Technical Details
Local users will be stored through the existing storage component in phase one. The initial local-user model will use configuration-provided default administrator credentials and bcrypt password hashes.
Frontend and backend authentication will use controller-managed sessions. After a successful login, the controller creates an opaque session token and stores the session through the existing storage component so authentication state can be verified across controller instances. Logout invalidates the current session by removing it from storage.
Users are divided into two coarse roles: administrator and regular user. Administrators can manage users. Regular users can only manage resources. Fine-grained resource permissions will be introduced later in the Casbin namespace RBAC PR.
Configuration Changes
Add the following auth-related configuration:
auth.type: disabled by default to preserve backward compatibility.- Maximum session duration.
- Default administrator username.
- Default administrator password.
API Changes
Add common authentication APIs:
POST /api/v1/auth/loginPOST /api/v1/auth/logoutGET /api/v1/auth/me
Add user management APIs under:
Important Notes
Local users are intended only for testing and lightweight development use. They are not recommended for production deployments.
Local-user storage may suffer significant performance degradation when the number of users becomes large.
Technical Details
Local users will be stored through the existing storage component in phase one. The initial local-user model will use configuration-provided default administrator credentials and bcrypt password hashes.
Frontend and backend authentication will use controller-managed sessions. After a successful login, the controller creates an opaque session token and stores the session through the existing storage component so authentication state can be verified across controller instances. Logout invalidates the current session by removing it from storage.
Users are divided into two coarse roles: administrator and regular user. Administrators can manage users. Regular users can only manage resources. Fine-grained resource permissions will be introduced later in the Casbin namespace RBAC PR.
Configuration Changes
Add the following auth-related configuration:
auth.type: disabled by default to preserve backward compatibility.API Changes
Add common authentication APIs:
POST /api/v1/auth/loginPOST /api/v1/auth/logoutGET /api/v1/auth/meAdd user management APIs under:
/api/v1/user/*Important Notes
Local users are intended only for testing and lightweight development use. They are not recommended for production deployments.
Local-user storage may suffer significant performance degradation when the number of users becomes large.