OptimusX
/
OneAuth
mirror of https://github.com/veypi/OneAuth.git
3
0
Fork 0
Code Issues Projects Releases Wiki Activity
239 Commits
3 Branches
2 Tags
25 MiB
master
v3
v2
v1.0.0
v0.1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Commit Graph

5 Commits (master)

Author SHA1 Message Date
veypi a7ffd15601 refactor: Remove multi-tenant org system and simplify auth 
- Delete org API endpoints (add_member, create, del, get, list, member, patch, tree)
    - Delete models/org.go and remove Org/OrgMember models
    - Delete org-related test files (org_crud, org_load_middleware, org_permission, multi_tenant)
    - Delete org test scripts (03_org_permission.sh, 04_org_load_middleware.sh)
    - Simplify auth/auth.go by removing org context and role loading logic
    - Remove org claims from JWT tokens and login/register responses
    - Redesign Permission model with hierarchical level-based access control
    - Add auth/design.md with new permission system specification
    - Update user and role APIs to work without org context
 5 days ago
veypi f7c4f1ee86 test: improve test stability and documentation 
- Add 'clean_run.sh' script to reset database and restart server for clean test environment
    - Update 'README.md' with detailed troubleshooting guide and pitfalls
    - Add '04_org_load_middleware.sh' to test LoadOrg middleware functionality
    - Update 'run_all.sh' to include new middleware test
    - Fix BASE_URL handling in 'lib.sh' and test scripts to support custom environments
    - Update '02_resource_perm.sh' to fix admin permission checks
    - Remove debug logging from 'auth.go'
 1 week ago
veypi e96277ee85 fix(api/settings): wrap batch update in database transaction 
Use database transaction for batch settings update to ensure atomicity.
If any individual update fails, the entire batch will be rolled back,
preventing partial configuration updates.

- Wrap all updates in db.Transaction()
- Return detailed error on failure
 1 week ago
veypi 9dc866315f fix(api/settings): add admin permission check for settings update 
Add permission check in settings update API to ensure only admin users
can modify system settings. This fixes a security vulnerability where
any authenticated user could modify critical configurations.

- Check 'setting:update' permission before allowing updates
- Return 403 Forbidden for non-admin users
 1 week ago
veypi 23c7f6cb7a refactor(auth): 重构认证系统,支持多种验证方式和 OAuth 提供商管理 
- 新增验证模块(api/verification),统一处理短信和邮件验证码发送
    - 新增邮件发送功能(libs/email),支持 SMTP 协议
    - 重构短信模块(libs/sms),简化阿里云和腾讯云短信接口
    - 新增 OAuth 提供商管理 API(api/oauth/providers),支持 CRUD 操作
    - 新增系统设置管理 API(api/settings),支持动态配置更新
    - 重构认证方式管理(api/auth/methods),支持启用/禁用多种登录方式
    - 删除旧的 sms_providers 和 sms API 模块,迁移至新验证体系
    - 新增数据库模型:verification、email、oauth_provider、oauth_templates、setting
    - 更新配置文档,增加新功能的使用说明
 1 week ago