cas

package module

v0.0.6 Latest Latest Go to latest Published: May 31, 2023 License: MIT Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

gitee.com/haifengat/cas

Links

Open Source Insights

README ¶

study_cas

学习 cas 单点登录 casdoor 官网

介绍

软件架构

软件架构说明

安装教程

部署 casdoor

# 默认: admin/123
docker run -itd --name casdoor -p 8000:8000 casbin/casdoor-all-in-one

使用说明

casdoor 服务器配置

[http://localhost:8000]

"证书"添加
1. 名称: cert_haifengat
2. 下载证书: token_jwt_key.pem 保存到程序目录 config 下
"组织"菜单中添加组织
1. 名称: org_haifengat
2. 万能密码: 12345
3. 软删除
"角色"菜单中添加角色
1. 选择组织: org_haifengat
2. 名称: role_normal
3. 显示名称: 普通成员
"模型"添加
1. 组织: org_haifengat
2. 名称: model_haifengat
3. 模型文本: (RBAC)

  # 请求
  [request_definition]
  r = sub, obj, act
  # 策略
  [policy_definition]
  p = sub, obj, act
  # 角色
  [role_definition]
  g = _, _
  # 策略效果
  [policy_effect]
  e = some(where (p.eft == allow))
  # 匹配器
  [matchers]
  m = g(r.sub, p.sub)&& r.obj == p.obj && r.act == p.act

"应用"添加
1. 名称: app_test01
2. 选择组织: org_haifengat
3. 得到
  1. clientid: cd3518599975d2e97f5c
  2. secret: 16f49d8622bf8159e64144351a1a5a8454f7dff5
4. 选择证书: cert_haifengat
5. 添加重定向 URLs:
  1. 登录页面 url 中的 redict_uri 必须在此配置中
    1. http://localhost:9000/api/signin 测试本地后端 api
  2. 测试 api 时填后端地址
  3. 正常流程: 前端通过 redict_uri 得到 code&state, 再向后端请求登录
6. accessToken 过期时间 168h=7d
7. 保持登录会话
8. 启用自动登录
9. 启用验证码登录
10. 启用 WebAuthn 登录
11. OAuth 授权类型
  - Authorization Code
  - Token
  - Password
  - ID Token
12. 保存
13. 测试用户注册 [http://localhost:8000/signup/app_test01]
  1. test001/123456
  2. 登录[http://localhost:8000/login/org_haifengat]
"权限"添加
1. 选择组织: org_haifengat
2. 名称: perm_normal
3. 显示名称:低级权限
4. 模型: model_haifengat
5. 包含用户: org_haifengat/* 手写
6. 包含角色: org_home/role_normal 模型中采用 RBAC
7. 资源类型: 应用
8. 资源: app_test01
9. 动作: 读权限写权限
10. 状态: 审批通过
"用户"菜单添加
1. 选择组织: org_haifengat
2. 名称: haifengat
3. 显示名称: 海风
4. 用户类型: normal-user
5. 密码: 123456
6. 注册应用: app_test01
7. 管理员
8. 全局管理员

获取的数据

Name (in order)	Must	Description
endpoint	Yes	Casdoor server URL, such as http://localhost:8000
clientId	Yes	Application.clientId
clientSecret	Yes	Application.clientSecret
certificate	Yes	x509 certificate content of Application.cert
organizationName	Yes	Application.organization
applicationName	Yes	Application.applicationName

export code=$(echo $(curl -X POST -H 'Content-Type:application/json' \
'http://localhost:8000/api/login?clientId=cd3518599975d2e97f5c&responseType=code&redirectUri=http%3A%2F%2Flocalhost%3A9000%2Fapi%2Fsignin&scope=read&state=app_test01' \
-d '{
   "application": "app_test01",
   "organization": "org_haifengat",
   "username": "hf001",
   "password": "123456",
   "autoSignin": true,
   "type": "code"
}') | awk -F ',' '{print $5}' |awk -F ':' '{print $2}'|awk -F '"' '{print $2}')
echo $code

获取 accessCode

export accessToken=$(echo $(curl http://localhost:9000/api/signin?code=$code&state=app_test01) |grep -Pos "\"accessToken\":\"[^,]*\""|awk -F '"' '{print $4}')
echo $accessToken

测试

casbin 权限

rbac_model.conf

var (
   dmDSN     string = "dm://SYSDBA:SYSDBA001@localhost:5236"
   modelFile string = "./config/rbac_model.conf"
)
if err := middleware.InitCasAdapter(dmDSN, modelFile); err != nil {
   logrus.Error(err)
   os.Exit(1)
}
 r.Use(middleware.CheckRole)

附

Documentation ¶

Overview ¶

casbin 权限管理

@Author: haifengat [email protected]
@Date: 2023-05-22 13:57:25
@LastEditors: haifengat [email protected]
@LastEditTime: 2023-05-22 14:11:41
@FilePath: /cas/check_role.go
@Description:
@Author: haifengat [email protected]
@Date: 2023-04-30 10:13:52
@LastEditors: haifengat [email protected]
@LastEditTime: 2023-05-31 10:34:18
@FilePath: /cas/init.go
@Description: 初始化 casdoor

Index ¶

func AddPolicy(roleName, path, method string) (bool, error)
func AddUserToRole(userName, roleName string) (bool, error)
func CheckRole(roleName, urlPath, methord string) (bool, error)
func GetEnforcer() (*casbin.Enforcer, error)
func GetRolesForUser(userName string) (roles []string)
func GetUsersForRole(roleName string) (users []string)
func HdlChangePassword(c *gin.Context)
func HdlCheckAuth(ctx *gin.Context)
func HdlCheckRole(c *gin.Context)
func HdlGetClaims(c *gin.Context) *casdoorsdk.Claims
func HdlSignin(c *gin.Context)
func HdlSignout(c *gin.Context)
func InitCas(endpoint, clientID, clientSecret, certificate, organizationName, ... string) error
func InitCasAdapter(dmDSN, modelFilePath string) error
func InitRouter(g *gin.RouterGroup)
func RemovePolicy(roleName, path, method string) (bool, error)
func RemoveUserFromRole(userName, roleName string) (bool, error)
func UpdatePolicy(roleName, oldPath, oldMethod string, newPath, newMethod string) (bool, error)
type CasbinModel
- func GetCasbin() []CasbinModel

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AddPolicy ¶ added in v0.0.5

func AddPolicy(roleName, path, method string) (bool, error)

AddPolicy 添加授权规则

@param roleName string 角色
@param path string urlPath
@param method string method GET/POST/PUT
@return bool 如果规则已经存在，函数返回false，并且不会添加规则。 否则，函数通过添加新规则并返回true。
@return error 错误

func AddUserToRole ¶ added in v0.0.5

func AddUserToRole(userName, roleName string) (bool, error)

AddUserToRole 添加用户到角色

@param userName string 用户
@param roleName string 角色
@return bool 如果规则已经存在，函数返回false，并且不会添加规则。 否则，函数通过添加新规则并返回true。
@return error 错误

func CheckRole ¶ added in v0.0.5

func CheckRole(roleName, urlPath, methord string) (bool, error)

CheckRole 检查用户是否有权限

@param roleName string 角色
@param urlPath string urlPath
@param methord string method GET/POST/PUT
@return bool 通过
@return error 错误

func GetEnforcer ¶ added in v0.0.5

func GetEnforcer() (*casbin.Enforcer, error)

GetEnforcer 取得 casbin 的 enforcer

须先执行 InitCasAdapter, 否则返回 nil

@return *casbin.Enforcer
@return error

func GetRolesForUser ¶ added in v0.0.5

func GetRolesForUser(userName string) (roles []string)

GetRolesForUser 获取用户角色

@receiver e
@param userName string 用户
@return []string 角色列表, 如果没有对应的角色，则返回空列表

func GetUsersForRole ¶ added in v0.0.5

func GetUsersForRole(roleName string) (users []string)

GetUsersForRole 获取角色的用户列表

@receiver e
@param roleName string 角色
@return users 用户列表, 如果没有对应的用户，则返回空列表

func HdlChangePassword ¶ added in v0.0.5

func HdlChangePassword(c *gin.Context)

HdlChangePassword 修改密码

@param oldPassword PostString
@param newPassword PostString
@router /changePassword [POST]

func HdlCheckAuth ¶ added in v0.0.5

func HdlCheckAuth(ctx *gin.Context)

HdlCheckAuth 检查用户是否登录

@param ctx

func HdlCheckRole ¶ added in v0.0.5

func HdlCheckRole(c *gin.Context)

HdlCheckRole 权限检查中间件

func HdlGetClaims ¶ added in v0.0.5

func HdlGetClaims(c *gin.Context) *casdoorsdk.Claims

HdlGetClaims

@param c
@return *casdoorsdk.Claims

func HdlSignin ¶ added in v0.0.5

func HdlSignin(c *gin.Context)

HdlSignin 登录

@Description sign in as a member
@Param   code     QueryString    "The code to sign in"
@Param   state     QueryString   "The state"
@Success 200 {Status: "success", Msg: "登录成功", Data: claims, Data2: affected}
@router /signin [GET]

func HdlSignout ¶ added in v0.0.5

func HdlSignout(c *gin.Context)

HdlSignout 登出

@Description sign out the current member
@Success 200 {Status: "success"}
@router /signout [post]

func InitCas ¶ added in v0.0.2

func InitCas(endpoint, clientID, clientSecret, certificate, organizationName, applicationName string) error

InitCas 初始化 cas 配置

@param endpoint casdoor 网址
@param clientID 应用对应的 id
@param clientSecret 应用对应的 secret
@param certificate 证书内容
@param organizationName 组织
@param applicationName 应用名
@return error

func InitCasAdapter ¶ added in v0.0.5

func InitCasAdapter(dmDSN, modelFilePath string) error

InitCasAdapter 初始化适配器

@param dmDSN string 达梦DSN
@param rbacModelFile string path/to/basic_model.conf
@return error 错误

func InitRouter ¶

func InitRouter(g *gin.RouterGroup)

InitRouter 初始化cas路由 /code /signin /signout /hello

@param g

func RemovePolicy ¶ added in v0.0.5

func RemovePolicy(roleName, path, method string) (bool, error)

RemovePolicy 删除授权规则

@param roleName string 角色名称
@param path string urlPath
@param method string method GET/POST/PUT
@return bool 如消规则不存圮，函数返回false，如添加成功，函数返回true。
@return error

func RemoveUserFromRole ¶ added in v0.0.5

func RemoveUserFromRole(userName, roleName string) (bool, error)

RemoveUserFromRole 删除用户

@receiver e
@param userName string 用户
@param roleName string 角色
@return bool
@return error

func UpdatePolicy ¶ added in v0.0.5

func UpdatePolicy(roleName, oldPath, oldMethod string, newPath, newMethod string) (bool, error)

UpdatePolicy 更新授权规则

@param oldRoleName string 角色
@param oldPath string urlPath
@param oldMethod string method GET/POST/PUT
@param newPath string urlPath
@param newMethod string method GET/POST/PUT
@return bool
@return error

Types ¶

type CasbinModel ¶ added in v0.0.5

type CasbinModel struct {
	Ptype    string `json:"ptype" bson:"ptype"`
	RoleName string `json:"rolename" bson:"v0"`
	Path     string `json:"path" bson:"v1"`
	Method   string `json:"method" bson:"v2"`
}

func GetCasbin ¶ added in v0.0.5

func GetCasbin() []CasbinModel

GetCasbin 获取所有授权规则

@return []CasbinModel 规则

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
demo * @Author: haifengat [email protected] * @Date: 2023-05-01 11:36:29 * @LastEditors: haifengat [email protected] * @LastEditTime: 2023-05-01 11:37:38 * @FilePath: /cas/demo/main.go * @Description: cas 示例	* @Author: haifengat [email protected] * @Date: 2023-05-01 11:36:29 * @LastEditors: haifengat [email protected] * @LastEditTime: 2023-05-01 11:37:38 * @FilePath: /cas/demo/main.go * @Description: cas 示例

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL