outsource/HaniBlindBox

Fork 0

gpu 145de4f42b 更改

2026-01-05 23:22:20 +08:00

12 KiB

Raw Blame History

Requirements Document

Introduction

HoneyBox 后台管理系统基础框架，提供完整的 RBAC 权限管理功能。采用 ASP.NET Core 后端 + Vue3 + Element Plus 前端的架构，前端打包后部署到后端 wwwroot 目录，实现一体化部署。

Glossary

Admin_System: 后台管理系统，包含认证、菜单、角色、权限、部门等核心功能
Admin_User: 后台管理员，拥有登录后台的权限
Department: 部门，支持无限层级嵌套的组织架构单元
Role: 角色，权限的集合，可分配给管理员
Menu: 菜单，前端路由和导航项，支持树形结构
Permission: 权限，API 级别的访问控制标识
JWT_Token: JSON Web Token，用于身份认证
RBAC: Role-Based Access Control，基于角色的访问控制
Refresh_Token: 刷新令牌，用于在 Access Token 过期后获取新的 Token
Captcha: 图形验证码，用于防止暴力破解和机器人攻击

Requirements

Requirement 1: 项目结构搭建

User Story: As a developer, I want to create the HoneyBox.Admin project structure, so that I can have an independent and reusable admin module.

Acceptance Criteria

THE Admin_System SHALL create a new ASP.NET Core project named HoneyBox.Admin
THE Admin_System SHALL contain Entities, Services, Models, Data, Controllers folders
THE Admin_System SHALL configure static file serving from wwwroot folder
THE Admin_System SHALL support SPA fallback routing for Vue3 frontend
THE Admin_System SHALL register all services via extension method AddHoneyBoxAdmin()

Requirement 2: 数据库实体设计

User Story: As a developer, I want to define database entities for admin management, so that I can persist admin users, roles, menus and permissions.

Acceptance Criteria

THE Admin_System SHALL create AdminUser entity with username, password_hash, real_name, avatar, status, last_login_time, department_id fields
THE Admin_System SHALL create Role entity with name, code, description, sort_order, status, is_system fields
THE Admin_System SHALL create Menu entity with parent_id, name, path, component, icon, menu_type, permission, sort_order, status fields
THE Admin_System SHALL create Permission entity with name, code, module, description fields
THE Admin_System SHALL create AdminUserRole, RoleMenu, RolePermission, DepartmentMenu, AdminUserMenu junction entities for many-to-many relationships
THE Admin_System SHALL create Department entity with parent_id, name, code, sort_order, status fields
THE Admin_System SHALL create OperationLog entity for audit logging
THE Admin_System SHALL create AdminDbContext with all entity configurations

Requirement 3: 管理员认证

User Story: As an admin user, I want to login with username and password, so that I can access the admin system securely.

Acceptance Criteria

WHEN an admin user submits valid credentials, THE Auth_Service SHALL return a JWT token and user info
WHEN an admin user submits invalid credentials, THE Auth_Service SHALL return an authentication error
WHEN an admin user's account is disabled, THE Auth_Service SHALL reject the login attempt
WHEN login fails 5 times consecutively, THE Auth_Service SHALL lock the account for 30 minutes
THE Auth_Service SHALL record login time and IP address on successful login
WHEN a valid JWT token is provided, THE Admin_System SHALL authenticate the request
WHEN an invalid or expired JWT token is provided, THE Admin_System SHALL return 401 Unauthorized

Requirement 4: 菜单管理

User Story: As an admin user, I want to manage system menus, so that I can configure the navigation structure.

Acceptance Criteria

WHEN requesting menu list, THE Menu_Service SHALL return menus as a tree structure
WHEN creating a menu, THE Menu_Service SHALL validate required fields and save to database
WHEN updating a menu, THE Menu_Service SHALL update the existing record
WHEN deleting a menu with children, THE Menu_Service SHALL prevent deletion and return an error
WHEN deleting a menu without children, THE Menu_Service SHALL remove the menu record
THE Menu_Service SHALL support three menu types: directory, menu, and button
WHEN requesting user menus, THE Menu_Service SHALL return menus merged from user's department, roles, and direct assignments

Requirement 5: 角色管理

User Story: As an admin user, I want to manage roles, so that I can group permissions and assign them to users.

Acceptance Criteria

WHEN requesting role list, THE Role_Service SHALL return paginated role data
WHEN creating a role, THE Role_Service SHALL validate unique code and save to database
WHEN updating a role, THE Role_Service SHALL update the existing record
WHEN deleting a system role, THE Role_Service SHALL prevent deletion and return an error
WHEN deleting a non-system role, THE Role_Service SHALL remove the role and its associations
WHEN assigning menus to a role, THE Role_Service SHALL update the role-menu associations
WHEN assigning permissions to a role, THE Role_Service SHALL update the role-permission associations

Requirement 6: 管理员管理

User Story: As an admin user, I want to manage admin accounts, so that I can control who has access to the system.

Acceptance Criteria

WHEN requesting admin user list, THE AdminUser_Service SHALL return paginated user data with role info
WHEN creating an admin user, THE AdminUser_Service SHALL validate unique username and hash the password
WHEN updating an admin user, THE AdminUser_Service SHALL update the existing record
WHEN deleting the last super admin, THE AdminUser_Service SHALL prevent deletion
WHEN assigning roles to an admin user, THE AdminUser_Service SHALL update the user-role associations
WHEN enabling/disabling an admin user, THE AdminUser_Service SHALL update the status field
WHEN resetting password, THE AdminUser_Service SHALL generate a new hashed password

Requirement 7: 权限控制

User Story: As a system, I want to enforce permission checks on API endpoints, so that unauthorized access is prevented.

Acceptance Criteria

WHEN an API endpoint has permission attribute, THE Permission_Filter SHALL verify user has the required permission
WHEN user lacks required permission, THE Permission_Filter SHALL return 403 Forbidden
WHEN user has required permission, THE Permission_Filter SHALL allow the request to proceed
THE Permission_Service SHALL cache user permissions for performance
WHEN user roles change, THE Permission_Service SHALL invalidate the permission cache

Requirement 8: 操作日志

User Story: As an admin user, I want to view operation logs, so that I can audit system activities.

Acceptance Criteria

WHEN an admin performs a create/update/delete operation, THE Log_Service SHALL record the operation details
THE Operation_Log SHALL include admin_user_id, username, module, action, method, url, ip, request_data, response_status, duration
WHEN requesting operation logs, THE Log_Service SHALL return paginated log data with filters
THE Log_Service SHALL support filtering by admin user, module, action, and date range

Requirement 9: Vue3 前端框架

User Story: As a developer, I want to create a Vue3 + Element Plus frontend, so that admins can interact with the system through a modern UI.

Acceptance Criteria

THE Frontend SHALL use Vue3 with Composition API and TypeScript
THE Frontend SHALL use Element Plus as the UI component library
THE Frontend SHALL use Pinia for state management
THE Frontend SHALL use Vue Router with dynamic route generation based on user menus
THE Frontend SHALL implement login page with form validation
THE Frontend SHALL implement layout with sidebar menu, header, and main content area
THE Frontend SHALL implement permission directive v-permission for button-level control
WHEN built, THE Frontend SHALL output to HoneyBox.Admin/wwwroot folder

Requirement 10: 部门管理

User Story: As an admin user, I want to manage departments with hierarchical structure, so that I can organize users and assign permissions at department level.

Acceptance Criteria

THE Admin_System SHALL create Department entity with parent_id supporting unlimited nesting levels
WHEN requesting department list, THE Department_Service SHALL return departments as a tree structure
WHEN creating a department, THE Department_Service SHALL validate required fields and parent existence
WHEN updating a department, THE Department_Service SHALL prevent setting parent to itself or its descendants
WHEN deleting a department with children, THE Department_Service SHALL prevent deletion and return an error
WHEN deleting a department with users, THE Department_Service SHALL prevent deletion and return an error
WHEN assigning menus to a department, THE Department_Service SHALL update the department-menu associations
THE Admin_System SHALL support assigning users to departments

Requirement 11: 用户菜单多维度配置

User Story: As an admin user, I want to configure user menus from multiple sources (department, role, direct assignment), so that I can have flexible permission control.

Acceptance Criteria

THE Admin_System SHALL support assigning menus directly to individual users
WHEN requesting user menus, THE Menu_Service SHALL merge menus from three sources: department menus, role menus, and user-specific menus
THE final user menu SHALL be the union of department menus, role menus, and user-specific menus
WHEN a user belongs to multiple departments, THE Menu_Service SHALL merge menus from all departments
WHEN user's department/role/direct menus change, THE Permission_Service SHALL invalidate the menu cache

Requirement 12: 数据初始化

User Story: As a developer, I want to initialize default data, so that the system is ready to use after deployment.

Acceptance Criteria

THE Admin_System SHALL create default super admin account (admin/admin123) on first run
THE Admin_System SHALL create default super admin role with all permissions
THE Admin_System SHALL create default system menus for admin management
THE Admin_System SHALL create default permissions for all admin APIs
THE Admin_System SHALL create default root department

Requirement 13: Token 刷新机制

User Story: As an admin user, I want my session to be automatically refreshed, so that I don't need to re-login frequently while actively using the system.

Acceptance Criteria

WHEN an admin user logs in successfully, THE Auth_Service SHALL return both an Access Token (short-lived, 30 minutes) and a Refresh Token (long-lived, 7 days)
THE Refresh_Token SHALL be stored securely in the database with user_id, token_hash, expires_at, and created_at fields
WHEN the Access Token is about to expire (within 5 minutes), THE Frontend SHALL automatically call the refresh endpoint
WHEN a valid Refresh Token is provided, THE Auth_Service SHALL issue a new Access Token and optionally rotate the Refresh Token
WHEN an invalid or expired Refresh Token is provided, THE Auth_Service SHALL return 401 and require re-login
WHEN a user logs out, THE Auth_Service SHALL invalidate the Refresh Token
WHEN a user's account is disabled, THE Auth_Service SHALL invalidate all Refresh Tokens for that user
THE Admin_System SHALL support revoking all Refresh Tokens for a user (force logout from all devices)

Requirement 14: 图形验证码

User Story: As a system administrator, I want to require captcha verification during login, so that I can prevent brute force attacks and bot access.

Acceptance Criteria

WHEN requesting the login page, THE Frontend SHALL display a captcha image alongside the login form
THE Captcha_Service SHALL generate a random alphanumeric code (4-6 characters) with visual noise and distortion
THE Captcha_Service SHALL store the captcha code in cache with a unique key and 5-minute expiration
WHEN submitting login credentials, THE Auth_Service SHALL validate the captcha code before checking username/password
WHEN the captcha code is incorrect or expired, THE Auth_Service SHALL return an error and require a new captcha
WHEN the captcha is validated (success or failure), THE Captcha_Service SHALL invalidate the used captcha code
THE Frontend SHALL provide a refresh button to request a new captcha image
THE Captcha image SHALL be returned as base64 encoded string with the captcha key

12 KiB Raw Blame History Unescape Escape

Requirements Document

Introduction

Glossary

Requirements

Requirement 1: 项目结构搭建

Acceptance Criteria

Requirement 2: 数据库实体设计

Acceptance Criteria

Requirement 3: 管理员认证

Acceptance Criteria

Requirement 4: 菜单管理

Acceptance Criteria

Requirement 5: 角色管理

Acceptance Criteria

Requirement 6: 管理员管理

Acceptance Criteria

Requirement 7: 权限控制

Acceptance Criteria

Requirement 8: 操作日志

Acceptance Criteria

Requirement 9: Vue3 前端框架

Acceptance Criteria

Requirement 10: 部门管理

Acceptance Criteria

Requirement 11: 用户菜单多维度配置

Acceptance Criteria

Requirement 12: 数据初始化

Acceptance Criteria

Requirement 13: Token 刷新机制

Acceptance Criteria

Requirement 14: 图形验证码

Acceptance Criteria

12 KiB

Raw Blame History