Comments (1)
xyproto
commented on May 23, 2024
Hi @siredwin. It warms my soul that you've used permissions2 for 4+ years.
I would be happy to help out both in making the user management system more robust and/or with details about the database setup. I can't think of any potential security issues with discussing this here, since all the code is also open source and readily reviewable by anyone.
permissions2 uses Redis in the most straightforward way I could think of, which is a hash map of users called "users". The username + ":" + property key name is the hash map key:
https://github.com/xyproto/permissions2/blob/main/userstate.go#L162
To be able to quickly index all the keys, there is also a list of all the usernames:
https://github.com/xyproto/permissions2/blob/main/userstate.go#L165
Then, there is also a list of users that have registered, but are not yet confirmed (by, say, clicking an e-mail link):
https://github.com/xyproto/permissions2/blob/main/userstate.go#L168
In order to store a username together with other properties, like for instance prefersDarkMode=true, the username + ":" + the key for the property are used as the hash map key, and "true" for the value. For example, for the user bob:
- Redis hash map key:
bob:prefersDarkMode - Redis hash map value:
true
The layer between Redis and permissions2 is the simpleredis package. That is where the : between the two keys comes from. Here is the implementation of the HashMap, which uses the HSET command in Redis:
https://github.com/xyproto/simpleredis/blob/main/simpleredis.go#L447
Given a username, like bob as the "elementid" parameter, this function can be used for listing all the property keys:
https://github.com/xyproto/simpleredis/blob/main/simpleredis.go#L508
Redis is more robust than people generally first have the impression of, though, and has settings for persisting data to disk. It's not only a database for storing data in memory. I would be very interested in hearing about which types of robustness gains you are envisioning.
from permissions2.
Related Issues (19)
- Redis password HOT 4
- Please add support for mongodb HOT 1
- Passing userstate to different file handler HOT 1
- Use casbin as the permission backend HOT 2
- Great package ! Any word on JWT or Amazon S3 support? HOT 6
- Change "username" to "useridentity" or "userid" HOT 5
- What is the right way to set deny function? HOT 6
- Encrypted connection to Redis HOT 1
- Mysql support HOT 6
- Disable Users? HOT 1
- Is this project alive or abandoned? HOT 1
- Handling the errors from redis HOT 1
- Support for fasthttp HOT 2
- Example for http? HOT 1
- err in windows HOT 2
- memory persistent or golang key/val alternative to redis? HOT 1
- How to change existing user's password ? HOT 3
- Make cookie secret public variable HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from permissions2.