Security News
The Risks of Misguided Research in Supply Chain Security
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
@nocobase/plugin-auth
Advanced tools
提供基础认证功能和扩展认证器管理功能。
页面:系统设置 - 认证
Add new - 选择认证类型
Actions - Edit - 勾选/取消Enabled
Actions - Edit
Nocobase内核提供了扩展登录方式的接入和管理。扩展登录插件的核心逻辑处理,需要继承内核的Auth
类,并对相应的标准接口进行实现。
参考core/auth/auth.ts
import { Auth } from '@nocobase/auth';
class CustomAuth extends Auth {
set user(user) {}
get user() {}
async check() {}
async signIn() {}
}
多数情况下,扩展的用户登录方式也将沿用现有的jwt逻辑来生成用户访问API的凭证,插件也可以继承BaseAuth
类以便复用部分逻辑代码,如check
, signIn
接口。
import { BaseAuth } from '@nocobase/auth';
class CustomAuth extends BaseAuth {
constructor(config: AuthConfig) {
const userCollection = config.ctx.db.getCollection('users');
super({ ...config, userCollection });
}
async validate() {}
}
@nocobase/plugin-auth
插件提供了usersAuthenticators
表来建立users和authenticators,即用户和认证方式的关联。
通常情况下,扩展登录方式用users
和usersAuthenticators
来存储相应的用户数据即可,特殊情况下才需要自己新增Collection.
users
存储的是最基础的用户数据,邮箱、昵称和密码。
usersAuthenticators
存储扩展登录方式数据
对于用户操作,Authenticator
模型也提供了几个封装的方法,可以在CustomAuth
类中通过this.authenticator[方法名]
使用:
findUser(uuid: string): UserModel
- 查询用户newUser(uuid: string, values?: any): UserModel
- 创建新用户findOrCreateUser(uuid: string, userValues?: any): UserModel
- 查找或创建新用户扩展的登录方式需要向内核注册。
async load() {
this.app.authManager.registerTypes('custom-auth-type', {
auth: CustomAuth,
});
}
可供用户配置的认证器配置项
<OptionsComponentProvider authType="custom-auth-type" component={Options} />
Options
组件使用的值是authenticator
的options
字段,如果有需要暴露在前端的配置,应该放在options.public
字段中。authenticators:publicList
接口会返回options.public
字段的值。
自定义登录页界面
自定义注册页界面
自定义登录页下方的扩展内容
FAQs
User authentication management, including password, SMS, and support for Single Sign-On (SSO) protocols, with extensibility.
The npm package @nocobase/plugin-auth receives a total of 2,027 weekly downloads. As such, @nocobase/plugin-auth popularity was classified as popular.
We found that @nocobase/plugin-auth demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.