We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
1 parent 19c640f commit 36f0ac1Copy full SHA for 36f0ac1
1 file changed
README.md
@@ -39,3 +39,24 @@ app.add_middleware(
39
on_error=JwtApiKeyAuthMiddleware.auth_exception_handler,
40
)
41
```
42
+
43
+## 认证流程
44
45
+```mermaid
46
+flowchart TD
47
+ A[Authorization: Bearer token] --> B[token.startswith 'fba-' ?]
48
+ B -->|Yes| C[API Key 认证]
49
+ B -->|No| D[JWT Token 认证]
50
+ C --> I[RBAC 权限校验]
51
+ D --> I
52
+```
53
54
+## 权限控制
55
56
+API Key 完全继承用户权限
57
58
+如需限制权限,只需创建专门的 API 用户:
59
60
+1. 创建受限角色(如 `API 只读角色`),分配必要权限
61
+2. 创建 API 用户,分配该角色
62
+3. 使用该用户创建 API Key
0 commit comments