Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

建议贴 | Suggestions #4

Open
13 of 17 tasks
suyuan32 opened this issue Sep 26, 2022 · 26 comments
Open
13 of 17 tasks

建议贴 | Suggestions #4

suyuan32 opened this issue Sep 26, 2022 · 26 comments
Assignees
@suyuan32
Labels
enhancement New feature or request

Comments

@suyuan32
Copy link
Owner

suyuan32 commented Sep 26, 2022
edited

大家可以在该贴提各种建议,点赞高的建议优先处理哦, 注意 simple-admin-core 主要负责所有其他微服务的鉴权、认证等操作,类似于 SSO 单点登录,以及后台的一些基本配置功能,其他拓展功能建议新增 API 服务,类似于 simple-admin-file。

目前规划
@suyuan32 suyuan32 added the enhancement New feature or request label Sep 26, 2022
@suyuan32 suyuan32 self-assigned this Sep 26, 2022
@wensenz

This comment was marked as outdated.

Sign in to view
@suyuan32 suyuan32 pinned this issue Sep 29, 2022
@Hiber0385

This comment was marked as outdated.

Sign in to view
@carr0t2

This comment was marked as resolved.

Sign in to view
@suyuan32

This comment was marked as resolved.

Sign in to view
@suyuan32

This comment was marked as resolved.

Sign in to view
@carr0t2

This comment was marked as resolved.

Sign in to view
@yuzihui

This comment was marked as off-topic.

Sign in to view
@suyuan32

This comment was marked as resolved.

Sign in to view
@yuzihui

This comment was marked as resolved.

Sign in to view
@zhuangpeng

This comment was marked as outdated.

Sign in to view
@suyuan32

This comment was marked as outdated.

Sign in to view
@suyuan32

This comment was marked as outdated.

Sign in to view
@yurocy

This comment was marked as outdated.

Sign in to view
@suyuan32

This comment was marked as outdated.

Sign in to view
@suyuan32 suyuan32 changed the title 建议贴 建议贴 | Suggestions Jan 30, 2023
@renleihuman

This comment was marked as resolved.

Sign in to view
@suyuan32

This comment was marked as outdated.

Sign in to view
@micross
Copy link

micross commented Jun 24, 2023

建议添加多租户支持

@shaohongwu

This comment was marked as outdated.

Sign in to view
@suyuan32

This comment was marked as outdated.

Sign in to view
@coverthesea
Copy link

建议,从数据库生成ent代码支持索引

@aac3476
Copy link

aac3476 commented Feb 23, 2024

@suyuan32 现在simple-admin关于api权限的控制感觉是不是有点割裂,api的权限控制在后台管理(simple-admin的逻辑),但是api是否允许匿名访问是在.api文件中声明的(go-zero的逻辑)。另外一个问题是,如果允许api匿名访问,就是不在api文件中设置jwt: Auth,这样就不会经过go-zero中的Authorize中间件,这样的话就不会解析jwt中的内容到上下文,如果一个接口同时允许匿名访问和携带token访问的话,目前看来只能在logic代码中最解析jwt的内容,不太方便。不知道simple-admin有没有计划废弃掉go-zero的jwt管理,统一到自己的中间件上

@aac3476
Copy link

aac3476 commented Feb 23, 2024

@suyuan32 另外建议增加服务间rpc的安全机制,客户端身份验证或者用户身份验证,不然的话只要rpc端口能访问通,是不是就可以通过rpc获得任何权限了。

@suyuan32
Copy link
Owner Author

suyuan32 commented Feb 24, 2024
edited

建议,从数据库生成ent代码支持索引

现在支持单索引,不支持复合索引导入

@suyuan32
Copy link
Owner Author

@suyuan32 现在simple-admin关于api权限的控制感觉是不是有点割裂,api的权限控制在后台管理(simple-admin的逻辑),但是api是否允许匿名访问是在.api文件中声明的(go-zero的逻辑)。另外一个问题是,如果允许api匿名访问,就是不在api文件中设置jwt: Auth,这样就不会经过go-zero中的Authorize中间件,这样的话就不会解析jwt中的内容到上下文,如果一个接口同时允许匿名访问和携带token访问的话,目前看来只能在logic代码中最解析jwt的内容,不太方便。不知道simple-admin有没有计划废弃掉go-zero的jwt管理,统一到自己的中间件上

如果一个接口同时允许匿名访问和携带token访问 这种情况不多吧,不知道simple-admin有没有计划废弃掉go-zero的jwt管理,统一到自己的中间件上 没计划

@suyuan32
Copy link
Owner Author

@suyuan32 另外建议增加服务间rpc的安全机制,客户端身份验证或者用户身份验证,不然的话只要rpc端口能访问通,是不是就可以通过rpc获得任何权限了。

看 go zero 文档

@aac3476
Copy link

aac3476 commented Feb 24, 2024

@suyuan32 现在simple-admin关于api权限的控制感觉是不是有点割裂,api的权限控制在后台管理(simple-admin的逻辑),但是api是否允许匿名访问是在.api文件中声明的(go-zero的逻辑)。另外一个问题是,如果允许api匿名访问,就是不在api文件中设置jwt: Auth,这样就不会经过go-zero中的Authorize中间件,这样的话就不会解析jwt中的内容到上下文,如果一个接口同时允许匿名访问和携带token访问的话,目前看来只能在logic代码中最解析jwt的内容,不太方便。不知道simple-admin有没有计划废弃掉go-zero的jwt管理,统一到自己的中间件上

如果一个接口同时允许匿名访问和携带token访问 这种情况不多吧,不知道simple-admin有没有计划废弃掉go-zero的jwt管理,统一到自己的中间件上 没计划

看是什么业务场景了,如果只做纯后台的话不多。如果toc的话,场景还是很多的,同样一个接口,如果匿名访问的话直接响应默认数据,如果带了token给用户响应定制化数据。或者是浏览之类的接口,匿名访问不处理,带token的话保存浏览记录后面给用户推荐。而且匿名访问控制在代码里,api接口权限控制放在后台,如果是不同的角色维护权限,比如运营之类,还是很割裂的

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@suyuan32 suyuan32

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests