I think we should use lint tools like ESLint and format tools like Prettier and Editorconfig to ensure project code style consistency.

Everywhere in the project, hrefs are given which reloads the website every time someone navigates. It needs to be corrected and instead, Links from react-router-dom should be used.
I am willing to work on the same and few other aspects of the project Casdoor

Currently, https://door.casbin.com/users will show all users for all orgs.

We want to add "Users” button at: https://door.casbin.com/organizations , so clicking the button will enter: https://door.casbin.com/organizations/built-in/users and it will show users for built-in org. You can re-use the React component for https://door.casbin.com/users

Similar to: #28

Unable to display properly in the Safari browser.
os:Mac 11.4 (20F71),Ios 14.6.
safari version:14.1.1 (16611.2.7.1.4)
ua: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.1 Safari/605.1.15

In the "My Account" page: https://door.casbin.com/account , we can view what 3rd-party login (like GitHub or Google) username we have linked to, but it's hard-coded in DB. We should provide a UI way to let user link or unlink any 3rd-party login account:

In the Admin Portal page, it mentions: "We provide a web-based portal called Casdoor for model management and policy management:"_ but after installing and running casdoor I cannot find any option to access a policy editor, nor do I need any source code related to that topic in the repository.
How/where we edit and manage policies?

See: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en_US&gl=US

When user logs into an application, after password passes, he also needs to input the dynamic code in Authenticator apps like Google Authenticator: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en_US&gl=US

The existing work include:

• #163
• #415
• #562
• #852

We need someone to conclude it.

I have a covid-19 project which shows virus propagation chain, so I came up with a small idea of serializing role links which can be useful for analyzing.

basically the serialized json should be similar to the following to be used by frontend libraires such as d3.js

{
  name: "alice",
  children: [
    {
       name: "bob",
       children: [
         {
            name: "eve".
            children: []
         }
       ]
    }
  ]
}

Casdoor acts like both a OAuth client and OAuth server:

1. For the Casdoor user applications (e.g., a forum or a blog system that uses Casdoor to manager login and permissions), Casdoor will behave as the OAuth service providers.
2. For real 3rd-party identity providers like Gmail, Google, WeChat, Casdoor will act as an OAuth client.

We need to choose which lib in Golang for both OAuth client and server-side.

For example, you go to: https://door.casbin.com/login and try to use GitHub OAuth login, you will see:

If the application allows to sign up, we should directly redirect the page to a sign up page, this is more friendly.

We will use: https://github.com/dchest/captcha like how we did in Casnode

See: https://door.casbin.com/login

It's empty for now: https://door.casbin.com/forget

1. First we need the user to input his Email or phone number, if correct, then show captcha. If correct, then send verification code to Email or phone. Then let user input new password for two times.
2. The forget page will be different for different applications. https://door.casbin.com/forget is for the built-in casdoor app.

Seems don't support postgresql ? Just want to confirm that.

Technology selection is an important part of the project, and in order to reach an agreement with all developers, I created a list for discussion.

Frontend

Language

TypeScript - Provides strict code checking to make our application more stable.

User interfaces

React - A JavaScript library for building user interfaces.
Ant Design - A UI Design Language and React UI library.
React-Router - Declarative routing for React.

HTTP client

axios - Provides easy API and rich features.

Easy API

GET

axios.get("/things").then((res) => console.log(res.data))

POST

const data = {id: 1}
axios.post("/things", data).then(res => console.log(res.data))

Features - HTTP interceptors

axios.interceptors.request.use(config => {
  // log a message before any HTTP request is sent
  console.log('Request was sent');

  return config;
});

// sent a GET request
axios.get('/things')
  .then(response => {
    console.log(response.data);
  });

axios or fetch: Which should you use? https://blog.logrocket.com/axios-or-fetch-api/

Backend

Language

Go 1.15

Web framework

I recommend using Gin or chi more than Beego.

Beego is very powerful, but I prefer Gin or chi.

The API provided by Gin and chi looks very clear. It's also great in terms of performance.

chi is library, it's really cool and fast :)

Database

PostgreSQL

We should record all user behaviors (including normal user login, logout and admin user using the Casdoor portal) into the audit logs. We should provider an interface design, so people can choose logging into file, DBs or Elasticsearch, etc. Each logger will provide a logging destination.

See: #37

We once developed two similar systems: Casbin-Dashboard and Casbin-Cloud, but both projects failed finally. You can just grap some inspirations from them:

Casbin-Dashboard

1. Source code: https://github.com/casbin/casbin-dashboard
2. Online demo: https://dashboard.casbin.org/

Casbin-Cloud

1. Source code: https://github.com/casbin/openstack-policy-editor
2. Online demo: https://cloud.casbin.org/

However, don't copy them, because they have failed and I don't think their designs are good. Just use them as reference and starting point to understand this area.

If i have an application which organizition is A . I can delete A directly. After do this, when I edit the application , it will error.

For example, an app wants to integrate into Casdoor. We should provide a SDK for the app.

You can refer to the code in Casbin-forum: https://github.com/casbin/casbin-forum

OS：windows 7
node.js：v13.14.0
npm：6.14.4

D:\proj\casdoor\web>npm install
npm WARN deprecated [email protected]: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated [email protected]: babel-eslint is now @babel/eslint-parser. This package will
 no longer receive updates.
npm WARN deprecated [email protected]: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated [email protected]: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 1
5x less dependencies.
npm WARN deprecated @types/[email protected]: This is a stub types definition. testing-libr
ary__dom provides its own type definitions, so you do not need this installed.
npm WARN deprecated [email protected]: fsevents 1 will break on node v14+ and could be using insecure
binaries. Upgrade to fsevents 2.
npm WARN deprecated @hapi/[email protected]: Switch to 'npm install joi'
npm WARN deprecated [email protected]: This package has been deprecated and is no longer mai
ntained. Please use @rollup/plugin-babel.
npm WARN deprecated @hapi/[email protected]: Moved to 'npm install @sideway/address'
npm WARN deprecated @hapi/[email protected]: This version has been deprecated and is no longer supported
or maintained
npm WARN deprecated @hapi/[email protected]: This version has been deprecated and is no longer supported or
 maintained
npm WARN deprecated @hapi/[email protected]: This version has been deprecated and is no longer supported or
 maintained
npm WARN deprecated [email protected]: core-js@<3.3 is no longer maintained and not recommended for usa
ge due to the number of issues. Because of the V8 engine whims, feature detection in old core-js ver
sions could cause a slowdown up to 100x even if nothing is polyfilled. Please, upgrade your dependen
cies to the actual version of core-js.
npm ERR! cb() never called!

npm ERR! This is an error with npm itself. Please report this error at:
npm ERR!     <https://npm.community>

npm ERR! A complete log of this run can be found in:
npm ERR!     D:\nodejs\node_cache\_logs\2021-06-20T02_01_53_661Z-debug.log

2021-06-20T02_01_53_661Z-debug.log

35497 http fetch GET 200 https://cdn.npm.taobao.org/axe-core/-/axe-core-4.2.2.tgz 99525ms
35498 silly extract axe-core@^4.0.2 extracted to D:\proj\casdoor\web\node_modules\.staging\axe-core-17c23a5f (112012ms)
35499 silly extract core-js@^2.4.0 extracted to D:\proj\casdoor\web\node_modules\.staging\core-js-6a4d047d (125777ms)
35500 silly extract core-js-pure@^3.14.0 extracted to D:\proj\casdoor\web\node_modules\.staging\core-js-pure-bfb8da57 (137299ms)
35501 silly extract core-js@^3.6.5 extracted to D:\proj\casdoor\web\node_modules\.staging\core-js-305ffa3a (137036ms)
35502 silly extract @ant-design/icons-svg@^4.0.0 extracted to D:\proj\casdoor\web\node_modules\.staging\@ant-design\icons-svg-0cfbf6e2 (470850ms)
35503 silly extract @ant-design/icons@^4.6.2 extracted to D:\proj\casdoor\web\node_modules\.staging\@ant-design\icons-0de0d813 (302937ms)
35504 silly extract date-fns@^2.15.0 extracted to D:\proj\casdoor\web\node_modules\.staging\date-fns-51c0fbb4 (182906ms)
35505 timing npm Completed in 518709ms
35506 error cb() never called!
35507 error This is an error with npm itself. Please report this error at:
35508 error <https://npm.community>

@hsluoyz If we could use HttpRouters in this project, owing to the fact that HttpRouter outperforms Beego in terms of performance and memory usage.
I would give just a minor performance boost but I think it's worth it as the project grows.

benchmark of different go-routers

See: https://forum.casbin.com/t/91

In future, Casbin-forum will use Casdoor as authentication and user management, so I think we will manage the user avatar in the scope of Casdoor.

For where to store the uploaded avatar image, we can use this: https://github.com/qor/oss to provide support for multiple OSS providers.

We use a raw Antd-looking UI for portal. But we need to improve the UI if it's for production use.

Hi @deeztek, Casdoor supports customized forget password URL, see: https://door.casbin.com/applications/app-built-in . We are also happy to add more functionalities if you have requirement :)

Like our other providers: https://github.com/casbin/casdoor/pulls?q=is%3Apr+is%3Aclosed+provider

The current folder structure is highly disorganized and hard to navigate. Many components can be modularized which will in turn reduce the amount of code drastically.
I am proposing following folder structure
--| src
--|--| assets
--|--|--| logo.png
--|--| components
--|--|--| CustomGithubCorner.js
--|--|--| Footer.js
--|--|--| Navbar.js
--|--|--| SelectLanguageBox.js
--|--|--| AuthProvider.js
--|--|--| Face.js
--|--|--| Utils.js
--|--| pages
--|--|--| AccountPage.js
--|--|--| ApplicationEditPage.js
--|--|--| ApplicationListPage.js
--|--|--| HomePage.js
--|--|--| LoginPage.js
--|--|--| OrganizationEditPage.js
--|--|--| OrganizationListPage.js
--|--|--| ProviderEditPage.js
--|--|--| ProviderListPage.js
--|--|--| TokenEditPage.js
--|--|--| TokenListPage.js
--|--|--| UserEditPage.js
--|--|--| UserListPage.js
--|--| config
--|--|--| Conf
--|--| locale
--|--|--| en.json
--|--|--| zh.json
--|--| backend
--|--|--| Auth.js
--|--|--| AuthBackend.js
--|--|--| AuthCallback.js
--|--|--| ApplicationBackend.js
--|--|--| OrganizationBackend.js
--|--|--| ProviderBackend.js
--|--|--| TokenBackend.js
--|--|--| UserBackend.js

Allow me to work on it... will be done in 2 days.

See what's 2FA/MFA: https://en.wikipedia.org/wiki/Multi-factor_authentication

We will add a boolean switch at: https://door.casbin.com/applications/app-built-in

When the application enables 2FA, when a user tries to login the application with password, we should do an additional check, either via Email or phone verification code.

We have a closed PR here: #148 , which can be used as a reference.

@hsluoyz This is the error I faced

On using go get github.com/casdoor/casdoor I got this.

Seems like the package is not registered.

We need to implement a Wechat provider like: https://github.com/casbin/casdoor/tree/master/idp

The Wechat code can be copied from our forum: https://github.com/casbin/casnode/search?q=wechat

I called "api/register" with following json object
{ "owner" : "builtin", "username" : "sourabh", "password" : "123", "name" : "sourabh mandal", "email" : "[email protected]", "phone" : "999" }
But I got the following error

The GetOwnerAndNameFromId() expect a username : "sourabh/organization

The route works fine when I pass following payload
{ "owner" : "builtin", "username" : "sourabh/organisation", "password" : "123", "name" : "sourabh mandal", "email" : "[email protected]", "phone" : "999" }

Please tell me if its an error in CODE or the JSON PAYLOAD

See: https://open.weibo.com/wiki/Oauth2/authorize

A previous PR as reference: #79

We use Beego as the backend web framework. Beego has a good integration for automated API docs like Swagger: https://beego.me/docs/advantage/docs.md

We need to integrate it and show a "Swagger" button in the top NavBar, the user can click into the API docs page and know what API we have provided in: https://github.com/casbin/casdoor/blob/master/routers/router.go , so they can directly call Casdoor via API instead of the frontend.

The finished Swagger UI would be something like: https://petstore.swagger.io/ , but it will be hosted directly in our Go backend (like: https://door.casbin.com/swagger).

Maybe we also need to add comments to our public API functions, so the API docs can be generated.

Should we tell our users in the paragraph Installation to proxy the URL https://(hostname)/api/ to http://localhost:8000 in their servers?

Currently, Casdoor uses a home-made logging-in mechanism: https://github.com/casbin/casdoor/blob/master/controllers/account.go

It's not standard and it's unsafe, the password is transmitted over the network.

Finally, we will move to OAuth 2.0 + OIDC. It means that applications like Casbin OA (both JS client and Go backend) will talk to Casdoor via the OAuth 2.0 + OIDC protocols.

We can use: https://github.com/go-oauth2/oauth2 to implement our OAuth 2.0 + OIDC server-side.

The existing code:

• Casdoor JS client SDK: https://github.com/casbin/casbin-oa/tree/master/web/src/auth (currently for agile development, we put the code inside Casbin-OA, so we don't need to publish to NPM then import it in dependency file. In future, when the API is stablized, we will separate the Casdoor JS client code into a new repo and release to NPM)
• Casdoor Go SDK: not available yet, because currently Casbin-OA doesn't involve any server-side code to talk to Casdoor, only client does. This is NOT correct. So we will formulate a Go SDK in the Casbin-OA Go code.

Some reference about this topic: #10

Current it doesn't work:

We may:

1. If it is not ticked, we only save the session for 1 day at server-side.
2. If it is ticked, the same as now.

See: https://developers.dingtalk.com/document/app/dingtalk-account-login-isvapp

A previous PR as reference: #79

Casdoor should be able to connect to a LDAP server to fetch the users. We need a Go LDAP client SDK like this one: https://github.com/go-ldap/ldap

while running this project in localhost I got this error which is due to func GetOwnerAndNameFromId() from util/string.go

My API call is as follows :
POST http://localhost:8000/api/register
req.body =>
{ "username" : "sourabh", "password" : "pass1" }

Here I haven't passed anything other than username and password in JSON payload

Making changes in func GetOwnerAndNameFromId() resolved this issue

The README says it would start at 7001, and package.json does use "start": "set PORT=7001 && craco start", but after start via npm or yarn, it starts at 3000.

Just search "code" in: https://github.com/casbin/casdoor/blob/master/web/src/locales/en.json

You will find 3 different versions under "signup", "user", "forget". We don't need these duplicates. Please merge them all into one section.

When start via yarn run start, the page is empty.

But start with npm run start, it's ok.

And, after start via npm once, then start via yarn, the issue is gone.

Not sure what happened.

yarn version -> 1.22.10,
npm version -> 6.14.11,
node version -> v12.22.0,

Chrome version -> Version 88.0.4324.182 (Official Build) (64-bit) on Linux (mint mate 20, based on ubuntu).

Refer to: https://github.com/casbin/casdoor/issues?q=is%3Aissue+is%3Aclosed+provider

Currently all UI is English, we can enable i18n to support more languages like Chinese.

See how we did it for Casbin-Forum: casibase/casibase#21

We should add tooltip for each field, when a user hovers on it, it will show the description for that field. Like:

I have made an example: 234a9b9

It will show in your localhost instance at: http://localhost:7001/applications/app-built-in