28 KiB
28 KiB
M0 ~ M2:基础设施与鉴权任务清单
M0:冻结能力与重写边界
能力冻结
- 整理当前后端 6 个挂载面并锁定为重写验收基线 交付物:M0_CAPABILITY_SURFACE_BASELINE_2026-04-20.md
- 整理当前后端 96 条路由并生成一份“旧接口 -> 新实现”映射表 交付物:M0_ROUTE_MIGRATION_MATRIX_2026-04-20.md
- 整理当前 12 个内部模块并锁定迁移归属 交付物:M0_MODULE_MIGRATION_BASELINE_2026-04-20.md
- 整理当前所有 SSE 接口与事件格式 交付物:M0_SSE_INTERFACE_BASELINE_2026-04-20.md
- 整理当前所有
/generated-*静态资源前缀 交付物:M0_GENERATED_STATIC_PREFIX_BASELINE_2026-04-20.md - 整理当前前端直接依赖的响应头、envelope、错误格式 交付物:M0_FRONTEND_RESPONSE_CONTRACT_BASELINE_2026-04-20.md
仓库边界
- 确认 Rust 后端新目录名与根目录落位方案 交付物:M0_REPOSITORY_BOUNDARY_DECISIONS_2026-04-20.md
- 确认旧
server-node/在迁移期继续保留,不提前删除 交付物:M0_REPOSITORY_BOUNDARY_DECISIONS_2026-04-20.md - 确认前端第一阶段仍然只访问 Axum,不直连 SpacetimeDB 交付物:M0_REPOSITORY_BOUNDARY_DECISIONS_2026-04-20.md
- 确认外部副作用统一收口在 Axum,不放进 SpacetimeDB 模块 交付物:M0_REPOSITORY_BOUNDARY_DECISIONS_2026-04-20.md
交付物
- 新增“接口映射表”文档 交付物:M0_ROUTE_MIGRATION_MATRIX_2026-04-20.md
- 新增“模块迁移清单”文档 交付物:M0_MODULE_MIGRATION_BASELINE_2026-04-20.md
- 新增“阶段验收矩阵”文档 交付物:M0_PHASE_ACCEPTANCE_MATRIX_2026-04-20.md
M1:Rust 工作区与 Axum 基础设施
工作区搭建
- 在根目录新增
server-rs/交付物:../server-rs/README.md - 创建 workspace
Cargo.toml交付物:../server-rs/Cargo.toml - 创建
crates/api-server交付物:../server-rs/crates/api-server/README.md - 创建
crates/spacetime-module交付物:../server-rs/crates/spacetime-module/README.md - 创建
crates/module-auth交付物:../server-rs/crates/module-auth/README.md - 创建
crates/module-runtime交付物:../server-rs/crates/module-runtime/README.md - 创建
crates/module-story交付物:../server-rs/crates/module-story/README.md - 创建
crates/module-combat交付物:../server-rs/crates/module-combat/README.md - 创建
crates/module-inventory交付物:../server-rs/crates/module-inventory/README.md - 创建
crates/module-npc交付物:../server-rs/crates/module-npc/README.md - 创建
crates/module-progression交付物:../server-rs/crates/module-progression/README.md - 创建
crates/module-quest交付物:../server-rs/crates/module-quest/README.md - 创建
crates/module-runtime-item交付物:../server-rs/crates/module-runtime-item/README.md - 创建
crates/module-custom-world交付物:../server-rs/crates/module-custom-world/README.md - 创建
crates/module-assets交付物:../server-rs/crates/module-assets/README.md - 创建
crates/module-ai交付物:../server-rs/crates/module-ai/README.md - 创建
crates/shared-contracts交付物:../server-rs/crates/shared-contracts/README.md - 创建
crates/shared-kernel交付物:../server-rs/crates/shared-kernel/README.md - 创建
crates/shared-logging交付物:../server-rs/crates/shared-logging/README.md - 创建
crates/platform-auth交付物:../server-rs/crates/platform-auth/README.md - 创建
crates/platform-oss交付物:../server-rs/crates/platform-oss/README.md - 创建
crates/platform-llm交付物:../server-rs/crates/platform-llm/README.md - 创建
crates/spacetime-client交付物:../server-rs/crates/spacetime-client/README.md - 创建
crates/tests-support交付物:../server-rs/crates/tests-support/README.md
Axum 基础能力
- 搭建
main.rs/Router/with_state交付物:../server-rs/crates/api-server/src/main.rs - 接入统一配置加载 交付物:../server-rs/crates/api-server/src/config.rs
- 接入统一日志与 tracing 交付物:../docs/technical/RUST_SHARED_LOGGING_CRATE_DESIGN_2026-04-21.md、../server-rs/crates/shared-logging/src/lib.rs、../server-rs/crates/api-server/src/app.rs、../server-rs/crates/api-server/src/main.rs
- 接入
request_id中间件 交付物:../server-rs/crates/api-server/src/request_context.rs、../server-rs/crates/api-server/src/app.rs - 接入统一错误处理中间件 交付物:../server-rs/crates/api-server/src/http_error.rs、../server-rs/crates/api-server/src/error_middleware.rs、../server-rs/crates/api-server/src/app.rs
- 接入当前项目兼容的 response envelope 交付物:../server-rs/crates/api-server/src/api_response.rs、../server-rs/crates/api-server/src/request_context.rs、../server-rs/crates/api-server/src/http_error.rs
- 接入
x-request-id交付物:../server-rs/crates/api-server/src/response_headers.rs、../server-rs/crates/api-server/src/app.rs - 接入
x-api-version交付物:../server-rs/crates/api-server/src/response_headers.rs - 接入
x-route-version交付物:../server-rs/crates/api-server/src/response_headers.rs - 接入
x-response-time-ms交付物:../server-rs/crates/api-server/src/response_headers.rs、../server-rs/crates/api-server/src/request_context.rs - 实现
/healthz交付物:../server-rs/crates/api-server/src/health.rs、../server-rs/crates/api-server/src/app.rs
基础工程脚本
- 新增本地开发脚本 交付物:../server-rs/scripts/dev.ps1、../server-rs/scripts/dev.sh
- 新增测试脚本 交付物:../server-rs/scripts/test.ps1、../server-rs/scripts/test.sh
- 新增 lint / fmt / clippy / check 脚本 交付物:../server-rs/scripts/check.ps1、../server-rs/scripts/check.sh
- 新增 smoke 脚本 交付物:../server-rs/scripts/smoke.ps1、../server-rs/scripts/smoke.sh
- 新增 SpacetimeDB 本地开发脚本 交付物:../server-rs/scripts/spacetime-dev.ps1、../server-rs/scripts/spacetime-dev.sh
阶段验收
- Axum 服务可独立启动
证据:
./server-rs/scripts/smoke.ps1已通过,覆盖临时启动api-server、等待/healthz就绪并验证 raw / envelope 协议。 /healthz返回与当前工程兼容- 基础 response envelope 与 request id 行为稳定
证据:
cargo test -p api-server --manifest-path server-rs/Cargo.toml已通过,覆盖 envelope 协商与/healthz头部回写。 - Rust workspace 能完整编译通过
证据:
cargo check -p api-server --manifest-path server-rs/Cargo.toml已通过。
M2:鉴权、会话、JWT 与 refresh cookie
SpacetimeDB 身份表
- 设计
user_account交付物:../docs/technical/SPACETIMEDB_AUTH_USER_ACCOUNT_TABLE_DESIGN_2026-04-21.md - 设计
auth_identity交付物:../docs/technical/SPACETIMEDB_AUTH_IDENTITY_TABLE_DESIGN_2026-04-21.md - 设计
refresh_session交付物:../docs/technical/SPACETIMEDB_REFRESH_SESSION_TABLE_DESIGN_2026-04-21.md - 设计
auth_audit_log交付物:../docs/technical/SPACETIMEDB_AUTH_AUDIT_LOG_TABLE_DESIGN_2026-04-21.md - 设计
auth_risk_block交付物:../docs/technical/SPACETIMEDB_AUTH_RISK_BLOCK_TABLE_DESIGN_2026-04-21.md - 设计
sms_auth_event交付物:../docs/technical/SPACETIMEDB_SMS_AUTH_EVENT_TABLE_DESIGN_2026-04-21.md - 设计
wechat_auth_state交付物:../docs/technical/SPACETIMEDB_WECHAT_AUTH_STATE_TABLE_DESIGN_2026-04-21.md
Axum 鉴权服务
- 实现密码登录 交付物:../docs/technical/PASSWORD_ENTRY_FLOW_DESIGN_2026-04-21.md、../server-rs/crates/module-auth/src/lib.rs、../server-rs/crates/platform-auth/src/lib.rs、../server-rs/crates/api-server/src/password_entry.rs、../server-rs/crates/api-server/src/app.rs
- 实现账号自动创建 / 幂等登录兼容策略 交付物:../docs/technical/PASSWORD_ENTRY_FLOW_DESIGN_2026-04-21.md、../server-rs/crates/module-auth/src/lib.rs、../server-rs/crates/api-server/src/app.rs
- 实现 Bearer JWT 校验 交付物:../docs/technical/PLATFORM_AUTH_JWT_ADAPTER_DESIGN_2026-04-21.md、../server-rs/crates/platform-auth/src/lib.rs、../server-rs/crates/api-server/src/auth.rs、../server-rs/crates/api-server/src/app.rs
- 实现 refresh cookie 读取 交付物:../docs/technical/PLATFORM_AUTH_REFRESH_COOKIE_ADAPTER_DESIGN_2026-04-21.md、../server-rs/crates/platform-auth/src/lib.rs、../server-rs/crates/api-server/src/auth.rs、../server-rs/crates/api-server/src/config.rs、../server-rs/crates/api-server/src/app.rs
- 实现 refresh token 轮换 交付物:../docs/technical/AUTH_REFRESH_ROTATION_DESIGN_2026-04-21.md、../server-rs/crates/module-auth/src/lib.rs、../server-rs/crates/platform-auth/src/lib.rs、../server-rs/crates/api-server/src/auth_session.rs、../server-rs/crates/api-server/src/password_entry.rs、../server-rs/crates/api-server/src/app.rs
- 实现多端会话身份建模与会话列表查询 交付物:../docs/technical/MULTI_DEVICE_SESSION_IDENTITY_DESIGN_2026-04-21.md、../docs/technical/AUTH_SESSIONS_QUERY_DESIGN_2026-04-21.md、../docs/technical/SPACETIMEDB_REFRESH_SESSION_TABLE_DESIGN_2026-04-21.md、../server-rs/crates/api-server/src/session_client.rs、../server-rs/crates/api-server/src/auth_sessions.rs、../server-rs/crates/api-server/src/password_entry.rs、../server-rs/crates/api-server/src/app.rs、../server-rs/crates/module-auth/src/lib.rs、../packages/shared/src/contracts/auth.ts
- 实现会话吊销 交付物:../docs/technical/AUTH_LOGOUT_CURRENT_SESSION_DESIGN_2026-04-21.md、../server-rs/crates/module-auth/src/lib.rs、../server-rs/crates/api-server/src/auth.rs、../server-rs/crates/api-server/src/auth_session.rs、../server-rs/crates/api-server/src/logout.rs、../server-rs/crates/api-server/src/app.rs
- 实现全端登出 交付物:../docs/technical/AUTH_LOGOUT_ALL_DESIGN_2026-04-21.md、../server-rs/crates/module-auth/src/lib.rs、../server-rs/crates/api-server/src/logout_all.rs、../server-rs/crates/api-server/src/app.rs
- 实现
me查询 交付物:../docs/technical/AUTH_ME_QUERY_DESIGN_2026-04-21.md、../server-rs/crates/module-auth/src/lib.rs、../server-rs/crates/api-server/src/auth_me.rs、../server-rs/crates/api-server/src/app.rs
手机验证码登录
- 接入阿里云短信发送 adapter
- 实现发送验证码接口 交付物:../docs/technical/PHONE_AUTH_AXUM_MINIMAL_FLOW_DESIGN_2026-04-21.md、../docs/technical/PHONE_AUTH_AXUM_RATE_LIMIT_AND_FAILURE_DESIGN_2026-04-21.md、../server-rs/crates/module-auth/src/lib.rs、../server-rs/crates/api-server/src/phone_auth.rs、../server-rs/crates/api-server/src/app.rs
- 实现验证码校验接口 交付物:../docs/technical/PHONE_AUTH_AXUM_MINIMAL_FLOW_DESIGN_2026-04-21.md、../docs/technical/PHONE_AUTH_AXUM_RATE_LIMIT_AND_FAILURE_DESIGN_2026-04-21.md、../server-rs/crates/module-auth/src/lib.rs、../server-rs/crates/api-server/src/phone_auth.rs、../server-rs/crates/api-server/src/app.rs
- 实现手机号绑定 交付物:../docs/technical/PHONE_AUTH_AXUM_MINIMAL_FLOW_DESIGN_2026-04-21.md、../docs/technical/WECHAT_LOGIN_AXUM_IMPLEMENTATION_DESIGN_2026-04-21.md、../server-rs/crates/module-auth/src/lib.rs、../server-rs/crates/api-server/src/wechat_auth.rs
- 实现手机号换绑
- 实现发送频率限制 交付物:../docs/technical/PHONE_AUTH_AXUM_RATE_LIMIT_AND_FAILURE_DESIGN_2026-04-21.md、../server-rs/crates/module-auth/src/lib.rs、../server-rs/crates/api-server/src/phone_auth.rs、../server-rs/crates/api-server/src/app.rs
- 实现验证码失败次数限制 交付物:../docs/technical/PHONE_AUTH_AXUM_RATE_LIMIT_AND_FAILURE_DESIGN_2026-04-21.md、../server-rs/crates/module-auth/src/lib.rs、../server-rs/crates/api-server/src/phone_auth.rs、../server-rs/crates/api-server/src/app.rs
- 实现 captcha 触发逻辑
- 实现风控封禁与解除
微信登录
- 接入微信 OAuth adapter 交付物:../docs/technical/WECHAT_LOGIN_AXUM_IMPLEMENTATION_DESIGN_2026-04-21.md、../server-rs/crates/api-server/src/wechat_provider.rs、../server-rs/crates/api-server/src/state.rs
- 实现
wechat/start交付物:../docs/technical/WECHAT_LOGIN_AXUM_IMPLEMENTATION_DESIGN_2026-04-21.md、../server-rs/crates/api-server/src/wechat_auth.rs、../server-rs/crates/api-server/src/app.rs - 实现
wechat/callback交付物:../docs/technical/WECHAT_LOGIN_AXUM_IMPLEMENTATION_DESIGN_2026-04-21.md、../server-rs/crates/api-server/src/wechat_auth.rs、../server-rs/crates/module-auth/src/lib.rs、../server-rs/crates/api-server/src/app.rs - 实现微信身份绑定 交付物:../docs/technical/SPACETIMEDB_AUTH_IDENTITY_TABLE_DESIGN_2026-04-21.md、../server-rs/crates/module-auth/src/lib.rs
- 实现微信账号补绑手机号 交付物:../docs/technical/WECHAT_LOGIN_AXUM_IMPLEMENTATION_DESIGN_2026-04-21.md、../server-rs/crates/api-server/src/wechat_auth.rs、../server-rs/crates/module-auth/src/lib.rs、../server-rs/crates/api-server/src/app.rs
- 实现桌面端 / 微信内打开场景区分 交付物:../docs/technical/WECHAT_LOGIN_AXUM_IMPLEMENTATION_DESIGN_2026-04-21.md、../server-rs/crates/api-server/src/wechat_auth.rs、../server-rs/crates/api-server/src/session_client.rs
OIDC 与 SpacetimeDB 身份透传
- 设计 JWT claims 交付物:../docs/technical/OIDC_JWT_CLAIMS_DESIGN_2026-04-21.md
- 确认
iss/sub/sid/provider/roles字段 交付物:../docs/technical/OIDC_JWT_CLAIMS_DESIGN_2026-04-21.md - 让 Axum 自身可校验 JWT 交付物:../docs/technical/PLATFORM_AUTH_JWT_ADAPTER_DESIGN_2026-04-21.md、../server-rs/crates/platform-auth/README.md、../server-rs/crates/api-server/src/auth.rs
- 让 SpacetimeDB 可识别 Axum 签发的身份令牌
- 验证 reducer / view 可读取用户身份上下文
当前接口兼容
- 兼容
/api/auth/login-options交付物:../docs/technical/AUTH_LOGIN_OPTIONS_DESIGN_2026-04-21.md、../server-rs/crates/api-server/src/login_options.rs、../server-rs/crates/api-server/src/app.rs - 兼容
/api/auth/entry交付物:../server-rs/crates/api-server/src/password_entry.rs、../server-rs/crates/api-server/src/app.rs - 兼容
/api/auth/me交付物:../server-rs/crates/api-server/src/auth_me.rs、../server-rs/crates/api-server/src/app.rs - 兼容
/api/auth/logout交付物:../server-rs/crates/api-server/src/logout.rs、../server-rs/crates/api-server/src/app.rs - 兼容
/api/auth/logout-all交付物:../docs/technical/AUTH_LOGOUT_ALL_DESIGN_2026-04-21.md、../server-rs/crates/api-server/src/logout_all.rs、../server-rs/crates/api-server/src/app.rs、../server-rs/crates/module-auth/src/lib.rs - 兼容
/api/auth/refresh交付物:../server-rs/crates/api-server/src/auth_session.rs、../server-rs/crates/api-server/src/app.rs - 兼容
/api/auth/sessions交付物:../docs/technical/AUTH_SESSIONS_QUERY_DESIGN_2026-04-21.md、../server-rs/crates/api-server/src/auth_sessions.rs、../server-rs/crates/api-server/src/app.rs、../server-rs/crates/module-auth/src/lib.rs - 兼容
/api/auth/sessions/:sessionId/revoke - 兼容
/api/auth/audit-logs - 兼容
/api/auth/risk-blocks - 兼容
/api/auth/risk-blocks/:scopeType/lift - 兼容
/api/auth/phone/send-code交付物:../docs/technical/PHONE_AUTH_AXUM_MINIMAL_FLOW_DESIGN_2026-04-21.md、../server-rs/crates/api-server/src/phone_auth.rs、../server-rs/crates/api-server/src/app.rs、../server-rs/crates/module-auth/src/lib.rs - 兼容
/api/auth/phone/login交付物:../docs/technical/PHONE_AUTH_AXUM_MINIMAL_FLOW_DESIGN_2026-04-21.md、../server-rs/crates/api-server/src/phone_auth.rs、../server-rs/crates/api-server/src/app.rs、../server-rs/crates/module-auth/src/lib.rs - 兼容
/api/auth/phone/change - 兼容
/api/auth/wechat/start交付物:../server-rs/crates/api-server/src/wechat_auth.rs、../server-rs/crates/api-server/src/app.rs、../src/services/authService.ts - 兼容
/api/auth/wechat/callback交付物:../server-rs/crates/api-server/src/wechat_auth.rs、../server-rs/crates/api-server/src/app.rs、../src/services/authService.ts - 兼容
/api/auth/wechat/bind-phone交付物:../server-rs/crates/api-server/src/wechat_auth.rs、../server-rs/crates/api-server/src/app.rs、../src/services/authService.ts
阶段验收
- 密码登录主链可用
证据:
cargo test -p module-auth --manifest-path server-rs/Cargo.toml、cargo test -p api-server --manifest-path server-rs/Cargo.toml已通过,覆盖自动建号、重复登录复用、错密码401、非法用户名400与 refresh cookie 写回。 - refresh cookie 主链可用
证据:
cargo test -p module-auth --manifest-path server-rs/Cargo.toml、cargo test -p api-server --manifest-path server-rs/Cargo.toml已通过,覆盖 refresh 成功轮换、旧 token 失效、缺少 cookie401与失败时清理 cookie。 - 手机验证码主链可用
证据:
cargo test -p module-auth phone --manifest-path server-rs/Cargo.toml -- --nocapture、cargo test -p api-server phone --manifest-path server-rs/Cargo.toml -- --nocapture已通过,覆盖发送验证码、同场景冷却429、验证码错误次数耗尽429、重新发送后恢复登录,以及手机号登录建号/复用与 refresh cookie 写回。 - 微信登录主链可用
证据:
cargo test -p api-server --manifest-path server-rs/Cargo.toml、cargo test -p api-server wechat --manifest-path server-rs/Cargo.toml、cargo test -p module-auth --manifest-path server-rs/Cargo.toml已通过,覆盖wechat/start、wechat/callback、待绑定会话签发、手机号补绑并入已有账号,以及unionid命中后新openid映射回写。 - 所有旧鉴权接口可通过 contract 回归