.module.js';
import { GradesModule } from './grades/grades.module.js';
import { ClassesModule } from './classes/classes.module.js';
import { AuthMiddleware } from './middleware/auth.middleware.js';
@Module({
imports: [ExamsModule, HomeworkModule, GradesModule, ClassesModule],
})
export class AppModule implements NestModule {
configure(consumer: MiddlewareConsumer): void {
consumer.apply(AuthMiddleware).forRoutes('/api/*');
}
}

View File

@@ -0,0 +1,15 @@
import { Module } from '@nestjs/common';
/**
* Classes module - P3 skeleton placeholder.
*
* The classes domain was merged into CoreEdu in P3. This empty module
* exists so that future class-transfer features and event handlers can
* be registered without restructuring the AppModule imports.
*/
@Module({
controllers: [],
providers: [],
exports: [],
})
export class ClassesModule {}

View File

@@ -0,0 +1,24 @@
import { drizzle } from 'drizzle-orm/mysql2';
import mysql from 'mysql2/promise';
import { env } from './env.js';
let pool: mysql.Pool | null = null;
export function getDb() {
if (!pool) {
pool = mysql.createPool({
uri: env.DATABASE_URL,
waitForConnections: true,
connectionLimit: 10,
queueLimit: 0,
});
}
return drizzle(pool);
}
export async function closeDb(): Promise<void> {
if (pool) {
await pool.end();
pool = null;
}
}

View File

@@ -0,0 +1,26 @@
import { z } from 'zod';
const envSchema = z.object({
PORT: z.string().default('3004'),
DATABASE_URL: z.string().url(),
REDIS_URL: z.string().url().optional(),
JWT_SECRET: z.string(),
JWT_ISSUER: z.string().default('next-edu-cloud'),
KAFKA_BROKERS: z.string().default('localhost:9092'),
OTEL_EXPORTER_OTLP_ENDPOINT: z.string().url().optional(),
LOG_LEVEL: z.enum(['fatal', 'error', 'warn', 'info', 'debug', 'trace']).default('info'),
NODE_ENV: z.enum(['development', 'production', 'test']).default('development'),
});
export type Env = z.infer<typeof envSchema>;
export function loadEnv(): Env {
const result = envSchema.safeParse(process.env);
if (!result.success) {
console.error('❌ Invalid environment variables:', result.error.flatten().fieldErrors);
throw new Error('Invalid environment configuration');
}
return result.data;
}
export const env = loadEnv();

View File

@@ -0,0 +1,25 @@
import { Kafka } from 'kafkajs';
import { env } from './env.js';
export const kafka = new Kafka({
brokers: env.KAFKA_BROKERS.split(','),
clientId: 'core-edu-service',
});
export const producer = kafka.producer({
idempotent: true,
transactionalId: 'core-edu-tx',
});
export const consumer = kafka.consumer({ groupId: 'core-edu-group' });
export async function connectKafka(): Promise<void> {
await producer.connect();
await consumer.connect();
console.log('Kafka connected');
}
export async function disconnectKafka(): Promise<void> {
await producer.disconnect();
await consumer.disconnect();
}

View File

@@ -0,0 +1,57 @@
import {
Body,
Controller,
Delete,
Get,
Param,
Post,
Put,
UseGuards,
} from '@nestjs/common';
import { ExamsService, type CreateExamInput, type UpdateExamInput } from './exams.service.js';
import { PermissionGuard, Permissions } from '../../middleware/permission.guard.js';
interface SuccessResponse<T> {
data: T;
timestamp: string;
}
@Controller('api/v1/exams')
export class ExamsController {
constructor(private readonly examsService: ExamsService) {}
@Post()
@UseGuards(new PermissionGuard(Permissions.EXAM_CREATE))
async create(@Body() body: CreateExamInput): Promise<SuccessResponse<{ id: string }>> {
const result = await this.examsService.createExam(body);
return { data: result, timestamp: new Date().toISOString() };
}
@Get(':id')
@UseGuards(new PermissionGuard(Permissions.EXAM_READ))
async findOne(@Param('id') id: string): Promise<SuccessResponse<Awaited<ReturnType<ExamsService['getExam']>>>> {
const data = await this.examsService.getExam(id);
return { data, timestamp: new Date().toISOString() };
}
@Get('class/:classId')
@UseGuards(new PermissionGuard(Permissions.EXAM_READ))
async listByClass(@Param('classId') classId: string): Promise<SuccessResponse<Awaited<ReturnType<ExamsService['listExamsByClass']>>>> {
const data = await this.examsService.listExamsByClass(classId);
return { data, timestamp: new Date().toISOString() };
}
@Put(':id')
@UseGuards(new PermissionGuard(Permissions.EXAM_UPDATE))
async update(@Param('id') id: string, @Body() body: UpdateExamInput): Promise<SuccessResponse<{ success: true }>> {
await this.examsService.updateExam(id, body);
return { data: { success: true }, timestamp: new Date().toISOString() };
}
@Delete(':id')
@UseGuards(new PermissionGuard(Permissions.EXAM_DELETE))
async remove(@Param('id') id: string): Promise<SuccessResponse<{ success: true }>> {
await this.examsService.deleteExam(id);
return { data: { success: true }, timestamp: new Date().toISOString() };
}
}

View File

@@ -0,0 +1,10 @@
import { Module } from '@nestjs/common';
import { ExamsController } from './exams.controller.js';
import { ExamsService } from './exams.service.js';
@Module({
controllers: [ExamsController],
providers: [ExamsService],
exports: [ExamsService],
})
export class ExamsModule {}

View File

@@ -0,0 +1,28 @@
import { eq } from 'drizzle-orm';
import { db } from '../../config/database.js';
import { exams, type Exam, type NewExam } from './exams.schema.js';
export class ExamsRepository {
async findById(id: string): Promise<Exam | undefined> {
const [result] = await db
.select()
.from(exams)
.where(eq(exams.id, id))
.limit(1);
return result;
}
async findByClassId(classId: string): Promise<Exam[]> {
return db.select().from(exams).where(eq(exams.classId, classId));
}
async update(id: string, data: Partial<NewExam>): Promise<void> {
await db.update(exams).set(data).where(eq(exams.id, id));
}
async delete(id: string): Promise<void> {
await db.delete(exams).where(eq(exams.id, id));
}
}
export const examsRepository = new ExamsRepository();

View File

@@ -0,0 +1,25 @@
import {
mysqlTable,
varchar,
text,
timestamp,
char,
datetime,
} from 'drizzle-orm/mysql-core';
export const exams = mysqlTable('core_edu_exams', {
id: char('id', { length: 36 }).notNull().primaryKey(),
classId: char('class_id', { length: 36 }).notNull(),
title: varchar('title', { length: 200 }).notNull(),
description: text('description'),
examDate: datetime('exam_date').notNull(),
duration: varchar('duration', { length: 50 }).notNull(),
totalScore: varchar('total_score', { length: 10 }).notNull(),
status: varchar('status', { length: 20 }).notNull().default('draft'),
createdBy: char('created_by', { length: 36 }).notNull(),
createdAt: timestamp('created_at').notNull().defaultNow(),
updatedAt: timestamp('updated_at').notNull().defaultNow().onUpdateNow(),
});
export type Exam = typeof exams.$inferSelect;
export type NewExam = typeof exams.$inferInsert;

View File

@@ -0,0 +1,127 @@
import { randomUUID } from 'node:crypto';
import { eq } from 'drizzle-orm';
import { Injectable } from '@nestjs/common';
import { db } from '../../config/database.js';
import { exams } from './exams.schema.js';
import { examsRepository } from './exams.repository.js';
import { outboxRepository } from '../../shared/outbox/outbox.repository.js';
import type { Exam, NewExam } from './exams.schema.js';
import { NotFoundError, ValidationError } from '../../shared/errors/application-error.js';
export interface CreateExamInput {
classId: string;
title: string;
description?: string;
examDate: Date;
duration: string;
totalScore: string;
createdBy: string;
}
export interface UpdateExamInput {
title?: string;
description?: string;
examDate?: Date;
duration?: string;
totalScore?: string;
status?: string;
}
@Injectable()
export class ExamsService {
async createExam(input: CreateExamInput): Promise<{ id: string }> {
if (!input.classId || !input.title || !input.createdBy) {
throw new ValidationError('classId, title, createdBy are required');
}
const id = randomUUID();
const exam: NewExam = {
id,
classId: input.classId,
title: input.title,
description: input.description,
examDate: input.examDate,
duration: input.duration,
totalScore: input.totalScore,
status: 'draft',
createdBy: input.createdBy,
};
await db.transaction(async (tx) => {
await tx.insert(exams).values(exam);
await outboxRepository.create(
{
id: randomUUID(),
aggregateId: id,
aggregateType: 'exam',
eventType: 'exam.created',
payload: JSON.stringify({
id,
classId: input.classId,
title: input.title,
}),
status: 'pending',
},
tx,
);
});
return { id };
}
async getExam(id: string): Promise<Exam> {
const exam = await examsRepository.findById(id);
if (!exam) {
throw new NotFoundError(`Exam ${id} not found`);
}
return exam;
}
async listExamsByClass(classId: string): Promise<Exam[]> {
return examsRepository.findByClassId(classId);
}
async updateExam(id: string, data: UpdateExamInput): Promise<void> {
const existing = await examsRepository.findById(id);
if (!existing) {
throw new NotFoundError(`Exam ${id} not found`);
}
await db.transaction(async (tx) => {
await tx.update(exams).set(data).where(eq(exams.id, id));
await outboxRepository.create(
{
id: randomUUID(),
aggregateId: id,
aggregateType: 'exam',
eventType: 'exam.updated',
payload: JSON.stringify({ id, changes: data }),
status: 'pending',
},
tx,
);
});
}
async deleteExam(id: string): Promise<void> {
const existing = await examsRepository.findById(id);
if (!existing) {
throw new NotFoundError(`Exam ${id} not found`);
}
await db.transaction(async (tx) => {
await tx.delete(exams).where(eq(exams.id, id));
await outboxRepository.create(
{
id: randomUUID(),
aggregateId: id,
aggregateType: 'exam',
eventType: 'exam.deleted',
payload: JSON.stringify({ id }),
status: 'pending',
},
tx,
);
});
}
}

View File

@@ -0,0 +1,55 @@
import {
Body,
Controller,
Get,
Param,
Post,
UseGuards,
} from '@nestjs/common';
import { GradesService, type RecordGradeInput } from './grades.service.js';
import { PermissionGuard, Permissions } from '../../middleware/permission.guard.js';
interface SuccessResponse<T> {
data: T;
timestamp: string;
}
@Controller('api/v1/grades')
export class GradesController {
constructor(private readonly gradesService: GradesService) {}
@Post()
@UseGuards(new PermissionGuard(Permissions.GRADE_CREATE))
async record(@Body() body: RecordGradeInput): Promise<SuccessResponse<{ id: string }>> {
const result = await this.gradesService.recordGrade(body);
return { data: result, timestamp: new Date().toISOString() };
}
@Get(':id')
@UseGuards(new PermissionGuard(Permissions.GRADE_READ))
async findOne(@Param('id') id: string): Promise<SuccessResponse<Awaited<ReturnType<GradesService['getGrade']>>>> {
const data = await this.gradesService.getGrade(id);
return { data, timestamp: new Date().toISOString() };
}
@Get('student/:studentId')
@UseGuards(new PermissionGuard(Permissions.GRADE_READ))
async listByStudent(@Param('studentId') studentId: string): Promise<SuccessResponse<Awaited<ReturnType<GradesService['listByStudent']>>>> {
const data = await this.gradesService.listByStudent(studentId);
return { data, timestamp: new Date().toISOString() };
}
@Get('exam/:examId')
@UseGuards(new PermissionGuard(Permissions.GRADE_READ))
async listByExam(@Param('examId') examId: string): Promise<SuccessResponse<Awaited<ReturnType<GradesService['listByExam']>>>> {
const data = await this.gradesService.listByExam(examId);
return { data, timestamp: new Date().toISOString() };
}
@Get('homework/:homeworkId')
@UseGuards(new PermissionGuard(Permissions.GRADE_READ))
async listByHomework(@Param('homeworkId') homeworkId: string): Promise<SuccessResponse<Awaited<ReturnType<GradesService['listByHomework']>>>> {
const data = await this.gradesService.listByHomework(homeworkId);
return { data, timestamp: new Date().toISOString() };
}
}

View File

@@ -0,0 +1,10 @@
import { Module } from '@nestjs/common';
import { GradesController } from './grades.controller.js';
import { GradesService } from './grades.service.js';
@Module({
controllers: [GradesController],
providers: [GradesService],
exports: [GradesService],
})
export class GradesModule {}

View File

@@ -0,0 +1,22 @@
import {
mysqlTable,
varchar,
text,
timestamp,
char,
} from 'drizzle-orm/mysql-core';
export const grades = mysqlTable('core_edu_grades', {
id: char('id', { length: 36 }).notNull().primaryKey(),
studentId: char('student_id', { length: 36 }).notNull(),
examId: char('exam_id', { length: 36 }),
homeworkId: char('homework_id', { length: 36 }),
score: varchar('score', { length: 10 }).notNull(),
feedback: text('feedback'),
gradedBy: char('graded_by', { length: 36 }).notNull(),
createdAt: timestamp('created_at').notNull().defaultNow(),
updatedAt: timestamp('updated_at').notNull().defaultNow().onUpdateNow(),
});
export type Grade = typeof grades.$inferSelect;
export type NewGrade = typeof grades.$inferInsert;

View File

@@ -0,0 +1,87 @@
import { randomUUID } from 'node:crypto';
import { eq } from 'drizzle-orm';
import { Injectable } from '@nestjs/common';
import { db } from '../../config/database.js';
import { grades } from './grades.schema.js';
import { outboxRepository } from '../../shared/outbox/outbox.repository.js';
import type { Grade, NewGrade } from './grades.schema.js';
import { NotFoundError, ValidationError } from '../../shared/errors/application-error.js';
export interface RecordGradeInput {
studentId: string;
examId?: string;
homeworkId?: string;
score: string;
feedback?: string;
gradedBy: string;
}
@Injectable()
export class GradesService {
async recordGrade(input: RecordGradeInput): Promise<{ id: string }> {
if (!input.studentId || !input.score || !input.gradedBy) {
throw new ValidationError('studentId, score, gradedBy are required');
}
if (!input.examId && !input.homeworkId) {
throw new ValidationError('Either examId or homeworkId must be provided');
}
const id = randomUUID();
const record: NewGrade = {
id,
studentId: input.studentId,
examId: input.examId,
homeworkId: input.homeworkId,
score: input.score,
feedback: input.feedback,
gradedBy: input.gradedBy,
};
await db.transaction(async (tx) => {
await tx.insert(grades).values(record);
await outboxRepository.create(
{
id: randomUUID(),
aggregateId: id,
aggregateType: 'grade',
eventType: 'grade.recorded',
payload: JSON.stringify({
id,
studentId: input.studentId,
score: input.score,
examId: input.examId,
homeworkId: input.homeworkId,
}),
status: 'pending',
},
tx,
);
});
return { id };
}
async getGrade(id: string): Promise<Grade> {
const [record] = await db
.select()
.from(grades)
.where(eq(grades.id, id))
.limit(1);
if (!record) {
throw new NotFoundError(`Grade ${id} not found`);
}
return record;
}
async listByStudent(studentId: string): Promise<Grade[]> {
return db.select().from(grades).where(eq(grades.studentId, studentId));
}
async listByExam(examId: string): Promise<Grade[]> {
return db.select().from(grades).where(eq(grades.examId, examId));
}
async listByHomework(homeworkId: string): Promise<Grade[]> {
return db.select().from(grades).where(eq(grades.homeworkId, homeworkId));
}
}

View File

@@ -0,0 +1,48 @@
import {
Body,
Controller,
Get,
Param,
Post,
UseGuards,
} from '@nestjs/common';
import { HomeworkService, type AssignHomeworkInput } from './homework.service.js';
import { PermissionGuard, Permissions } from '../../middleware/permission.guard.js';
interface SuccessResponse<T> {
data: T;
timestamp: string;
}
@Controller('api/v1/homework')
export class HomeworkController {
constructor(private readonly homeworkService: HomeworkService) {}
@Post()
@UseGuards(new PermissionGuard(Permissions.HOMEWORK_CREATE))
async assign(@Body() body: AssignHomeworkInput): Promise<SuccessResponse<{ id: string }>> {
const result = await this.homeworkService.assignHomework(body);
return { data: result, timestamp: new Date().toISOString() };
}
@Get(':id')
@UseGuards(new PermissionGuard(Permissions.HOMEWORK_READ))
async findOne(@Param('id') id: string): Promise<SuccessResponse<Awaited<ReturnType<HomeworkService['getHomework']>>>> {
const data = await this.homeworkService.getHomework(id);
return { data, timestamp: new Date().toISOString() };
}
@Get('class/:classId')
@UseGuards(new PermissionGuard(Permissions.HOMEWORK_READ))
async listByClass(@Param('classId') classId: string): Promise<SuccessResponse<Awaited<ReturnType<HomeworkService['listByClass']>>>> {
const data = await this.homeworkService.listByClass(classId);
return { data, timestamp: new Date().toISOString() };
}
@Post(':id/submit')
@UseGuards(new PermissionGuard(Permissions.HOMEWORK_SUBMIT))
async submit(@Param('id') id: string): Promise<SuccessResponse<{ success: true }>> {
await this.homeworkService.submitHomework(id);
return { data: { success: true }, timestamp: new Date().toISOString() };
}
}

View File

@@ -0,0 +1,10 @@
import { Module } from '@nestjs/common';
import { HomeworkController } from './homework.controller.js';
import { HomeworkService } from './homework.service.js';
@Module({
controllers: [HomeworkController],
providers: [HomeworkService],
exports: [HomeworkService],
})
export class HomeworkModule {}

View File

@@ -0,0 +1,23 @@
import {
mysqlTable,
varchar,
text,
timestamp,
char,
datetime,
} from 'drizzle-orm/mysql-core';
export const homework = mysqlTable('core_edu_homework', {
id: char('id', { length: 36 }).notNull().primaryKey(),
classId: char('class_id', { length: 36 }).notNull(),
title: varchar('title', { length: 200 }).notNull(),
description: text('description'),
dueDate: datetime('due_date').notNull(),
status: varchar('status', { length: 20 }).notNull().default('assigned'),
createdBy: char('created_by', { length: 36 }).notNull(),
createdAt: timestamp('created_at').notNull().defaultNow(),
updatedAt: timestamp('updated_at').notNull().defaultNow().onUpdateNow(),
});
export type Homework = typeof homework.$inferSelect;
export type NewHomework = typeof homework.$inferInsert;

View File

@@ -0,0 +1,98 @@
import { randomUUID } from 'node:crypto';
import { eq } from 'drizzle-orm';
import { Injectable } from '@nestjs/common';
import { db } from '../../config/database.js';
import { homework } from './homework.schema.js';
import { outboxRepository } from '../../shared/outbox/outbox.repository.js';
import type { Homework, NewHomework } from './homework.schema.js';
import { NotFoundError, ValidationError } from '../../shared/errors/application-error.js';
export interface AssignHomeworkInput {
classId: string;
title: string;
description?: string;
dueDate: Date;
createdBy: string;
}
@Injectable()
export class HomeworkService {
async assignHomework(input: AssignHomeworkInput): Promise<{ id: string }> {
if (!input.classId || !input.title || !input.createdBy) {
throw new ValidationError('classId, title, createdBy are required');
}
const id = randomUUID();
const record: NewHomework = {
id,
classId: input.classId,
title: input.title,
description: input.description,
dueDate: input.dueDate,
status: 'assigned',
createdBy: input.createdBy,
};
await db.transaction(async (tx) => {
await tx.insert(homework).values(record);
await outboxRepository.create(
{
id: randomUUID(),
aggregateId: id,
aggregateType: 'homework',
eventType: 'homework.assigned',
payload: JSON.stringify({
id,
classId: input.classId,
title: input.title,
}),
status: 'pending',
},
tx,
);
});
return { id };
}
async getHomework(id: string): Promise<Homework> {
const [record] = await db
.select()
.from(homework)
.where(eq(homework.id, id))
.limit(1);
if (!record) {
throw new NotFoundError(`Homework ${id} not found`);
}
return record;
}
async listByClass(classId: string): Promise<Homework[]> {
return db.select().from(homework).where(eq(homework.classId, classId));
}
async submitHomework(id: string): Promise<void> {
const existing = await this.getHomework(id);
if (existing.status === 'submitted') {
throw new ValidationError(`Homework ${id} already submitted`);
}
await db.transaction(async (tx) => {
await tx
.update(homework)
.set({ status: 'submitted' })
.where(eq(homework.id, id));
await outboxRepository.create(
{
id: randomUUID(),
aggregateId: id,
aggregateType: 'homework',
eventType: 'homework.submitted',
payload: JSON.stringify({ id }),
status: 'pending',
},
tx,
);
});
}
}

View File

@@ -0,0 +1,50 @@
import { NestFactory } from '@nestjs/core';
import { AppModule } from './app.module.js';
import { env } from './config/env.js';
import { connectKafka, disconnectKafka } from './config/kafka.js';
import { outboxPublisher } from './shared/outbox/outbox.publisher.js';
import { GlobalErrorFilter } from './shared/errors/global-error.filter.js';
import { initTracer, shutdownTracer } from './shared/observability/tracer.js';
import { logger } from './shared/observability/logger.js';
async function bootstrap(): Promise<void> {
initTracer();
const app = await NestFactory.create(AppModule, { bufferLogs: true });
app.setGlobalPrefix('api');
app.useGlobalFilters(new GlobalErrorFilter());
app.enableShutdownHooks();
// Connect Kafka producer/consumer before starting the outbox publisher
await connectKafka();
// Start the transactional outbox publisher - polls pending messages
// and publishes them to Kafka topics defined in TOPIC_MAP.
await outboxPublisher.start();
await app.listen(env.PORT);
logger.info(
{ port: env.PORT, service: 'core-edu' },
'CoreEdu service is listening',
);
process.on('SIGTERM', async () => {
logger.info('SIGTERM received, shutting down gracefully...');
await outboxPublisher.stop();
await disconnectKafka();
await shutdownTracer();
await app.close();
process.exit(0);
});
process.on('SIGINT', async () => {
logger.info('SIGINT received, shutting down gracefully...');
await outboxPublisher.stop();
await disconnectKafka();
await shutdownTracer();
await app.close();
process.exit(0);
});
}
void bootstrap();

View File

@@ -0,0 +1,40 @@
import {
Injectable,
NestMiddleware,
UnauthorizedException,
} from '@nestjs/common';
import type { Request, Response, NextFunction } from 'express';
export interface AuthenticatedUser {
id: string;
role: string;
permissions: string[];
}
export interface AuthenticatedRequest extends Request {
user?: AuthenticatedUser;
}
@Injectable()
export class AuthMiddleware implements NestMiddleware {
use(req: AuthenticatedRequest, _res: Response, next: NextFunction): void {
const userId = req.headers['x-user-id'] as string | undefined;
const role = req.headers['x-user-role'] as string | undefined;
const permissionsHeader = req.headers['x-user-permissions'] as
| string
| undefined;
if (!userId || !role) {
throw new UnauthorizedException(
'Missing authentication headers (x-user-id, x-user-role)',
);
}
req.user = {
id: userId,
role,
permissions: permissionsHeader ? permissionsHeader.split(',') : [],
};
next();
}
}

View File

@@ -0,0 +1,48 @@
import {
CanActivate,
ExecutionContext,
Injectable,
ForbiddenException,
} from '@nestjs/common';
import type { AuthenticatedRequest } from './auth.middleware.js';
export const Permissions = {
EXAM_CREATE: 'exam:create',
EXAM_READ: 'exam:read',
EXAM_UPDATE: 'exam:update',
EXAM_DELETE: 'exam:delete',
HOMEWORK_CREATE: 'homework:create',
HOMEWORK_READ: 'homework:read',
HOMEWORK_UPDATE: 'homework:update',
HOMEWORK_DELETE: 'homework:delete',
HOMEWORK_GRADE: 'homework:grade',
HOMEWORK_SUBMIT: 'homework:submit',
GRADE_CREATE: 'grade:create',
GRADE_READ: 'grade:read',
GRADE_UPDATE: 'grade:update',
GRADE_DELETE: 'grade:delete',
CLASS_MANAGE: 'class:manage',
CLASS_READ: 'class:read',
CLASS_TRANSFER: 'class:transfer',
} as const;
export type Permission = (typeof Permissions)[keyof typeof Permissions];
@Injectable()
export class PermissionGuard implements CanActivate {
constructor(private readonly requiredPermission: Permission) {}
canActivate(context: ExecutionContext): boolean {
const request = context.switchToHttp().getRequest<AuthenticatedRequest>();
const user = request.user;
if (!user) {
throw new ForbiddenException('User not authenticated');
}
if (!user.permissions.includes(this.requiredPermission)) {
throw new ForbiddenException(
`Missing permission: ${this.requiredPermission}`,
);
}
return true;
}
}

View File

@@ -0,0 +1,60 @@
export enum CoreEduErrorCode {
VALIDATION_ERROR = 'CORE_EDU_VALIDATION_ERROR',
NOT_FOUND = 'CORE_EDU_NOT_FOUND',
UNAUTHORIZED = 'CORE_EDU_UNAUTHORIZED',
FORBIDDEN = 'CORE_EDU_FORBIDDEN',
CONFLICT = 'CORE_EDU_CONFLICT',
INTERNAL_ERROR = 'CORE_EDU_INTERNAL_ERROR',
EXAM_NOT_FOUND = 'CORE_EDU_EXAM_NOT_FOUND',
HOMEWORK_NOT_FOUND = 'CORE_EDU_HOMEWORK_NOT_FOUND',
GRADE_NOT_FOUND = 'CORE_EDU_GRADE_NOT_FOUND',
OUTBOX_PUBLISH_FAILED = 'CORE_EDU_OUTBOX_PUBLISH_FAILED',
}
export class ApplicationError extends Error {
constructor(
public readonly code: CoreEduErrorCode,
message: string,
public readonly statusCode: number = 500,
public readonly details?: unknown,
) {
super(message);
this.name = 'ApplicationError';
}
}
export class ValidationError extends ApplicationError {
constructor(message: string, details?: unknown) {
super(CoreEduErrorCode.VALIDATION_ERROR, message, 400, details);
}
}
export class NotFoundError extends ApplicationError {
constructor(message: string, details?: unknown) {
super(CoreEduErrorCode.NOT_FOUND, message, 404, details);
}
}
export class UnauthorizedError extends ApplicationError {
constructor(message: string = 'Unauthorized') {
super(CoreEduErrorCode.UNAUTHORIZED, message, 401);
}
}
export class ForbiddenError extends ApplicationError {
constructor(message: string = 'Forbidden') {
super(CoreEduErrorCode.FORBIDDEN, message, 403);
}
}
export class ConflictError extends ApplicationError {
constructor(message: string, details?: unknown) {
super(CoreEduErrorCode.CONFLICT, message, 409, details);
}
}
export class InternalError extends ApplicationError {
constructor(message: string = 'Internal server error', details?: unknown) {
super(CoreEduErrorCode.INTERNAL_ERROR, message, 500, details);
}
}

View File

@@ -0,0 +1,63 @@
import {
ExceptionFilter,
Catch,
ArgumentsHost,
HttpException,
HttpStatus,
} from '@nestjs/common';
import { ZodError } from 'zod';
import { ApplicationError, CoreEduErrorCode } from './application-error.js';
import { logger } from '../observability/logger.js';
@Catch()
export class GlobalErrorFilter implements ExceptionFilter {
catch(exception: unknown, host: ArgumentsHost): void {
const ctx = host.switchToHttp();
const response = ctx.getResponse();
const request = ctx.getRequest();
let statusCode = HttpStatus.INTERNAL_SERVER_ERROR;
let code = CoreEduErrorCode.INTERNAL_ERROR;
let message = 'Internal server error';
let details: unknown;
if (exception instanceof ApplicationError) {
statusCode = exception.statusCode;
code = exception.code;
message = exception.message;
details = exception.details;
} else if (exception instanceof ZodError) {
statusCode = HttpStatus.BAD_REQUEST;
code = CoreEduErrorCode.VALIDATION_ERROR;
message = 'Validation failed';
details = exception.flatten().fieldErrors;
} else if (exception instanceof HttpException) {
statusCode = exception.getStatus();
const resp = exception.getResponse();
message =
typeof resp === 'string'
? resp
: (resp as { message?: string }).message ?? exception.message;
} else if (exception instanceof Error) {
message = exception.message;
}
logger.error(
{
err: exception,
path: request.url,
method: request.method,
code,
},
`Request failed: ${message}`,
);
response.status(statusCode).json({
code,
message,
details,
timestamp: new Date().toISOString(),
path: request.url,
});
}
}

View File

@@ -0,0 +1,16 @@
import pino from 'pino';
import { env } from '../../config/env.js';
export const logger = pino({
name: 'core-edu',
level: env.LOG_LEVEL,
base: { service: 'core-edu' },
...(env.NODE_ENV === 'development'
? {
transport: {
target: 'pino-pretty',
options: { colorize: true, translateTime: 'SYS:standard' },
},
}
: {}),
});

View File

@@ -0,0 +1,38 @@
import {
Registry,
Counter,
Histogram,
Gauge,
collectDefaultMetrics,
} from 'prom-client';
export const registry = new Registry();
collectDefaultMetrics({ register: registry });
export const httpRequestCounter = new Counter({
name: 'core_edu_requests_total',
help: 'Total HTTP requests',
labelNames: ['method', 'route', 'status'] as const,
});
registry.registerMetric(httpRequestCounter);
export const httpRequestDuration = new Histogram({
name: 'core_edu_request_duration_seconds',
help: 'HTTP request duration in seconds',
labelNames: ['method', 'route', 'status'] as const,
buckets: [0.005, 0.01, 0.05, 0.1, 0.5, 1, 5],
});
registry.registerMetric(httpRequestDuration);
export const outboxPendingGauge = new Gauge({
name: 'core_edu_outbox_pending',
help: 'Number of pending outbox messages',
});
registry.registerMetric(outboxPendingGauge);
export const outboxPublishedCounter = new Counter({
name: 'core_edu_outbox_published_total',
help: 'Total outbox messages published to Kafka',
labelNames: ['eventType', 'topic'] as const,
});
registry.registerMetric(outboxPublishedCounter);

View File

@@ -0,0 +1,29 @@
import { NodeSDK } from '@opentelemetry/sdk-node';
import { OTLPTraceExporter } from '@opentelemetry/exporter-trace-otlp-http';
import { env } from '../../config/env.js';
import { logger } from './logger.js';
let sdk: NodeSDK | undefined;
export function initTracer(): void {
if (!env.OTEL_EXPORTER_OTLP_ENDPOINT) {
logger.warn('OTEL_EXPORTER_OTLP_ENDPOINT not set, tracing disabled');
return;
}
sdk = new NodeSDK({
serviceName: 'core-edu',
traceExporter: new OTLPTraceExporter({
url: `${env.OTEL_EXPORTER_OTLP_ENDPOINT}/v1/traces`,
}),
});
sdk.start();
logger.info('OpenTelemetry tracer initialized');
}
export async function shutdownTracer(): Promise<void> {
if (sdk) {
await sdk.shutdown();
sdk = undefined;
logger.info('OpenTelemetry tracer shutdown');
}
}

View File

@@ -0,0 +1,88 @@
import { logger } from '../observability/logger.js';
import { producer } from '../../config/kafka.js';
import { outboxRepository } from './outbox.repository.js';
import type { OutboxMessage } from './outbox.schema.js';
const TOPIC_MAP: Record<string, string> = {
'exam.created': 'edu.exam.events',
'exam.updated': 'edu.exam.events',
'exam.deleted': 'edu.exam.events',
'homework.assigned': 'edu.homework.events',
'homework.submitted': 'edu.homework.events',
'homework.graded': 'edu.homework.events',
'grade.recorded': 'edu.grade.events',
'grade.updated': 'edu.grade.events',
'class.transferred': 'edu.class.events',
};
const POLL_INTERVAL_MS = 5000;
const BATCH_SIZE = 100;
const MAX_RETRY = 5;
export class OutboxPublisher {
private intervalId: NodeJS.Timeout | null = null;
private isPolling = false;
async start(): Promise<void> {
logger.info('OutboxPublisher started');
this.intervalId = setInterval(() => {
void this.poll();
}, POLL_INTERVAL_MS);
}
async stop(): Promise<void> {
if (this.intervalId) {
clearInterval(this.intervalId);
this.intervalId = null;
}
logger.info('OutboxPublisher stopped');
}
private async poll(): Promise<void> {
if (this.isPolling) return;
this.isPolling = true;
try {
const messages = await outboxRepository.findPending(BATCH_SIZE);
for (const message of messages) {
await this.publish(message);
}
} catch (error) {
logger.error({ error }, 'Outbox poll failed');
} finally {
this.isPolling = false;
}
}
private async publish(message: OutboxMessage): Promise<void> {
const topic = TOPIC_MAP[message.eventType] ?? 'edu.fallback.events';
try {
await producer.send({
topic,
messages: [
{
key: message.aggregateId,
value: message.payload,
headers: {
eventType: message.eventType,
aggregateType: message.aggregateType,
},
},
],
});
await outboxRepository.markProcessed(message.id);
logger.info(
{ id: message.id, eventType: message.eventType, topic },
'Outbox message published',
);
} catch (error) {
logger.error({ error, id: message.id }, 'Outbox publish failed');
if (message.retryCount + 1 >= MAX_RETRY) {
await outboxRepository.markFailed(message.id);
} else {
await outboxRepository.incrementRetry(message.id);
}
}
}
}
export const outboxPublisher = new OutboxPublisher();

View File

@@ -0,0 +1,42 @@
import { eq, sql } from 'drizzle-orm';
import { db } from '../../config/database.js';
import { outbox, type OutboxMessage, type NewOutboxMessage } from './outbox.schema.js';
type DbClient = typeof db;
export class OutboxRepository {
async create(message: NewOutboxMessage, tx: DbClient = db): Promise<void> {
await tx.insert(outbox).values(message);
}
async findPending(limit: number = 100): Promise<OutboxMessage[]> {
return db
.select()
.from(outbox)
.where(eq(outbox.status, 'pending'))
.limit(limit);
}
async markProcessed(id: string): Promise<void> {
await db
.update(outbox)
.set({ status: 'processed', processedAt: new Date() })
.where(eq(outbox.id, id));
}
async incrementRetry(id: string): Promise<void> {
await db
.update(outbox)
.set({ retryCount: sql`${outbox.retryCount} + 1` })
.where(eq(outbox.id, id));
}
async markFailed(id: string): Promise<void> {
await db
.update(outbox)
.set({ status: 'failed' })
.where(eq(outbox.id, id));
}
}
export const outboxRepository = new OutboxRepository();

View File

@@ -0,0 +1,16 @@
import { mysqlTable, varchar, text, timestamp, char, bigint } from 'drizzle-orm/mysql-core';
export const outbox = mysqlTable('core_edu_outbox', {
id: char('id', { length: 36 }).notNull().primaryKey(),
aggregateId: char('aggregate_id', { length: 36 }).notNull(),
aggregateType: varchar('aggregate_type', { length: 50 }).notNull(),
eventType: varchar('event_type', { length: 100 }).notNull(),
payload: text('payload').notNull(),
status: varchar('status', { length: 20 }).notNull().default('pending'),
retryCount: bigint('retry_count', { mode: 'number' }).notNull().default(0),
createdAt: timestamp('created_at').notNull().defaultNow(),
processedAt: timestamp('processed_at'),
});
export type OutboxMessage = typeof outbox.$inferSelect;
export type NewOutboxMessage = typeof outbox.$inferInsert;

View File

@@ -0,0 +1,15 @@
{
"extends": "../../tsconfig.base.json",
"compilerOptions": {
"module": "NodeNext",
"moduleResolution": "NodeNext",
"target": "ES2022",
"experimentalDecorators": true,
"emitDecoratorMetadata": true,
"outDir": "./dist",
"rootDir": "./src",
"types": ["node"]
},
"include": ["src/**/*"],
"exclude": ["node_modules", "dist", "test"]
}

View File

@@ -0,0 +1,20 @@
import { defineConfig } from 'vitest/config';
export default defineConfig({
test: {
globals: true,
environment: 'node',
include: ['test/unit/**/*.test.ts'],
coverage: {
provider: 'v8',
reporter: ['text', 'json', 'html'],
exclude: ['node_modules/', 'dist/', 'test/', '**/*.d.ts'],
thresholds: {
statements: 60,
branches: 60,
functions: 60,
lines: 60,
},
},
},
});

19
services/iam/Dockerfile Normal file
View File

@@ -0,0 +1,19 @@
# Build stage
FROM node:20-alpine AS builder
WORKDIR /app
RUN npm install -g pnpm
COPY package.json pnpm-lock.yaml* ./
RUN pnpm install --frozen-lockfile
COPY tsconfig.json nest-cli.json ./
COPY src ./src
RUN pnpm build
# Runtime stage
FROM node:20-alpine
WORKDIR /app
RUN npm install -g pnpm
COPY package.json pnpm-lock.yaml* ./
RUN pnpm install --prod --frozen-lockfile
COPY --from=builder /app/dist ./dist
EXPOSE 3002
CMD ["node", "dist/main.js"]

35
services/iam/README.md Normal file
View File

@@ -0,0 +1,35 @@
# IAM Service
身份与访问管理服务Identity and Access ManagementP2 身份阶段交付。
## 职责
- 用户注册 / 登录 / 刷新令牌
- 角色Role与权限Permission管理
- Access / Refresh Token 签发与校验
- 用户信息查询(供 BFF / Gateway 聚合)
## 技术栈
- NestJS 10 + TypeScriptESM
- Drizzle ORM + MySQL
- bcrypt 密码哈希
- jsonwebtokenP2 骨架使用 HS256后续切 RS256
- pino 日志 / prom-client 指标 / OpenTelemetry 链路
## 端口
默认 `3002`,通过 `PORT` 环境变量覆盖。
## API
| Method | Path | 说明 |
|--------|------|------|
| POST | `/iam/register` | 注册 |
| POST | `/iam/login` | 登录 |
| POST | `/iam/refresh` | 刷新令牌 |
| GET | `/iam/me` | 当前用户信息(需 `x-user-id` 头) |
## 数据表
`iam_users` / `iam_roles` / `iam_user_roles` / `iam_permissions` / `iam_role_permissions` / `iam_refresh_tokens`

View File

@@ -0,0 +1,8 @@
{
"$schema": "https://json.schemastore.org/nest-cli",
"collection": "@nestjs/schematics",
"sourceRoot": "src",
"compilerOptions": {
"deleteOutDir": true
}
}

42
services/iam/package.json Normal file
View File

@@ -0,0 +1,42 @@
{
"name": "@edu/iam-service",
"version": "0.1.0",
"private": true,
"type": "module",
"scripts": {
"dev": "nest start --watch",
"build": "nest build",
"start": "node dist/main.js",
"test": "vitest run",
"lint": "eslint src --ext .ts",
"typecheck": "tsc --noEmit"
},
"dependencies": {
"@nestjs/common": "^10.4.0",
"@nestjs/core": "^10.4.0",
"@nestjs/platform-express": "^10.4.0",
"drizzle-orm": "^0.31.0",
"mysql2": "^3.11.0",
"pino": "^9.4.0",
"prom-client": "^15.1.0",
"@opentelemetry/api": "^1.9.0",
"@opentelemetry/sdk-node": "^0.53.0",
"@opentelemetry/exporter-trace-otlp-http": "^0.53.0",
"zod": "^3.23.0",
"uuid": "^10.0.0",
"bcrypt": "^5.1.0",
"jsonwebtoken": "^9.0.0",
"reflect-metadata": "^0.2.2",
"rxjs": "^7.8.0"
},
"devDependencies": {
"@nestjs/cli": "^10.4.0",
"@types/bcrypt": "^5.0.0",
"@types/jsonwebtoken": "^9.0.0",
"@types/node": "^22.0.0",
"@types/uuid": "^10.0.0",
"eslint": "^9.10.0",
"typescript": "^5.6.0",
"vitest": "^2.1.0"
}
}

View File

@@ -0,0 +1,7 @@
import { Module } from '@nestjs/common';
import { IamModule } from './iam/iam.module.js';
@Module({
imports: [IamModule],
})
export class AppModule {}

View File

@@ -0,0 +1,24 @@
import { drizzle } from 'drizzle-orm/mysql2';
import mysql from 'mysql2/promise';
import { env } from './env.js';
let pool: mysql.Pool | null = null;
export function getDb() {
if (!pool) {
pool = mysql.createPool({
uri: env.DATABASE_URL,
waitForConnections: true,
connectionLimit: 10,
queueLimit: 0,
});
}
return drizzle(pool);
}
export async function closeDb(): Promise<void> {
if (pool) {
await pool.end();
pool = null;
}
}

View File

@@ -0,0 +1,26 @@
import { z } from 'zod';
const envSchema = z.object({
PORT: z.string().default('3002'),
DATABASE_URL: z.string().url(),
REDIS_URL: z.string().url().optional(),
JWT_SECRET: z.string(),
JWT_ISSUER: z.string().default('next-edu-cloud'),
JWT_AUDIENCE: z.string().default('next-edu-cloud'),
OTEL_EXPORTER_OTLP_ENDPOINT: z.string().url().optional(),
LOG_LEVEL: z.enum(['fatal', 'error', 'warn', 'info', 'debug', 'trace']).default('info'),
NODE_ENV: z.enum(['development', 'production', 'test']).default('development'),
});
export type Env = z.infer<typeof envSchema>;
export function loadEnv(): Env {
const result = envSchema.safeParse(process.env);
if (!result.success) {
console.error('❌ Invalid environment variables:', result.error.flatten().fieldErrors);
throw new Error('Invalid environment configuration');
}
return result.data;
}
export const env = loadEnv();

View File

@@ -0,0 +1,38 @@
import { Body, Controller, Get, Post, Req } from '@nestjs/common';
import type { Request } from 'express';
import { IamService } from './iam.service.js';
import { registerSchema, loginSchema, refreshTokenSchema } from './iam.dto.js';
import type { AuthenticatedRequest } from '../middleware/auth.middleware.js';
@Controller('iam')
export class IamController {
constructor(private readonly service: IamService) {}
@Post('register')
async register(@Body() body: unknown) {
const dto = registerSchema.parse(body);
const result = await this.service.register(dto);
return { success: true as const, data: result };
}
@Post('login')
async login(@Body() body: unknown) {
const dto = loginSchema.parse(body);
const result = await this.service.login(dto);
return { success: true as const, data: result };
}
@Post('refresh')
async refresh(@Body() body: unknown) {
const dto = refreshTokenSchema.parse(body);
const tokens = await this.service.refresh(dto.refreshToken);
return { success: true as const, data: tokens };
}
@Get('me')
async me(@Req() req: Request) {
const authReq = req as AuthenticatedRequest;
const user = await this.service.getUserInfo(authReq.userId as string);
return { success: true as const, data: user };
}
}

View File

@@ -0,0 +1,19 @@
import { z } from 'zod';
export const registerSchema = z.object({
email: z.string().email(),
password: z.string().min(8).max(72),
name: z.string().min(1).max(100),
});
export const loginSchema = z.object({
email: z.string().email(),
password: z.string(),
});
export const refreshTokenSchema = z.object({
refreshToken: z.string(),
});
export type RegisterDto = z.infer<typeof registerSchema>;
export type LoginDto = z.infer<typeof loginSchema>;

View File

@@ -0,0 +1,13 @@
import { Module } from '@nestjs/common';
import { IamController } from './iam.controller.js';
import { IamService } from './iam.service.js';
import { IamRepository } from './iam.repository.js';
@Module({
controllers: [IamController],
providers: [
IamService,
{ provide: IamRepository, useFactory: () => new IamRepository() },
],
})
export class IamModule {}

View File

@@ -0,0 +1,63 @@
import { eq } from 'drizzle-orm';
import { getDb } from '../config/database.js';
import { users, roles, userRoles, permissions, rolePermissions, refreshTokens } from './iam.schema.js';
import type { User, Role, Permission } from './iam.schema.js';
export class IamRepository {
async createUser(data: { id: string; email: string; passwordHash: string; name: string }): Promise<User> {
const db = getDb();
await db.insert(users).values(data);
const [result] = await db.select().from(users).where(eq(users.id, data.id));
return result;
}
async findUserByEmail(email: string): Promise<User | undefined> {
const db = getDb();
const [result] = await db.select().from(users).where(eq(users.email, email));
return result;
}
async findUserById(id: string): Promise<User | undefined> {
const db = getDb();
const [result] = await db.select().from(users).where(eq(users.id, id));
return result;
}
async getUserRoles(userId: string): Promise<Role[]> {
const db = getDb();
const result = await db
.select()
.from(roles)
.innerJoin(userRoles, eq(roles.id, userRoles.roleId))
.where(eq(userRoles.userId, userId));
return result.map((r) => r.roles);
}
async getUserPermissions(userId: string): Promise<Permission[]> {
const db = getDb();
const userRoleRows = await db.select().from(userRoles).where(eq(userRoles.userId, userId));
const roleIds = userRoleRows.map((r) => r.roleId);
if (roleIds.length === 0) return [];
const result = await db
.select()
.from(permissions)
.innerJoin(rolePermissions, eq(permissions.id, rolePermissions.permissionId))
.where(rolePermissions.roleId.in(roleIds));
return result.map((r) => r.permissions);
}
async assignRole(userId: string, roleId: string): Promise<void> {
const db = getDb();
await db.insert(userRoles).values({ userId, roleId });
}
async createRefreshToken(data: { id: string; userId: string; tokenHash: string; expiresAt: Date }): Promise<void> {
const db = getDb();
await db.insert(refreshTokens).values(data);
}
async revokeRefreshToken(id: string): Promise<void> {
const db = getDb();
await db.update(refreshTokens).set({ revokedAt: new Date() }).where(eq(refreshTokens.id, id));
}
}

View File

@@ -0,0 +1,48 @@
import { mysqlTable, varchar, char, timestamp } from 'drizzle-orm/mysql-core';
export const users = mysqlTable('iam_users', {
id: char('id', { length: 36 }).notNull().primaryKey(),
email: varchar('email', { length: 255 }).notNull().unique(),
passwordHash: varchar('password_hash', { length: 255 }).notNull(),
name: varchar('name', { length: 100 }).notNull(),
status: varchar('status', { length: 20 }).notNull().default('active'),
createdAt: timestamp('created_at').notNull().defaultNow(),
updatedAt: timestamp('updated_at').notNull().defaultNow().onUpdateNow(),
});
export const roles = mysqlTable('iam_roles', {
id: char('id', { length: 36 }).notNull().primaryKey(),
name: varchar('name', { length: 50 }).notNull().unique(),
description: varchar('description', { length: 255 }),
});
export const userRoles = mysqlTable('iam_user_roles', {
userId: char('user_id', { length: 36 }).notNull(),
roleId: char('role_id', { length: 36 }).notNull(),
createdAt: timestamp('created_at').notNull().defaultNow(),
});
export const permissions = mysqlTable('iam_permissions', {
id: char('id', { length: 36 }).notNull().primaryKey(),
name: varchar('name', { length: 100 }).notNull().unique(),
resource: varchar('resource', { length: 50 }).notNull(),
action: varchar('action', { length: 50 }).notNull(),
});
export const rolePermissions = mysqlTable('iam_role_permissions', {
roleId: char('role_id', { length: 36 }).notNull(),
permissionId: char('permission_id', { length: 36 }).notNull(),
});
export const refreshTokens = mysqlTable('iam_refresh_tokens', {
id: char('id', { length: 36 }).notNull().primaryKey(),
userId: char('user_id', { length: 36 }).notNull(),
tokenHash: varchar('token_hash', { length: 255 }).notNull(),
expiresAt: timestamp('expires_at').notNull(),
revokedAt: timestamp('revoked_at'),
createdAt: timestamp('created_at').notNull().defaultNow(),
});
export type User = typeof users.$inferSelect;
export type Role = typeof roles.$inferSelect;
export type Permission = typeof permissions.$inferSelect;

View File

@@ -0,0 +1,143 @@
import { v4 as uuidv4 } from 'uuid';
import bcrypt from 'bcrypt';
import jwt from 'jsonwebtoken';
import { IamRepository } from './iam.repository.js';
import { ConflictError, UnauthorizedError, NotFoundError } from '../shared/errors/application-error.js';
import { env } from '../config/env.js';
import type { RegisterDto, LoginDto } from './iam.dto.js';
import type { User } from './iam.schema.js';
export interface TokenPair {
accessToken: string;
refreshToken: string;
expiresIn: number;
}
export interface UserInfo {
id: string;
email: string;
name: string;
roles: string[];
permissions: string[];
}
export class IamService {
constructor(private readonly repository: IamRepository) {}
async register(dto: RegisterDto): Promise<{ user: UserInfo; tokens: TokenPair }> {
const existing = await this.repository.findUserByEmail(dto.email);
if (existing) {
throw new ConflictError('Email already registered');
}
const userId = uuidv4();
const passwordHash = await bcrypt.hash(dto.password, 12);
const user = await this.repository.createUser({
id: userId,
email: dto.email,
passwordHash,
name: dto.name,
});
// P2 骨架:默认分配 teacher 角色(实际应通过邀请码注册)
// await this.repository.assignRole(userId, defaultRoleId);
const { tokens } = await this.issueTokens(user);
const info = await this.buildUserInfo(user);
return { user: info, tokens };
}
async login(dto: LoginDto): Promise<{ user: UserInfo; tokens: TokenPair }> {
const user = await this.repository.findUserByEmail(dto.email);
if (!user) {
throw new UnauthorizedError('Invalid credentials');
}
const valid = await bcrypt.compare(dto.password, user.passwordHash);
if (!valid) {
throw new UnauthorizedError('Invalid credentials');
}
if (user.status !== 'active') {
throw new UnauthorizedError('Account is not active');
}
const { tokens } = await this.issueTokens(user);
const info = await this.buildUserInfo(user);
return { user: info, tokens };
}
async refresh(refreshToken: string): Promise<TokenPair> {
let payload: jwt.JwtPayload;
try {
payload = jwt.verify(refreshToken, env.JWT_SECRET) as jwt.JwtPayload;
} catch {
throw new UnauthorizedError('Invalid refresh token');
}
if (payload.type !== 'refresh') {
throw new UnauthorizedError('Invalid token type');
}
const user = await this.repository.findUserById(payload.sub as string);
if (!user) {
throw new NotFoundError('User', payload.sub as string);
}
return this.issueTokens(user).then((r) => r.tokens);
}
async getUserInfo(userId: string): Promise<UserInfo> {
const user = await this.repository.findUserById(userId);
if (!user) {
throw new NotFoundError('User', userId);
}
return this.buildUserInfo(user);
}
private async issueTokens(user: User): Promise<{ tokens: TokenPair }> {
const roles = await this.repository.getUserRoles(user.id);
const roleNames = roles.map((r) => r.name);
const accessToken = jwt.sign(
{ sub: user.id, email: user.email, roles: roleNames, type: 'access' },
env.JWT_SECRET,
{ issuer: env.JWT_ISSUER, audience: env.JWT_AUDIENCE, expiresIn: '15m' }
);
const refreshToken = jwt.sign(
{ sub: user.id, type: 'refresh' },
env.JWT_SECRET,
{ issuer: env.JWT_ISSUER, audience: env.JWT_AUDIENCE, expiresIn: '7d' }
);
// 存储 refresh token hash
const tokenHash = await bcrypt.hash(refreshToken, 10);
await this.repository.createRefreshToken({
id: uuidv4(),
userId: user.id,
tokenHash,
expiresAt: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000),
});
return {
tokens: {
accessToken,
refreshToken,
expiresIn: 15 * 60,
},
};
}
private async buildUserInfo(user: User): Promise<UserInfo> {
const roles = await this.repository.getUserRoles(user.id);
const permissions = await this.repository.getUserPermissions(user.id);
return {
id: user.id,
email: user.email,
name: user.name,
roles: roles.map((r) => r.name),
permissions: permissions.map((p) => p.name),
};
}
}

31
services/iam/src/main.ts Normal file
View File

@@ -0,0 +1,31 @@
import 'reflect-metadata';
import { NestFactory } from '@nestjs/core';
import { AppModule } from './app.module.js';
import { GlobalErrorFilter } from './shared/errors/global-error.filter.js';
import { initTracer, shutdownTracer } from './shared/observability/tracer.js';
import { env } from './config/env.js';
import { logger } from './shared/observability/logger.js';
async function bootstrap(): Promise<void> {
initTracer();
const app = await NestFactory.create(AppModule, {
logger: ['log', 'error', 'warn'],
});
app.useGlobalFilters(new GlobalErrorFilter());
app.enableShutdownHooks();
await app.listen(env.PORT);
logger.info({ port: env.PORT }, 'IAM service started');
process.on('SIGTERM', async () => {
await app.close();
await shutdownTracer();
});
}
bootstrap().catch((err: unknown) => {
logger.error({ err }, 'Failed to start IAM service');
process.exit(1);
});

View File

@@ -0,0 +1,24 @@
import { Injectable, NestMiddleware, UnauthorizedException } from '@nestjs/common';
import { Request, Response, NextFunction } from 'express';
export interface AuthenticatedRequest extends Request {
userId?: string;
userRoles?: string[];
}
@Injectable()
export class AuthMiddleware implements NestMiddleware {
use(req: AuthenticatedRequest, res: Response, next: NextFunction): void {
// 从 Gateway 注入的头部读取用户信息
const userId = req.headers['x-user-id'] as string | undefined;
const rolesHeader = req.headers['x-user-roles'] as string | undefined;
if (!userId) {
throw new UnauthorizedException('Missing x-user-id header');
}
req.userId = userId;
req.userRoles = rolesHeader ? rolesHeader.split(',') : [];
next();
}
}

View File

@@ -0,0 +1,56 @@
import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common';
import type { Reflector } from '@nestjs/core';
import { PermissionDeniedError } from '../shared/errors/application-error.js';
import type { AuthenticatedRequest } from './auth.middleware.js';
export type Permission =
| 'IAM_USER_CREATE'
| 'IAM_USER_READ'
| 'IAM_USER_UPDATE'
| 'IAM_USER_DELETE'
| 'IAM_ROLE_MANAGE';
export const Permissions = {
IAM_USER_CREATE: 'IAM_USER_CREATE' as const,
IAM_USER_READ: 'IAM_USER_READ' as const,
IAM_USER_UPDATE: 'IAM_USER_UPDATE' as const,
IAM_USER_DELETE: 'IAM_USER_DELETE' as const,
IAM_ROLE_MANAGE: 'IAM_ROLE_MANAGE' as const,
};
const ROLE_PERMISSIONS: Record<string, Permission[]> = {
admin: [
Permissions.IAM_USER_CREATE,
Permissions.IAM_USER_READ,
Permissions.IAM_USER_UPDATE,
Permissions.IAM_USER_DELETE,
Permissions.IAM_ROLE_MANAGE,
],
teacher: [Permissions.IAM_USER_READ],
};
@Injectable()
export class PermissionGuard implements CanActivate {
constructor(private readonly requiredPermission: Permission) {}
canActivate(context: ExecutionContext): boolean {
const request = context.switchToHttp().getRequest<AuthenticatedRequest>();
const roles = request.userRoles ?? [];
for (const role of roles) {
const perms = ROLE_PERMISSIONS[role];
if (perms && perms.includes(this.requiredPermission)) {
return true;
}
}
throw new PermissionDeniedError(this.requiredPermission);
}
}
// 工厂函数,用于装饰器
export function createPermissionGuardFactory(_reflector: Reflector) {
return {
create: (permission: Permission) => new PermissionGuard(permission),
};
}

View File

@@ -0,0 +1,105 @@
export type ErrorType =
| 'validation'
| 'not_found'
| 'permission_denied'
| 'unauthorized'
| 'conflict'
| 'business'
| 'database'
| 'internal';
export interface ErrorDetails {
[key: string]: unknown;
}
export abstract class ApplicationError extends Error {
abstract readonly type: ErrorType;
abstract readonly statusCode: number;
readonly code: string;
readonly details?: ErrorDetails;
// traceId 改为可写,以便 GlobalErrorFilter 注入请求级 traceId
traceId?: string;
constructor(message: string, code: string, details?: ErrorDetails) {
super(message);
this.name = this.constructor.name;
this.code = code;
this.details = details;
}
toJSON(): Record<string, unknown> {
return {
success: false,
error: {
code: this.code,
message: this.message,
details: this.details,
traceId: this.traceId,
},
};
}
}
export class ValidationError extends ApplicationError {
readonly type = 'validation' as const;
readonly statusCode = 400;
constructor(message: string, details?: ErrorDetails) {
super(message, 'IAM_VALIDATION_ERROR', details);
}
}
export class NotFoundError extends ApplicationError {
readonly type = 'not_found' as const;
readonly statusCode = 404;
constructor(resource: string, id: string) {
super(`${resource} not found: ${id}`, 'IAM_NOT_FOUND', { resource, id });
}
}
export class PermissionDeniedError extends ApplicationError {
readonly type = 'permission_denied' as const;
readonly statusCode = 403;
constructor(permission: string) {
super(`Permission denied: ${permission}`, 'IAM_PERMISSION_DENIED', { permission });
}
}
export class UnauthorizedError extends ApplicationError {
readonly type = 'unauthorized' as const;
readonly statusCode = 401;
constructor(message: string, details?: ErrorDetails) {
super(message, 'IAM_UNAUTHORIZED', details);
}
}
export class ConflictError extends ApplicationError {
readonly type = 'conflict' as const;
readonly statusCode = 409;
constructor(message: string, details?: ErrorDetails) {
super(message, 'IAM_CONFLICT', details);
}
}
export class BusinessError extends ApplicationError {
readonly type = 'business' as const;
readonly statusCode = 422;
constructor(message: string, details?: ErrorDetails) {
super(message, 'IAM_BUSINESS_ERROR', details);
}
}
export class DatabaseError extends ApplicationError {
readonly type = 'database' as const;
readonly statusCode = 500;
constructor(message: string, details?: ErrorDetails) {
super(message, 'IAM_DATABASE_ERROR', details);
}
}
export class InternalError extends ApplicationError {
readonly type = 'internal' as const;
readonly statusCode = 500;
constructor(message: string, details?: ErrorDetails) {
super(message, 'IAM_INTERNAL_ERROR', details);
}
}

View File

@@ -0,0 +1,77 @@
import { Catch, ExceptionFilter, ArgumentsHost, HttpException, Logger } from '@nestjs/common';
import { Request, Response } from 'express';
import { ZodError } from 'zod';
import { ApplicationError } from './application-error.js';
@Catch()
export class GlobalErrorFilter implements ExceptionFilter {
private readonly logger = new Logger(GlobalErrorFilter.name);
catch(exception: unknown, host: ArgumentsHost): void {
const ctx = host.switchToHttp();
const response = ctx.getResponse<Response>();
const request = ctx.getRequest<Request>();
const traceId = (request.headers['x-request-id'] as string | undefined) ?? 'unknown';
let statusCode = 500;
let body: Record<string, unknown>;
if (exception instanceof ApplicationError) {
exception.traceId = traceId;
statusCode = exception.statusCode;
body = exception.toJSON();
} else if (exception instanceof ZodError) {
// 捕获 Zod 解析错误,转换为结构化 ValidationError 响应
statusCode = 400;
body = {
success: false,
error: {
code: 'IAM_VALIDATION_ERROR',
message: 'Validation failed',
details: exception.flatten(),
traceId,
},
};
} else if (exception instanceof HttpException) {
statusCode = exception.getStatus();
const res = exception.getResponse();
const message = this.extractHttpMessage(res, exception);
body = {
success: false,
error: {
code: 'HTTP_ERROR',
message,
traceId,
},
};
} else {
this.logger.error(
`Unhandled exception: ${exception}`,
exception instanceof Error ? exception.stack : undefined,
);
body = {
success: false,
error: {
code: 'INTERNAL_ERROR',
message: 'An unexpected error occurred',
traceId,
},
};
}
response.status(statusCode).json(body);
}
private extractHttpMessage(res: string | object, exception: HttpException): string {
if (typeof res === 'string') {
return res;
}
if (res && typeof res === 'object' && 'message' in res) {
// 从 HttpException 响应体收窄类型NestJS 约定包含 message 字段)
const msg = (res as { message: unknown }).message;
return typeof msg === 'string' ? msg : exception.message;
}
return exception.message;
}
}

View File

@@ -0,0 +1,19 @@
import pino from 'pino';
import { env } from '../../config/env.js';
export const logger = pino({
level: env.LOG_LEVEL,
base: {
service: 'iam',
version: '0.1.0',
},
transport:
env.NODE_ENV === 'development'
? {
target: 'pino-pretty',
options: { colorize: true },
}
: undefined,
});
export type Logger = typeof logger;

View File

@@ -0,0 +1,23 @@
import promClient from 'prom-client';
const registry = new promClient.Registry();
registry.setDefaultLabels({ service: 'iam' });
registry.registerMetric(
new promClient.Counter({
name: 'iam_requests_total',
help: 'Total number of iam requests',
labelNames: ['method', 'endpoint', 'status'],
}),
);
registry.registerMetric(
new promClient.Histogram({
name: 'iam_request_duration_seconds',
help: 'Iam request duration in seconds',
labelNames: ['method', 'endpoint'],
buckets: [0.01, 0.05, 0.1, 0.3, 0.5, 1, 3, 5],
}),
);
export { registry as metricsRegistry };

View File

@@ -0,0 +1,25 @@
import { NodeSDK } from '@opentelemetry/sdk-node';
import { OTLPTraceExporter } from '@opentelemetry/exporter-trace-otlp-http';
import { env } from '../../config/env.js';
let sdk: NodeSDK | null = null;
export function initTracer(): void {
if (!env.OTEL_EXPORTER_OTLP_ENDPOINT) return;
sdk = new NodeSDK({
serviceName: 'iam',
traceExporter: new OTLPTraceExporter({
url: `${env.OTEL_EXPORTER_OTLP_ENDPOINT}/v1/traces`,
}),
});
sdk.start();
console.log('Tracer initialized');
}
export async function shutdownTracer(): Promise<void> {
if (sdk) {
await sdk.shutdown();
}
}

View File

@@ -0,0 +1,15 @@
{
"extends": "../../tsconfig.base.json",
"compilerOptions": {
"module": "NodeNext",
"moduleResolution": "NodeNext",
"target": "ES2022",
"experimentalDecorators": true,
"emitDecoratorMetadata": true,
"outDir": "./dist",
"rootDir": "./src",
"types": ["node"]
},
"include": ["src/**/*"],
"exclude": ["node_modules", "dist", "test"]
}

View File

@@ -0,0 +1,19 @@
# Build stage
FROM node:20-alpine AS builder
WORKDIR /app
RUN npm install -g pnpm
COPY package.json pnpm-lock.yaml* ./
RUN pnpm install --frozen-lockfile
COPY tsconfig.json nest-cli.json ./
COPY src ./src
RUN pnpm build
# Runtime stage
FROM node:20-alpine
WORKDIR /app
RUN npm install -g pnpm
COPY package.json pnpm-lock.yaml* ./
RUN pnpm install --prod --frozen-lockfile
COPY --from=builder /app/dist ./dist
EXPOSE 3003
CMD ["node", "dist/main.js"]

View File

@@ -0,0 +1,8 @@
{
"$schema": "https://json.schemastore.org/nest-cli",
"collection": "@nestjs/schematics",
"sourceRoot": "src",
"compilerOptions": {
"deleteOutDir": true
}
}

View File

@@ -0,0 +1,31 @@
{
"name": "@edu/teacher-bff",
"version": "0.1.0",
"private": true,
"type": "module",
"scripts": {
"dev": "nest start --watch",
"build": "nest build",
"start": "node dist/main.js",
"test": "vitest run",
"lint": "eslint src --ext .ts",
"typecheck": "tsc --noEmit"
},
"dependencies": {
"@nestjs/common": "^10.4.0",
"@nestjs/core": "^10.4.0",
"@nestjs/platform-express": "^10.4.0",
"pino": "^9.4.0",
"prom-client": "^15.1.0",
"@opentelemetry/api": "^1.9.0",
"reflect-metadata": "^0.2.2",
"rxjs": "^7.8.0"
},
"devDependencies": {
"@nestjs/cli": "^10.4.0",
"@types/node": "^22.0.0",
"eslint": "^9.10.0",
"typescript": "^5.6.0",
"vitest": "^2.1.0"
}
}

View File

@@ -0,0 +1,7 @@
import { Module } from '@nestjs/common';
import { TeacherModule } from './teacher/teacher.module.js';
@Module({
imports: [TeacherModule],
})
export class AppModule {}

View File

@@ -0,0 +1,25 @@
import { z } from 'zod';
const envSchema = z.object({
PORT: z.string().default('3003'),
IamServiceUrl: z.string().url().default('http://localhost:3002'),
ClassesServiceUrl: z.string().url().default('http://localhost:3001'),
LOG_LEVEL: z.string().default('info'),
NODE_ENV: z.string().default('development'),
});
export type Env = z.infer<typeof envSchema>;
export function loadEnv(): Env {
const result = envSchema.safeParse({
...process.env,
IamServiceUrl: process.env.IAM_SERVICE_URL || 'http://localhost:3002',
ClassesServiceUrl: process.env.CLASSES_SERVICE_URL || 'http://localhost:3001',
});
if (!result.success) {
throw new Error('Invalid env: ' + JSON.stringify(result.error.flatten()));
}
return result.data;
}
export const env = loadEnv();

View File

@@ -0,0 +1,24 @@
import 'reflect-metadata';
import { NestFactory } from '@nestjs/core';
import { AppModule } from './app.module.js';
import { env } from './config/env.js';
async function bootstrap(): Promise<void> {
const app = await NestFactory.create(AppModule, {
logger: ['log', 'error', 'warn'],
});
app.enableShutdownHooks();
await app.listen(env.PORT);
console.log(`Teacher BFF started on port ${env.PORT}`);
process.on('SIGTERM', async () => {
await app.close();
});
}
bootstrap().catch((err: unknown) => {
console.error('Failed to start Teacher BFF', err);
process.exit(1);
});

View File

@@ -0,0 +1,19 @@
import { Controller, Get, Req } from '@nestjs/common';
import type { Request } from 'express';
import { TeacherService } from './teacher.service.js';
interface AuthenticatedRequest extends Request {
userId?: string;
}
@Controller('teacher')
export class TeacherController {
constructor(private readonly service: TeacherService) {}
@Get('dashboard')
async dashboard(@Req() req: Request) {
const authReq = req as AuthenticatedRequest;
const data = await this.service.getDashboard(authReq.userId as string);
return { success: true, data };
}
}

View File

@@ -0,0 +1,9 @@
import { Module } from '@nestjs/common';
import { TeacherController } from './teacher.controller.js';
import { TeacherService } from './teacher.service.js';
@Module({
controllers: [TeacherController],
providers: [TeacherService],
})
export class TeacherModule {}

View File

@@ -0,0 +1,22 @@
import { Injectable } from '@nestjs/common';
import { env } from '../config/env.js';
@Injectable()
export class TeacherService {
// 聚合 IAM + classes 服务的数据
async getDashboard(userId: string): Promise<unknown> {
const [iamRes, classesRes] = await Promise.allSettled([
fetch(`${env.IamServiceUrl}/iam/me`, {
headers: { 'x-user-id': userId },
}),
fetch(`${env.ClassesServiceUrl}/classes`, {
headers: { 'x-user-id': userId },
}),
]);
return {
user: iamRes.status === 'fulfilled' ? await iamRes.value.json() : null,
classes: classesRes.status === 'fulfilled' ? await classesRes.value.json() : null,
};
}
}

View File

@@ -0,0 +1,15 @@
{
"extends": "../../tsconfig.base.json",
"compilerOptions": {
"module": "NodeNext",
"moduleResolution": "NodeNext",
"target": "ES2022",
"experimentalDecorators": true,
"emitDecoratorMetadata": true,
"outDir": "./dist",
"rootDir": "./src",
"types": ["node"]
},
"include": ["src/**/*"],
"exclude": ["node_modules", "dist", "test"]
}