Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

服务端鉴权中间件设计 #72

Open
ozline opened this issue Oct 31, 2024 · 5 comments · May be fixed by #99
Open

服务端鉴权中间件设计 #72

ozline opened this issue Oct 31, 2024 · 5 comments · May be fixed by #99
Assignees
@SmilingSea
Labels
enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed

Comments

@ozline
Copy link
Member

ozline commented Oct 31, 2024

由于教务处的限制,目前我们的用户登录过程必须在客户端侧完成,涉及教务处用户 token 的接口我们会在 header 上提供。但是这样带来了一些问题——一些不需要token 的接口就没有任何防护措施了

目前 fzuhelper-server 内置了一套 2022 年写的 jwt 组件,我们希望可以:

  1. 检查这套 jwt 组件是否仍然适应当前的设计,如果不适应则做出修改
  2. 为 api (同时兼任设计上的网关)模块编写一套 middleware,对接口提供鉴权服务
  3. (if necessary) 提供一个给客户端颁发 token 的接口

需要提醒的是,我们这套鉴权体系本质上是为了防止第三方恶意盗用接口,因此这个鉴权中间件和前面所提到的教务处的用户 token 并不是同一个 token 概念。

你除了需要满足以上要求,你还需要提供一套文档,当你设计完成后,在周会上阐述你的设计

建议:先写设计文档,最后开始代码开发

你可以随时 assign 自己,然后告知我们即可,或者由内部同学完成
@ozline ozline added enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed labels Oct 31, 2024
@SmilingSea
Copy link

Pease assign to me~

@emptyOVO emptyOVO assigned emptyOVO and SmilingSea and unassigned emptyOVO Nov 4, 2024
@SmilingSea
Copy link

It seems that Hertz provides an implecation of jwt at "github.com/hertz-contrib/jwt", I think mabe it suit fzuserver more, I'm trying to write a demo about it. I wonder if it is ok to change.

@emptyOVO
Copy link
Member

emptyOVO commented Nov 5, 2024

It seems that Hertz provides an implecation of jwt at "github.com/hertz-contrib/jwt", I think mabe it suit fzuserver more, I'm trying to write a demo about it. I wonder if it is ok to change.

more information required, demo or doc to describe it

@SmilingSea
Copy link

SmilingSea commented Nov 6, 2024
edited
Loading

https://github.com/SmilingSea/jwt_demo.git
学习的时候写了一个小demo 如果逻辑上没有什么问题的话就开始在fzuserver中实现
但是有一个疑问 如果按照这样实现的话 jwt鉴权 和 接口防刷貌 似就分开了
感觉和issue里提到的不太一样
“需要提醒的是,我们这套鉴权体系本质上是为了防止第三方恶意盗用接口,因此这个鉴权中间件和前面所提到的教务处的用户 token 并不是同一个 token 概念。”

@ozline
Copy link
Member Author

ozline commented Nov 6, 2024

https://github.com/SmilingSea/jwt_demo.git

学习的时候写了一个小demo 如果逻辑上没有什么问题的话就开始在fzuserver中实现

但是有一个疑问 如果按照这样实现的话 jwt鉴权 和 接口防刷貌 似就分开了

感觉和issue里提到的不太一样

“需要提醒的是,我们这套鉴权体系本质上是为了防止第三方恶意盗用接口,因此这个鉴权中间件和前面所提到的教务处的用户 token 并不是同一个 token 概念。”

不用这样,你直接开一个wip,里面做你的实现。

先开pr把,这样大家看得方便

@SmilingSea SmilingSea linked a pull request Nov 13, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@SmilingSea SmilingSea

Labels
enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: add jwt implement SmilingSea/fzuhelper-server
3 participants
@ozline @SmilingSea @emptyOVO