Casdoor is a UI-first centralized authentication / Single-Sign-On (SSO) platform based on OAuth 2.0 / OIDC.
Casdoor is the authentication server. It serves both the web UI and the login requests from the application users.
- Deployed site: https://door.casbin.com/
- Source code: https://github.com/casbin/casdoor (this repo)
Global admin login:
- Username:
admin - Password:
123
Casbin-OA is one of our applications that use Casdoor as authentication.
- Deployed site: https://oa.casbin.com/
- Source code: https://github.com/casbin/casbin-oa
Casdoor contains 2 parts:
| Name | Description | Language | Source code |
|---|---|---|---|
| Frontend | Web frontend UI for Casdoor | Javascript + React | https://github.com/casbin/casdoor/tree/master/web |
| Backend | RESTful API backend for Casdoor | Golang + Beego + MySQL | https://github.com/casbin/casdoor |
-
Get code via
go get:go get github.com/casbin/casdoor
or
git clone:git clone https://github.com/casbin/casdoor
-
Run backend (in port 8000):
go run main.go
-
Run frontend (in the same machine's port 7001):
cd web ## npm npm install npm run start ## yarn yarn install yarn run start
-
Open browser:
-
build static pages:
cd web ## npm npm run build ## yarn yarn run build ## back to casdoor directory cd .. -
build and run go code:
go build ./casdoor
Now, Casdoor is running on port 8000. You can access Casdoor pages directly in your browser, or you can setup a reverse proxy to hold your domain name, SSL, etc.
-
Setup database:
Casdoor will store its users, nodes and topics informations in a MySQL database named:
casdoor, will create it if not existed. The DB connection string can be specified at: https://github.com/casbin/casdoor/blob/master/conf/app.confdataSourceName = root:123@tcp(localhost:3306)/Casdoor uses XORM to connect to DB, so all DBs supported by XORM can also be used.
To use MsSQL instead of MySQL, change in app.conf 'dbAdapter' to 'mssql' and set your dataSourceName as:
dataSourceName = sqlserver:https://user:[email protected]/instance?database=dbName
Then, create a database named as dbName in app.conf (where 'casdoor' is the default database name)
IF NOT EXISTS (SELECT * FROM sys.databases WHERE name = 'casdoor') BEGIN CREATE DATABASE casdoor END;
-
Setup your Casdoor to enable some third-party login platform:
Casdoor provide a way to sign up using Google account, Github account, WeChat account and so on, so you may have to get your own ClientID and ClientSecret first.
-
Google
You could get them by clicking on this url: https://console.developers.google.com/apis You should set
Authorized JavaScript originsto fit your own domain address, for local testing, sethttps://localhost:3000. And set theAuthorized redirect URIs, the same domain address as before, add/callback/google/signupand/callback/google/linkafter that, for local testing, sethttps://localhost:3000/callback/google/signup+https://localhost:3000/callback/google/link. -
Github
You could get them by clicking on this url: https://github.com/settings/developers You should set
Homepage URLto fit your own domain address, for local testing, sethttps://localhost:3000. And set theAuthorization callback URL, the same domain address as before, add/callback/githubafter that, for local testing, sethttps://localhost:3000/callback/github.
And to improve security, you could set a
statevalue determined by yourself to make sure the request is requesting by yourself, such as "random". Those information strings can be specified at: https://github.com/casbin/casdoor/blob/master/conf/app.confGoogleAuthClientID = "xxx" //your own client id GoogleAuthClientSecret = "xxx" //your own client secret GoogleAuthState = "xxx" //set by yourself GithubAuthClientID = "xxx" //your own client id GithubAuthClientSecret = "xxx" //your own client secret GithubAuthState = "xx" //set by yourself, we may change this to a random word in the future
You may also have to fill in the same information at: https://github.com/casbin/casdoor/blob/master/web/src/Conf.js. By the way, you could change the value of
scopeto get different user information form them if you need, we just takeprofileandemail.export const GoogleClientId = "xxx" export const GoogleAuthState = "xxx" export const GoogleAuthScope = "profile+email" export const GithubClientId = "xxx" export const GithubAuthState = "xxx" export const GithubAuthScope = "user:email+read:user"
-
QQ
Before you begin to use QQ login services, you should make sure that you have applied the application at QQ-connect
Configuration:
export const QQClientId = "" export const QQAuthState = "" export const QQAuthScope = "get_user_info" export const QQOauthUri = "https://graph.qq.com/oauth2.0/authorize"
QQAPPID = "" QQAPPKey = "" QQAuthState = ""
-
WeChat
Similar to QQ login service, before using WeChat to log in, you need to apply for OAuth2.0 service fee on the WeChat open platform open weixin. After completing the configuration, you can log in via WeChat QR code.
Configuration:
export const WechatClientId = "" export const WeChatAuthState = "" export const WeChatAuthScope = "snsapi_login" export const WeChatOauthUri = "https://open.weixin.qq.com/connect/qrconnect"
WeChatAPPID = "" WeChatKey = "" WeChatAuthState = ""
We would show different login/signup methods depending on your configuration.
-
-
Github corner
We added a Github icon in the upper right corner, linking to your Github repository address. You could set
ShowGithubCornerto hidden it.Configuration:
export const ShowGithubCorner = true export const GithubRepo = "https://github.com/casbin/casdoor" //your github repository
-
OSS conf
We use an OSS to store and provide user avatars. You must modify the file
conf/oss.confto tell the backend your OSS info. For OSS providers, we support Aliyun([aliyun]), awss3([s3]) now.[provider] accessid = id accesskey = key bucket = bucket endpoint = endpointPlease fill out this conf correctly, or the avatar server won't work!