2026-01-18 12:21:49 +08:00
|
|
|
|
<!--
|
|
|
|
|
|
AuthEvolutionDemo.vue
|
2026-01-19 11:25:10 +08:00
|
|
|
|
鉴权方案演进(更可用:给出“什么时候用”)
|
2026-01-18 12:21:49 +08:00
|
|
|
|
-->
|
|
|
|
|
|
<template>
|
|
|
|
|
|
<div class="auth-evolution-demo">
|
|
|
|
|
|
<div class="header">
|
2026-02-18 17:38:10 +08:00
|
|
|
|
<div class="title">
|
|
|
|
|
|
🧭 鉴权方案演进:从 Basic 到 OAuth2
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="subtitle">
|
|
|
|
|
|
点击卡片,快速建立“场景 → 方案”的直觉。
|
|
|
|
|
|
</div>
|
2026-01-18 12:21:49 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
|
|
|
|
|
|
<div class="timeline">
|
2026-01-19 11:25:10 +08:00
|
|
|
|
<button
|
|
|
|
|
|
v-for="s in stages"
|
|
|
|
|
|
:key="s.id"
|
|
|
|
|
|
class="stage"
|
|
|
|
|
|
:class="{ active: activeId === s.id }"
|
|
|
|
|
|
@click="activeId = s.id"
|
2026-01-18 12:21:49 +08:00
|
|
|
|
>
|
2026-01-19 11:25:10 +08:00
|
|
|
|
<div class="stage-top">
|
|
|
|
|
|
<span class="icon">{{ s.icon }}</span>
|
|
|
|
|
|
<span class="name">{{ s.name }}</span>
|
2026-01-18 12:21:49 +08:00
|
|
|
|
</div>
|
2026-02-18 17:38:10 +08:00
|
|
|
|
<div class="stage-sub">
|
|
|
|
|
|
{{ s.when }}
|
|
|
|
|
|
</div>
|
2026-01-19 11:25:10 +08:00
|
|
|
|
</button>
|
2026-01-18 12:21:49 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
|
2026-01-19 11:25:10 +08:00
|
|
|
|
<div class="card">
|
2026-02-18 17:38:10 +08:00
|
|
|
|
<div class="card-title">
|
|
|
|
|
|
{{ active.icon }} {{ active.name }}
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="desc">
|
|
|
|
|
|
{{ active.desc }}
|
|
|
|
|
|
</div>
|
2026-01-18 12:21:49 +08:00
|
|
|
|
|
2026-01-19 11:25:10 +08:00
|
|
|
|
<div class="grid">
|
|
|
|
|
|
<div class="box">
|
2026-02-18 17:38:10 +08:00
|
|
|
|
<div class="box-title">
|
|
|
|
|
|
✅ 适合
|
|
|
|
|
|
</div>
|
2026-01-19 11:25:10 +08:00
|
|
|
|
<ul class="list">
|
2026-02-18 17:38:10 +08:00
|
|
|
|
<li
|
|
|
|
|
|
v-for="(x, i) in active.pros"
|
|
|
|
|
|
:key="i"
|
|
|
|
|
|
>
|
|
|
|
|
|
{{ x }}
|
|
|
|
|
|
</li>
|
2026-01-18 12:21:49 +08:00
|
|
|
|
</ul>
|
|
|
|
|
|
</div>
|
2026-01-19 11:25:10 +08:00
|
|
|
|
<div class="box">
|
2026-02-18 17:38:10 +08:00
|
|
|
|
<div class="box-title">
|
|
|
|
|
|
⚠️ 主要风险
|
|
|
|
|
|
</div>
|
2026-01-19 11:25:10 +08:00
|
|
|
|
<ul class="list">
|
2026-02-18 17:38:10 +08:00
|
|
|
|
<li
|
|
|
|
|
|
v-for="(x, i) in active.cons"
|
|
|
|
|
|
:key="i"
|
|
|
|
|
|
>
|
|
|
|
|
|
{{ x }}
|
|
|
|
|
|
</li>
|
2026-01-18 12:21:49 +08:00
|
|
|
|
</ul>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
|
2026-01-19 11:25:10 +08:00
|
|
|
|
<pre class="code"><code>{{ active.example }}</code></pre>
|
2026-01-18 12:21:49 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
</template>
|
|
|
|
|
|
|
|
|
|
|
|
<script setup>
|
2026-01-19 11:25:10 +08:00
|
|
|
|
import { computed, ref } from 'vue'
|
2026-01-18 12:21:49 +08:00
|
|
|
|
|
2026-01-19 11:25:10 +08:00
|
|
|
|
const stages = [
|
2026-01-18 12:21:49 +08:00
|
|
|
|
{
|
2026-01-19 11:25:10 +08:00
|
|
|
|
id: 'basic',
|
|
|
|
|
|
icon: '🪪',
|
|
|
|
|
|
name: 'HTTP Basic',
|
|
|
|
|
|
when: '内部工具/调试',
|
|
|
|
|
|
desc: '最早期的方案:每次请求都带 username/password(或等价凭证)。',
|
|
|
|
|
|
pros: ['实现最简单', '不需要额外存储'],
|
|
|
|
|
|
cons: ['每次请求都带“高价值凭证”', '不适合公网生产', '很难做细粒度授权'],
|
|
|
|
|
|
example: `GET /api/profile
|
|
|
|
|
|
Authorization: Basic <base64(username:password)>`
|
|
|
|
|
|
},
|
|
|
|
|
|
{
|
|
|
|
|
|
id: 'session',
|
|
|
|
|
|
icon: '🍪',
|
|
|
|
|
|
name: 'Session + Cookie',
|
|
|
|
|
|
when: '传统 Web / SSR',
|
|
|
|
|
|
desc: '服务端存 Session,浏览器存 cookie(session_id)。后续请求自动带 Cookie。',
|
|
|
|
|
|
pros: ['服务端可主动注销', '很适合同域 SSR', '工程落地成熟'],
|
2026-01-18 12:21:49 +08:00
|
|
|
|
cons: [
|
2026-01-19 11:25:10 +08:00
|
|
|
|
'服务端有状态,需要共享/扩展',
|
|
|
|
|
|
'CSRF 风险更高(必须防)',
|
|
|
|
|
|
'跨域更麻烦'
|
2026-01-18 12:21:49 +08:00
|
|
|
|
],
|
2026-01-19 11:25:10 +08:00
|
|
|
|
example: `POST /login
|
|
|
|
|
|
→ Set-Cookie: session_id=abc; HttpOnly; Secure; SameSite=Lax
|
|
|
|
|
|
|
|
|
|
|
|
GET /api/profile
|
|
|
|
|
|
Cookie: session_id=abc`
|
2026-01-18 12:21:49 +08:00
|
|
|
|
},
|
|
|
|
|
|
{
|
2026-01-19 11:25:10 +08:00
|
|
|
|
id: 'jwt',
|
|
|
|
|
|
icon: '🎫',
|
|
|
|
|
|
name: 'JWT Access Token',
|
|
|
|
|
|
when: 'API / 移动端 / 多服务',
|
|
|
|
|
|
desc: '服务端不存状态,把声明编码为 token;请求携带 Authorization: Bearer。',
|
|
|
|
|
|
pros: ['无状态易扩展', '跨域友好', '多服务常用'],
|
2026-01-18 12:21:49 +08:00
|
|
|
|
cons: [
|
2026-01-19 11:25:10 +08:00
|
|
|
|
'难以全局注销(要额外机制)',
|
|
|
|
|
|
'token 体积大',
|
|
|
|
|
|
'payload 可读(别放敏感信息)'
|
2026-01-18 12:21:49 +08:00
|
|
|
|
],
|
2026-01-19 11:25:10 +08:00
|
|
|
|
example: `GET /api/profile
|
|
|
|
|
|
Authorization: Bearer <access_token>`
|
2026-01-18 12:21:49 +08:00
|
|
|
|
},
|
|
|
|
|
|
{
|
2026-01-19 11:25:10 +08:00
|
|
|
|
id: 'oauth2',
|
|
|
|
|
|
icon: '🔑',
|
|
|
|
|
|
name: 'OAuth2 / OIDC',
|
|
|
|
|
|
when: '第三方登录/授权',
|
|
|
|
|
|
desc: '解决“第三方授权/登录”,让应用无需保存第三方账号密码。',
|
2026-01-18 12:21:49 +08:00
|
|
|
|
pros: [
|
2026-01-19 11:25:10 +08:00
|
|
|
|
'用户体验好(扫码/一键登录)',
|
|
|
|
|
|
'安全边界更清晰',
|
|
|
|
|
|
'可扩展到 OIDC(登录)'
|
2026-01-18 12:21:49 +08:00
|
|
|
|
],
|
|
|
|
|
|
cons: [
|
2026-01-19 11:25:10 +08:00
|
|
|
|
'接入复杂度更高',
|
|
|
|
|
|
'必须正确处理 redirect_uri/state',
|
|
|
|
|
|
'token 生命周期设计很关键'
|
2026-01-18 12:21:49 +08:00
|
|
|
|
],
|
2026-01-19 11:25:10 +08:00
|
|
|
|
example: `GET /authorize?response_type=code&client_id=...&redirect_uri=...&state=...`
|
2026-01-18 12:21:49 +08:00
|
|
|
|
}
|
|
|
|
|
|
]
|
|
|
|
|
|
|
2026-01-19 11:25:10 +08:00
|
|
|
|
const activeId = ref(stages[1].id)
|
|
|
|
|
|
const active = computed(
|
|
|
|
|
|
() => stages.find((s) => s.id === activeId.value) || stages[0]
|
|
|
|
|
|
)
|
2026-01-18 12:21:49 +08:00
|
|
|
|
</script>
|
|
|
|
|
|
|
|
|
|
|
|
<style scoped>
|
|
|
|
|
|
.auth-evolution-demo {
|
|
|
|
|
|
border: 1px solid var(--vp-c-divider);
|
|
|
|
|
|
background: var(--vp-c-bg-soft);
|
2026-02-14 20:23:34 +08:00
|
|
|
|
border-radius: 6px;
|
2026-01-18 12:21:49 +08:00
|
|
|
|
padding: 1.5rem;
|
2026-02-14 20:23:34 +08:00
|
|
|
|
margin: 0.5rem 0;
|
2026-01-18 12:21:49 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
.header {
|
2026-01-19 11:25:10 +08:00
|
|
|
|
margin-bottom: 1rem;
|
2026-01-18 12:21:49 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
.title {
|
2026-01-19 11:25:10 +08:00
|
|
|
|
font-weight: 800;
|
|
|
|
|
|
color: var(--vp-c-text-1);
|
2026-01-18 12:21:49 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
.subtitle {
|
2026-01-19 11:25:10 +08:00
|
|
|
|
margin-top: 0.25rem;
|
2026-01-18 12:21:49 +08:00
|
|
|
|
color: var(--vp-c-text-2);
|
|
|
|
|
|
font-size: 0.9rem;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
.timeline {
|
2026-01-19 11:25:10 +08:00
|
|
|
|
display: grid;
|
|
|
|
|
|
grid-template-columns: repeat(4, 1fr);
|
|
|
|
|
|
gap: 0.75rem;
|
2026-02-14 20:23:34 +08:00
|
|
|
|
margin: 0.5rem 0;
|
2026-01-18 12:21:49 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2026-01-19 11:25:10 +08:00
|
|
|
|
.stage {
|
|
|
|
|
|
text-align: left;
|
|
|
|
|
|
padding: 0.75rem;
|
2026-02-14 20:23:34 +08:00
|
|
|
|
border-radius: 6px;
|
2026-01-18 12:21:49 +08:00
|
|
|
|
border: 1px solid var(--vp-c-divider);
|
|
|
|
|
|
background: var(--vp-c-bg);
|
|
|
|
|
|
cursor: pointer;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2026-01-19 11:25:10 +08:00
|
|
|
|
.stage.active {
|
|
|
|
|
|
border-color: rgba(var(--vp-c-brand-rgb), 0.35);
|
|
|
|
|
|
box-shadow: 0 0 0 3px rgba(var(--vp-c-brand-rgb), 0.12);
|
2026-01-18 12:21:49 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2026-01-19 11:25:10 +08:00
|
|
|
|
.stage-top {
|
2026-01-18 12:21:49 +08:00
|
|
|
|
display: flex;
|
2026-01-19 11:25:10 +08:00
|
|
|
|
gap: 0.5rem;
|
2026-01-18 12:21:49 +08:00
|
|
|
|
align-items: center;
|
2026-01-19 11:25:10 +08:00
|
|
|
|
margin-bottom: 0.25rem;
|
2026-01-18 12:21:49 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2026-01-19 11:25:10 +08:00
|
|
|
|
.icon {
|
|
|
|
|
|
font-size: 1.1rem;
|
2026-01-18 12:21:49 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2026-01-19 11:25:10 +08:00
|
|
|
|
.name {
|
|
|
|
|
|
font-weight: 800;
|
|
|
|
|
|
color: var(--vp-c-text-1);
|
2026-01-18 12:21:49 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2026-01-19 11:25:10 +08:00
|
|
|
|
.stage-sub {
|
2026-01-18 12:21:49 +08:00
|
|
|
|
color: var(--vp-c-text-2);
|
2026-01-19 11:25:10 +08:00
|
|
|
|
font-size: 0.85rem;
|
|
|
|
|
|
line-height: 1.4;
|
2026-01-18 12:21:49 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2026-01-19 11:25:10 +08:00
|
|
|
|
.card {
|
2026-01-18 12:21:49 +08:00
|
|
|
|
background: var(--vp-c-bg);
|
|
|
|
|
|
border: 1px solid var(--vp-c-divider);
|
2026-02-14 20:23:34 +08:00
|
|
|
|
border-radius: 6px;
|
|
|
|
|
|
padding: 0.75rem;
|
2026-01-18 12:21:49 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2026-01-19 11:25:10 +08:00
|
|
|
|
.card-title {
|
|
|
|
|
|
font-weight: 800;
|
|
|
|
|
|
margin-bottom: 0.5rem;
|
|
|
|
|
|
color: var(--vp-c-text-1);
|
2026-01-18 12:21:49 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2026-01-19 11:25:10 +08:00
|
|
|
|
.desc {
|
2026-01-18 12:21:49 +08:00
|
|
|
|
color: var(--vp-c-text-2);
|
2026-01-19 11:25:10 +08:00
|
|
|
|
line-height: 1.75;
|
2026-01-18 12:21:49 +08:00
|
|
|
|
margin-bottom: 0.75rem;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2026-01-19 11:25:10 +08:00
|
|
|
|
.grid {
|
2026-01-18 12:21:49 +08:00
|
|
|
|
display: grid;
|
2026-01-19 11:25:10 +08:00
|
|
|
|
grid-template-columns: 1fr 1fr;
|
|
|
|
|
|
gap: 0.75rem;
|
|
|
|
|
|
margin-bottom: 0.75rem;
|
2026-01-18 12:21:49 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2026-01-19 11:25:10 +08:00
|
|
|
|
.box {
|
2026-01-18 12:21:49 +08:00
|
|
|
|
border: 1px solid var(--vp-c-divider);
|
2026-01-19 11:25:10 +08:00
|
|
|
|
background: var(--vp-c-bg-alt);
|
2026-02-14 20:23:34 +08:00
|
|
|
|
border-radius: 6px;
|
2026-01-19 11:25:10 +08:00
|
|
|
|
padding: 0.75rem;
|
2026-01-18 12:21:49 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2026-01-19 11:25:10 +08:00
|
|
|
|
.box-title {
|
|
|
|
|
|
font-weight: 800;
|
2026-01-18 12:21:49 +08:00
|
|
|
|
margin-bottom: 0.5rem;
|
2026-01-19 11:25:10 +08:00
|
|
|
|
color: var(--vp-c-text-1);
|
2026-01-18 12:21:49 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2026-01-19 11:25:10 +08:00
|
|
|
|
.list {
|
2026-01-18 12:21:49 +08:00
|
|
|
|
margin: 0;
|
2026-01-19 11:25:10 +08:00
|
|
|
|
padding-left: 1.1rem;
|
|
|
|
|
|
color: var(--vp-c-text-2);
|
|
|
|
|
|
line-height: 1.75;
|
2026-01-18 12:21:49 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2026-01-19 11:25:10 +08:00
|
|
|
|
.code {
|
2026-01-18 12:21:49 +08:00
|
|
|
|
margin: 0;
|
2026-01-19 11:25:10 +08:00
|
|
|
|
padding: 0.75rem;
|
2026-01-18 12:21:49 +08:00
|
|
|
|
border-radius: 6px;
|
2026-01-19 11:25:10 +08:00
|
|
|
|
background: var(--vp-c-bg-alt);
|
|
|
|
|
|
border: 1px solid var(--vp-c-divider);
|
|
|
|
|
|
overflow-x: auto;
|
|
|
|
|
|
color: var(--vp-c-text-1);
|
2026-01-18 12:21:49 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2026-01-19 11:25:10 +08:00
|
|
|
|
@media (max-width: 720px) {
|
2026-01-18 12:21:49 +08:00
|
|
|
|
.timeline {
|
2026-01-19 11:25:10 +08:00
|
|
|
|
grid-template-columns: 1fr;
|
2026-01-18 12:21:49 +08:00
|
|
|
|
}
|
2026-01-19 11:25:10 +08:00
|
|
|
|
.grid {
|
2026-01-18 12:21:49 +08:00
|
|
|
|
grid-template-columns: 1fr;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
</style>
|
