{"id":20838077,"url":"https://github.com/timcsy/auth_draft","last_synced_at":"2026-04-28T04:37:55.275Z","repository":{"id":187409641,"uuid":"301672312","full_name":"timcsy/Auth_draft","owner":"timcsy","description":null,"archived":false,"fork":false,"pushed_at":"2020-10-06T09:13:27.000Z","size":51,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2026-04-28T04:37:52.717Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/timcsy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2020-10-06T09:12:05.000Z","updated_at":"2020-10-06T09:13:31.000Z","dependencies_parsed_at":null,"dependency_job_id":"ddc0bb03-f9d8-4ba6-b8fa-27cd87257528","html_url":"https://github.com/timcsy/Auth_draft","commit_stats":null,"previous_names":["timcsy/auth_draft"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/timcsy/Auth_draft","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/timcsy%2FAuth_draft","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/timcsy%2FAuth_draft/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/timcsy%2FAuth_draft/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/timcsy%2FAuth_draft/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/timcsy","download_url":"https://codeload.github.com/timcsy/Auth_draft/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/timcsy%2FAuth_draft/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32367021,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-27T20:07:02.737Z","status":"online","status_checked_at":"2026-04-28T02:00:07.250Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-18T01:09:20.191Z","updated_at":"2026-04-28T04:37:55.257Z","avatar_url":"https://github.com/timcsy.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"Auth\n===\n\nDemo\n---\nhttps://auth.tew.tw\n\n安裝\n---\n```\nnpm install\n```\n\n設定\n---\n先在根目錄創建一個叫做 config 的資料夾\n在資料夾下新增一個檔案叫做 mongoose.js 如下：\n```\nmodule.exports = {\n\thostname: '主機名稱(預設值為localhost)',\n\tport: '端口(預設值為27017)'\n\tusername: '使用者名稱',\n\tpassword: '密碼',\n\tdatabase: 'auth'\n}\n```\n就可以完成資料庫設定了！\n\n在這個資料夾再創一個檔案叫做 rbac.js 範例如下：\n```\nmodule.exports = {\n\troles: [\n\t\t{\n\t\t\tvalue: 'guest',\n\t\t\tpermissions: [\n\t\t\t\t'local:username'\n\t\t\t],\n\t\t\taction: 'allow'\n\t\t},\n\t\t{\n\t\t\tvalue: 'member',\n\t\t\tpermissions: [\n\t\t\t\t'user:list',\n\t\t\t\t'users:get',\n\t\t\t\t'users:delete',\n\t\t\t\t'users:addOwner',\n\t\t\t\t'users:removeOwner',\n\t\t\t\t'identities:list',\n\t\t\t\t'identities:get',\n\t\t\t\t'identities:unlink',\n\t\t\t\t'identities:delete',\n\t\t\t\t'groups:list',\n\t\t\t\t'groups:get',\n\t\t\t\t'groups:post',\n\t\t\t\t'groups:put',\n\t\t\t\t'groups:delete',\n\t\t\t\t'groups:listUsers',\n\t\t\t\t'groups:addUser',\n\t\t\t\t'groups:removeUser',\n\t\t\t\t'groups:removeUser'\n\t\t\t],\n\t\t\taction: 'allow',\n\t\t\tinherits: [\n\t\t\t\t'guest'\n\t\t\t]\n\t\t},\n\t\t{\n\t\t\tvalue: 'admin',\n\t\t\tpermissions: [\n\t\t\t\t'*:*'\n\t\t\t],\n\t\t\tinherits: [\n\t\t\t\t'member'\n\t\t\t]\n\t\t}\n\t]\n}\n```\n再執行server/setup.js，就可以完成權限角色設定了！\n\n在這個資料夾再創一個檔案叫做 server.js 範例如下：\n```\nmodule.exports = {\n\tSESSION_KEYS: ['super-secret-key']\n}\n```\n就可以完成Session設定了！\n\n在這個資料夾再創一個檔案叫做 jwt.js 範例如下：\n```\nmodule.exports = {\n\tsecret: 'your_jwt_secret',\n\texpires: '1d'\n}\n```\n就可以完成JWT設定了！\n\n在這個資料夾再創一個檔案叫做 facebook.js 範例如下：\n```\nmodule.exports = {\n\tFACEBOOK_APP_ID: 'FACEBOOK_APP_ID',\n\tFACEBOOK_APP_SECRET: 'FACEBOOK_APP_SECRET',\n\tAUTH_callbackURL: '你的網址/auth/facebook/callback',\n\tCONNECT_callbackURL: '你的網址/connect/facebook/callback'\n}\n```\n就可以完成Facebook API設定了！\n\n執行\n---\n產生前端程式碼：\n```\nnpm run build\n```\n運行後端server：\n```\nnpm run server\n```\n產生前端程式碼與運行後端server：\n```\nnpm run start\n```\nor\n```\nnpm start\n```\n\n使用說明\n---\n### 使用者、群組、角色架構\n\n#### 概覽\n* Identity：身分，認證(authentication)的基本單位，同一位使用者(User)可以擁有多個Identity\n\t* 需自訂local、facebook儲存形式等(routes/identity.js)\n* User：使用者，權限的基本單位之一，擁有角色(Roles)，可屬於群組(Groups)\n* Group：群組，權限的基本單位之一，擁有使用者(Users)、角色(Roles)\n\t* 目前沒有owner/admin機制，可自行添加\n\n#### Link/Unlink\n這是連結/分離Identity的意思，有幾點須 **特別注意！！**：\n\n* 合併User造成的問題\n\t* 預設是後者會放棄一切ownership、roles、permissions、groups\n\t* 如果要保留roles、permissions會是一場大災難\n\t* 而且通常要Link是因為想要加入社群帳號\n\t* 不過 **一定要提醒或引導使用者：要已有完整資料的那個帳號先登入再做連結！！**\n\t* 如果有特別需求要去server/models/User的userSchema.statics.link做修改！\n* 分離User造成的問題\n\t* 預設是後者會放棄一切ownership、roles、permissions、groups成為新的User(role=member)\n\t* 通常是因為帳號不常用或帳號失效才會分離User\n\t* 如果有特別需求要去server/models/Identity的identitySchema.methods.unlink做修改！\n\n### Access Control架構\n\n採用 Hierarchical Role Based Access Control，內涵glob機制\n\n設定見[設定](#設定)的rbac.js\n\n權限的格式為 resource:method，一定要有一個冒號，支援glob notation\n\n首先要先加入\n```\nconst RBAC = require('根目錄位置/server/lib/rbac')\n```\n用session或JWT保護路由(as middleware)，guest預設值是false(guest模式不會留下session紀錄、link)：\n```\nRBAC.auth(guest=false)\n```\n針對resource的保護(as middleware)：\n```\nRBAC.middleware(permission)\n```\n針對data的保護(需提供data的principal list(通常是owners)，return Boolean)：\n```\nRBAC.check(userId, permission, principals)\n```\n\n#### 運作原理\n1. 有針對data =\u003e 先檢查當前的user是不是data的owners(User或Group)之一\n2. 檢查User/Group是否擁有權限，若沒有則開始找roles跟繼承的roles\n注意：檢查是以有沒有有效的權限來看，allow/deny不影響這個原則\n\n#### allow/deny\nallow(預設)是指列出來的權限是有效的，其他都無效\ndeny是指列出來的權限是無效的，其他都有效\n\n#### glob 使用方法\n參考 https://github.com/isaacs/minimatch\n\n\n範例\n---\n以Data這個model作為Demo說明","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftimcsy%2Fauth_draft","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftimcsy%2Fauth_draft","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftimcsy%2Fauth_draft/lists"}