dp-permission-common 提供常用的 permission、rule 和 policy 的 SDK。
如何使用
开启 Backend-to-backend 鉴权
backstage 提供了一个中心化的鉴权框架,如果要使用鉴权,首先需要开启 Backend-to-backend 鉴权。
配置认证密钥。
//app-config.yaml
# commonly in your app-config.production.yaml
backend:
auth:
keys:
+ - secret: <the string returned by the above crypto command>
# - secret: ${BACKEND_SECRET} - if you want to use an env variable instead
permission:
+ enabled: true配置 tokenManager 使用该密钥。
//packages/backend/src/index.ts
-const tokenManager = ServerTokenManager.noop();
+const tokenManager = ServerTokenManager.fromConfig(config, { logger: root });更多信息可参考官方文档。
配置 App
安装 @alauda/plugin-dp-permission-common
yarn add --cwd packages/backend @alauda/plugin-dp-permission-common从 @alauda/plugin-dp-permission-common 包中导出 Policy 并实例化 permission router。
// packages/backend/src/plugins/permission.ts
import { createRouter } from '@backstage/plugin-permission-backend';
import { Router } from 'express';
import { PluginEnvironment } from '../types';
import { OwnerManagePermissionPolicy } from '@alauda/plugin-dp-permission-common';
export default async function createPlugin(
env: PluginEnvironment,
): Promise<Router> {
return await createRouter({
config: env.config,
logger: env.logger,
discovery: env.discovery,
policy: new OwnerManagePermissionPolicy(),
identity: env.identity,
});
}注册 permission router 到后端路由。
// packages/backend/src/index.ts
import sonarqube from './plugins/sonarqube';
+import permission from './plugins/permission';
async function main() {
const config = await loadBackendConfig({
argv: process.argv,
logger: getRootLogger(),
});
const createEnv = makeCreateEnv(config);
const sonarqubeEnv = useHotMemoize(module, () => createEnv('sonarqube'));
+ const permissionEnv = useHotMemoize(module, () => createEnv('permission'));
const apiRouter = Router();
+ apiRouter.use('/permission', await permission(permissionEnv));
}