feat(tenant): 完整多租户数据隔离 - BaseEntity统一TenantId + DbContext全局过滤器 + 所有Controllers写入TenantId + SQLite补列

Author: pythonHuang

Juggle.Api/Controllers/Api/DataSourceController.cs

@@ -1,5 +1,6 @@
 using Juggle.Application.Models.Request;
 using Juggle.Application.Models.Response;
+using Juggle.Application.Services;
 using Juggle.Application.Services.Impl;
 using Juggle.Domain.Entities;
 using Juggle.Infrastructure.Persistence;
@@ -16,11 +17,13 @@ public class DataSourceController : ControllerBase
 {
     private readonly JuggleDbContext _db;
     private readonly DataSourceService _dsService;
+    private readonly ITenantAccessor _tenant;
 
-    public DataSourceController(JuggleDbContext db, DataSourceService dsService)
+    public DataSourceController(JuggleDbContext db, DataSourceService dsService, ITenantAccessor tenant)
     {
         _db        = db;
         _dsService = dsService;
+        _tenant    = tenant;
     }
 
     [HttpPost("add")]
@@ -35,6 +38,7 @@ public async Task<ApiResult> Add([FromBody] DataSourceAddRequest req)
             DbName    = req.DbName,
             Username  = req.Username,
             Password  = req.Password,
+            TenantId  = _tenant.TenantId,
             CreatedAt = DateTime.Now.ToString("o")
         };
         _db.DataSources.Add(entity);

Juggle.Api/Controllers/Api/FlowDefinitionController.cs

@@ -1,6 +1,7 @@
 using System.Text.Json;
 using Juggle.Application.Models.Request;
 using Juggle.Application.Models.Response;
+using Juggle.Application.Services;
 using Juggle.Application.Services.Flow;
 using Juggle.Domain.Entities;
 using Juggle.Infrastructure.Persistence;
@@ -17,11 +18,13 @@ public class FlowDefinitionController : ControllerBase
 {
     private readonly JuggleDbContext _db;
     private readonly FlowExecutionService _flowExec;
+    private readonly ITenantAccessor _tenant;
 
-    public FlowDefinitionController(JuggleDbContext db, FlowExecutionService flowExec)
+    public FlowDefinitionController(JuggleDbContext db, FlowExecutionService flowExec, ITenantAccessor tenant)
     {
         _db       = db;
         _flowExec = flowExec;
+        _tenant   = tenant;
     }
 
     [HttpPost("add")]
@@ -37,6 +40,7 @@ public async Task<ApiResult> Add([FromBody] FlowDefinitionAddRequest req)
             GroupName   = req.GroupName,
             FlowContent = "[]",
             Status      = 0,
+            TenantId    = _tenant.TenantId,
             CreatedAt   = DateTime.Now.ToString("o")
         };
         _db.FlowDefinitions.Add(entity);
@@ -258,6 +262,7 @@ public async Task<ApiResult> Import([FromBody] System.Text.Json.JsonElement body
                 FlowType    = flowType,
                 FlowContent = flowContent,
                 Status      = 0,
+                TenantId    = _tenant.TenantId,
                 CreatedAt   = DateTime.Now.ToString("o")
             };
             _db.FlowDefinitions.Add(entity);
@@ -320,6 +325,7 @@ public async Task<ApiResult> Clone(long id)
             GroupName   = source.GroupName,
             FlowContent = source.FlowContent,
             Status      = 0,
+            TenantId    = _tenant.TenantId,
             CreatedAt   = DateTime.Now.ToString("o")
         };
         _db.FlowDefinitions.Add(cloned);
@@ -394,6 +400,7 @@ public async Task<ApiResult> Deploy([FromBody] FlowDeployRequest req)
                 FlowDesc  = definition.FlowDesc,
                 FlowType  = definition.FlowType,
                 Status    = 1,
+                TenantId  = _tenant.TenantId,
                 CreatedAt = DateTime.Now.ToString("o")
             };
             _db.FlowInfos.Add(flowInfo);
@@ -419,6 +426,7 @@ public async Task<ApiResult> Deploy([FromBody] FlowDeployRequest req)
             Version     = newVersion,
             FlowContent = definition.FlowContent,
             Status      = 1,
+            TenantId    = _tenant.TenantId,
             CreatedAt   = DateTime.Now.ToString("o")
         };
         _db.FlowVersions.Add(flowVersion);

Juggle.Api/Controllers/Api/ObjectController.cs

@@ -2,6 +2,7 @@
 using Juggle.Infrastructure.Persistence;
 using Juggle.Application.Models.Request;
 using Juggle.Application.Models.Response;
+using Juggle.Application.Services;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
@@ -14,8 +15,13 @@ namespace Juggle.Api.Controllers.Api;
 public class ObjectController : ControllerBase
 {
     private readonly JuggleDbContext _db;
+    private readonly ITenantAccessor _tenant;
 
-    public ObjectController(JuggleDbContext db) => _db = db;
+    public ObjectController(JuggleDbContext db, ITenantAccessor tenant)
+    {
+        _db = db;
+        _tenant = tenant;
+    }
 
     [HttpPost("add")]
     public async Task<ApiResult> Add([FromBody] ObjectAddRequest req)
@@ -26,6 +32,7 @@ public async Task<ApiResult> Add([FromBody] ObjectAddRequest req)
             ObjectCode = code,
             ObjectName = req.ObjectName,
             ObjectDesc = req.ObjectDesc,
+            TenantId   = _tenant.TenantId,
             CreatedAt  = DateTime.Now.ToString("o")
         };
         _db.Objects.Add(entity);

Juggle.Api/Controllers/Api/ScheduleTaskController.cs

@@ -1,6 +1,7 @@
 using Juggle.Application.Models.Request;
 using Juggle.Application.Models.Response;
 using Juggle.Api.Services;
+using Juggle.Application.Services;
 using Juggle.Domain.Entities;
 using Juggle.Infrastructure.Persistence;
 using Microsoft.AspNetCore.Authorization;
@@ -15,10 +16,12 @@ namespace Juggle.Api.Controllers.Api;
 public class ScheduleTaskController : ControllerBase
 {
     private readonly JuggleDbContext _db;
+    private readonly ITenantAccessor _tenant;
 
-    public ScheduleTaskController(JuggleDbContext db)
+    public ScheduleTaskController(JuggleDbContext db, ITenantAccessor tenant)
     {
         _db = db;
+        _tenant = tenant;
     }
 
     [HttpPost("add")]
@@ -36,6 +39,7 @@ public async Task<ApiResult> Add([FromBody] ScheduleTaskAddRequest req)
             CronExpression = req.CronExpression,
             InputJson      = req.InputJson,
             Status         = 1,
+            TenantId       = _tenant.TenantId,
             NextRunTime    = ScheduleTaskService.CalculateNextRun(req.CronExpression, DateTime.Now),
             CreatedAt      = DateTime.Now.ToString("o")
         };

Juggle.Api/Controllers/Api/StaticVariableController.cs

@@ -2,6 +2,7 @@
 using Juggle.Infrastructure.Persistence;
 using Juggle.Application.Models.Request;
 using Juggle.Application.Models.Response;
+using Juggle.Application.Services;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
@@ -15,7 +16,12 @@ namespace Juggle.Api.Controllers.Api;
 public class StaticVariableController : ControllerBase
 {
     private readonly JuggleDbContext _db;
-    public StaticVariableController(JuggleDbContext db) => _db = db;
+    private readonly ITenantAccessor _tenant;
+    public StaticVariableController(JuggleDbContext db, ITenantAccessor tenant)
+    {
+        _db = db;
+        _tenant = tenant;
+    }
 
     [HttpGet("list")]
     public async Task<ApiResult> List([FromQuery] string? groupName)
@@ -42,6 +48,7 @@ public async Task<ApiResult> Add([FromBody] StaticVarSaveRequest req)
             DefaultValue = req.DefaultValue,
             Description  = req.Description,
             GroupName    = req.GroupName,
+            TenantId     = _tenant.TenantId,
             CreatedAt    = DateTime.Now.ToString("o")
         };
         _db.StaticVariables.Add(entity);

Juggle.Api/Controllers/Api/SuiteController.cs

@@ -2,6 +2,7 @@
 using Juggle.Infrastructure.Persistence;
 using Juggle.Application.Models.Request;
 using Juggle.Application.Models.Response;
+using Juggle.Application.Services;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
@@ -14,8 +15,13 @@ namespace Juggle.Api.Controllers.Api;
 public class SuiteController : ControllerBase
 {
     private readonly JuggleDbContext _db;
+    private readonly ITenantAccessor _tenant;
 
-    public SuiteController(JuggleDbContext db) => _db = db;
+    public SuiteController(JuggleDbContext db, ITenantAccessor tenant)
+    {
+        _db = db;
+        _tenant = tenant;
+    }
 
     [HttpPost("add")]
     public async Task<ApiResult> Add([FromBody] SuiteAddRequest req)
@@ -29,6 +35,7 @@ public async Task<ApiResult> Add([FromBody] SuiteAddRequest req)
             SuiteImage   = req.SuiteImage,
             SuiteVersion = req.SuiteVersion,
             SuiteFlag    = 0,
+            TenantId     = _tenant.TenantId,
             CreatedAt    = DateTime.Now.ToString("o")
         };
         _db.Suites.Add(entity);
@@ -161,6 +168,7 @@ public async Task<ApiResult> Import([FromBody] System.Text.Json.JsonElement body
                 SuiteVersion = suiteVersion,
                 SuiteImage   = suiteImage,
                 SuiteFlag    = 0,
+                TenantId     = _tenant.TenantId,
                 CreatedAt    = DateTime.Now.ToString("o")
             };
             _db.Suites.Add(entity);

Juggle.Api/Controllers/Api/TokenController.cs

@@ -2,6 +2,7 @@
 using Juggle.Infrastructure.Persistence;
 using Juggle.Application.Models.Request;
 using Juggle.Application.Models.Response;
+using Juggle.Application.Services;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
@@ -14,8 +15,13 @@ namespace Juggle.Api.Controllers.Api;
 public class TokenController : ControllerBase
 {
     private readonly JuggleDbContext _db;
+    private readonly ITenantAccessor _tenant;
 
-    public TokenController(JuggleDbContext db) => _db = db;
+    public TokenController(JuggleDbContext db, ITenantAccessor tenant)
+    {
+        _db = db;
+        _tenant = tenant;
+    }
 
     [HttpPost("add")]
     public async Task<ApiResult> Add([FromBody] TokenAddRequest req)
@@ -27,6 +33,7 @@ public async Task<ApiResult> Add([FromBody] TokenAddRequest req)
             TokenName  = req.TokenName,
             ExpiredAt  = req.ExpiredAt,
             Status     = 1,
+            TenantId   = _tenant.TenantId,
             CreatedAt  = DateTime.Now.ToString("o")
         };
         _db.Tokens.Add(entity);
@@ -96,6 +103,7 @@ public async Task<ApiResult> SavePermissions(long tokenId, [FromBody] List<Token
                 PermissionType = perm.PermissionType,
                 ResourceKey    = perm.ResourceKey,
                 ResourceName   = perm.ResourceName,
+                TenantId       = _tenant.TenantId,
                 CreatedAt      = DateTime.Now.ToString("o")
             });
         }

Juggle.Api/Controllers/Api/WebhookController.cs

@@ -1,6 +1,8 @@
 using Juggle.Application.Models.Response;
+using Juggle.Application.Services;
 using Juggle.Domain.Entities;
 using Juggle.Infrastructure.Persistence;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
 
@@ -9,13 +11,16 @@ namespace Juggle.Api.Controllers.Api;
 /// <summary>Webhook 管理接口</summary>
 [ApiController]
 [Route("api/system/webhook")]
+[Authorize]
 public class WebhookController : ControllerBase
 {
     private readonly JuggleDbContext _db;
+    private readonly ITenantAccessor _tenant;
 
-    public WebhookController(JuggleDbContext db)
+    public WebhookController(JuggleDbContext db, ITenantAccessor tenant)
     {
         _db = db;
+        _tenant = tenant;
     }
 
     /// <summary>分页查询 Webhook 列表</summary>
@@ -75,6 +80,7 @@ public async Task<ApiResult> Save([FromBody] WebhookEntity webhook)
         var def = await _db.FlowDefinitions.FirstOrDefaultAsync(d => d.FlowKey == webhook.FlowKey && d.Deleted == 0);
         if (def != null) webhook.FlowName = def.FlowName;
 
+        webhook.TenantId = _tenant.TenantId;
         webhook.CreatedAt = DateTime.Now.ToString("o");
         webhook.TriggerCount = 0;
         _db.Webhooks.Add(webhook);

Juggle.Api/Program.cs

@@ -93,7 +93,21 @@ static string MaskPassword(string connStr)
     );
 }
 
-builder.Services.AddDbContext<JuggleDbContext>(ConfigureDbContext);
+// 注册 IHttpContextAccessor（DbContext 内部读取当前 HTTP 请求的租户信息）
+builder.Services.AddHttpContextAccessor();
+
+// 注册 ICurrentTenantProvider：从 JWT Claims 动态获取当前租户 ID
+builder.Services.AddScoped<Juggle.Infrastructure.Persistence.ICurrentTenantProvider,
+    Juggle.Api.Services.HttpContextTenantProvider>();
+
+// 注册 DbContext：EF Core DI 会自动注入 ICurrentTenantProvider（因为它已注册为 Scoped）
+builder.Services.AddDbContext<JuggleDbContext>((sp, opts) =>
+{
+    ConfigureDbContext(opts);
+});
+// 说明：JuggleDbContext 有两个构造函数：
+//   (DbContextOptions)              → 用于 EnsureCreated / 测试
+//   (DbContextOptions, ICurrentTenantProvider) → 用于 HTTP 请求（EF Core DI 自动选择参数最多的）
 
 // 如果不是 SQLite，则需要在启动时确保数据库已迁移
 // SQLite 使用 EnsureCreated，其他数据库使用 Migrate 或 EnsureCreated

Juggle.Api/Services/HttpContextTenantProvider.cs

@@ -0,0 +1,31 @@
+using Juggle.Infrastructure.Persistence;
+
+namespace Juggle.Api.Services;
+
+/// <summary>
+/// 从当前 HTTP 请求的 JWT Claims 中获取租户 ID。
+/// 超级管理员（RoleId=1）返回 null，DbContext 不加过滤。
+/// </summary>
+public class HttpContextTenantProvider : ICurrentTenantProvider
+{
+    private readonly IHttpContextAccessor _httpContextAccessor;
+
+    public HttpContextTenantProvider(IHttpContextAccessor httpContextAccessor)
+    {
+        _httpContextAccessor = httpContextAccessor;
+    }
+
+    public long? GetCurrentTenantId()
+    {
+        var user = _httpContextAccessor.HttpContext?.User;
+        if (user == null || user.Identity?.IsAuthenticated != true)
+            return null;
+
+        // 超级管理员（RoleId=1）不受租户过滤，可看所有数据
+        var roleClaim = user.FindFirst("RoleId")?.Value;
+        if (roleClaim == "1") return null;
+
+        var tenantClaim = user.FindFirst("TenantId")?.Value;
+        return long.TryParse(tenantClaim, out var tid) ? tid : null;
+    }
+}