An authentication and authorization system based on RBAC for restful APIs

栏目: IT技术 · 发布时间: 4年前

内容简介:wolf is a universal RBAC system, suitable for all HTTP applications. Unified authorization and access control.Within each company, there are different backend services and corresponding management backend. Usually different systems have their own account s

Chinese

Introductions

wolf is a universal RBAC system, suitable for all HTTP applications. Unified authorization and access control.

Within each company, there are different backend services and corresponding management backend. Usually different systems have their own account system and permission management module. Repeated development makes development resources wasteful. And there is no unified account number, causing administrative confusion. This would be even worse if the system was developed by a different team.

The system can be applied to a variety of platforms and systems. Unified account number and unified authorization. And no development work is required for each system.

Demo address (first visit will be slow, please be patient, or use docker to run the test locally):

Account Password
admin wolf-123456
  • Restful Demo: Demo , Test account and password:
Account Password
app-man wolf-123456
user-role-perm-man wolf-123456
log wolf-123456
  • Html Demo: Html Demo , Test account and password:
Account Password
or_index wolf-123456
or_en wolf-123456
or_cn wolf-123456
or_changes wolf-123456
or_changes_all wolf-123456
or_cn_getting_start wolf-123456
or_suffix_match wolf-123456

Note: The Html Demo application is a proxy for the OpenResty official website and adds Rbac access control. The original website does not require login, you can visit here to view the original website.

Features

  • Language independent, any HTTP program can be used, including but not limited to: pure static web pages, JSP, PHP, ASP, PYTHON, NODE JS and other WEB systems
  • Low coupling, non-intrusive, supports new applications without any modifications or changes to the application, the system manages resource rights at the proxy level
  • Management backend ( console module ) for application , user , role , permission and resources management
  • Supports Restful interface, also supports pure html applications for backend rendering
  • Support access logging and querying for auditing
  • APISIX gateway support apache-apisix:wolf-rbac
  • The system has three main modules:
    • Wolf-Server, Service implementation, management backend functionality implementation
    • Wolf-Console, Management-backend's frontend code implementation
    • Wolf-Agent, RBAC's access check agent
  • The system contains the following entity objects:
    • Application , Multi-application support. Different applications can have different permissions, roles and resources. You can view the RBAC object relationship diagram under the application.
    • User , Users are Shared by all applications. Objects that can be authorized for users include:
      • Administrator privileges, users set as administrators can log in to "Console" to manage the backend and manage the application.
      • Application list, which can assign zero to multiple applications to a user. Depending on the type of user, the meaning of the application list varies:
        • For administrative users, these applications can be managed.
        • For non-administrative users, these applications can be accessed and used
      • Roles, you can assign multiple roles to the user, and the permissions you end up with are a collection of permissions for all roles
      • Permission, the system can assign permissions directly to users. Although this approach is not usually supported in standard RBAC models, this system supports
    • Role , role can contain a set of permissions.
    • Category , permissions category, is a way to classify (group) permissions for easy management, usually by large functional modules. In the system Permissions selection box, the permissions will be grouped by category.
    • Permission , permissions and resources are a one-to-many relationship, one resource can have one permission, or multiple resources can use the same permission.
    • Resource , Currently it is mainly HTTP requests. The properties Match Type + Name + Action of a resource determine a unique resource. The most important 4 tuple groups for a resource are:
      • Match Type , URL match type, supports equals match , suffix match , prefix match three types.
      • Name , Refers to the requested HTTP URL. If it is an equals match and prefix match , it usually starts with / . If it is a suffix match , it is usually a common resource suffix, such as: .jpg', .js', no wildcards or regulars are supported.
      • Action , refers to the requested HTTP Method . The method ALL matches all methods.
      • Permission , Specify the permissions required to access the resource. Two built-in permissions: Allow All means that all users have access, and Deny All means that all users cannot access.
    • Audit Log , An audit log, which records all accesses to the system (including Wolf-Console and applications managed by the system). The following key information was recorded:
      Wolf-Console
      
  • The resource matching method, which supports different priorities, has the following priority rules:
    • Match Type priority from high to low, in order:equals match, suffix match, prefix match.
    • Action means HTTP Method . ALL has lower priority. Other methods (such as GET , POST , PUT ) have the same priority, but all have higher priority than ALL .
    • Name means HTTP URL . The priority is related to the URL length. The longer the URL, the higher the priority.

Note: The URL in this article refers only to the path section of the URL standard, not the domain name, port and parameters section.

Architecture

An authentication and authorization system based on RBAC for restful APIs

Relations

An authentication and authorization system based on RBAC for restful APIs

Technologies

  • Server: NodeJS, KOA, Sequelize, JWT
  • Console: VueJS, Element, Babel, NodeJS
  • Agent: OpenResty(ngx_lua)
  • Database: PostgreSQL.

Getting Started

Getting Started

Preview

Console

An authentication and authorization system based on RBAC for restful APIs
Application List
An authentication and authorization system based on RBAC for restful APIs
Application, User, Role, Permission Relations
An authentication and authorization system based on RBAC for restful APIs
user management
An authentication and authorization system based on RBAC for restful APIs
role management
An authentication and authorization system based on RBAC for restful APIs
Details of the role's permissions/Permissions grouping display
An authentication and authorization system based on RBAC for restful APIs
permission management
An authentication and authorization system based on RBAC for restful APIs
Audit log

Client/Demo

An authentication and authorization system based on RBAC for restful APIs
client login
An authentication and authorization system based on RBAC for restful APIs
main page(Note: Added information bar at top.)
An authentication and authorization system based on RBAC for restful APIs
No permission page

Deployment

deployment document

Manual Document

Usage

Change Log

Change Log

License

MIT


以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

微信公众号深度解析

微信公众号深度解析

魏艳 / 化学工业出版社 / 2017-5 / 49.80元

本书是一本微信公众号营销的教科书,全方位揭秘了微信订阅号、微信服务号、微信企业号三大类型账号的运营管理策略和技巧,有助于企业构建一套全新的微信公众号营销体系,打造一个移动端的商业帝国,是企业和微商必读的微信公众号营销和运营宝典。 《微信公众号深度解析:订阅号+服务号+企业号三号运营全攻略》突出了“新”、“全”、“实战”三大特点,阐述了微信公众号在新形势下的现状、发展趋势和三大类型;微信公众号......一起来看看 《微信公众号深度解析》 这本书的介绍吧!

JS 压缩/解压工具
JS 压缩/解压工具

在线压缩/解压 JS 代码

在线进制转换器
在线进制转换器

各进制数互转换器

HEX CMYK 转换工具
HEX CMYK 转换工具

HEX CMYK 互转工具