Casdoor 是一个基于 OAuth 2.0 / OIDC 的中心化的单点登录(SSO)身份验证平台,简略来说,就是 Casdoor 能够帮你解决用户治理的难题,你无需开发用户登录、注册等与用户鉴权相干的一系列性能,只需几个步骤进行简略配置,与你的主利用配合,便可齐全托管你的用户模块,简略省心,功能强大。

  • 官网: https://casdoor.org/
  • 代码: https://github.com/casdoor/casdoor

官网有 demo 体验,及文档。本文是按照文档「服务器装置」「应用 Docker 运行」于 Ubuntu 22 上的实际记录。

装置环境

  • Go 1.17+
  • Node.js LTS (16或14)
  • Yarn 1.x

装置 Go

# 下载,根据零碎抉择 Linux x86-64 的公布包curl -O -L https://go.dev/dl/go1.20.4.linux-amd64.tar.gz# 解压tar -xzvf go1.20.4.linux-amd64.tar.gz# 重命名,带上版本号mv go go1.20.4.linux-amd64# 软链,便于配置或切版本sudo ln -sfT `pwd`/go1.20.4.linux-amd64 /usr/local/go# 配置,GOPATH 用本人的工作目录cat <<-EOF >> ~/.bashrc# goexport GOROOT=/usr/local/goexport GOPATH=\$HOME/Codes/Goexport PATH=\$GOROOT/bin:\$GOPATH/bin:\$PATHEOF# 查看go versiongo env

装置 Node.js

# 下载,选了以后最新的 LTS 版本,可用curl -O -L https://nodejs.org/dist/v18.16.0/node-v18.16.0-linux-x64.tar.xz# 解压tar -xvf node-v18.16.0-linux-x64.tar.xz# 软链,便于配置或切版本sudo ln -sfT `pwd`/node-v18.16.0-linux-x64 /usr/local/node# 配置,GOPATH 用本人的工作目录cat <<-EOF >> ~/.bashrc# nodeexport NODE_HOME=/usr/local/nodeexport PATH=\$NODE_HOME/bin:\$PATHEOF# 查看node -vnpm -v

装置 Yarn

npm install yarn -g# 查看yarn -v

装置 MySQL

sudo apt update -y# 装置sudo apt install mysql-server -y# 查看systemctl status mysql.service# 或启动systemctl start mysql.service

配置 MySQL:

1 批改 root 用户的明码,

sudo mysqlALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'YourPassword';exit

不然,执行 mysql_secure_installation 会遇到如下谬误:

 ... Failed! Error: SET PASSWORD has no significance for user 'root'@'localhost' as the authentication method used doesn't store authentication data in the MySQL server. Please consider using ALTER USER instead if you want to change authentication parameters.

2 执行配置脚本 mysql_secure_installation 把不平安的性能都给关了,

$ sudo mysql_secure_installationSecuring the MySQL server deployment.Enter password for user root:The 'validate_password' component is installed on the server.The subsequent steps will run with the existing configurationof the component.Using existing password for root.Estimated strength of the password: 100Change the password for root ? ((Press y|Y for Yes, any other key for No) : n ... skipping.By default, a MySQL installation has an anonymous user,allowing anyone to log into MySQL without having to havea user account created for them. This is intended only fortesting, and to make the installation go a bit smoother.You should remove them before moving into a productionenvironment.Remove anonymous users? (Press y|Y for Yes, any other key for No) : ySuccess.Normally, root should only be allowed to connect from'localhost'. This ensures that someone cannot guess atthe root password from the network.Disallow root login remotely? (Press y|Y for Yes, any other key for No) : ySuccess.By default, MySQL comes with a database named 'test' thatanyone can access. This is also intended only for testing,and should be removed before moving into a productionenvironment.Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y - Dropping test database...Success. - Removing privileges on test database...Success.Reloading the privilege tables will ensure that all changesmade so far will take effect immediately.Reload privilege tables now? (Press y|Y for Yes, any other key for No) : ySuccess.All done!

3 复原 sudo mysql 登录,

用客户端的话,跳过这一步。
# 明码登录mysql -u root -p# 复原 sudo mysql 登录ALTER USER 'root'@'localhost' IDENTIFIED WITH auth_socket;# 退出exit

装置 MySQL 客户端:

# 例如,用 MySQL Workbenchsudo snap install mysql-workbench-community# 或者,用 phpMyAdmin 等

抉择 Local 实例,用明码登录,

创立一个名为 casdoor 的数据库,

另外,可创立一个名为 casdoor 的新用户,专门治理该数据库。

获取源码

进工作目录,获取 Casdoor 源码,

# 获取源码git clone --depth 1 https://github.com/casdoor/casdoor.git

配置

配置位于 casdoor/conf/app.conf

appname = casdoorhttpport = 8000runmode = devcopyrequestbody = truedriverName = mysqldataSourceName = root:123456@tcp(localhost:3306)/dbName = casdoortableNamePrefix =showSql = falseredisEndpoint =defaultStorageProvider =isCloudIntranet = falseauthState = "casdoor"socks5Proxy = "127.0.0.1:10808"verificationCodeTimeout = 10initScore = 2000logPostOnly = trueorigin =staticBaseUrl = "https://cdn.casbin.org"isDemoMode = falsebatchSize = 100ldapServerPort = 389languages = en,zh,es,fr,de,id,ja,ko,ru,viquota = {"organization": -1, "user": -1, "application": -1, "provider": -1}

目前先只配置数据库字段 driverName dataSourceName dbName。更多字段阐明,见官网文档「服务器装置 / 通过-ini-文件配置」。

运行

开发模式

运行后端:

cd casdoor/go run main.go

如果产生谬误 checksum mismatch,可执行:

go clean -modcacherm go.sumgo mod tidy# 还不行,切个代理,再试一次#  可能代理缓存不统一;可写进 ~/.bashrcexport GOPROXY="https://goproxy.cn,direct"

运行前端:

cd casdoor/webyarn installyarn start

拜访 http://localhost:7001/,用户 admin 明码 123 登录,

生产模式

运行后端:

cd casdoor/go build./casdoor

运行前端:

cd casdoor/webyarn installyarn build

容器运行

Docker 筹备

Install Docker Desktop on Ubuntu,

$ docker -vDocker version 23.0.6, build ef23cbc$ docker compose versionDocker Compose version v2.17.3

Docker 运行

Casdoor 能够应用 docker-compose 运行,它带有独立的数据库,

cd casdoor/docker compose up

能够如下批改,用本地已有的数据库,

  • 编辑 docker-compose.yml

    • 删掉 services/casdoor 下,

      • entrypoint 里的 --createDatabase=true 参数
      • depends_on 里的 db 依赖
    • 删掉 services/db 的所有配置
version: '3.1'services:  casdoor:    restart: always    build:      context: ./      dockerfile: Dockerfile      target: STANDARD    entrypoint: /bin/sh -c './server'    ports:      - "8000:8000"    volumes:      - ./conf:/conf/

  • 编辑 Dockerfile 删掉 ENTRYPOINT ["/server"] 之后的 db 内容

    • 遇到 go build 提醒版本问题,可批改 FROM golang:1.17.5 AS BACK 升下版本,如 1.20.4

    • 遇到 go test 不过,

      • 若下载问题,可命令前加 export GOPROXY="https://goproxy.cn,direct" && 用代理
      • TestGetVersionInfo Fail,可 git pull --unshallow 拉取更多 commits 即可
    • 遇到 apk 装置问题,能够注掉 RUN sed -i 's/https/http/' /etc/apk/repositories
    • 遇到 yarn fresh packages 永不终止,能够注掉 yarn config set registry https://registry.npmmirror.com

此外,再写个独立的 docker-secret.yaml 来放 services/casdoor 的数据库配置:

version: '3.1'services:  casdoor:    environment:      driverName: "mysql"      dataSourceName: "casdoor:password@tcp(host.docker.internal:3306)/"      dbName: "casdoor"

最初,

# 运行服务$ docker compose -f docker-compose.yml -f docker-secret.yml up[+] Running 2/0 ✔ Network casdoor_default      Created                                                                                                 0.0s ✔ Container casdoor-casdoor-1  Created                                                                                                 0.0sAttaching to casdoor-casdoor-1casdoor-casdoor-1  | 2023/05/14 06:00:00 Listening on 0.0.0.0:389casdoor-casdoor-1  | 2023/05/14 06:00:00.000 [I]  http server Running on http://:8000

拜访 http://localhost:8000/,用户 admin 明码 123 登录。

结语

Casdoor 这里抉择源码形式装置,是思考做定制化批改;应用容器编译和运行,是思考公布和部署。

至于 Casdoor 性能如何、怎么应用,要浏览官网文档多做理解,同时也在运行环境里理论玩上一玩。

GoCoding 集体实际的教训分享,可关注公众号!