21 lines
990 B
Markdown
21 lines
990 B
Markdown
|
# Change: Add password manager (Web + Extension)
|
||
|
|
|
||
|
|
## Why
|
||
|
|
Provide built-in credential saving and autofill for users, with centralized management and admin oversight.
|
||
|
|
|
||
|
|
## What Changes
|
||
|
|
- Add credential save + autofill flows in the extension (explicit user confirmation required).
|
||
|
|
- Add a Web password management page (desktop only) with view/edit/delete.
|
||
|
|
- Add APIs for credential CRUD and admin access; plaintext view available during the current browser session.
|
||
|
|
- Add database schema for credential storage (per-user, per-site, multiple accounts).
|
||
|
|
- Add tests for API and DB flows.
|
||
|
|
|
||
|
|
## Impact
|
||
|
|
- Affected specs: api, password-manager
|
||
|
|
- Affected code: apps/server, apps/web, apps/extension, migrations, spec/openapi.yaml
|
||
|
|
|
||
|
|
## Assumptions (confirm)
|
||
|
|
- “同一网站” is defined as the URL origin (scheme + host + port).
|
||
|
|
- The extension prompts on form submit after username + password are provided.
|
||
|
|
- Credentials are stored encrypted at rest and decrypted server-side for plaintext display.
|