use axum::Router; use uuid::Uuid; use erp_core::error::AppResult; use erp_core::events::EventBus; use erp_core::module::ErpModule; use crate::handler::{auth_handler, org_handler, role_handler, user_handler}; /// Auth module implementing the `ErpModule` trait. /// /// Manages identity, authentication, and user CRUD within the ERP platform. /// This module has no dependencies on other business modules. pub struct AuthModule; impl AuthModule { pub fn new() -> Self { Self } /// Build public (unauthenticated) routes for the auth module. /// /// These routes do not require a valid JWT token. /// The caller wraps this into whatever state type the application uses. pub fn public_routes() -> Router where crate::auth_state::AuthState: axum::extract::FromRef, S: Clone + Send + Sync + 'static, { Router::new() .route("/auth/login", axum::routing::post(auth_handler::login)) .route("/auth/refresh", axum::routing::post(auth_handler::refresh)) } /// Build protected (authenticated) routes for the auth module. /// /// These routes require a valid JWT token, verified by the middleware layer. /// The caller wraps this into whatever state type the application uses. pub fn protected_routes() -> Router where crate::auth_state::AuthState: axum::extract::FromRef, S: Clone + Send + Sync + 'static, { Router::new() .route("/auth/logout", axum::routing::post(auth_handler::logout)) .route( "/users", axum::routing::get(user_handler::list_users).post(user_handler::create_user), ) .route( "/users/{id}", axum::routing::get(user_handler::get_user) .put(user_handler::update_user) .delete(user_handler::delete_user), ) .route( "/users/{id}/roles", axum::routing::post(user_handler::assign_roles), ) .route( "/roles", axum::routing::get(role_handler::list_roles).post(role_handler::create_role), ) .route( "/roles/{id}", axum::routing::get(role_handler::get_role) .put(role_handler::update_role) .delete(role_handler::delete_role), ) .route( "/roles/{id}/permissions", axum::routing::get(role_handler::get_role_permissions) .post(role_handler::assign_permissions), ) .route( "/permissions", axum::routing::get(role_handler::list_permissions), ) // Organization routes .route( "/organizations", axum::routing::get(org_handler::list_organizations) .post(org_handler::create_organization), ) .route( "/organizations/{id}", axum::routing::put(org_handler::update_organization) .delete(org_handler::delete_organization), ) // Department routes (nested under organization) .route( "/organizations/{org_id}/departments", axum::routing::get(org_handler::list_departments) .post(org_handler::create_department), ) .route( "/departments/{id}", axum::routing::put(org_handler::update_department) .delete(org_handler::delete_department), ) // Position routes (nested under department) .route( "/departments/{dept_id}/positions", axum::routing::get(org_handler::list_positions).post(org_handler::create_position), ) .route( "/positions/{id}", axum::routing::put(org_handler::update_position) .delete(org_handler::delete_position), ) } } impl Default for AuthModule { fn default() -> Self { Self::new() } } #[async_trait::async_trait] impl ErpModule for AuthModule { fn name(&self) -> &str { "auth" } fn version(&self) -> &str { env!("CARGO_PKG_VERSION") } fn dependencies(&self) -> Vec<&str> { // Auth is a foundational module with no business-module dependencies. vec![] } fn register_event_handlers(&self, _bus: &EventBus) { // Auth 模块暂无跨模块事件订阅需求 } async fn on_tenant_created(&self, _tenant_id: Uuid) -> AppResult<()> { // TODO: 创建默认角色和管理员用户 Ok(()) } async fn on_tenant_deleted(&self, _tenant_id: Uuid) -> AppResult<()> { // TODO: 软删除该租户下所有用户 Ok(()) } fn as_any(&self) -> &dyn std::any::Any { self } }