初始化游戏小组管理系统后端项目

- 基于 NestJS + TypeScript + MySQL + Redis 架构
- 完整的模块化设计（认证、用户、小组、游戏、预约等）
- JWT 认证和 RBAC 权限控制系统
- Docker 容器化部署支持
- 添加 CLAUDE.md 项目开发指南
- 配置 .gitignore 忽略文件

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

src/common/guards/jwt-auth.guard.ts

@@ -0,0 +1,43 @@
+import { Injectable, ExecutionContext, UnauthorizedException } from '@nestjs/common';
+import { AuthGuard } from '@nestjs/passport';
+import { Reflector } from '@nestjs/core';
+import { IS_PUBLIC_KEY } from '../decorators/public.decorator';
+import { ErrorCode, ErrorMessage } from '../interfaces/response.interface';
+
+/**
+ * JWT 认证守卫
+ * 默认所有接口都需要认证，除非使用 @Public() 装饰器
+ */
+@Injectable()
+export class JwtAuthGuard extends AuthGuard('jwt') {
+  constructor(private reflector: Reflector) {
+    super();
+  }
+
+  canActivate(context: ExecutionContext) {
+    // 检查是否是公开接口
+    const isPublic = this.reflector.getAllAndOverride<boolean>(IS_PUBLIC_KEY, [
+      context.getHandler(),
+      context.getClass(),
+    ]);
+
+    if (isPublic) {
+      return true;
+    }
+
+    return super.canActivate(context);
+  }
+
+  handleRequest(err: any, user: any, info: any) {
+    if (err || !user) {
+      throw (
+        err ||
+        new UnauthorizedException({
+          code: ErrorCode.UNAUTHORIZED,
+          message: ErrorMessage[ErrorCode.UNAUTHORIZED],
+        })
+      );
+    }
+    return user;
+  }
+}

src/common/guards/roles.guard.ts

@@ -0,0 +1,45 @@
+import { Injectable, CanActivate, ExecutionContext, ForbiddenException } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { ROLES_KEY } from '../decorators/roles.decorator';
+import { UserRole } from '../enums';
+import { ErrorCode, ErrorMessage } from '../interfaces/response.interface';
+
+/**
+ * 角色守卫
+ * 检查用户是否拥有所需的角色
+ */
+@Injectable()
+export class RolesGuard implements CanActivate {
+  constructor(private reflector: Reflector) {}
+
+  canActivate(context: ExecutionContext): boolean {
+    const requiredRoles = this.reflector.getAllAndOverride<UserRole[]>(
+      ROLES_KEY,
+      [context.getHandler(), context.getClass()],
+    );
+
+    if (!requiredRoles) {
+      return true;
+    }
+
+    const { user } = context.switchToHttp().getRequest();
+
+    if (!user) {
+      throw new ForbiddenException({
+        code: ErrorCode.UNAUTHORIZED,
+        message: ErrorMessage[ErrorCode.UNAUTHORIZED],
+      });
+    }
+
+    const hasRole = requiredRoles.some((role) => user.role === role);
+
+    if (!hasRole) {
+      throw new ForbiddenException({
+        code: ErrorCode.NO_PERMISSION,
+        message: ErrorMessage[ErrorCode.NO_PERMISSION],
+      });
+    }
+
+    return true;
+  }
+}