智子

# Sophon Auth

sophon-authvenus 集群统一授权服务。

  • 权限验证
  • Trace 采集
  • RESTful API
  • 管理用户及请求限流信息

# 快速启动

# 下载代码

git clone https://github.com/ipfs-force-community/sophon-auth.git

# 编译

make

# 启动服务

./sophon-auth run

# CLI 操作指南

# 查看帮助

./sophon-auth -h

NAME:
   sophon-auth - A new cli application

USAGE:
   sophon-auth [global options] command [command options] [arguments...]

VERSION:
   1.6.0+git.ad9a046

COMMANDS:
   run      run sophon-auth daemon
   token    token command
   user     user command
   miner    miner command
   signer   signer command
   help, h  Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --config value, -c value  config dir path
   --help, -h                show help (default: false)
   --version, -v             print the version (default: false)

# venus auth 基础操作

# user 相关

uservenus 链服务的对象,通常是接入链服务的某个或多个矿工在链服务中的唯一身份标识。

  1. 增加 user
./sophon-auth user add test-user01

# res
Add user success: dc922b61-65ac-4045-8894-f0356879cf7a, next can add miner for this user
  1. 查询 user
./sophon-auth user get test-user01

# res
name: test-user01
state enabled   // 2: disable, 1: enable
comment: 
createTime: Thu, 08 Sep 2022 02:50:50 UTC
updateTime: Thu, 08 Sep 2022 02:50:50 UTC
  1. 列出 user
./sophon-auth user list

# res
number: 1
name: test-user01
state: enabled
createTime: Thu, 08 Sep 2022 02:50:50 UTC
updateTime: Thu, 08 Sep 2022 02:50:50 UTC

number: 2
name: test-user02
state: enabled
createTime: Thu, 08 Sep 2022 02:51:09 UTC
updateTime: Thu, 08 Sep 2022 02:51:09 UTC
  1. 更新 user
./sophon-auth user update --name=test-user01 --state=2 --comment="this is comment"

# res
update user success
  1. 激活 user
./sophon-auth user active test-user01

# res
active user success
  1. 删除 user
./sophon-auth user delete test-user01

# res
remove user success
  1. 恢复 user
./sophon-auth user recover test-user01

# res
recover user success

# token 相关

tokenuser 的矿工请求链服务接口的通行证,具有权限级别的划分。

  1. user生成token
./sophon-auth token gen --perm admin test-user01

# res
generate token success: ***
  1. 列出 token
./sophon-auth token list

# res
num     name            perm            createTime              token
1       test-user01     admin   2022-09-08 03:42:50     eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoidGVzdC11c2VyMDEiLCJwZXJtIjoiYWRtaW4iLCJleHQiOiIifQ.qdJ5FNxUAa79X3d0z8TPjw0dWCgQRZBUlVxlOL9-da0
2       test-user02     sign    2022-09-08 03:43:57     eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoidGVzdC11c2VyMDIiLCJwZXJtIjoic2lnbiIsImV4dCI6IiJ9.3EQE3h7_EN5WTrSmyIRr2V-0qHOuU7dwr9PN7UI1JT0
  1. 查询 token
./sophon-auth token get --name=test-user01

# res
name:        test-user01
perm:        admin
create time: 2022-09-08 03:42:50.224629248 +0000 UTC
token:       eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoidGVzdC11c2VyMDEiLCJwZXJtIjoiYWRtaW4iLCJleHQiOiIifQ.qdJ5FNxUAa79X3d0z8TPjw0dWCgQRZBUlVxlOL9-da0
  1. 删除 token
./sophon-auth token rm eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoidGVzdG1pbmVyIiwicGVybSI6ImFkbWluIiwiZXh0IjoiIn0.8yNodOcALJ8fy4h-Hh5yLfaR27cD4a8ePd9BkmWlfEo

# res
remove token success: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoidGVzdG1pbmVyIiwicGVybSI6ImFkbWluIiwiZXh0IjoiIn0.8yNodOcALJ8fy4h-Hh5yLfaR27cD4a8ePd9BkmWlfEo
  1. 恢复 token
./sophon-auth token recover eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoidGVzdG1pbmVyIiwicGVybSI6ImFkbWluIiwiZXh0IjoiIn0.8yNodOcALJ8fy4h-Hh5yLfaR27cD4a8ePd9BkmWlfEo

# res
recover token success: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoidGVzdG1pbmVyIiwicGVybSI6ImFkbWluIiwiZXh0IjoiIn0.8yNodOcALJ8fy4h-Hh5yLfaR27cD4a8ePd9BkmWlfEo

# miner 相关

  1. 增加矿工
./sophon-auth user miner add test-user01 f0128788

# res
create user:test-user01 miner:f0128788 success.
  1. 列出用户下的矿工
./sophon-auth user miner list test-user01

# res
user: test-user01, miner count:1
idx  miner     create-time                    
0    f0128788  Thu, 25 Aug 2022 17:20:11 CST
  1. 某用户存在某个矿工
./sophon-auth user miner exist --user=test-user01 f0128788

# res
true
  1. 查询系统中存在某个矿工
./sophon-auth miner has f0128788

# res
true
  1. 删除矿工
./sophon-auth user miner delete f0128788

# res
remove miner:f0128788 success.

# signer 相关

signer 指的是具有签名能力的地址,与user绑定。一个signer可以绑定到多个user,对应多个用户的venus-wallet有同一个钱包,可用于多用户之间互相帮助签名。

signer 的绑定在venus-wallet连接到链服务时自动绑定,也可以由链服务管理员用命令绑定,这里介绍后者的相关命令。

  1. 给用户注册签名地址
./sophon-auth user signer register test-user01 f3wylwd6pclppme4qmbgwled5xpsbgwgqbn2alxa7yahg2gnbfkipsdv6m764xm5coizujmwdmkxeugplmorha

# res
create user:test-user01 signer address:f3wylwd6pclppme4qmbgwled5xpsbgwgqbn2alxa7yahg2gnbfkipsdv6m764xm5coizujmwdmkxeugplmorha success.
  1. 列出注册到用户的签名地址
./sophon-auth user signer list test-user01

# res
user: test-user01, signer count:3
idx  signer                                                                                  create-time                    
0    f15rynkupqyfx5ebvaishg7duutwb5ooq2qpaikua                                               Thu, 08 Sep 2022 05:43:34 UTC  
1    f3r47fkdzfmtex5ic3jnwlzc7bkpbj7s4d6limyt4f57t3cuqq5nuvhvwv2cu2a6iga2s64vjqcxjqiezyjooq  Thu, 08 Sep 2022 05:43:42 UTC  
2    f3wylwd6pclppme4qmbgwled5xpsbgwgqbn2alxa7yahg2gnbfkipsdv6m764xm5coizujmwdmkxeugplmorha  Thu, 08 Sep 2022 05:41:25 UTC
  1. 某用户存在某个签名地址
./sophon-auth user signer exist --user=test-user01 f15rynkupqyfx5ebvaishg7duutwb5ooq2qpaikua

# res
true
  1. 系统中存在某个签名地址
./sophon-auth signer has f15rynkupqyfx5ebvaishg7duutwb5ooq2qpaikua

# res
true
  1. 删除用户的签名地址
./sophon-auth user signer unregister --user=test-user03 f1sgeoaugenqnzftqp7wvwqebcozkxa5y7i56sy2q

# res
unregister signer:f1sgeoaugenqnzftqp7wvwqebcozkxa5y7i56sy2q of test-user03 success.
  1. 删除签名地址

将会删除所有user下注册的地址。

./sophon-auth signer del --really-do-it f3wylwd6pclppme4qmbgwled5xpsbgwgqbn2alxa7yahg2gnbfkipsdv6m764xm5coizujmwdmkxeugplmorha

# res
delete success

# 用户请求限流相关

./sophon-auth user rate-limit -h

# res
NAME:
   sophon-auth user rate-limit - A new cli application

USAGE:
   sophon-auth user rate-limit command [command options] [arguments...]

COMMANDS:
   add      add user request rate limit
   update   update user request rate limit
   get      get user request rate limit
   del      delete user request rate limit
   help, h  Shows a list of commands or help for one command

OPTIONS:
   --help, -h  show help (default: false)
  1. 增加请求限流
# show help
AME:
   sophon-auth user rate-limit add - add user request rate limit

USAGE:
   sophon-auth user rate-limit add [command options] user rate-limit add <name> <limitAmount> <duration(2h, 1h:20m, 2m10s)>

OPTIONS:
   --id value  rate limit id to update
   --help, -h  show help (default: false)

./sophon-auth user rate-limit add testminer2 10 1m

# res
upsert user rate limit success: dee7e326-3b8b-4e38-9de7-1bee9bdffa9d
  1. 更新请求限流
./sophon-auth user rate-limit update testminer2 dee7e326-3b8b-4e38-9de7-1bee9bdffa9d 100 1m

# res
upsert user rate limit success: dee7e326-3b8b-4e38-9de7-1bee9bdffa9d
  1. 查新请求限流
./sophon-auth user rate-limit get testminer2

# res
user:testminer2, limit id:dee7e326-3b8b-4e38-9de7-1bee9bdffa9d, request limit amount:100, duration:0.02(h)
  1. 删除请求限流
./sophon-auth user rate-limit del testminer2 dee7e326-3b8b-4e38-9de7-1bee9bdffa9d

# res
delete rate limit success, dee7e326-3b8b-4e38-9de7-1bee9bdffa9d

sophon-miner