Skip to content

fix: a string of enhancement for the website/sec page #339

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
JackyYangPassion merged 1 commit into from
Mar 27, 2024
Merged

fix: a string of enhancement for the website/sec page #339

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions .github/PULL_REQUEST_TEMPLATE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
<!--
Thank you very much for contributing to Apache HugeGraph, we are happy that you want to help us improve it!

Some tips for you:
1. If this is your first time to submit PR, please read the
[contributing guidelines](https://github.com/apache/incubator-hugegraph-doc/blob/master/contribution.md)

2. If a PR fix/close an issue, type the message "close xxx" below (Remember to update both EN & CN doc)

3. Build the website locally after you finish the PR, and check if the changes are correct, THX~
-->

## Purpose of the PR

- close #xxx <!-- or "fix #xxx", "link #xxx" -->

<!-- Better to paste the screenshot diff here, "xxx" is the ID-link of related issue, e.g: #1024 -->

2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
## Introduction of HugeGraph
## Build/Test/Contribute to website

Please visit the [contribution doc](./contribution.md) to get start, include theme/website description & settings~

Expand Down
18 changes: 9 additions & 9 deletions config.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -250,21 +250,21 @@ enable = false
desc = "Unleash your ideas through file configuration"
[[params.links.user]]
name ="WeChat"
url = "https://github.com/apache/incubator-hugegraph#contact-us"
url = "https://github.com/apache/hugegraph#contact-us"
icon = "fa fa-comments"
desc = "Follow us on WeChat to get the latest news"
[[params.links.developer]]
name = "GitHub"
url = "https://github.com/apache/incubator-hugegraph"
url = "https://github.com/apache/hugegraph"
icon = "fab fa-github"
desc = "Development takes place here!"
#[[params.links.developer]]
# name = "Slack"
# url = "https://example.org/slack"
# icon = "fab fa-slack"
# desc = "Chat with other project developers"
desc = "Development takes place here~"
[[params.links.developer]]
name = "Security mailing list"
url = "mailto:security@hugegraph.apache.org"
icon = "fab fa-slack"
desc = "Report SEC problems"
[[params.links.developer]]
name = "Developer mailing list"
url = "../docs/contribution-guidelines/subscribe/"
icon = "fa fa-envelope"
desc = "Discuss development issues around the project"
desc = "Discuss community issues around the project"
50 changes: 25 additions & 25 deletions content/cn/docs/clients/restful-api/auth.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,13 @@ weight: 16

### 10.1 用户认证与权限控制

> 开启权限及相关配置请先参考 [权限配置](/docs/config/config-authentication/) 文档
> 开启权限及相关配置请先参考 [权限配置](/cn/docs/config/config-authentication/) 文档

##### 用户认证与权限控制概述:
HugeGraph支持多用户认证、以及细粒度的权限访问控制,采用基于“用户-用户组-操作-资源”的4层设计,灵活控制用户角色与权限。
资源描述了图数据库中的数据,比如符合某一类条件的顶点,每一个资源包括type、label、properties三个要素,共有18种type
任意label、任意properties的组合形成的资源,一个资源的内部条件是且关系,多个资源之间的条件是或关系。用户可以属于一个或多个用户组,
每个用户组可以拥有对任意个资源的操作权限,操作类型包括:读、写、删除、执行等种类。 HugeGraph支持动态创建用户、用户组、资源,
HugeGraph 支持多用户认证、以及细粒度的权限访问控制,采用基于“用户 - 用户组 - 操作 - 资源”的 4 层设计,灵活控制用户角色与权限。
资源描述了图数据库中的数据,比如符合某一类条件的顶点,每一个资源包括 type、label、properties 三个要素,共有 18 种 type
任意 label、任意 properties 的组合形成的资源,一个资源的内部条件是且关系,多个资源之间的条件是或关系。用户可以属于一个或多个用户组,
每个用户组可以拥有对任意个资源的操作权限,操作类型包括:读、写、删除、执行等种类。HugeGraph 支持动态创建用户、用户组、资源,
支持动态分配或取消权限。初始化数据库时超级管理员用户被创建,后续可通过超级管理员创建各类角色用户,新创建的用户如果被分配足够权限后,可以由其创建或管理更多的用户。

##### 举例说明:
Expand All @@ -21,7 +21,7 @@ city: Beijing})
描述:用户'boss'拥有对'graph1'图中北京人的读权限。

##### 接口说明:
用户认证与权限控制接口包括5类:UserAPI、GroupAPI、TargetAPI、BelongAPI、AccessAPI。
用户认证与权限控制接口包括 5 类:UserAPI、GroupAPI、TargetAPI、BelongAPI、AccessAPI。

### 10.2 用户(User)API
用户接口包括:创建用户,删除用户,修改用户,和查询用户相关信息接口。
Expand Down Expand Up @@ -114,7 +114,7 @@ PUT http://localhost:8080/graphs/hugegraph/auth/users/-63:test
```

##### Request Body
修改user_name、user_password和user_phone
修改 user_name、user_password 和 user_phone
```json
{
"user_name": "test",
Expand Down Expand Up @@ -330,7 +330,7 @@ PUT http://localhost:8080/graphs/hugegraph/auth/groups/-69:grant
```

##### Request Body
修改group_description
修改 group_description
```json
{
"group_name": "grant",
Expand Down Expand Up @@ -424,8 +424,8 @@ GET http://localhost:8080/graphs/hugegraph/auth/groups/-69:all
```

### 10.4 资源(Target)API
资源描述了图数据库中的数据,比如符合某一类条件的顶点,每一个资源包括type、label、properties三个要素,共有18种type
任意label、任意properties的组合形成的资源,一个资源的内部条件是且关系,多个资源之间的条件是或关系。
资源描述了图数据库中的数据,比如符合某一类条件的顶点,每一个资源包括 type、label、properties 三个要素,共有 18 种 type
任意 label、任意 properties 的组合形成的资源,一个资源的内部条件是且关系,多个资源之间的条件是或关系。
资源接口包括:资源的创建、删除、修改和查询。

#### 10.4.1 创建资源
Expand All @@ -434,17 +434,17 @@ GET http://localhost:8080/graphs/hugegraph/auth/groups/-69:all
- target_name: 资源名称
- target_graph: 资源图
- target_url: 资源地址
- target_resources: 资源定义(列表)
- target_resources: 资源定义 (列表)

target_resources可以包括多个target_resource,以列表的形式存储。
每个target_resource包含
- type:可选值 VERTEX, EDGE等, 可填ALL,则表示可以是顶点或边;
target_resources 可以包括多个 target_resource,以列表的形式存储。
每个 target_resource 包含
- type:可选值 VERTEX, EDGE 等,可填 ALL,则表示可以是顶点或边;
- label:可选值,⼀个顶点或边类型的名称,可填*,则表示任意类型;
- properties:map类型,可包含多个属性的键值对,必须匹配所有属性值,属性值⽀持填条件范围(age:
P.gte(18)),properties如果为null表示任意属性均可,如果属性名和属性值均为‘*ʼ也表示任意属性均可。
- properties:map 类型,可包含多个属性的键值对,必须匹配所有属性值,属性值⽀持填条件范围(age:
P.gte(18)),properties 如果为 null 表示任意属性均可,如果属性名和属性值均为‘*ʼ也表示任意属性均可。

如精细资源:"target_resources": [{"type":"VERTEX","label":"person","properties":{"city":"Beijing","age":"P.gte(20)"}}]**
资源定义含义:类型是'person'的顶点,且城市属性是'Beijing',年龄属性大于等于20
资源定义含义:类型是'person'的顶点,且城市属性是'Beijing',年龄属性大于等于 20

##### Request Body

Expand Down Expand Up @@ -533,7 +533,7 @@ PUT http://localhost:8080/graphs/hugegraph/auth/targets/-77:gremlin
```

##### Request Body
修改资源定义中的type
修改资源定义中的 type
```json
{
"target_name": "gremlin",
Expand Down Expand Up @@ -757,7 +757,7 @@ PUT http://localhost:8080/graphs/hugegraph/auth/belongs/S-63:boss>-82>>S-69:gran
```

##### Request Body
修改belong_description
修改 belong_description
```json
{
"belong_description": "update test"
Expand Down Expand Up @@ -852,10 +852,10 @@ GET http://localhost:8080/graphs/hugegraph/auth/belongs/S-63:boss>-82>>S-69:all
```

### 10.6 赋权(Access)API
给用户组赋予资源的权限,主要包含:读操作(READ)、写操作(WRITE)、删除操作(DELETE)、执行操作(EXECUTE)等。
给用户组赋予资源的权限,主要包含:读操作 (READ)、写操作 (WRITE)、删除操作 (DELETE)、执行操作 (EXECUTE) 等。
赋权接口包括:赋权的创建、删除、修改和查询。

#### 10.6.1 创建赋权(用户组赋予资源的权限)
#### 10.6.1 创建赋权 (用户组赋予资源的权限)

##### Params

Expand All @@ -865,10 +865,10 @@ GET http://localhost:8080/graphs/hugegraph/auth/belongs/S-63:boss>-82>>S-69:all
- access_description: 赋权描述

access_permission:
- READ:读操作,所有的查询,包括查询Schema、查顶点/边,查询顶点和边的数量VERTEX_AGGR/EDGE_AGGR,也包括读图的状态STATUS、变量VAR、任务TASK等
- WRITE:写操作,所有的创建、更新操作,包括给Schema增加property key,给顶点增加或更新属性等;
- READ:读操作,所有的查询,包括查询 Schema、查顶点/边,查询顶点和边的数量 VERTEX_AGGR/EDGE_AGGR,也包括读图的状态 STATUS、变量 VAR、任务 TASK 等
- WRITE:写操作,所有的创建、更新操作,包括给 Schema 增加 property key,给顶点增加或更新属性等;
- DELETE:删除操作,包括删除元数据、删除顶点/边;
- EXECUTE:执⾏操作,包括执⾏Gremlin语句、执⾏Task、执⾏metadata函数
- EXECUTE:执⾏操作,包括执⾏ Gremlin 语句、执⾏ Task、执⾏ metadata 函数

##### Request Body

Expand Down Expand Up @@ -945,7 +945,7 @@ PUT http://localhost:8080/graphs/hugegraph/auth/accesses/S-69:all>-88>12>S-77:al
```

##### Request Body
修改access_description
修改 access_description
```json
{
"access_description": "test"
Expand Down
12 changes: 7 additions & 5 deletions content/cn/docs/clients/restful-api/graphs.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,9 +93,10 @@ gremlin.graph=org.apache.hugegraph.auth.HugeFactoryAuthProxy
backend=rocksdb
serializer=binary
store=hugegraph_clone
rocksdb.data_path=./hg2
rocksdb.wal_path=./hg2
rocksdb.data_path=./rks-data-xx
rocksdb.wal_path=./rks-data-xx
```
> Note: 存储路径不能与现有图相同(使用不同的目录)

##### Response Status

Expand All @@ -117,7 +118,7 @@ rocksdb.wal_path=./hg2
##### Method & Url

```
POST http://localhost:8080/graphs/hugegraph2
POST http://localhost:8080/graphs/hugegraph-xx
```

##### Request Body
Expand All @@ -127,9 +128,10 @@ gremlin.graph=org.apache.hugegraph.auth.HugeFactoryAuthProxy
backend=rocksdb
serializer=binary
store=hugegraph2
rocksdb.data_path=./hg2
rocksdb.wal_path=./hg2
rocksdb.data_path=./rks-data-xx
rocksdb.wal_path=./rks-data-xx
```
> Note: 存储路径不能与现有图相同(使用不同的目录)

##### Response Status

Expand Down
9 changes: 7 additions & 2 deletions content/cn/docs/config/config-authentication.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,9 @@ weight: 3
---

### 概述
HugeGraph 为了方便不同用户场景下的鉴权使用,目前内置了完备的`StandardAuthenticator`权限模式,支持多用户认证、以及细粒度的权限访问控制,采用基于“用户 - 用户组 - 操作 - 资源”的 4 层设计,灵活控制用户角色与权限 (支持多 GraphServer)

HugeGraph 为了方便不同用户场景下的鉴权使用,目前内置了完备的`StandardAuthenticator`权限模式,支持多用户认证、
以及细粒度的权限访问控制,采用基于“用户 - 用户组 - 操作 - 资源”的 4 层设计,灵活控制用户角色与权限 (支持多 GraphServer)

`StandardAuthenticator` 模式的几个核心设计:
- 初始化时创建超级管理员 (`admin`) 用户,后续通过超级管理员创建其它用户,新创建的用户被分配足够权限后,可以创建或管理更多的用户
Expand All @@ -22,7 +24,10 @@ user(name=xx) -belong-> group(name=xx) -access(read)-> target(graph=graph1, reso

### 配置用户认证

HugeGraph 默认**不启用**用户认证功能,需通过修改配置文件来启用该功能。内置实现了`StandardAuthenticator`模式,该模式支持多用户认证与细粒度权限控制。此外,开发者可以自定义实现`HugeAuthenticator`接口来对接自身的权限系统。
HugeGraph 目前默认**未启用**用户认证功能,需通过修改配置文件来启用该功能。(Note: 如果在生产环境/外网使用,
请使用 **Java11** 版本 + 开启权限避免安全相关隐患)

目前已内置实现了`StandardAuthenticator`模式,该模式支持多用户认证与细粒度权限控制。此外,开发者可以自定义实现`HugeAuthenticator`接口来对接自身的权限系统。

用户认证方式均采用 [HTTP Basic Authentication](https://zh.wikipedia.org/wiki/HTTP%E5%9F%BA%E6%9C%AC%E8%AE%A4%E8%AF%81) ,简单说就是在发送 HTTP 请求时在 `Authentication` 设置选择 `Basic` 然后输入对应的用户名和密码,对应 HTTP 明文如下所示 :

Expand Down
4 changes: 2 additions & 2 deletions content/cn/docs/config/config-option.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -181,8 +181,8 @@ weight: 2
| backend | | Must be set to `rocksdb`. |
| serializer | | Must be set to `binary`. |
| rocksdb.data_disks | [] | The optimized disks for storing data of RocksDB. The format of each element: `STORE/TABLE: /path/disk`.Allowed keys are [g/vertex, g/edge_out, g/edge_in, g/vertex_label_index, g/edge_label_index, g/range_int_index, g/range_float_index, g/range_long_index, g/range_double_index, g/secondary_index, g/search_index, g/shard_index, g/unique_index, g/olap] |
| rocksdb.data_path | rocksdb-data | The path for storing data of RocksDB. |
| rocksdb.wal_path | rocksdb-data | The path for storing WAL of RocksDB. |
| rocksdb.data_path | rocksdb-data/data | The path for storing data of RocksDB. |
| rocksdb.wal_path | rocksdb-data/wal | The path for storing WAL of RocksDB. |
| rocksdb.allow_mmap_reads | false | Allow the OS to mmap file for reading sst tables. |
| rocksdb.allow_mmap_writes | false | Allow the OS to mmap file for writing. |
| rocksdb.block_cache_capacity | 8388608 | The amount of block cache in bytes that will be used by RocksDB, 0 means no block cache. |
Expand Down
Loading