github/halo - halo - https://git.xinac.net

Go to file

guqing ae6724a2b6 feat: implement persistent token based remember me mechanism (#6131 ) #### What type of PR is this? /kind feature /area core /milestone 2.17.x #### What this PR does / why we need it: 新增基于持久化 Token 的 RememberMe 机制本次更新引入了一种新的 RememberMe 机制，该机制基于持久化 Token，以增强安全性和管理灵活性。在此之前，RememberMe 功能通过以下方式生成 Token，并将其作为 cookie 发送回客户端： ``` username + ":" + expiryTime + ":" + algorithmName + ":" + algorithmHex(username + ":" + expiryTime + ":" + password + ":" + key) ``` 此方法的优点在于无需存储 Token 就可以进行验证，并且用户密码的更改会自动使 Token 失效。然而，它的主要缺点是缺乏管理能力，例如无法手动撤销 Token。鉴于最新的设备管理需求（见 PR #6100），我们需要一种支持设备撤销（revoke）的机制。因此，我们采用了持久化 Token 的方式，并通过随机生成的方法来提高安全性，而不将用户名和密码直接签名在 Token 中。新的 Token 格式如下： ``` base64(tokenValue:series) ``` 此更改将为系统带来更高的安全保障和更灵活的管理选项，特别是在需要高度控制和监管设备访问时。 #### Does this PR introduce a user-facing change? ```release-note 引入基于持久化 Token 的新 RememberMe 机制以增强安全性和管理灵活性，升级后需要重新登录 ```		2024-06-26 08:40:49 +00:00
.github	chore: bump pnpm version to 9 (#5953 )	2024-05-21 03:24:45 +00:00
api	feat: implement persistent token based remember me mechanism (#6131 )	2024-06-26 08:40:49 +00:00
api-docs/openapi/v3_0	feat: implement persistent token based remember me mechanism (#6131 )	2024-06-26 08:40:49 +00:00
application	feat: implement persistent token based remember me mechanism (#6131 )	2024-06-26 08:40:49 +00:00
buildSrc	Support publishing to maven central repository (#3767 )	2023-04-18 14:28:23 +08:00
config/checkstyle	chore: add checkstyle rule (#2091 )	2022-05-17 06:46:11 +00:00
docs	Add support for publishing events among plugins (#6081 )	2024-06-19 16:11:00 +00:00
e2e	chore: upgrade the api-testing (e2e) to v0.0.16 (#5768 )	2024-04-23 10:42:27 +08:00
gradle/wrapper	Upgrade to Gradle 8.8 (#6033 )	2024-06-03 15:05:45 +00:00
hack	chore: add cherry_pick_pull.sh for cherry-picking pull request (#1554 )	2021-12-03 10:21:24 +08:00
platform	chore: upgrade pf4j version to 3.12.0 (#6143 )	2024-06-26 03:40:48 +00:00
ui	feat: implement persistent token based remember me mechanism (#6131 )	2024-06-26 08:40:49 +00:00
.dockerignore	chore: rename console to ui in some files (#5347 )	2024-02-07 14:40:08 +00:00
.editorconfig	Support backup and restore (#4206 )	2023-07-24 08:26:16 +00:00
.gitattributes	Refactor .gitignore	2019-04-03 11:37:59 +08:00
.gitignore	test: add e2e test cases of user, role, and plugin (#4920 )	2023-11-28 21:52:44 +08:00
.gitpod.yml	test: add e2e test cases of user, role, and plugin (#4920 )	2023-11-28 21:52:44 +08:00
CODE_OF_CONDUCT.md	docs: add CODE_OF_CONDUCT.md (#2150 )	2022-06-12 08:10:12 +00:00
CONTRIBUTING.md	docs: update the branch name from `master` to `main` in contribution.md (#5359 )	2024-02-17 08:00:15 +00:00
Dockerfile	chore: specify expose port in dockerfile (#5820 )	2024-04-29 10:37:26 +00:00
LICENSE	Create LICENSE	2018-03-21 21:39:46 +08:00
OWNERS	chore: update reviewers for OWNERS file (#5672 )	2024-04-09 15:22:09 +00:00
README.md	docs: add image linked to video in README.md (#6084 )	2024-06-19 07:54:57 +00:00
SECURITY.md	Mark the security policy for version 1.x as unsupported (#5450 )	2024-03-06 06:06:07 +00:00
build.gradle	Upgrade SpringBoot to 3.3.1 (#6110 )	2024-06-20 15:10:07 +00:00
gradle.properties	chore: bump mariadb driver to 1.2.1 to fix crash issue (#6133 )	2024-06-24 16:16:44 +00:00
gradlew	Upgrade Gradle to 8.6 (#5533 )	2024-03-20 12:32:07 +00:00
gradlew.bat	Upgrade to Gradle 8.8 (#6033 )	2024-06-03 15:05:45 +00:00
settings.gradle	Add build script for ui project	2024-02-03 22:51:50 +08:00

README.md

Halo [ˈheɪloʊ]，强大易用的开源建站工具。

官网文档社区 Gitee Telegram 频道

快速开始

docker run -d --name halo -p 8090:8090 -v ~/.halo2:/root/.halo2 halohub/halo:2.16

以上仅作为体验使用，详细部署文档请查阅：https://docs.halo.run/getting-started/install/docker-compose

在线体验

环境地址：https://demo.halo.run
后台地址：https://demo.halo.run/console
用户名：demo
密码：P@ssw0rd123..

生态

可访问官方应用市场或 awesome-halo 仓库查看适用于 Halo 2.x 的主题和插件。

许可证

Halo 使用 GPL-v3.0 协议开源，请遵守开源协议。

赞助

如果 Halo 对你有帮助，欢迎赞助我们，感谢以下赞助者对 Halo 项目的支持：

贡献

参考 CONTRIBUTING。

README.md Unescape Escape

快速开始

在线体验

生态

许可证

赞助

贡献

状态

README.md