{"id":24648143,"url":"https://github.com/shuakami/lauth","last_synced_at":"2026-04-18T04:03:15.457Z","repository":{"id":274023929,"uuid":"921659907","full_name":"shuakami/Lauth","owner":"shuakami","description":"🔐 Auth | 统一认证平台 | Enterprise-grade unified auth with multi-app support, RBAC/ABAC, OAuth2.0/OIDC, MFA, and plugin system | 高性能多应用身份管理系统，支持细粒度权限控制、多因素认证、插件扩展 | Go实现 ","archived":false,"fork":false,"pushed_at":"2025-03-16T03:10:02.000Z","size":4697,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-16T04:19:51.697Z","etag":null,"topics":["access-control","auth","auth-service","auth0","authentication","go","golang","jwt","postgresql","redis"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/shuakami.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-01-24T11:19:53.000Z","updated_at":"2025-03-16T03:09:58.000Z","dependencies_parsed_at":"2025-02-17T16:26:03.392Z","dependency_job_id":"1e93d1a0-a160-4fff-ae59-d62114c4a3fc","html_url":"https://github.com/shuakami/Lauth","commit_stats":null,"previous_names":["shuakami/lauth"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/shuakami/Lauth","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shuakami%2FLauth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shuakami%2FLauth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shuakami%2FLauth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shuakami%2FLauth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/shuakami","download_url":"https://codeload.github.com/shuakami/Lauth/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shuakami%2FLauth/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31955920,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-18T00:39:45.007Z","status":"online","status_checked_at":"2026-04-18T02:00:07.018Z","response_time":103,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["access-control","auth","auth-service","auth0","authentication","go","golang","jwt","postgresql","redis"],"created_at":"2025-01-25T16:14:14.126Z","updated_at":"2026-04-18T04:03:10.449Z","avatar_url":"https://github.com/shuakami.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# LAuth\n\n\u003cp align=\"center\"\u003e\n  Enterprise-grade unified authentication platform with multi-application support.\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://golang.org/doc/go1.19\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/go-1.19-blue.svg\" alt=\"Go version\"/\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://www.gnu.org/licenses/agpl-3.0\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/License-AGPL%20v3-blue.svg\" alt=\"License\"/\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/shuakami/Lauth/blob/master/README_zh.md\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/简体中文-blue.svg\" alt=\"简体中文\"/\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\nLAuth is an enterprise-grade unified authentication platform that provides centralized authentication services for multiple applications. Built with performance, security, and ease of use in mind.\n\n## Features\n\n- **Multi-Application Support**: Manage authentication for multiple applications from a single platform\n- **High Performance**: Built with Go, optimized for speed and resource efficiency\n- **Super Administrator**: Platform-wide administration capabilities that transcend application boundaries\n- **Advanced Permission System**:\n  - Role-Based Access Control (RBAC)\n  - Attribute-Based Access Control (ABAC)\n  - Dynamic Rules Engine\n  - Fine-grained Permission Management\n  - Role Hierarchy Support\n- **OAuth 2.0 Support**:\n  - Authorization Code Grant\n  - Client Management\n  - Secure Token Handling\n  - Customizable Scopes\n  - Token Introspection\n  - Token Revocation\n- **OpenID Connect Support**:\n  - Full OAuth 2.0 Integration\n  - ID Token Support\n  - Standard Claims\n  - Multiple Response Types (code, id_token, code id_token)\n  - OIDC Discovery Service\n  - JWKS Endpoint\n  - User Info Endpoint\n  - Standard OIDC Parameters (nonce, prompt, max_age, etc.)\n- **Secure by Design**: \n  - JWT-based authentication\n  - Token revocation\n  - Password encryption\n  - Configurable security policies\n  - Device recognition\n  - Login location tracking\n  - IP-based security rules\n- **Easy Integration**: \n  - RESTful API\n  - Comprehensive documentation\n  - Simple SDK (coming soon)\n- **Enterprise Ready**:\n  - Multi-tenant architecture\n  - Audit logging with integrity verification\n  - Real-time audit log streaming via WebSocket\n  - Configurable authentication flows\n  - High-performance caching\n  - IP geolocation service\n  - Event type strategy\n  - Login location history\n- **Plugin System**:\n  - Flexible verification plugins\n  - Email verification support\n    - Verification code mode\n    - Verification link mode\n    - Dark mode support\n    - Responsive email templates\n  - TOTP (Time-based One-Time Password) support\n    - QR code generation\n    - Configurable settings (period, digits, etc)\n    - Setup, verification and disable flows\n  - Extensible plugin architecture\n  - Plugin lifecycle management\n  - Real-time plugin status tracking\n  - Exemption rules support\n  - User configuration management\n  - Verification record tracking\n  - Plugin route registration\n  - Smart plugin interface\n  - Plugin dependency injection\n  - Middleware support\n  - Enhanced error handling\n  - Event emission capability\n  - Temporary session support\n  - Verification status cleanup\n  - Plugin status caching\n  - Unified verification context\n  - Automatic plugin status tracking\n  - Smart verification flow\n  - Registration-specific rules\n  - Dynamic plugin discovery\n  - Automatic plugin registration\n  - Optional verification sessions\n  - Standardized API responses\n- **User Profile Management**:\n  - Flexible profile schema\n  - Custom fields support\n  - Profile data storage in MongoDB\n  - Seamless integration with user management\n\n## System Architecture\n\n### Permission System\n\nThe permission system combines RBAC and ABAC models to provide flexible and powerful access control:\n\n- **RBAC Core**:\n  - Role management\n  - Permission assignment\n  - User-role association\n  - Role inheritance\n\n- **Rules Engine**:\n  - Static and dynamic rules\n  - Rich operator support\n  - Priority-based execution\n  - Redis-based caching\n  - Real-time validation\n\n- **Permission Types**:\n  - Resource-based permissions\n  - Operation-based permissions\n  - Custom attribute rules\n\n## Tech Stack\n\n- **Language**: Go 1.19+\n- **Database**: \n  - PostgreSQL (Core data)\n  - MongoDB (Profile data)\n- **Cache**: Redis\n- **Authentication**: JWT\n- **API**: RESTful with Gin framework\n- **Documentation**: Swagger/OpenAPI\n\n## Quick Start\n\n### Prerequisites\n\n- Go 1.19 or higher\n- PostgreSQL 12 or higher\n- MongoDB 4.4 or higher\n- Redis 6 or higher\n\n### Installation\n\n1. Clone the repository\n```bash\ngit clone https://github.com/shuakami/Lauth.git\ncd Lauth\n```\n\n2. Install dependencies\n```bash\ngo mod download\n```\n\n3. Configure the application\n```bash\ncp config/config.example.yaml config/config.yaml\n# Edit config.yaml with your settings\n```\n\n4. Run the application\n```bash\ngo run main.go\n```\n\n## API Documentation\n\n### Authentication Endpoints\n\n- `POST /api/v1/auth/login` - User login\n- `POST /api/v1/auth/refresh` - Refresh access token\n- `POST /api/v1/auth/logout` - User logout\n- `GET /api/v1/auth/validate` - Validate token\n- `POST /api/v1/auth/validate-rule` - Combined validation for token and rules with user info\n\n### Login Location\n\n- `GET /api/v1/apps/:id/users/:user_id/login-locations` - Get user login locations\n- `GET /api/v1/apps/:id/users/:user_id/login-locations/:location_id` - Get login location details\n- `GET /api/v1/apps/:id/users/:user_id/login-locations/stats` - Get login location statistics\n\n### Application Management\n\n- `POST /api/v1/apps` - Create application\n- `GET /api/v1/apps/:id` - Get application details\n- `PUT /api/v1/apps/:id` - Update application\n- `DELETE /api/v1/apps/:id` - Delete application\n- `GET /api/v1/apps` - List applications\n\n### User Management\n\n- `POST /api/v1/apps/:id/users` - Create user\n- `GET /api/v1/apps/:id/users/:user_id` - Get user details with profile\n- `PUT /api/v1/apps/:id/users/:user_id` - Update user\n- `DELETE /api/v1/apps/:id/users/:user_id` - Delete user\n- `GET /api/v1/apps/:id/users` - List users with profiles\n- `PUT /api/v1/apps/:id/users/:user_id/password` - Update password\n\n### Profile Management\n\n- `GET /api/v1/apps/:id/users/:user_id/profile` - Get user profile\n- `PUT /api/v1/apps/:id/users/:user_id/profile` - Update user profile\n- `DELETE /api/v1/apps/:id/users/:user_id/profile` - Delete user profile\n- `POST /api/v1/apps/:id/users/:user_id/profile/files` - Upload profile files\n- `GET /api/v1/apps/:id/users/:user_id/profile/files/:file_id` - Get profile file\n- `DELETE /api/v1/apps/:id/users/:user_id/profile/files/:file_id` - Delete profile file\n\n### Role Management\n\n- `POST /api/v1/apps/:id/roles` - Create role\n- `GET /api/v1/apps/:id/roles/:role_id` - Get role details\n- `PUT /api/v1/apps/:id/roles/:role_id` - Update role\n- `DELETE /api/v1/apps/:id/roles/:role_id` - Delete role\n- `GET /api/v1/apps/:id/roles` - List roles\n- `POST /api/v1/apps/:id/roles/:role_id/permissions` - Add permissions to role\n- `DELETE /api/v1/apps/:id/roles/:role_id/permissions` - Remove permissions from role\n- `GET /api/v1/apps/:id/roles/:role_id/permissions` - Get role permissions\n- `POST /api/v1/apps/:id/roles/:role_id/users` - Add users to role\n- `DELETE /api/v1/apps/:id/roles/:role_id/users` - Remove users from role\n- `GET /api/v1/apps/:id/roles/:role_id/users` - Get role users\n\n### Permission Management\n\n- `POST /api/v1/apps/:id/permissions` - Create permission\n- `GET /api/v1/apps/:id/permissions/:permission_id` - Get permission details\n- `PUT /api/v1/apps/:id/permissions/:permission_id` - Update permission\n- `DELETE /api/v1/apps/:id/permissions/:permission_id` - Delete permission\n- `GET /api/v1/apps/:id/permissions` - List permissions\n- `GET /api/v1/apps/:id/permissions/resource/:type` - List permissions by resource type\n- `GET /api/v1/apps/:id/users/:user_id/permissions` - List user permissions\n\n### Rules Management\n\n- `POST /api/v1/apps/:id/rules` - Create rule\n- `GET /api/v1/apps/:id/rules/:rule_id` - Get rule details\n- `PUT /api/v1/apps/:id/rules/:rule_id` - Update rule\n- `DELETE /api/v1/apps/:id/rules/:rule_id` - Delete rule\n- `GET /api/v1/apps/:id/rules` - List rules\n- `GET /api/v1/apps/:id/rules/active` - List active rules\n- `POST /api/v1/apps/:id/rules/validate` - Validate rules\n- `POST /api/v1/apps/:id/rules/:rule_id/conditions` - Add rule conditions\n- `PUT /api/v1/apps/:id/rules/:rule_id/conditions` - Update rule conditions\n- `DELETE /api/v1/apps/:id/rules/:rule_id/conditions` - Remove rule conditions\n- `GET /api/v1/apps/:id/rules/:rule_id/conditions` - Get rule conditions\n\n### Plugin Management\n\n- `POST /api/v1/apps/:id/plugins/install` - Install plugin\n- `POST /api/v1/apps/:id/plugins/uninstall/:name` - Uninstall plugin\n- `POST /api/v1/apps/:id/plugins/:name/execute` - Execute plugin\n- `GET /api/v1/apps/:id/plugins/list` - List installed plugins\n- `GET /api/v1/apps/:id/plugins/all` - List all registered plugins\n- `PUT /api/v1/apps/:id/plugins/:name/config` - Update plugin config\n\n### OAuth 2.0 and OpenID Connect\n\n#### OAuth 2.0 Endpoints\n- `POST /api/v1/oauth/clients` - Create OAuth client\n- `GET /api/v1/oauth/clients/:client_id` - Get OAuth client details\n- `PUT /api/v1/oauth/clients/:client_id` - Update OAuth client\n- `DELETE /api/v1/oauth/clients/:client_id` - Delete OAuth client\n- `GET /api/v1/oauth/clients` - List OAuth clients\n- `POST /api/v1/oauth/authorize` - Authorization endpoint\n- `POST /api/v1/oauth/token` - Token endpoint\n- `POST /api/v1/oauth/revoke` - Token revocation endpoint\n- `POST /api/v1/oauth/introspect` - Token introspection endpoint\n\n#### OpenID Connect Endpoints\n- `GET /.well-known/openid-configuration` - OIDC discovery endpoint\n- `GET /.well-known/jwks.json` - JWKS endpoint\n- `GET /api/v1/userinfo` - UserInfo endpoint\n- `GET /api/v1/users/me` - Get current user info\n\n### Audit Logging\n\n- `GET /api/v1/audit/logs` - Query audit logs\n- `GET /api/v1/audit/logs/verify` - Verify log file integrity\n- `GET /api/v1/audit/stats` - Get audit statistics\n- `GET /api/v1/audit/ws` - WebSocket connection for real-time logs\n\n### Super Administrator Management\n\n- `POST /api/v1/system/super-admins` - Add a user as super administrator\n- `GET /api/v1/system/super-admins` - List all super administrators\n- `DELETE /api/v1/system/super-admins/:user_id` - Remove super administrator privileges\n- `GET /api/v1/system/super-admins/check/:user_id` - Check if a user is a super administrator\n\n## Configuration\n\nLAuth can be configured via environment variables or configuration file. The configuration file is located at `config/config.yaml`.\n\nKey configuration options:\n- Server port and mode\n- Database connection\n- Redis connection\n- JWT settings\n- OIDC settings (issuer, keys)\n- Authentication options\n- Permission system settings\n- Rules engine configuration\n- Plugin system settings (plugins directory, configurations)\n\n## Roadmap\n\n- [x] Role-based access control (RBAC)\n- [x] Attribute-based access control (ABAC)\n- [x] Rules engine\n- [x] OAuth2.0 support (Authorization Code Grant)\n- [x] OAuth2.0 Token endpoint\n- [x] OpenID Connect support\n- [ ] OAuth2.0 additional grant types\n- [x] Multi-factor authentication\n- [ ] SDK development\n- [ ] Docker support\n- [ ] Kubernetes deployment guides\n\n## License\n\nThis project is licensed under the AGPL-3.0 License. ","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshuakami%2Flauth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fshuakami%2Flauth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshuakami%2Flauth/lists"}