feat: 初始化 WWJ Cloud 企业级框架项目

- 后端：基于 NestJS 的分层架构设计
- 前端：基于 VbenAdmin + Element Plus 的管理系统
- 支持 SaaS + 独立版双架构模式
- 完整的用户权限管理系统
- 系统设置、文件上传、通知等核心功能
- 多租户支持和插件化扩展架构

wwjcloud/src/common/auth/guards/global-auth.guard.ts

@@ -0,0 +1,40 @@
+import { Injectable, ExecutionContext, UnauthorizedException } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { AuthGuard } from '@nestjs/passport';
+import { Observable } from 'rxjs';
+import { IS_PUBLIC_KEY } from '../decorators/auth.decorator';
+
+/**
+ * 全局认证守卫
+ * 统一处理JWT认证，支持公开路由跳过认证
+ */
+@Injectable()
+export class GlobalAuthGuard extends AuthGuard('jwt') {
+  constructor(private reflector: Reflector) {
+    super();
+  }
+
+  canActivate(
+    context: ExecutionContext,
+  ): boolean | Promise<boolean> | Observable<boolean> {
+    // 检查是否为公开路由
+    const isPublic = this.reflector.getAllAndOverride<boolean>(IS_PUBLIC_KEY, [
+      context.getHandler(),
+      context.getClass(),
+    ]);
+
+    if (isPublic) {
+      return true;
+    }
+
+    return super.canActivate(context);
+  }
+
+  handleRequest(err: any, user: any, info: any, context: ExecutionContext) {
+    // 如果认证失败，抛出未授权异常
+    if (err || !user) {
+      throw err || new UnauthorizedException('认证失败，请重新登录');
+    }
+    return user;
+  }
+}

wwjcloud/src/common/auth/guards/jwt-auth.guard.ts

@@ -0,0 +1,34 @@
+import { Injectable, ExecutionContext, UnauthorizedException } from '@nestjs/common';
+import { AuthGuard } from '@nestjs/passport';
+import { Reflector } from '@nestjs/core';
+import { Observable } from 'rxjs';
+
+@Injectable()
+export class JwtAuthGuard extends AuthGuard('jwt') {
+  constructor(private reflector: Reflector) {
+    super();
+  }
+
+  canActivate(
+    context: ExecutionContext,
+  ): boolean | Promise<boolean> | Observable<boolean> {
+    // 检查是否标记为公开路由
+    const isPublic = this.reflector.getAllAndOverride<boolean>('isPublic', [
+      context.getHandler(),
+      context.getClass(),
+    ]);
+    
+    if (isPublic) {
+      return true;
+    }
+
+    return super.canActivate(context);
+  }
+
+  handleRequest(err: any, user: any, info: any, context: ExecutionContext) {
+    if (err || !user) {
+      throw err || new UnauthorizedException('未授权访问');
+    }
+    return user;
+  }
+}

wwjcloud/src/common/auth/guards/local-auth.guard.ts

@@ -0,0 +1,5 @@
+import { Injectable } from '@nestjs/common';
+import { AuthGuard } from '@nestjs/passport';
+
+@Injectable()
+export class LocalAuthGuard extends AuthGuard('local') {}

wwjcloud/src/common/auth/guards/roles.guard.ts

@@ -0,0 +1,93 @@
+import { Injectable, CanActivate, ExecutionContext, ForbiddenException } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { AdminService } from '../../admin/admin.service';
+import { RoleService } from '../../rbac/role.service';
+import { MenuService } from '../../rbac/menu.service';
+
+@Injectable()
+export class RolesGuard implements CanActivate {
+  constructor(
+    private reflector: Reflector,
+    private adminService: AdminService,
+    private roleService: RoleService,
+    private menuService: MenuService,
+  ) {}
+
+  async canActivate(context: ExecutionContext): Promise<boolean> {
+    // 获取所需的角色或权限
+    const requiredRoles = this.reflector.getAllAndOverride<string[]>('roles', [
+      context.getHandler(),
+      context.getClass(),
+    ]);
+
+    const requiredPermissions = this.reflector.getAllAndOverride<string[]>('permissions', [
+      context.getHandler(),
+      context.getClass(),
+    ]);
+
+    // 如果没有设置角色或权限要求，则允许访问
+    if (!requiredRoles && !requiredPermissions) {
+      return true;
+    }
+
+    const request = context.switchToHttp().getRequest();
+    const user = request.user;
+
+    if (!user) {
+      throw new ForbiddenException('用户未登录');
+    }
+
+    // 只对管理员进行角色权限验证
+    if (user.userType !== 'admin') {
+      return true;
+    }
+
+    try {
+      // 获取用户角色
+      const userRoles = await this.adminService.getUserRoles(user.userId);
+      
+      // 检查角色权限
+      if (requiredRoles && requiredRoles.length > 0) {
+        const hasRole = requiredRoles.some(role => 
+          userRoles.some(userRole => userRole.roleName === role)
+        );
+        if (!hasRole) {
+          throw new ForbiddenException('权限不足：缺少所需角色');
+        }
+      }
+
+      // 检查菜单权限
+      if (requiredPermissions && requiredPermissions.length > 0) {
+        // 获取用户所有角色的权限菜单
+        const allMenuIds: number[] = [];
+        for (const role of userRoles) {
+          const menuIds = await this.roleService.getRoleMenuIds(role.roleId);
+          allMenuIds.push(...menuIds);
+        }
+
+        // 去重
+        const uniqueMenuIds = [...new Set(allMenuIds)];
+        
+        // 获取菜单详情
+        const menus = await this.menuService.findByIds(uniqueMenuIds);
+        const userPermissions = menus.map(menu => menu.menuKey);
+
+        // 检查是否有所需权限
+        const hasPermission = requiredPermissions.some(permission => 
+          userPermissions.includes(permission)
+        );
+        
+        if (!hasPermission) {
+          throw new ForbiddenException('权限不足：缺少所需权限');
+        }
+      }
+
+      return true;
+    } catch (error) {
+      if (error instanceof ForbiddenException) {
+        throw error;
+      }
+      throw new ForbiddenException('权限验证失败');
+    }
+  }
+}