{"id":26706057,"url":"https://github.com/DioCrafts/OxiCloud","last_synced_at":"2025-03-27T06:01:23.293Z","repository":{"id":279589750,"uuid":"939308212","full_name":"DioCrafts/OxiCloud","owner":"DioCrafts","description":"☁️ OxiCloud server, efficient and secure way to save all your data","archived":false,"fork":false,"pushed_at":"2025-03-23T22:45:09.000Z","size":1961,"stargazers_count":2,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-23T23:23:15.993Z","etag":null,"topics":["cloud","cloud-storage","dropbox","file-share","file-sync","file-upload","nextcloud","onedrive","open-source","owncloud","platform","privacy","rust","security","self-hosted","webdav"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/DioCrafts.png","metadata":{"files":{"readme":"README-AUTH.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-02-26T10:36:04.000Z","updated_at":"2025-03-23T22:52:10.000Z","dependencies_parsed_at":null,"dependency_job_id":"6cf5c103-79f4-457c-ac40-e333a446b849","html_url":"https://github.com/DioCrafts/OxiCloud","commit_stats":null,"previous_names":["diocrafts/oxicloud"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DioCrafts%2FOxiCloud","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DioCrafts%2FOxiCloud/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DioCrafts%2FOxiCloud/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DioCrafts%2FOxiCloud/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/DioCrafts","download_url":"https://codeload.github.com/DioCrafts/OxiCloud/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245791941,"owners_count":20672670,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloud","cloud-storage","dropbox","file-share","file-sync","file-upload","nextcloud","onedrive","open-source","owncloud","platform","privacy","rust","security","self-hosted","webdav"],"created_at":"2025-03-27T06:00:43.568Z","updated_at":"2025-03-27T06:01:23.213Z","avatar_url":"https://github.com/DioCrafts.png","language":"Rust","funding_links":[],"categories":["Rust","语音识别与合成_其他"],"sub_categories":["资源传输下载"],"readme":"# OxiCloud Authentication System\n\nThis document describes the authentication system for OxiCloud, a file storage system built with Rust and PostgreSQL.\n\n## Overview\n\nOxiCloud uses a standard JWT (JSON Web Token) authentication system with the following features:\n\n- User registration and login\n- Role-based access control (Admin/User)\n- JWT token with refresh capabilities\n- Secure password hashing with Argon2id\n- User storage quotas\n- File and folder ownership\n\n## API Endpoints\n\nThe authentication API is available at the `/api/auth` endpoint:\n\n- **POST /api/auth/register** - Register a new user\n- **POST /api/auth/login** - Login and get tokens\n- **POST /api/auth/refresh** - Refresh access token\n- **GET /api/auth/me** - Get current user information\n- **PUT /api/auth/change-password** - Change user password\n- **POST /api/auth/logout** - Logout and invalidate refresh token\n\n## Request/Response Examples\n\n### Register\n\n**Request:**\n```json\nPOST /api/auth/register\n{\n  \"username\": \"testuser\",\n  \"email\": \"test@example.com\",\n  \"password\": \"SecurePassword123\"\n}\n```\n\n**Response:**\n```json\n201 Created\n{\n  \"userId\": \"d290f1ee-6c54-4b01-90e6-d701748f0851\",\n  \"username\": \"testuser\",\n  \"email\": \"test@example.com\"\n}\n```\n\n### Login\n\n**Request:**\n```json\nPOST /api/auth/login\n{\n  \"username\": \"testuser\",\n  \"password\": \"SecurePassword123\"\n}\n```\n\n**Response:**\n```json\n200 OK\n{\n  \"accessToken\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...\",\n  \"refreshToken\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...\",\n  \"expiresIn\": 3600\n}\n```\n\n### Refresh Token\n\n**Request:**\n```json\nPOST /api/auth/refresh\n{\n  \"refreshToken\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...\"\n}\n```\n\n**Response:**\n```json\n200 OK\n{\n  \"accessToken\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...\",\n  \"refreshToken\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...\",\n  \"expiresIn\": 3600\n}\n```\n\n### Get Current User\n\n**Request:**\n```\nGET /api/auth/me\nAuthorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...\n```\n\n**Response:**\n```json\n200 OK\n{\n  \"id\": \"d290f1ee-6c54-4b01-90e6-d701748f0851\",\n  \"username\": \"testuser\",\n  \"email\": \"test@example.com\",\n  \"role\": \"user\",\n  \"storageQuota\": 10737418240,\n  \"storageUsed\": 1048576,\n  \"createdAt\": \"2023-01-01T12:00:00Z\"\n}\n```\n\n### Change Password\n\n**Request:**\n```json\nPUT /api/auth/change-password\nAuthorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...\n{\n  \"oldPassword\": \"SecurePassword123\",\n  \"newPassword\": \"NewSecurePassword456\"\n}\n```\n\n**Response:**\n```\n200 OK\n```\n\n### Logout\n\n**Request:**\n```\nPOST /api/auth/logout\nAuthorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...\n```\n\n**Response:**\n```\n200 OK\n```\n\n## Testing the Authentication System\n\n1. Start PostgreSQL and create the database:\n   ```bash\n   createdb oxicloud\n   psql -d oxicloud -f db/schema.sql\n   ```\n\n2. Set environment variables for authentication:\n   ```bash\n   source test-auth-env.sh\n   ```\n\n3. Start the OxiCloud server:\n   ```bash\n   cargo run\n   ```\n\n4. Run the authentication test script:\n   ```bash\n   ./test-auth-api.sh\n   ```\n\n## Database Schema\n\nThe authentication system uses the following tables:\n\n- `users` - Store user information\n- `sessions` - Store refresh token sessions\n- `file_ownership` - Track file ownership\n- `folder_ownership` - Track folder ownership\n\n## Implementation Details\n\n- **Password Hashing**: Argon2id with memory cost of 65536 (64MB), time cost of 3, and 4 parallelism\n- **JWT Secret**: Configured via environment variable `OXICLOUD_JWT_SECRET`\n- **Token Expiry**: Access token expires in 1 hour, refresh token in 30 days (configurable)\n- **Database Connection**: PostgreSQL with connection pooling\n- **Middleware**: Auth middleware for protected routes\n\n## Security Considerations\n\n- Passwords are never stored in plain text, only as Argon2id hashes\n- JWT tokens are signed with a secret key\n- Refresh tokens can be revoked to force logout\n- Rate limiting should be implemented for login attempts\n- Password policy requires at least 8 characters\n- Regular security audits recommended\n\n## Future Improvements\n\n- Email verification for new registrations\n- Password reset functionality\n- Enhanced password policy\n- Two-factor authentication\n- OAuth integration for social logins\n- Session management UI","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FDioCrafts%2FOxiCloud","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FDioCrafts%2FOxiCloud","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FDioCrafts%2FOxiCloud/lists"}