{"id":32789406,"url":"https://github.com/darwin7381/token-manager","last_synced_at":"2026-05-05T17:31:31.676Z","repository":{"id":321659374,"uuid":"1086582732","full_name":"darwin7381/token-manager","owner":"darwin7381","description":"🔐 API Token 集中管理系統 - 為多微服務架構設計的集中式 Token 與路由管理平台，支援 Cloudflare Edge Network 全球分佈","archived":false,"fork":false,"pushed_at":"2025-11-07T00:50:41.000Z","size":3626,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-11-07T01:19:02.500Z","etag":null,"topics":["api-gateway","api-key-management","authentication","cloudflare-workers","fastapi","microservices","n8n","postgresql","railway","token-management"],"latest_commit_sha":null,"homepage":"https://github.com/darwin7381/token-manager","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/darwin7381.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":".github/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-10-30T16:03:48.000Z","updated_at":"2025-11-07T00:50:44.000Z","dependencies_parsed_at":"2025-10-30T21:27:56.418Z","dependency_job_id":"26414580-ea0c-4ef8-921f-4caa34faecc5","html_url":"https://github.com/darwin7381/token-manager","commit_stats":null,"previous_names":["darwin7381/token-manager"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/darwin7381/token-manager","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/darwin7381%2Ftoken-manager","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/darwin7381%2Ftoken-manager/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/darwin7381%2Ftoken-manager/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/darwin7381%2Ftoken-manager/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/darwin7381","download_url":"https://codeload.github.com/darwin7381/token-manager/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/darwin7381%2Ftoken-manager/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32660158,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-05T11:29:49.557Z","status":"ssl_error","status_checked_at":"2026-05-05T11:29:48.587Z","response_time":54,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api-gateway","api-key-management","authentication","cloudflare-workers","fastapi","microservices","n8n","postgresql","railway","token-management"],"created_at":"2025-11-05T10:01:30.750Z","updated_at":"2026-05-05T17:31:31.669Z","avatar_url":"https://github.com/darwin7381.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# API Token 集中管理系統\n\n\u003e **版本**: v3.0 Per-Team Roles  \n\u003e **狀態**: Production Ready  \n\u003e **權限系統文檔**: [`docs/PERMISSION_RULES.md`](docs/PERMISSION_RULES.md)\n\n一套為多微服務架構設計的集中式 API Token 管理系統，採用 Per-Team Roles 權限架構，支持多團隊協作與細粒度權限控制。\n\n---\n\n## 🎯 核心功能\n\n- ✅ **Token 管理**: 創建、查看、撤銷 API Token\n- ✅ **路由管理**: 動態新增/修改/刪除微服務路由\n- ✅ **Per-Team Roles**: 每團隊獨立角色系統，完美團隊隔離\n- ✅ **用戶管理**: 完整的用戶與團隊成員管理\n- ✅ **團隊管理**: 創建團隊、管理成員、分配權限\n- ✅ **用戶邀請**: Clerk Invitations，支持 Google Login\n- ✅ **審計日誌**: 記錄所有管理操作\n- ✅ **Modern UI**: React 18 + Clerk 認證\n- ✅ **全球分佈**: Cloudflare Edge Network 低延遲\n\n---\n\n## 🏗️ 系統架構\n\n```\nn8n Workflows\n     ↓\nCloudflare Worker (API Gateway)\n     ↓\nBackend Microservices\n\nToken Manager (Railway)\n     ↓\nPostgreSQL\n     ↓\nCloudflare KV (配置同步)\n```\n\n### 組件說明\n\n1. **Token Manager** (Railway)\n   - 後端: FastAPI + PostgreSQL\n   - 前端: HTML/CSS/JS\n   - 提供 Web UI 管理 Token 和路由\n\n2. **Cloudflare Worker** (Edge Network)\n   - 驗證 API Key\n   - 路由轉發到對應後端\n\n3. **Cloudflare KV** (全球分佈存儲)\n   - 存儲 Token 元數據\n   - 存儲路由映射\n\n---\n\n## 📁 專案結構\n\n```\ntoken-manager/\n├── docs/                    # 📚 文檔\n│   ├── PRD.md              # 產品需求文檔\n│   ├── TODO.md             # 開發任務清單\n│   └── draft.md            # 原始設計草稿\n│\n├── backend/                 # 🔧 後端 API (Railway Service 1)\n│   ├── main.py             # FastAPI 主應用\n│   ├── models.py           # Pydantic 模型\n│   ├── database.py         # 數據庫連接\n│   ├── cloudflare.py       # KV 同步\n│   └── requirements.txt\n│\n├── frontend/                # 🎨 前端 UI (Railway Service 2)\n│   └── index.html          # 管理界面\n│\n├── worker/                  # ⚡ Cloudflare Worker\n│   ├── src/\n│   │   └── worker.js       # Worker 代碼\n│   ├── wrangler.toml       # Worker 配置\n│   └── package.json\n│\n├── .env.example             # 環境變數範例\n├── .gitignore\n└── README.md\n```\n\n---\n\n## 🚀 快速開始\n\n### 前置需求\n\n- **Cloudflare 帳號** (免費版即可)\n- **Railway 帳號** (免費版即可)\n- **GitHub 帳號**\n- **Node.js** (用於部署 Worker)\n\n### 1. Cloudflare 配置\n\n#### 1.1 創建 KV Namespace\n\n```bash\n# 安裝 Wrangler CLI\nnpm install -g wrangler\n\n# 登入 Cloudflare\nwrangler login\n\n# 創建 KV Namespace\ncd worker\nwrangler kv:namespace create \"TOKENS\"\n```\n\n記下返回的 Namespace ID。\n\n#### 1.2 創建 API Token\n\n1. 訪問 Cloudflare Dashboard → My Profile → API Tokens\n2. 點擊 \"Create Token\"\n3. 選擇 \"Edit Cloudflare Workers\" 模板\n4. 權限: `Account \u003e Workers KV Storage \u003e Edit`\n5. 記下 Token 值\n\n#### 1.3 記錄 Account ID\n\n在 Cloudflare Dashboard 右上角可找到 Account ID\n\n---\n\n### 2. Railway 部署\n\n#### 2.1 準備 GitHub 倉庫\n\n```bash\n# 初始化 Git (如果還沒有)\ngit init\ngit add .\ngit commit -m \"Initial commit\"\n\n# 推送到 GitHub\ngit remote add origin https://github.com/your-username/token-manager.git\ngit push -u origin main\n```\n\n#### 2.2 部署後端服務\n\n1. 訪問 [Railway Dashboard](https://railway.app/)\n2. 點擊 \"New Project\" → \"Deploy from GitHub repo\"\n3. 選擇您的 `token-manager` 倉庫\n4. 添加 PostgreSQL:\n   - 點擊 \"+ New\" → \"Database\" → \"Add PostgreSQL\"\n5. 配置後端服務:\n   - 點擊後端服務\n   - Settings → Root Directory: `backend`\n   - Variables → 添加環境變數:\n     ```\n     DATABASE_URL=${{Postgres.DATABASE_URL}}\n     CF_ACCOUNT_ID=your_cloudflare_account_id\n     CF_API_TOKEN=your_cloudflare_api_token\n     CF_KV_NAMESPACE_ID=your_kv_namespace_id\n     ```\n6. Deploy!\n\n#### 2.3 部署前端服務\n\n1. 在同一個 Railway Project 中\n2. 點擊 \"+ New\" → \"GitHub Repo\"\n3. 選擇同一個倉庫\n4. Settings → Root Directory: `frontend`\n5. Deploy!\n\n#### 2.4 記錄後端 URL\n\n在後端服務的 Settings → Domains 中記錄 URL,例如:\n```\nhttps://token-manager-backend-production.up.railway.app\n```\n\n#### 2.5 更新前端配置\n\n修改 `frontend/index.html` 中的 API_URL:\n\n```javascript\nconst API_URL = 'https://token-manager-backend-production.up.railway.app';\n```\n\n提交並推送,Railway 會自動重新部署。\n\n---\n\n### 3. Cloudflare Worker 部署\n\n```bash\ncd worker\n\n# 更新 wrangler.toml 中的 KV Namespace ID\n# 將 YOUR_KV_NAMESPACE_ID 替換為實際的 ID\n\n# 部署\nnpm run deploy\n```\n\n部署成功後會顯示 Worker URL:\n```\nhttps://api-gateway.your-subdomain.workers.dev\n```\n\n---\n\n## 📖 使用指南\n\n### 創建 Token\n\n1. 訪問前端管理界面\n2. 點擊 \"Token 管理\" 標籤\n3. 填寫表單:\n   - 名稱: Marketing-John\n   - 部門: marketing\n   - 權限: image,data 或 * (全部權限)\n   - 過期天數: 90\n4. 點擊 \"創建 Token\"\n5. **立即複製顯示的 Token** (只顯示一次!)\n\n### 新增路由\n\n1. 點擊 \"路由管理\" 標籤\n2. 填寫表單:\n   - 路徑: /api/image\n   - 後端 URL: https://image-service.railway.app\n   - 描述: 圖片處理服務\n3. 點擊 \"新增路由\"\n4. 約 60 秒後生效\n\n### n8n 使用示例\n\n在 n8n HTTP Request 節點中:\n\n```\nURL: https://api-gateway.your-subdomain.workers.dev/api/image/process\nMethod: POST\nHeaders:\n  X-API-Key: ntk_xxxxxxxxxxxxxxxxxxxxx\n  Content-Type: application/json\nBody:\n  {\n    \"image_url\": \"https://example.com/image.jpg\"\n  }\n```\n\n---\n\n## 🔒 安全最佳實踐\n\n1. **Token 管理**\n   - Token 只在創建時顯示一次,請妥善保管\n   - 定期輪換 Token (建議 90 天)\n   - 不再使用的 Token 立即撤銷\n\n2. **權限控制**\n   - 遵循最小權限原則\n   - 不同部門使用不同 Token\n   - 使用具體的 scopes 而非 *\n\n3. **監控**\n   - 定期查看審計日誌\n   - 監控 Cloudflare Dashboard 的請求統計\n\n---\n\n## 🛠️ 開發\n\n### 本地開發 - 後端\n\n```bash\ncd backend\n\n# 創建虛擬環境\nuv venv\n\n# 安裝依賴\nuv pip install -r requirements.txt\n\n# 設置環境變數\ncp ../.env.example .env\n# 編輯 .env 填入實際值\n\n# 啟動服務\nuv run uvicorn main:app --reload --port 8000\n```\n\n訪問 http://localhost:8000/docs 查看 API 文檔\n\n### 本地開發 - Worker\n\n```bash\ncd worker\n\n# 安裝依賴\nnpm install\n\n# 本地測試\nnpm run dev\n```\n\n---\n\n## 📊 系統限制\n\n### Cloudflare 免費版\n\n- Worker 請求: 100,000 次/天\n- KV 讀取: 100,000 次/天\n- KV 寫入: 1,000 次/天\n- KV 存儲: 1 GB\n\n**對於 100 個 n8n 工作流完全夠用!**\n\n### Railway 免費版\n\n- $5 免費額度/月\n- 512 MB RAM\n- 1 GB Disk\n\n**升級到 Hobby ($5/月) 可獲得更多資源**\n\n---\n\n## 🐛 故障排查\n\n### Token 驗證失敗\n\n1. 檢查 Token 是否正確 (包括 `ntk_` 前綴)\n2. 檢查 Token 是否已被撤銷\n3. 檢查 Token 是否過期\n4. 等待 60 秒讓 KV 同步完成\n\n### 路由不生效\n\n1. 檢查路由路徑是否以 `/` 開頭\n2. 檢查後端 URL 是否可訪問\n3. 等待 60 秒讓 KV 同步完成\n4. 在 Cloudflare Dashboard 檢查 KV 中的 `routes` key\n\n### 後端服務無法啟動\n\n1. 檢查環境變數是否正確設置\n2. 檢查 PostgreSQL 連接\n3. 查看 Railway 日誌\n\n---\n\n## 📈 性能指標\n\n| 指標 | 目標 | 實際 |\n|-----|------|------|\n| Worker 延遲 (P95) | \u003c 200ms | ~50ms |\n| Token 撤銷生效時間 | \u003c 60s | \u003c 60s |\n| 路由更新生效時間 | \u003c 60s | \u003c 60s |\n| 系統可用性 | 99% | 99.9%+ |\n\n---\n\n## 🗺️ Roadmap\n\n### Phase 1 (✅ 已完成)\n- ✅ Token CRUD\n- ✅ 路由 CRUD\n- ✅ Worker 驗證與轉發\n- ✅ Web UI\n- ✅ 審計日誌\n\n### Phase 2 (規劃中)\n- ⏳ 管理系統登入認證\n- ⏳ Token 使用統計\n- ⏳ Rate Limiting\n- ⏳ Webhook 通知\n\n### Phase 3 (未來)\n- ⏳ SSO 整合\n- ⏳ 多環境支持\n- ⏳ API 版本控制\n\n---\n\n## 📝 API 文檔\n\n完整的 API 文檔請參考:\n- 開發環境: http://localhost:8000/docs\n- 生產環境: https://your-backend.railway.app/docs\n\n---\n\n## 🤝 貢獻\n\n歡迎提交 Issue 和 Pull Request!\n\n---\n\n## 📄 授權\n\nMIT License\n\n---\n\n## 📞 支持與文檔\n\n### 權限系統\n- 🔐 **[完整權限規則](docs/PERMISSION_RULES.md)** - Per-Team Roles 架構說明\n- 📊 **[權限矩陣](docs/PERMISSION_RULES.md#完整權限矩陣)** - 所有角色的權限對照表\n\n### 開發文檔\n- 📚 [產品需求文檔](docs/PRD.md)\n- 📋 [開發任務清單](docs/TODO.md)\n- 🏗️ [Per-Team Roles 分析](docs/PER_TEAM_ROLES_ANALYSIS.md)\n\n### 舊版文檔（已過時，僅供參考）\n- ~~[PERMISSIONS_GUIDE.md](docs/PERMISSIONS_GUIDE.md)~~ - 已被 PERMISSION_RULES.md 取代\n- ~~[RBAC_REDESIGN.md](docs/RBAC_REDESIGN.md)~~ - 舊架構設計\n\n---\n\n**🚀 現在開始使用吧!**\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdarwin7381%2Ftoken-manager","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdarwin7381%2Ftoken-manager","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdarwin7381%2Ftoken-manager/lists"}