226 Commits (1f380587a91c7d3fbd79d6a2c54e630f04fbb259)

 

All Branches   

Search

Author	SHA1	Message	Date
veypi	1f380587a9	refactor(tests): Restructure test scripts with better coverage ... - Add 00_none_auth.sh for unauthenticated access testing - Replace 01_basic_auth.sh with 01_setup_users.sh for comprehensive user setup - Replace 02_user_permission.sh with 02_resource_perm.sh for cross-user permission tests - Update lib.sh to handle non-numeric code fields in response - Update README.md with new test structure and usage instructions - Update run_all.sh with new test sequence	1 week ago
veypi	95cdcd557c	fix(auth): Correct owner ID resolution order in PermWithOwner ... - Fix owner ID lookup to prioritize PathParams and Query over Context - Prevent incorrect owner match when context contains current user ID - Reset InitAdmin.Password to empty so first registered user becomes admin	1 week ago
veypi	9518a9be21	chore(gitignore): Update ignore rules ... - Remove outdated entries (oa.db, OneAuth) - Add .claude directory to ignore list	1 week ago
veypi	a22ad4a155	test(scripts): Fix test scripts and improve curl handling ... - Fix api request functions to use array-based curl options - Fix token refresh to use refresh_token instead of access_token - Fix string comparison operator from == to = - Add get_refresh_token helper function - Handle empty response in check_http_code - Update README with new functions and correct command syntax - Remove set -e from lib.sh to avoid premature exits	1 week ago
veypi	11a689f28d	fix(auth): Fix permission logic and add org member API ... - Add api/org/add_member.go for adding organization members - Register POST /api/orgs/{id}/members endpoint - Fix PermWithOwner to check owner before permission - Remove user:update from user role (should use owner check) - Add service enabled check in verification send	1 week ago
veypi	e96277ee85	fix(api/settings): wrap batch update in database transaction ... Use database transaction for batch settings update to ensure atomicity. If any individual update fails, the entire batch will be rolled back, preventing partial configuration updates. - Wrap all updates in db.Transaction() - Return detailed error on failure	1 week ago
veypi	5304c30fb9	fix(api/verification): validate purpose parameter ... Add validation for the 'purpose' parameter in verification code requests to ensure only allowed values are accepted. Valid purposes: register, login, reset_password, bind Invalid purposes will be rejected with 400 Bad Request.	1 week ago
veypi	241d22dba6	fix(api/verification): handle max_daily_count config correctly ... Fix the logic for code.max_daily_count setting to correctly handle: - 0: Disable verification code service entirely - -1: No limit on daily sends - >0: Limit daily sends to the specified number Previously both 0 and -1 were treated as unlimited, which was incorrect. The documentation states 0 should disable the service.	1 week ago
veypi	69efc4284b	fix(api/oauth): encrypt ClientSecret in database ... Encrypt OAuth Provider ClientSecret before storing in database to prevent sensitive credential exposure in case of database breach. - Encrypt ClientSecret on create using cfg.Config.Key.Encrypt() - Encrypt ClientSecret on update when provided - Decrypt ClientSecret before use in OAuth token exchange - Add AES-GCM encryption/decryption functions to crypto package - Gracefully handle legacy plaintext secrets during transition	1 week ago
veypi	4a316e6d67	fix(api/auth): reset count variable before uniqueness checks ... Fix a bug where the count variable was not reset before checking email and phone uniqueness. This could cause false positives if a previous check had count > 0, incorrectly reporting that email or phone already exists when they don't. - Reset count to 0 before email check - Reset count to 0 before phone check	1 week ago
veypi	9dc866315f	fix(api/settings): add admin permission check for settings update ... Add permission check in settings update API to ensure only admin users can modify system settings. This fixes a security vulnerability where any authenticated user could modify critical configurations. - Check 'setting:update' permission before allowing updates - Return 403 Forbidden for non-admin users	1 week ago
veypi	4a57017067	refactor(cfg): Restructure database configuration and initialization flow ... - Replace separate DB/DSN fields with unified config.Database struct - Remove cfg/db.go and move DB client to config.Database.Client() - Update auth to use event-driven initialization via vb.init.auth event - Refactor models initialization to use event system (vb.init.settings/oauth/admin) - Update CLI to use event.Start() instead of manual InitDB() call - Fix auth_test.go to use new DB config structure - Update agents.md documentation with new CLI flags format	1 week ago
veypi	23c7f6cb7a	refactor(auth): 重构认证系统，支持多种验证方式和 OAuth 提供商管理 ... - 新增验证模块(api/verification)，统一处理短信和邮件验证码发送 - 新增邮件发送功能(libs/email)，支持 SMTP 协议 - 重构短信模块(libs/sms)，简化阿里云和腾讯云短信接口 - 新增 OAuth 提供商管理 API(api/oauth/providers)，支持 CRUD 操作 - 新增系统设置管理 API(api/settings)，支持动态配置更新 - 重构认证方式管理(api/auth/methods)，支持启用/禁用多种登录方式 - 删除旧的 sms_providers 和 sms API 模块，迁移至新验证体系 - 新增数据库模型：verification、email、oauth_provider、oauth_templates、setting - 更新配置文档，增加新功能的使用说明	1 week ago
veypi	04997496d1	add configuration.md	1 week ago
veypi	fa3719cf7d	docs(readme): 完善项目 README.md ... - 添加项目介绍、核心特性、快速开始指南 - 添加项目结构说明和配置文档 - 添加权限系统使用示例和 API 概览 - 添加多租户场景支持和架构设计说明	1 week ago
veypi	51b3bbc89e	refactor(auth): 删除无用的 _scope_info 角色 ... - 删除创建 appAuth 时自动添加的 _scope_info 占位角色 - 删除对 _scope_info 的保留字检查 - 简化代码，避免在数据库中创建无用记录	1 week ago
veypi	ba39611f58	fix(org): 为组织创建者添加权限 ... 创建组织时，为组织特定的 admin 角色添加权限： - vb:*:* (通配符权限) - vb:org:read - vb:org:update - vb:org:delete 修复了组织创建者无法修改自己创建的组织的问题	1 week ago
veypi	d7ee1a1f4e	test: 添加集成测试脚本 ... 新增 scripts/tests/ 目录，包含权限测试脚本： - lib.sh: 公共函数库（API请求、用户/组织操作封装） - 01_basic_auth.sh: 基础认证测试（注册、登录、改密、刷新token） - 02_user_permission.sh: 用户权限测试（admin/user角色、信息修改权限） - 03_org_permission.sh: 组织权限测试（创建组织、成员权限、修改权限） - run_all.sh: 运行所有测试 - README.md: 测试说明文档 删除旧的 test.sh	1 week ago
veypi	54bb58048e	fix(auth): 创建通配符权限前先创建 permission 记录 ... 修复 initRole 中外键约束错误： - 在创建 scope:*:* 的 role_permission 前，先确保 permission 记录存在 - 避免 Error 1452 外键约束失败	1 week ago
veypi	33eabfa013	refactor(auth): 重构权限系统，简化API并添加缓存支持 ... 主要变更： - 将权限域从 appKey 改为 scope，权限ID格式为 scope:resource:action - 新增 AddRole(roleCode, roleName, policies...) 方法，支持动态添加角色 - 简化 Factory.New() 只保留 scope 参数，移除 models.AppConfig 依赖 - PermAny/PermAll 改为变长参数 ...string 形式，使用更简洁 - AuthMiddleware 添加 Redis 缓存组织成员身份和角色信息（5分钟过期） - 移除 models.AppConfig 和 models.RoleDefinition 结构体 - 更新测试和文档 BREAKING CHANGE: Factory.New() 签名变更，需要使用新的 AddRole API	1 week ago
veypi	37acea3420	feat: 实现组织成员角色管理功能	1 week ago
veypi	691f1df75b	feat: 添加角色管理模块（API + UI）	1 week ago
veypi	4101daeed3	refactor: 重构用户/组织/OAuth页面UI	1 week ago
veypi	d85cb6ae84	i18n: 添加多语言翻译词条	1 week ago
veypi	dce36cb65f	feat: 优化组织管理页面交互	1 week ago
veypi	800d7fd4fd	feat: 重构组织详情页UI和权限控制	1 week ago
veypi	178fa755d4	refactor: 重构认证模型和数据库结构	1 week ago
veypi	8b2a1aba3b	refactor: 统一API错误类型处理	1 week ago
veypi	983a5651a3	fix: 修复路由和页面加载问题	1 week ago
veypi	e5308f9471	feat: 全新UI框架升级和页面重构	1 week ago
veypi	5654a7cd37	remove old	1 week ago
veypi	c0914bb802	add check perm cache	1 week ago
veypi	f42d36f71f	add docs and auth test	1 week ago
veypi	dea82e80a1	validate resource	1 week ago
veypi	5daab97008	fix bug	1 week ago
veypi	26bd0bfd29	update	1 week ago
veypi	8fa01c4c52	upgrade	1 week ago
veypi	ced7cc6a07	update perm	1 week ago
veypi	52f2ae35ab	upgrade new version	1 week ago
veypi	45708ca4f0	remove old	1 week ago
veypi	809bba7417	update doc	1 week ago
veypi	2303b031d2	update doc	1 week ago
veypi	792f3ba707	upgrade	2 weeks ago
veypi	a3923ebcdb	update	2 weeks ago
veypi	f81ac78f60	remove html	2 weeks ago
veypi	70da692d9a	update	2 weeks ago
veypi	89a2ea17e2	fix upgrade bug	2 weeks ago
veypi	89e7caa7b0	uodate login api	3 weeks ago
veypi	917db899b6	update rd	3 weeks ago
veypi	6d0ec8e6ba	rename to vbase	3 weeks ago