{"id":37123989,"url":"https://github.com/turtacn/cbc","last_synced_at":"2026-01-14T14:19:00.066Z","repository":{"id":320509773,"uuid":"1080429098","full_name":"turtacn/cbc","owner":"turtacn","description":"CBC:is a cutting-edge, high-performance distributed identity authentication and authorization platform designed to serve as the trust anchor for billions of terminal devices in public network environments. Built on OAuth 2.0 + JWT standards and Zero Trust Architecture principles.","archived":false,"fork":false,"pushed_at":"2025-11-09T08:07:31.000Z","size":7920,"stargazers_count":0,"open_issues_count":0,"forks_count":1,"subscribers_count":0,"default_branch":"v0.1.0","last_synced_at":"2025-11-09T09:17:52.823Z","etag":null,"topics":["auth2","iam","jwt","token"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/turtacn.png","metadata":{"files":{"readme":"README-zh.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-10-21T11:05:42.000Z","updated_at":"2025-11-09T08:07:35.000Z","dependencies_parsed_at":"2025-10-24T07:32:22.089Z","dependency_job_id":null,"html_url":"https://github.com/turtacn/cbc","commit_stats":null,"previous_names":["turtacn/cbc"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/turtacn/cbc","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/turtacn%2Fcbc","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/turtacn%2Fcbc/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/turtacn%2Fcbc/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/turtacn%2Fcbc/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/turtacn","download_url":"https://codeload.github.com/turtacn/cbc/tar.gz/refs/heads/v0.1.0","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/turtacn%2Fcbc/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28422634,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T13:30:50.153Z","status":"ssl_error","status_checked_at":"2026-01-14T13:29:08.907Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auth2","iam","jwt","token"],"created_at":"2026-01-14T14:18:59.425Z","updated_at":"2026-01-14T14:19:00.059Z","avatar_url":"https://github.com/turtacn.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n \u003cimg src=\"logo.png\" alt=\"cbc Logo\" width=\"200\" height=\"200\"\u003e\n\n # CBC - CloudBrain Certification\n\n [![构建状态](https://img.shields.io/github/workflow/status/turtacn/cbc/CI)](https://github.com/turtacn/cbc/actions)\n [![许可证](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)\n [![Go 报告卡](https://goreportcard.com/badge/github.com/turtacn/cbc)](https://goreportcard.com/report/github.com/turtacn/cbc)\n\n **一个企业级的身份认证与授权平台**\n\n 简体中文 | [English](README.md)\n\u003c/div\u003e\n\n---\n\n## 🚀 使命宣言\n\n**CBC (CloudBrain-Cert)** 是一个企业级、高性能的身份认证和授权平台,旨在作为现代网络环境中设备和服务的 **信任锚**。基于 OAuth 2.0 和 JWT 等开放标准,并遵循领域驱动设计(DDD)原则,CBC 为零信任架构提供了一个健壮且可扩展的基础。\n\n本仓库包含核心后端服务,负责令牌的颁发、验证、撤销和密钥管理。\n\n---\n\n## 🏗️ 架构概览\n\n该服务采用基于领域驱动设计(DDD)原则的分层架构构建,确保了清晰的关注点分离。\n\n- **领域层 (Domain Layer)**: 包含核心业务逻辑、模型(例如 `Token`, `Key`, `Tenant`)以及仓库和服务的接口。\n- **应用层 (Application Layer)**: 编排领域逻辑以执行特定于应用程序的任务(例如 `AuthAppService`, `DeviceAuthAppService`)。它使用数据传输对象(DTO)与接口层交互。\n- **基础设施层 (Infrastructure Layer)**: 提供领域接口的具体实现,与数据库、缓存和密钥库等外部系统交互。这包括 PostgreSQL 和 Redis 的仓库,以及 HashiCorp Vault 的客户端。\n- **接口层 (Interface Layer)**: 通过 RESTful API(使用 Gin)和 gRPC 服务向外界暴露应用程序的功能。\n\n```mermaid\ngraph TB\n subgraph \"接口层 (传输)\"\n Gin[Gin HTTP 服务器]\n GRPC[gRPC 服务器]\n end\n\n subgraph \"应用层 (用例)\"\n AuthSvc[AuthAppService]\n DeviceAuthSvc[DeviceAuthAppService]\n TenantSvc[TenantAppService]\n end\n\n subgraph \"领域层 (核心逻辑)\"\n direction LR\n Models[模型, 例如 Token, Key]\n RepoInterfaces[仓库接口]\n SvcInterfaces[服务接口]\n end\n\n subgraph \"基础设施层 (外部系统)\"\n Postgres[PostgreSQL(GORM/PGX)]\n Redis[Redis]\n Vault[HashiCorp Vault]\n Kafka[Apache Kafka]\n end\n\n Gin --\u003e AuthSvc\n GRPC --\u003e AuthSvc\n AuthSvc --\u003e SvcInterfaces\n AuthSvc --\u003e RepoInterfaces\n\n RepoInterfaces -- 由...实现 --\u003e Postgres\n RepoInterfaces -- 由...实现 --\u003e Redis\n SvcInterfaces -- 由...实现 --\u003e Vault\n SvcInterfaces -- 由...实现 --\u003e Kafka\n\n style Gin fill:#add8e6\n style GRPC fill:#add8e6\n style Postgres fill:#d3d3d3\n style Redis fill:#d3d3d3\n style Vault fill:#d3d3d3\n style Kafka fill:#d3d3d3\n```\n\n---\n\n## ✨ 已实现的主要功能\n\n- **OAuth 2.0 设备授权流程**: 实现了 RFC 8628,适用于输入受限的设备。\n- **基于 JWT 的身份验证**: 颁发和验证 RS256 签名的 JSON Web 令牌。\n- **多租户**: 支持隔离的租户,每个租户都有自己独立的加密密钥集。\n- **密钥管理**:\n - 与 HashiCorp Vault 集成作为密钥提供程序。\n - 提供 RESTful 端点 (`/api/v1/jwks/:tenant_id`) 以 JSON Web Key Set (JWKS) 格式暴露公钥。\n- **持久化**:\n - **PostgreSQL**: 用于存储密钥、租户、设备和令牌等主要记录。\n - **Redis**: 用于缓存、设备流程中的会话管理以及令牌黑名单存储。\n- **HTTP/gRPC API**:\n - **公共 API (Gin)**: 用于核心认证流程 (`/token`, `/revoke` 等)。\n - **内部 API (Gin)**: 一个独立的、非公开的 API,用于管理任务,例如接收由机器学习驱动的风险评分 (`/_internal/ml/risk`)。\n - **gRPC API**: 提供令牌颁发和撤销的服务。\n- **中间件**:\n - **可观测性**: 为所有 HTTP 请求提供 Prometheus 指标和 OpenTelemetry 链路追踪。\n - **安全性**: 速率限制(基于 IP)、幂等性检查(基于 JTI)和 JWT 身份验证。\n- **命令行工具 (`cbc-admin`)**: 一个用于与服务交互的管理 CLI,包括管理密钥和合规性的命令。\n\n---\n\n## 🚀 快速入门\n\n### 先决条件\n\n* Go (版本 1.21 或更高)\n* Docker 和 Docker Compose\n* `make`\n\n### 1. 配置\n\n服务使用 `config/config.yaml` 进行配置。项目提供了一个示例配置文件。您可能需要根据本地环境调整数据库、Redis 或 Vault 的连接详细信息。\n\n### 2. 运行依赖项\n\n项目包含一个 `docker-compose.yml` 文件,可以轻松运行所需的外部服务(PostgreSQL 和 Redis)。\n\n```bash\ndocker-compose up -d\n```\n\n这将在 `5432` 端口上启动 PostgreSQL,在 `6379` 端口上启动 Redis。\n\n### 3. 数据库迁移\n\n在首次运行应用程序之前,您需要应用数据库模式。迁移文件位于 `migrations/` 目录中。\n\n*(注意:目前尚未集成迁移工具。您需要使用 `psql` 等工具手动应用 SQL 脚本。)*\n\n### 4. 构建并运行服务器\n\n您可以从 `cmd/server` 目录构建并运行主应用程序服务器。\n\n```bash\n# 进入服务器目录\ncd cmd/server\n\n# 构建二进制文件\ngo build .\n\n# 运行服务器\n./server\n```\n\n默认情况下,主 HTTP 服务器将运行在 `8090` 端口,内部 HTTP 服务器在 `9091` 端口,gRPC 服务器在 `50051` 端口。\n\n### 5. 使用管理 CLI\n\n`cbc-admin` 工具用于执行管理任务。\n\n```bash\n# 进入 cbc-admin 目录\ncd cmd/cbc-admin\n\n# 构建二进制文件\ngo build .\n\n# 查看可用命令\n./cbc-admin --help\n```\n\n---\n\n## 🛠️ 开发\n\n### 运行测试\n\n项目包括单元测试、集成测试和端到端(E2E)测试。\n\n```bash\n# 运行所有测试\nmake test\n\n# 运行测试并生成覆盖率报告\nmake coverage\n```\n\n### 生成模拟对象 (Mocks)\n\n项目使用 `mockery` 为接口生成模拟对象。如果您更改了某个接口,则必须重新生成模拟对象。\n\n```bash\n# 如果尚未安装,请安装 mockery\ngo install github.com/vektra/mockery/v2@latest\n\n# 重新生成所有模拟对象\nmake mock\n```\n\n---\n\n## 🤝 贡献\n\n欢迎社区贡献!请阅读我们的 `CONTRIBUTING.md` 指南,以了解我们的开发流程、如何提出错误修复和改进建议,以及如何构建和测试您的更改。\n\n---\n\n## 📄 许可证\n\n本项目采用 **Apache License 2.0** 许可证。详情请参阅 [LICENSE](LICENSE) 文件。\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fturtacn%2Fcbc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fturtacn%2Fcbc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fturtacn%2Fcbc/lists"}