Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Casdoor remaining issues #878

Closed
nighca opened this issue Sep 9, 2024 · 5 comments · Fixed by #932
Closed

Casdoor remaining issues #878

nighca opened this issue Sep 9, 2024 · 5 comments · Fixed by #932
Assignees
@ComfyFluffy

Comments

@nighca
Copy link
Collaborator

nighca commented Sep 9, 2024
edited
Loading

1. Performance improvement

Consider use CDN (or Vercel deployment) for static assets (and pages), like https://acc.goplus.org/static/js/main.4b169dc0.js

Image

2. User ID

Image

Related document: https://casdoor.org/docs/user/overview#user-properties

3. Use non-built-in organization for goplus users

For now organization built-in is used for env production. It is better to create a new organization for goplus users.

4. Simplify integration (low priority)

Use standard oauth SDK instead of casdoor js sdk
@nighca nighca changed the title Performance issue of acc.goplus.org Casdoor remaining issues Sep 19, 2024
@nighca nighca mentioned this issue Sep 19, 2024
Closed
@hsluoyz
Copy link

hsluoyz commented Sep 19, 2024

@nighca

  1. See Casdoor CDN deployment docs: https://casdoor.org/docs/deployment/deploy-cdn
  2. Casdoor indeed uses org name + user name, but user ID is also usable. There should be no duplications
  3. Create new org

@nighca
Copy link
Collaborator Author

nighca commented Sep 19, 2024

2. Casdoor indeed uses org name + user name, but user ID is also usable. There should be no duplications

@hsluoyz Thanks for reply.

I wonder why "there should be no duplications for user ID". We found that when authorized with 3rd party oauth provider, e.g., Github, Casdoor use ID from the provider directly as user ID. When there are more than one oauth provider enabled in one organization, there's a risk of ID duplication across different providers.

@hsluoyz
Copy link

hsluoyz commented Sep 19, 2024

@nighca that's more of a feature. E.g., you have a github account named linus, then have a facebook account named linus too. They can be the same user. While, this may not be always true. But When it's not true, the ID is usually more complicated, which is hard to duplicated. Anyway, it's just not an "realistic and obvious bug" in common sense.

@nighca
Copy link
Collaborator Author

nighca commented Sep 19, 2024

E.g., you have a github account named linus, then have a facebook account named linus too. They can be the same user.

@hsluoyz IDs from third-party providers are often nonsensical strings or auto-incrementing numbers. For instance, my GitHub authorization ID is 1492263, not nighca. Others may also own a Facebook account with the same ID.

I am concerned about the small risk of ID duplication because we do need a reliable and unique identifier for users in our application.

According to the casdoor docs:

Id: Unique identifier for each user

This is misleading. If we rely on the Id from Casdoor as the unique user identifier, it could lead to data leaks.

@ComfyFluffy ComfyFluffy linked a pull request Sep 24, 2024 that will close this issue
consume language from login page #932
Merged
@nighca nighca reopened this Sep 25, 2024
@nighca
Copy link
Collaborator Author

nighca commented Sep 25, 2024

Deployment in #933

@nighca nighca mentioned this issue Sep 25, 2024
Closed
12 tasks
@nighca nighca closed this as completed Sep 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ComfyFluffy ComfyFluffy

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

consume language from login page ComfyFluffy/builder
3 participants
@nighca @hsluoyz @ComfyFluffy