ginv sso is a pure background single-point management system, which is used to solve the account login and authorization management of one or more background management systems.ginv ssoThe front-end and back-end separation technologies are used by default. The server is developed with golang, based on the go-zero framework; the front end is developed with vue3, based on ant design vue.

ginv ssoThere are three systems of auth, ssoms, and gateway, which have the following functions respectively:

auth: 负责系统登录验证、页面权限验证、接口授权验证
ssoms: 负责角色、用户管理、系统和菜单管理、角色授权
gateway: 登录登出页面、负责接入请求和转发请求

ginv ssoMultiple background systems must be subdomains under the same domain name. The purpose of this is to use secure httpOnly cookies for user identification across multiple systems.


  1. According to the api rules created by goctl of go-zero, the request is checked for permission in resetful style
  2. The front end can generate ts through the api file of goctl, request the gateway, and improve the work efficiency of the front end
  3. Menu & operation uses uuid as the unique key instead of self-incrementing id, which is convenient for cloning menus in different environments or systems
  4. Menu & Actions highlight search results
  5. Batch import results return multiple statuses and import information, ignoring duplicate records

about ssoms

ssoms is a single sign-on management background, it has the following functions

User Management: Addition, deletion and modification of basic user information, role assignment

Role management: Basic operations of roles, assigning users, menus of roles & assignment of operation rights

System Management: Manage backend systems using single sign-on

Menu management: Configure the menu & operation of the system, support highlight query, batch import and export

Personal center: Modify the login user’s own avatar, password, personal description, etc.

About front-end requests

Front-end request entry, the received request headers must have the following information:

key illustrate
cookie The cookie generated after login is provided by the jump page after login of gateway, which is used for login verification and authorization
Refer Tell the server which page initiated the request, here use unsafe-url configuration for logs, authorization whitelist, etc.
x-client-env Environment, optional values ​​are test\
x-client-service The service name of the requested server, used to forward the request
x-client-system The system name of the background system, used for authorization query
x-client-uri Request the operation of the server for authorization query

About the gateway:

The gateway is mainly responsible for the forwarding function. In order to ensure that the generated cookie is created by the page issued by the server, the gateway also provides login, logout and login jump pages (jump to the corresponding system).

The gateway passes the headers of the request[x-client-service], Know which service to forward to, before forwarding the request, it will request the auth service, according to the cookie, it will parse the user’s information, according to the x-client-system and x-client-uri and the method that initiated the request, you can verify whether you have permission . If the verification is passed, the auth service will return the user’s uuid and name, and append them to the headers[x-origin-uuid]Parameters and headers[x-origin-name]parameter.

Systems with other single points of access

Log in to ssoms first, through系统管理Create the system, and in the菜单&操作Create corresponding pages and operations, and finally authorize users with corresponding roles.

Other systems will accept headers globally[x-origin-uuid]and headers[x-origin-name]Put it into the context, and you can directly get the user’s uuid and name in the loginc function:

uuid := l.ctx.Value(config.UUID).(string)
name := l.ctx.Value(config.Name).(string)

flow chart

flow chart

deployment instructions

  1. importbackup.sqland execute the following sql to modify the domain name of the single-point management background:
-- identifier的值设置为单点管理后台的域名, 这边以http://ssoms.ginv.com为例
UPDATE object SET identifier="" WHERE uuid='kreppg8md1sb'
  1. Related services run and compile in the background
# auth
cd service/auth/api
go run auth.go
# 默认加载etc/auth.yaml配置文件,通过-f参数使用不同的配置文件,例如go run auth.go -f etc/

# 编译生成可执行文件: go build auth.go

# ssoms
cd service/ssoms/api
go run ssoms.go
# 默认加载etc/ssoms.yaml配置文件,通过-f参数使用不同的配置文件,例如go run ssoms.go -f etc/

# 编译生成可执行文件: go build ssoms.go

# ssoms vue后台
cd service/ssoms/vue
yarn install
yarn dev
# 打包前端代码: yarn build

# gateway
cd service/gateway/api
go run auth.go
# 默认加载etc/gateway.yaml配置文件,通过-f参数使用不同的配置文件,例如go run gateway.go -f etc/

# 编译生成可执行文件: go build gateway.go

Single point management system background UI

Log in

background panel

Menu & Operation

Import Menu & Actions

User Management

role authorization

personal center

#ginvsso #Homepage #Documentation #Download #Background #Single #Point #Management #System #News Fast Delivery

Leave a Comment

Your email address will not be published. Required fields are marked *