fix: 生产安全修复 + Go SDK + CAS SSO框架
安全修复: - CRITICAL: SSO重定向URL注入漏洞 - 修复redirect_uri白名单验证 - HIGH: SSO ClientSecret未验证 - 使用crypto/subtle.ConstantTimeCompare验证 - HIGH: 邮件验证码熵值过低(3字节) - 提升到6字节(48位熵) - HIGH: 短信验证码熵值过低(4字节) - 提升到6字节 - HIGH: Goroutine使用已取消上下文 - auth_email.go使用独立context+超时 - HIGH: SQL LIKE查询注入风险 - permission/role仓库使用escapeLikePattern 新功能: - Go SDK: sdk/go/user-management/ 完整SDK实现 - CAS SSO框架: internal/auth/cas.go CAS协议支持 其他: - L1Cache实例问题修复 - AuthMiddleware共享l1Cache - 设备指纹XSS防护 - 内存存储替代localStorage - 响应格式协议中间件 - 导出无界查询修复
This commit is contained in:
135
sdk/go/user-management/example_test.go
Normal file
135
sdk/go/user-management/example_test.go
Normal file
@@ -0,0 +1,135 @@
|
||||
package userManagement
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"log"
|
||||
)
|
||||
|
||||
// Example_basic_usage 基础使用示例
|
||||
func Example_basic_usage() {
|
||||
// 创建客户端
|
||||
client := NewClient("https://api.example.com")
|
||||
|
||||
// 登录
|
||||
loginResp, err := client.Login(context.Background(), &LoginRequest{
|
||||
Username: "admin",
|
||||
Password: "password123",
|
||||
DeviceName: "Go SDK Test",
|
||||
})
|
||||
if err != nil {
|
||||
log.Fatalf("Login failed: %v", err)
|
||||
}
|
||||
|
||||
fmt.Printf("Logged in as %s, token: %s...\n", loginResp.User.Username, loginResp.AccessToken[:20])
|
||||
}
|
||||
|
||||
// Example_user_management 用户管理示例
|
||||
func Example_user_management() {
|
||||
client := NewClient("https://api.example.com", WithAPIToken("your-api-token"))
|
||||
|
||||
// 获取当前用户
|
||||
user, err := client.GetCurrentUser(context.Background())
|
||||
if err != nil {
|
||||
log.Fatalf("GetCurrentUser failed: %v", err)
|
||||
}
|
||||
fmt.Printf("Current user: %s (%s)\n", user.Username, user.Email)
|
||||
|
||||
// 创建新用户
|
||||
newUser, err := client.CreateUser(context.Background(), &CreateUserRequest{
|
||||
Username: "newuser",
|
||||
Email: "newuser@example.com",
|
||||
Password: "SecurePass123!",
|
||||
Status: UserStatusActive,
|
||||
})
|
||||
if err != nil {
|
||||
log.Fatalf("CreateUser failed: %v", err)
|
||||
}
|
||||
fmt.Printf("Created user: %s (ID: %d)\n", newUser.Username, newUser.ID)
|
||||
|
||||
// 更新用户
|
||||
updatedUser, err := client.UpdateUser(context.Background(), newUser.ID, &UpdateUserRequest{
|
||||
Nickname: "New Nickname",
|
||||
})
|
||||
if err != nil {
|
||||
log.Fatalf("UpdateUser failed: %v", err)
|
||||
}
|
||||
fmt.Printf("Updated nickname: %s\n", updatedUser.Nickname)
|
||||
|
||||
// 删除用户
|
||||
if err := client.DeleteUser(context.Background(), newUser.ID); err != nil {
|
||||
log.Fatalf("DeleteUser failed: %v", err)
|
||||
}
|
||||
fmt.Printf("User %d deleted\n", newUser.ID)
|
||||
}
|
||||
|
||||
// Example_device_management 设备管理示例
|
||||
func Example_device_management() {
|
||||
client := NewClient("https://api.example.com", WithAccessToken("access-token"))
|
||||
|
||||
// 获取我的设备
|
||||
devices, err := client.GetMyDevices(context.Background())
|
||||
if err != nil {
|
||||
log.Fatalf("GetMyDevices failed: %v", err)
|
||||
}
|
||||
|
||||
fmt.Printf("My devices (%d):\n", len(devices))
|
||||
for _, d := range devices {
|
||||
trustStatus := "untrusted"
|
||||
if d.IsTrusted {
|
||||
trustStatus = "trusted"
|
||||
}
|
||||
fmt.Printf(" - %s (%s) [%s]\n", d.DeviceName, d.DeviceType, trustStatus)
|
||||
}
|
||||
|
||||
// 获取信任设备
|
||||
trusted, err := client.GetTrustedDevices(context.Background())
|
||||
if err != nil {
|
||||
log.Fatalf("GetTrustedDevices failed: %v", err)
|
||||
}
|
||||
fmt.Printf("Trusted devices: %d\n", len(trusted))
|
||||
}
|
||||
|
||||
// Example_role_management 角色管理示例
|
||||
func Example_role_management() {
|
||||
client := NewClient("https://api.example.com", WithAccessToken("access-token"))
|
||||
|
||||
// 获取角色列表
|
||||
roles, err := client.ListRoles(context.Background(), &ListRolesParams{
|
||||
Page: 1,
|
||||
PageSize: 20,
|
||||
})
|
||||
if err != nil {
|
||||
log.Fatalf("ListRoles failed: %v", err)
|
||||
}
|
||||
fmt.Printf("Total roles: %d\n", roles.Total)
|
||||
|
||||
// 获取权限树
|
||||
permissions, err := client.ListPermissions(context.Background())
|
||||
if err != nil {
|
||||
log.Fatalf("ListPermissions failed: %v", err)
|
||||
}
|
||||
fmt.Printf("Total permissions: %d\n", len(permissions))
|
||||
}
|
||||
|
||||
// Example_totp TOTP 两因素认证示例
|
||||
func Example_totp() {
|
||||
client := NewClient("https://api.example.com", WithAccessToken("access-token"))
|
||||
|
||||
// 启用 TOTP
|
||||
setup, err := client.EnableTOTP(context.Background())
|
||||
if err != nil {
|
||||
log.Fatalf("EnableTOTP failed: %v", err)
|
||||
}
|
||||
fmt.Printf("TOTP Secret: %s\n", setup.Secret)
|
||||
fmt.Printf("QR Code URL: %s\n", setup.QRCodeURL)
|
||||
fmt.Printf("Recovery Codes: %v\n", setup.RecoveryCodes)
|
||||
|
||||
// 用户手动验证 TOTP 后才能正式启用
|
||||
// 这里用示例 code 验证
|
||||
if err := client.VerifyTOTP(context.Background(), "123456"); err != nil {
|
||||
fmt.Printf("TOTP verification: %v\n", err)
|
||||
} else {
|
||||
fmt.Println("TOTP verified successfully")
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user