iotcat
/
ushio-auth
mirror of https://github.com/IoTcat/ushio-auth.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update README.md

Browse Source
master
呓喵酱 4 years ago committed by GitHub
parent f430a5d448
commit fdce180c5c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 30 additions and 10 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 40
      README.md

40
README.md
Unescape View File

@ -1,18 +1,38 @@
# auth
auth system for ushio system
Ushio User System
## Key Logic
- three kinds of account: admin, user, visitor
- usr can be authed by email, phone, passwd
- after logined, the client id and secret can be generated and assigned
- every domain is an single app, it needs a new client id and secret.
- the app use the id and secret to get a time-expired token
- the client id and secret can be managed
[简体中文(推荐)](./zh.md)
## Implementation
## Process Flow
There are three concepts in the Ushio user system, namely hash, token and mask.
Each user has a unique hash, which represents all the permissions of this user. If the hash is leaked, the user needs to refresh the hash manually. But this will cause all devices and services previously bound to this user to automatically log out.
Each device (such as a browser) has a unique token. Various services (such as different websites) running on the device each have their own unique mask.
For security, the token is stored in a cookie under auth.yimian.xyz. Every time a user opens a new website, the system will determine and automatically bind the mask to the token. At this time, multiple masks correspond to one token. As shown below
```
token
/ | \
mask1 mask2 mask3
```
Every time a user logs in or registers, what the system does is to associate the token with the hash on the server side. When the user logs out, the token and hash on the server side will be disconnected, and the user will log out.
```
hash
/ | \
token1 token2 token3
```
## Login logic
Taking into account that it is difficult for us to remember the password for a long time, the login logic of this site is designed to log in with an email or mobile number verification code. After logging in, the system will evaluate the user's equipment security according to the changes of fp and ip. If the system assessment result is dangerous, the user will be required to verify, otherwise the user will remain logged in.
## Dependence
Ushio user systems rely heavily on ushio-session, fp, ip and other projects.

Write Preview
Loading…
Cancel
Save