OptimusX
/
OneAuth
mirror of https://github.com/veypi/OneAuth.git
3
0
Fork 0
Code Issues Projects Releases Wiki Activity
225 Commits
3 Branches
2 Tags
25 MiB
master
v3
v2
v1.0.0
v0.1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '95cdcd557c'
${ noResults }
Commit Graph

225 Commits (95cdcd557c85af3799b4f3e3089b78295e7d140d)
 

Author SHA1 Message Date
veypi 95cdcd557c fix(auth): Correct owner ID resolution order in PermWithOwner 
- Fix owner ID lookup to prioritize PathParams and Query over Context
    - Prevent incorrect owner match when context contains current user ID
    - Reset InitAdmin.Password to empty so first registered user becomes admin
 1 week ago
veypi 9518a9be21 chore(gitignore): Update ignore rules 
- Remove outdated entries (oa.db, OneAuth)
    - Add .claude directory to ignore list
 1 week ago
veypi a22ad4a155 test(scripts): Fix test scripts and improve curl handling 
- Fix api request functions to use array-based curl options
    - Fix token refresh to use refresh_token instead of access_token
    - Fix string comparison operator from == to =
    - Add get_refresh_token helper function
    - Handle empty response in check_http_code
    - Update README with new functions and correct command syntax
    - Remove set -e from lib.sh to avoid premature exits
 1 week ago
veypi 11a689f28d fix(auth): Fix permission logic and add org member API 
- Add api/org/add_member.go for adding organization members
    - Register POST /api/orgs/{id}/members endpoint
    - Fix PermWithOwner to check owner before permission
    - Remove user:update from user role (should use owner check)
    - Add service enabled check in verification send
 1 week ago
veypi e96277ee85 fix(api/settings): wrap batch update in database transaction 
Use database transaction for batch settings update to ensure atomicity.
If any individual update fails, the entire batch will be rolled back,
preventing partial configuration updates.

- Wrap all updates in db.Transaction()
- Return detailed error on failure
 1 week ago
veypi 5304c30fb9 fix(api/verification): validate purpose parameter 
Add validation for the 'purpose' parameter in verification code requests
to ensure only allowed values are accepted.

Valid purposes: register, login, reset_password, bind
Invalid purposes will be rejected with 400 Bad Request.
 1 week ago
veypi 241d22dba6 fix(api/verification): handle max_daily_count config correctly 
Fix the logic for code.max_daily_count setting to correctly handle:
- 0: Disable verification code service entirely
- -1: No limit on daily sends
- >0: Limit daily sends to the specified number

Previously both 0 and -1 were treated as unlimited, which was incorrect.
The documentation states 0 should disable the service.
 1 week ago
veypi 69efc4284b fix(api/oauth): encrypt ClientSecret in database 
Encrypt OAuth Provider ClientSecret before storing in database to prevent
sensitive credential exposure in case of database breach.

- Encrypt ClientSecret on create using cfg.Config.Key.Encrypt()
- Encrypt ClientSecret on update when provided
- Decrypt ClientSecret before use in OAuth token exchange
- Add AES-GCM encryption/decryption functions to crypto package
- Gracefully handle legacy plaintext secrets during transition
 1 week ago
veypi 4a316e6d67 fix(api/auth): reset count variable before uniqueness checks 
Fix a bug where the count variable was not reset before checking
email and phone uniqueness. This could cause false positives if
a previous check had count > 0, incorrectly reporting that email
or phone already exists when they don't.

- Reset count to 0 before email check
- Reset count to 0 before phone check
 1 week ago
veypi 9dc866315f fix(api/settings): add admin permission check for settings update 
Add permission check in settings update API to ensure only admin users
can modify system settings. This fixes a security vulnerability where
any authenticated user could modify critical configurations.

- Check 'setting:update' permission before allowing updates
- Return 403 Forbidden for non-admin users
 1 week ago
veypi 4a57017067 refactor(cfg): Restructure database configuration and initialization flow 
- Replace separate DB/DSN fields with unified config.Database struct
    - Remove cfg/db.go and move DB client to config.Database.Client()
    - Update auth to use event-driven initialization via vb.init.auth event
    - Refactor models initialization to use event system (vb.init.settings/oauth/admin)
    - Update CLI to use event.Start() instead of manual InitDB() call
    - Fix auth_test.go to use new DB config structure
    - Update agents.md documentation with new CLI flags format
 1 week ago
veypi 23c7f6cb7a refactor(auth): 重构认证系统,支持多种验证方式和 OAuth 提供商管理 
- 新增验证模块(api/verification),统一处理短信和邮件验证码发送
    - 新增邮件发送功能(libs/email),支持 SMTP 协议
    - 重构短信模块(libs/sms),简化阿里云和腾讯云短信接口
    - 新增 OAuth 提供商管理 API(api/oauth/providers),支持 CRUD 操作
    - 新增系统设置管理 API(api/settings),支持动态配置更新
    - 重构认证方式管理(api/auth/methods),支持启用/禁用多种登录方式
    - 删除旧的 sms_providers 和 sms API 模块,迁移至新验证体系
    - 新增数据库模型:verification、email、oauth_provider、oauth_templates、setting
    - 更新配置文档,增加新功能的使用说明
 1 week ago
veypi 04997496d1 add configuration.md 1 week ago
veypi fa3719cf7d docs(readme): 完善项目 README.md 
- 添加项目介绍、核心特性、快速开始指南
- 添加项目结构说明和配置文档
- 添加权限系统使用示例和 API 概览
- 添加多租户场景支持和架构设计说明
 1 week ago
veypi 51b3bbc89e refactor(auth): 删除无用的 _scope_info 角色 
- 删除创建 appAuth 时自动添加的 _scope_info 占位角色
- 删除对 _scope_info 的保留字检查
- 简化代码,避免在数据库中创建无用记录
 1 week ago
veypi ba39611f58 fix(org): 为组织创建者添加权限 
创建组织时,为组织特定的 admin 角色添加权限:
- vb:*:* (通配符权限)
- vb:org:read
- vb:org:update
- vb:org:delete

修复了组织创建者无法修改自己创建的组织的问题
 1 week ago
veypi d7ee1a1f4e test: 添加集成测试脚本 
新增 scripts/tests/ 目录,包含权限测试脚本:
- lib.sh: 公共函数库(API请求、用户/组织操作封装)
- 01_basic_auth.sh: 基础认证测试(注册、登录、改密、刷新token)
- 02_user_permission.sh: 用户权限测试(admin/user角色、信息修改权限)
- 03_org_permission.sh: 组织权限测试(创建组织、成员权限、修改权限)
- run_all.sh: 运行所有测试
- README.md: 测试说明文档

删除旧的 test.sh
 1 week ago
veypi 54bb58048e fix(auth): 创建通配符权限前先创建 permission 记录 
修复 initRole 中外键约束错误:
- 在创建 scope:*:* 的 role_permission 前,先确保 permission 记录存在
- 避免 Error 1452 外键约束失败
 1 week ago
veypi 33eabfa013 refactor(auth): 重构权限系统,简化API并添加缓存支持 
主要变更:
- 将权限域从 appKey 改为 scope,权限ID格式为 scope:resource:action
- 新增 AddRole(roleCode, roleName, policies...) 方法,支持动态添加角色
- 简化 Factory.New() 只保留 scope 参数,移除 models.AppConfig 依赖
- PermAny/PermAll 改为变长参数 ...string 形式,使用更简洁
- AuthMiddleware 添加 Redis 缓存组织成员身份和角色信息(5分钟过期)
- 移除 models.AppConfig 和 models.RoleDefinition 结构体
- 更新测试和文档

BREAKING CHANGE: Factory.New() 签名变更,需要使用新的 AddRole API
 1 week ago
veypi 37acea3420 feat: 实现组织成员角色管理功能 1 week ago
veypi 691f1df75b feat: 添加角色管理模块(API + UI) 1 week ago
veypi 4101daeed3 refactor: 重构用户/组织/OAuth页面UI 1 week ago
veypi d85cb6ae84 i18n: 添加多语言翻译词条 1 week ago
veypi dce36cb65f feat: 优化组织管理页面交互 1 week ago
veypi 800d7fd4fd feat: 重构组织详情页UI和权限控制 1 week ago
veypi 178fa755d4 refactor: 重构认证模型和数据库结构 1 week ago
veypi 8b2a1aba3b refactor: 统一API错误类型处理 1 week ago
veypi 983a5651a3 fix: 修复路由和页面加载问题 1 week ago
veypi e5308f9471 feat: 全新UI框架升级和页面重构 1 week ago
veypi 5654a7cd37 remove old 1 week ago
veypi c0914bb802 add check perm cache 1 week ago
veypi f42d36f71f add docs and auth test 1 week ago
veypi dea82e80a1 validate resource 1 week ago
veypi 5daab97008 fix bug 1 week ago
veypi 26bd0bfd29 update 1 week ago
veypi 8fa01c4c52 upgrade 1 week ago
veypi ced7cc6a07 update perm 1 week ago
veypi 52f2ae35ab upgrade new version 1 week ago
veypi 45708ca4f0 remove old 1 week ago
veypi 809bba7417 update doc 1 week ago
veypi 2303b031d2 update doc 1 week ago
veypi 792f3ba707 upgrade 2 weeks ago
veypi a3923ebcdb update 2 weeks ago
veypi f81ac78f60 remove html 2 weeks ago
veypi 70da692d9a update 2 weeks ago
veypi 89a2ea17e2 fix upgrade bug 2 weeks ago
veypi 89e7caa7b0 uodate login api 3 weeks ago
veypi 917db899b6 update rd 3 weeks ago
veypi 6d0ec8e6ba rename to vbase 3 weeks ago
veypi 4e48cd187d update login 3 weeks ago