-
-
Notifications
You must be signed in to change notification settings - Fork 248
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
建议贴 | Suggestions #4
Comments
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as outdated.
This comment was marked as outdated.
建议添加多租户支持 |
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
建议,从数据库生成ent代码支持索引 |
@suyuan32 现在simple-admin关于api权限的控制感觉是不是有点割裂,api的权限控制在后台管理(simple-admin的逻辑),但是api是否允许匿名访问是在.api文件中声明的(go-zero的逻辑)。另外一个问题是,如果允许api匿名访问,就是不在api文件中设置jwt: Auth,这样就不会经过go-zero中的Authorize中间件,这样的话就不会解析jwt中的内容到上下文,如果一个接口同时允许匿名访问和携带token访问的话,目前看来只能在logic代码中最解析jwt的内容,不太方便。不知道simple-admin有没有计划废弃掉go-zero的jwt管理,统一到自己的中间件上 |
@suyuan32 另外建议增加服务间rpc的安全机制,客户端身份验证或者用户身份验证,不然的话只要rpc端口能访问通,是不是就可以通过rpc获得任何权限了。 |
现在支持单索引,不支持复合索引导入 |
|
看 go zero 文档 |
看是什么业务场景了,如果只做纯后台的话不多。如果toc的话,场景还是很多的,同样一个接口,如果匿名访问的话直接响应默认数据,如果带了token给用户响应定制化数据。或者是浏览之类的接口,匿名访问不处理,带token的话保存浏览记录后面给用户推荐。而且匿名访问控制在代码里,api接口权限控制放在后台,如果是不同的角色维护权限,比如运营之类,还是很割裂的 |
大家可以在该贴提各种建议,点赞高的建议优先处理哦, 注意 simple-admin-core 主要负责所有其他微服务的鉴权、认证等操作,类似于 SSO 单点登录,以及后台的一些基本配置功能,其他拓展功能建议新增 API 服务,类似于 simple-admin-file。
目前规划
The text was updated successfully, but these errors were encountered: